Applies To: Dynamics CRM Online
You can limit access to CRM Online to users with trusted IP addresses to reduce unauthorized access. When trusted IP address restrictions are set in a user’s profile and the user tries to log in from an untrusted IP address, access to CRM Online is blocked.
IP restriction is only enforced during user authentication. This is done by the Azure Active Directory Conditional Access capability. CRM Online sets a session timeout limit to balance protecting user data and the number of times users are prompted for their sign-in credentials. Trusted IP restriction for devices (including laptops) is not applied until the CRM Online session timeout expires.
For example, a trusted IP restriction is setup to only allow access to CRM when users are working from a corporate office. When a CRM user signs in into CRM using their laptop from their office and establishes a CRM session, the user can continue to access CRM after leaving the office until the CRM session timeout expires. This behavior also applies to mobile and offsite connections such as: CRM for phones and tablets, and Dynamics CRM App for Outlook.
You can restrict access to all Users or groups of users. It’s more efficient to restrict by a group if only a subset of your Azure Active Directory (AAD) users are accessing CRM Online.
1. Sign in to your Azure portal .
2. Click Browse > Active Directory, and then select your CRM Online directory.
3. Click Groups > Add Group, and then fill in the settings to create a new group.
4. Click the group you created and add members.
Access restriction is set using Azure Active Directory (AD) Conditional Access. See Getting started with conditional access to Azure AD. You control Conditional Access through an access rule.
1. Sign in to your Azure portal.
3. Click Applications, and then click the Dynamics CRM Online web application.
4. Click Configure.
5. Set the following on the Properties page:
6. Enter trusted IP addresses (using CIDR notation) and click Save.
How to set Azure Active Directory device-based conditional access policy for access control to Azure Active Directory connected applications
Restrict access to CRM Online with trusted IP Rules