How to enforce confirmation of email before enabling Portal functionality

A common requirement I’ve come across is the requirement to force user to confirm their email before accessing Portal Functionality.  Out of the box, users can simply sign up and away they go – they are taken to their profile and can then browse about the website. Now, most people implementing portals have some understanding of Web Roles and Web Permissions, but the confusion is how to tie those permissions to the confirmation of the email – and how to improve the sign up experience to make the whole thing more seamless.

There’s two basic approaches. The first is to use the out-of-the-box Portal sign up experience and then Assign the correct Web Role(s) to users only once they have used the (out-of-the-box) email confirmation function. (You can learn more about creating web roles here: 

The second approach is to turn off open registration and make your Portal Invite-Only. (Learn about invitations here: ). This might not sound like the desired path if you want users to be able to freely sign up, but don’t worry – we will let them up, we just need to create a custom signup form (which is just an entity form that create a contact: ) and then configure a workflow to send the invite to anyone who signs up. This method will allow you to have the more typical web experience because you need to confirm your email first, before you even land on the profile screen.

Let’s look at both of these methods.

Using OOTB Registration

This is the easiest method to configure. Using the default registration method, when open signup is enabled (which is the default setting) users can sign up freely by clicking “Sign In” on the header, which will take them to the authentication page, from where they can click Register.

They will authenticate using B2C or (will pick a username and password if you are using local forms-based auth) and then will immediately be authenticated and taken to their profile.

Once we are on the Profile Page, we’ll be prompted to enter in our contact info, which is blank in the system at this point. One thing to note, is that at this point, a stub contact record has indeed been created within the database, with a blank First Name and Last Name.  We also have the default authenticated web role, so we are free to navigate away from this page provided that other parts of the portal are not locked down by web page access control rules. This in and of itself might disqualify this path depending on your exact requirements, and if it does, check out the second method (configuring a custom signup form).

We’ll want to lock down any portions of the site that require email confirmation using Web Page Access Control Rules (link to MSDN documentation). The rules will be of type restrict read, which will prevent access to any pages covered by the rule, except for users in a Web Role related to the rule.

This means, of course, that you will be creating a new Web Role as well.  You can call it something like “Confirmed Email Users”. This role will be given these restrict read rules (which will lock down the pages for everyone else).

You could for example, just have one or more members-only sections of the site, each with a parent page that you lock down with a Restrict Read Rule, or you could lock down the home page with a restrict read rule, so if anyone navigates to your site, they will immediately be taken to the sign in page.

Note however, that if you do this, you will then need to make sure that the default authenticated users role has access to the profile page, or new users won’t be able to go through the process. Remember that any more-specific rules will take priority over less specific ones, so if you put a restrict read rule on the homepage and relate it to your “Confirmed Email Users” role, you can override this by adding a restrict read rule to the profile page and assigning it to the default authenticated users role. That said, it’s probably best not to lock down the home page but to lock down the various pages in your portal providing the functions you want them to confirm their email for.

The missing part of the puzzle is of course how to assign the Web Role to newly registered portal users once and only once they have confirmed their email. To do this, you can create a traditional workflow to assign the web role to the user. This workflow will be triggered on  update of any contact record’s “email confirmed” boolean value to true. This boolean value is set when the user confirms their email. When the Value changes, the workflow will fire and associate the Web Role to the contact.

First, create the workflow (remember that this is a classic background workflow, and you might need to use classic mode in order to create new workflows):

Set the condition:

Assign the Web Role. For this you will be using an OOTB custom workflow activity step

Save and Activate the workflow. When users sign up, they will be taken to the profile and will see this message:

Clicking a link will send them an email which they can use to confirm their email, which will trigger the workflow and assign them the web role, granting access.

Using Custom Registration

One downside of the OOTB registration method I described above is that it allows people to authenticate, choose a username and password, and fill in their profile before ever confirming their email.  A common sticking point for client is that they wish users to be able to do none of these things until they’ve confirmed their email.  They want a registration form to be filled out, and once the form is submitted, the portal user will need to check their email for a confirmation email before they can fully authenticate to the Portal.

Fortunately, this scenario is easy to configure. A custom registration form will need to be used, which will trigger an email to be sent to the user. This email acts as an invitation to authenticate, and lucky for us there is an invitation model built-in to Portals that we can leverage for this purpose. We of course also want to turn off the default open signup mechanism – we only want users to register using our custom form. Once you’ve set it up, you can lock down the portal using the default authenticated users role and won’t need to create a special web role like you did with the first method – users can’t authenticate at all until they have confirmed their email via invitation.

The first step is to configure Portal security to be invite-only. Observe the following Site Settings: (

Set “Authentication/Registration/OpenRegistrationEnabled” to false.

