Dynamics 365 Online integration with Exchange 2013 On-Premise

Configuring Dynamics 365 online with Exchange online seems pretty simple, so does configuring Dynamics 365 online and Exchange on premise if you follow the below Microsoft link’s

Connect Dynamics 365 (online) to Exchange Online

Connect Dynamics 365 (online) to Exchange Server (on-premises)

But we faced an issue where we got multiple generic errors and had no clue what seemed wrong. We raised a support request and made sure we followed all the prerequisites and it did the work for us.

Starting with the Prerequisites

  1. Microsoft Exchange Server.
  • You need to have a supported Exchange version i.e. Exchange Server 2010 Service Pack 3, Exchange Server 2013 Service Pack 1, or Exchange Server 2016.
  1. Basic authentication.
  • Basic authentication must be enabled in Exchange Server along with any other authentication type your Exchange server is using.
  1. ApplicationImpersonation role.
  • You need to create and configure a service account with the ApplicationImpersonationrole in Microsoft Exchange.
  1. Secured connection.
  • The connection between Dynamics 365 (online) and Exchange must be encrypted via TLS/SSL (HTTPS).
  1. Exchange Web Services (EWS).
  • Connections to EWS must be allowed through the firewall.
  1. Dynamics CRM User.
  • You have to create an account in Dynamics CRM, with the same user details that you used to create the service account in Exchange on premise. Make sure the email id at both places is the same.

While configuring the above steps, you need to make sure your exchange has the necessary permissions. Below is what helped us.

How to configure Exchange for Dynamics 365 Integration.

  1. Assigning Application impersonation role to the user:
  • Login to Exchange Admin Center with the Global Administrator or Exchange Administrators credentials.
  • Click on permissions on left pane
  • Click on Admin roles to see which user has admin roles.


  • As shown in the picture below fill in the details and assign ApplicationImpersonation  role to the service user which will be used for configuration with Dynamics CRM. In the Users tab add the user you wish to give ApplicationImpersonation role.


  • Log in as system administrator on exchange server and assign ApplicationImpersonation to the system admin and then enter system administrators credentials in  Dyanimics 365 CRM email server profile & perform test Enable mailbox. For how to configure Email Server Profile in Dynamics 365 follow this link.


  1. Exchange 2013: Add SMTP Alias to a mailbox

In Exchange 2013 you can add additional alias addresses to a mailbox. This can be done from the Exchange Admin Centre.


Add an alias using the Exchange Admin Centre:

  • Click on Recipients on the left.
  • Click on Mailboxes on the top left.
  • Click on the mailbox which you will use as a service account in Dynamics 365 Online, to add an alias to.

  • Click on the pencil to edit the mailbox

Image 1

  • You will see a pop up of all the properties of the users mailbox, click on the email address tab on the left.
  • Now click on the + (plus) button to create an alias address.

image 2

We used SMTP which is the default radio button, so we don’t change it.

  • Enter in the alias email address.
  • Click on OK to go back to main screen.
  • Click  on the save button to save your changes.

image 3

  1. Now login to Dynamics 365

Note: Under Credentials the same user should be used who has the impersonation role. Click on Test connection and check the result.





  1. Thank you, this is a great article. It brought us to the right track when we were troubleshooting an issue with connecting Dynamics 365 Online with Exchange 2013 on-prem.
    We had a similar scenario with one of our clients. They have Dynamics 365 Online and Exchange 2013 On-Premises, with pretty complex infrastructure. We had a service account with Application Impersonation role running Email Server Profile. That service account was created in the on-premises AD. All other user accounts that were originally created in on-prem AD were sync-ed with Azure AD via AD Connect.
    The one account that was not sync-ed with Azure AD was the service account, as we didn’t see a reason to have it on the online side, too. However, once we added that service account to Azure AD via AD Connect, Email Server Profile test stated to work properly. It was enough just to create the service account in the online tenant, no license or Dynamics 365 security role was required.
    Also, we did not need to create a SMTP alias to a mailbox for the service account.
    Obviously, all other steps described in the article had to be applied in order to make it work.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s