Do I Need IFD In My Microsoft Dynamics CRM Environment?

Every day it seems that CRM is changing. When CRM 2011 was released, most deployments were strictly on-premise deployments with access restricted to users on the company network or VPN. However, with the changing landscape of how people work, the consumerization of IT, and the upcoming changes in Microsoft Dynamics CRM R8 (cross-browser support and mobile applications), most of our customers are now more closely evaluating their options for giving users external access to the application, including access on mobile devices. They must weigh these enhancements in light of their security policies and what their users are requesting. I’m frequently asked the question “will we need to deploy ADFS+IFD?

To help demystify the options, I have prepared a list of the most common external access scenarios, and whether or not IFD is required in these scenarios.


Please note that deploying CRM IFD will enable any of the options on this list; however, if for some reason you are not prepared for ADFS+ IFD, or if ADFS does not fit within your security strategy, the following table should help you clarify if your external access scenario will require IFD.

Scenario Yes No Details
Users accessing CRM exclusively with web browser outside of Network or VPN (including IOS browser)   X If only web browser access is necessary, you can securely publish the CRM website via firewall such as Forefront UAG or TMG
Users accessing CRM for Outlook outside of
network or VPN
X   IFD Deployment is the only option to securely publish full access to the CRM application, including the discovery service, which is used by the Outlook client, so IFD is required.
Users accessing CRM with Microsoft hosted mobile apps X   The Microsoft CRM Mobile apps access a hosted mobile server at Microsoft, which connects to your CRM environment via IFD, so IFD is required.
Users accessing CRM with mobile apps when mobile server is deployed on-site (CWR)   X If you deploy the mobile server on premises, you do not have to expose your CRM server externally and IFD is not required. In this scenario, you securely publish the mobile server website through your firewall and the CRM server is not exposed externally