Data encryption will be active after the install or upgrade. We strongly recommend that you copy the organization encryption key and store it in a safe place. For more information, see http://go.microsoft.com/fwlink/?LinkId=316366.
- Sign in to Microsoft Dynamics CRM as a user with the system administrator security role.
- Go to Settings > Data Management > Data Encryption.
- In the Data Encryption dialog box, select Show Encryption Key, in the Current encryption key box select the encryption key, and copy it to the clipboard.
However, if the Microsoft Dynamics CRM website is not configured for HTTPS/SSL, the Data Encryption dialog box will not be displayed. Instead, you’ll get the error noted at the right. For a more secure deployment, we recommend that you configure the website for HTTPS/SSL. As a work-around, it is possible to get at the CRM 2013 Data Encryption settings even if the website is not configured for HTTP/SSL. To do so, use a tool that can be used to modify CRM database tables, such as Microsoft SQL Server Management Studio and open the configuration database (MSCRM_CONFIG); in the DeploymentProperties table, set DisableSSLCheckForEncryption to 1. In order to set the property use the following SELECT and UPDATE statements:
After performing an IISReset on the CRM Server, you’ll be able to see the encryption screen. Paste the encryption key in to a text editor, such as Notepad. As a best practice, save the text file that contains the encryption key on a computer in a secure location on an encrypted hard drive. Also note that if you keep the default encryption key with all the special hieroglyphic characters, you’ll need to save the file with Unicode encoding — see screenshot below. Also, note, there is one data encryption key per organization.
Testing our system, I backed-up our test Adventure Works CRM organization database, and restored it as AdvWrks2. I imported (re-deployed) the AdvWrks2 database to create a new CRM org. I browsed to Settings => Admin => Users, and selected my User. I changed the Primary E-mail address and hit save. Here’s where I got a “Data Encryption error — There are encrypted fields in the organization database, but the data encryption feature isn’t activated.” What this means is that the org that I originally backed-up had encryption enabled, and we copied and re-deployed that org to the new org — which is now requiring data encryption be activated with the Encryption Key from the original org. I went ahead and activated using the Encryption Key that I had previously saved, and got the good news that the Encryption Key was activated successfully.
So we’ve seen CRM 2013 Data Encryption be activated automatically, by simply installing CRM, as noted in the highlighted paragraph at the top of this post. We also know that Data Encryption will be enabled on all CRM Online deployments.
We’ve further seen that when an encrypted CRM database is restored and redeployed it requires that data encryption be activated with the appropriate encryption key. If you ever think you may want to restore your CRM organization database for disaster recovery or redeploy your CRM system for testing or operational reasons, you simply must save off the encryption key of your existing CRM system.