Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
How to activate/generate the Encryption key for on premise upgraded orgs in CRM 2013 and what are the know impacts in the server? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    I have the on premise orgs (using https://) upgraded from 2011 to 2013. I don't have "Data Encryption" activated yet but I would like to activate it at some point. But what I can't find references is how to activate the "Data encryption". Do the following steps works to activate it?

    Go to Settings > Data Management > Data Encryption. Once you click the Data Encryption link, a dialog opens that gives you the ability to activate the data encryption key. Click “Activate” to activate the Data Encryption

    I would also like to be aware of know issues/impacts of activating it. What are the known issues or impacts?

    1. Can we have a encrypted field in the org once we activate the “Data Encryption” like for SSN field?
    2. How does it impact on the server performance?

    Thanks!

    Friday, January 10, 2014 7:25 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi SPokharel,

    for me it would also be interesting to know how the performance will be impacted.

    What I ahve found is this thread : http://community.dynamics.com/crm/f/117/t/116263.aspx when you asked for issues, I have this confusion that the key is in chinese and no guides tells how to update the key via script when provisioning new ORGs or I did not found it :)

    I have upgraded a DB from 2011 and stumbled first when wanted to send a email within crm email router, so for that case, and all of them using mailings, I must enable the encryption.

    The steps you provided to activate worked for me also.

    gruss Daniel Ovadia MBSS - Microsoft Dynamics CRM MCNPS

    Friday, January 10, 2014 10:04 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Can we have encrypted field in the org once we activate the “Data Encryption” like for SSN field?

    SQL field level encryption is available in "Password for email" & "Yammer Token" & can't be extended to other additional fields at this time.

    Steps to activate the Data Encryption

    After the import is complete, activate data encryption. To activate data encryption, follow these steps.

    1. Sign-in to Microsoft Dynamics CRM as a user who has the system administrator security role.
    2. Go to Settings > Data Management > Data Encryption.

    ms-its:c:\PROGRA~1\MICROS~2\ENVIRO~1.CHM::/local/Caution.gifCaution

    If the Microsoft Dynamics CRM website is not configured for HTTPS/SSL, the Data Encryption dialog box will not be displayed. For a more secure deployment, we recommend that you configure the website for HTTPS/SSL. However, if the website is not configured for HTTP/SSL, use a tool that can be used to modify CRM database tables, such as Microsoft SQL Server Management Studio or the Deployment Web Service, open the configuration database (MSCRM_CONFIG), in the DeploymentProperties table set DisableSSLCheckForEncryption to 1.
    1. In the Data Encryption dialog box, notice that the Encryption status label indicates that data encryption is Inactive. To activate data encryption:
      1. Enter the encryption key that was used to encrypt the data in the Activate Encryption Key box. Notice that you can copy the encryption key from its source location on to the Windows clipboard and paste the key into the Activate Encryption Key box.
      2. Click Activate.
      3. Click OK, to close the confirmation dialog box.

    ms-its:c:\PROGRA~1\MICROS~2\ENVIRO~1.CHM::/local/Warning.gifWarning

    If you cannot provide the encryption key, data encryption cannot be activated and the associated data will become inaccessible. Features in Microsoft Dynamics CRM that use the encrypted data, such as Server-side Synchronization, will no longer work. Notice that you cannot delete and re-create the encrypted data.

    Reference: http://www.youtube.com/watch?v=s5HGdWOjJgg

     

     

    • Proposed as answer by Daniel Ovadia Monday, November 17, 2014 2:08 PM
    Monday, January 13, 2014 6:26 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    In the instruction... "Enter the encryption key that was used to encrypt the data in the Activate Encryption Key box. Notice that you can copy the encryption key from its source location on to the Windows clipboard and paste the key into the Activate Encryption Key box."... where is the "the encryption key that was used to encrypt the data"? When was this generated?
    • Proposed as answer by Daniel Ovadia Monday, March 2, 2015 3:05 PM
    Wednesday, August 13, 2014 12:22 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi The Jaqal,

    To Generate/ Activate new encryption key, you can give your own key if you have not enabled the encryption key yet.

    Below link will help you I think,

    https://community.dynamics.com/crm/f/117/t/186685

    Below is the screen shot of the new data encryption screen looks like.

    Thursday, September 8, 2016 7:14 PM