Connecting to Exchange Online form On-Premise CRM

I was asked to implement server side synchronizaton for one of the clients who has On premise CRM (D365 CE) and Exchange Online.

Started going through Microsoft articles on how we should implement Server side synchronization in such environments. MS document clearly states that we need IFD to be implemented before we enable SSS on On-premise CRM. So IFD + ADFS required for SSS.

Environment where SSS to be implemented is highly restricted one, where inbound connections are not allowed from outside network.

The documentation available for us doesn’t talk about implementing a proxy, where we can apply some firewall rules for inbound connections. To implement an ADFS proxy/ Web Application Proxy you need to follow another article.

Client is not happy to expose their internal CRM to External world by implementing IFD.

One information that was shared late in the business was, Client had a private peering using Express Route between On-Premise network and Exchange Online. And the question was, when there is already a connectivity exists to Exchange online why should we implement IFD?

This information gave us an opportunity to explore options considering existing express route. Unfortunately, no article/document suggests what to be done/configured to achieve connectivity from CRM to Exchange online.

Fortunately, had a call with one of the Microsoft fast track engineers from US, and came to know that there were changes in the way outlook connects to Exchange online which uses Exchange Web Services. our Client uses outlook to connect to Exchange online. That is the hint for us to test connection to Exchange online for CRM.


No IFD required, using Exchange Web services we were able to connect to CRM, Send and receive emails from CRM.

NOTE: Though we established communication with Exchnage server online from On Premise CRM, we can send and receive emails. This wont let us enable Dynamcis 365 APP for outlook as it expects oAuth to be enabled for authentication purpose. oAuth gets enabled if IFD is implemented. So alternate is to have outlook client installed and configured.