Dynamics Plugins


The isolation mode of a plugin is at the assembly level and not the individual plugin level. 


  • None/Outside of Sandbox/Full Trust
  • Sandboxed/Isolation/Partial Trust 
  • You cannot deploy/register a plugin with isolation mode = none, if you don’t have Deployment Administrator permissions. 

The system user account under which the plug-in is being registered must have the following organization-wide security privileges: 

  • prvCreatePluginAssembly 
  • prvCreatePluginType 
  • prvCreateSdkMessageProcessingStep 
  • prvCreateSdkMessageProcessingStepImage 
  • prvCreateSdkMessageProcessingStepSecureConfig 


  • You cannot deploy a plugin with isolation mode = sandbox, if you don’t have System Administrator permissions 
  • Plugins created for Online must have Isolation mode = Sandbox 



In this isolated environment, also known as a sandbox, a plug-in or custom activity can make use of the full power of the Microsoft Dynamics CRM SDK to access the organization web service.  

Access to the file system, system event log, certain network protocols, registry, and more is prevented in the sandbox. However, sandbox plug-ins and custom activities do have access to external endpoints like Azure Cloud Services. 

Microsoft Dynamics CRM collects run-time statistics and monitors plug-ins and custom workflow activities that execute in the sandbox.  

If the sandbox worker process that hosts this custom code exceeds threshold CPU, memory, or handle limits or is otherwise unresponsive, that process will be killed by the platform.  


Sandboxed plug-ins and custom workflow activities can access the network through the HTTP and HTTPS protocols. This capability provides support for accessing popular web resources like social sites, news feeds, web services, and more. The following web access restrictions apply to this sandbox capability. 

  • Only the HTTP and HTTPS protocols are allowed. 
  • Access to local host (loopback) is not permitted. 
  • IP addresses cannot be used. You must use a named web address that requires DNS name resolution. 
  • Anonymous authentication is supported and recommended. There is no provision for prompting the logged on user for credentials or saving those credentials. 


The Microsoft Dynamics CRM platform collects run-time information about plug-ins and custom workflow activities that execute in the sandbox.  

This information is stored in the database using PluginTypeStatistic entity records. These records are populated within 30 minutes to one hour after the sandboxed custom code executes.  



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s