Set “Authentication/Registration/InvitationEnabled” to true.

This will have the effect of turning off the ability for portal Users to register using the OOTB registration – although you will build out a custom registration form to allow it. When they submit the form, they will receive an invitation email.

The next step is to create our registration form.  We will need to create an entity form ( with the following fields:

  • Name: Anything you want, I suggest “Register Contact”
  • Entity Name: contact
  • Form Name: “Contact Web Form” if this form exists, can be used, or you can create a custom form for use with this entity form.
  • Mode: Insert
  • Website: Your Website

That’s it.  Once you have created the Form, you’ll need to add it to a Web Page.  I recommend creating a page called “Register” and adding the form to that page.

Add a link to this page to the header of your portal, so you can always click there as opposed to the sign in page.  Make sure that when using custom registration that you don’t lock down the home page, because if you do, users will be sent straight to the OOTB sign in page, which can’t be customized.

Again, we need for an invitation to be sent upon submission of this form. To do this, we can again create a traditional workflow to send the invite to the user, and to set the value of the “confirmed email” boolean field on the contact record to true (so they won’t see the message prompting them to confirm their email in their profile).

The workflow will be triggered upon create of a contact record.

We can create a new workflow that uses a flag on the contact record to indicate that the contact was created on the Portal, so invitations won’t get sent to contacts automatically whenever a contact is created in the backend.  We can of course manually send invitations still, so that resolves the case of needing to send an invite to a contact that was created manually. Alternatively, we can just call the OOTB Send portal invitation to Contact workflow which does everything we need.

This workflow is OOTB and will create the invitation and send it for you:

The only thing we really need to add to the parent workflow, therefore, other than the fact that it triggers on create of a contact (and we can optionally check a flag to ensure it comes from the portal – i haven’t done that in my screenshots) is we need to set the email confirmed flag to true.  Since the process of signing up now essentially confirms their email, no need for them to do it a second time.

Once you activate the workflow, you should be good to go! Finally, a registration process that actually gives you what you would except in terms of UX, and fulfills the requirement to not allow activity on the portal until email is confirmed, to boot!

Hopefully this was useful to at least a few people out there.  I’ve seen this come up so many times I’m surprised it’s not an OOTB option by now. I hope you enjoyed reading and expect more posts soon! Be sure to like and subscribe!

How to build out a survey to collect data for D365 CRM in under an hour using MS Forms and Flow

Ever wanted to connect with your customers on a certain issue extremely quickly and won’t want to put much fuss into it? Sounds like you need to push out a survey in a matter of minutes – and want a robust place to store it that integrates with your existing systems. SurveyMonkey probably immediately springs to mind, but the frustration of that service is you are ultimately going to be exporting that data and transforming it to do your own analytics on it. Wouldn’t it be nice to have a very quick way to put out a survey, but leverage your existing O365 environment and CDM/CRM database? Of course it would! That’s were Microsoft Forms comes into play.

Continue reading “How to build out a survey to collect data for D365 CRM in under an hour using MS Forms and Flow”

How Portals fit into the Power Platform

Ah Portals, our favorite child of Microsoft Dynamics CRM. It’s been around for while and people have gotten used to it as a piece of the D365 picture. However, people are starting to pick up on the fact that the Power Platform has a Portal offering too? Is this the same thing? How do Portals fit into the picture of Power BI, Power Automate, and Power Apps?

Portals and Customer Engagement

Well I suppose the first thing to clear up is how Portals fit into Dynamics 365 Customer Engagement. And to do that, we need to clear up how Dynamics 365 Customer Engagement fits into Dynamics 365.

Well for starters, it’s not Dynamics 365 Customer Engagement anymore. With that out of the way, I’ve got nothing better to call the set of model-driven power apps that are part of the Microsoft Dynamics 365 licensing structure, so to heck with it, I’m going to keep referring to it as CE for this article.

It’s a long story, but the short-short version is that when CRM, NAV and AX all went online, Microsoft decided to market them all as the same thing – just different parts of the same platform. This actually makes perfect sense because in theory they compliment each other very well. NAV / AX (Now Business Central and F&O) handle the accounting / ERP side of things, which allow your business to manage its finances and inventory, while CE handles the sales and customer service side of things. Together they really do represent a complete picture, in theory, if only they integrated together a bit better.

So where does the portal come into play? Essentially, it’s the customer-facing portion of your customer engagement solution. Basically, if you are a business, and you have customers, you need a portal of some kind, and if you have a Dynamics 365 CE implementation, the Dynamics Portal makes a pretty good use case to fill this role. External users interact with your Portal which in turn interfaces with D365 CE.

Here’s how portals fit into D365

OK, but what does this have to do with the Power Platform?

So far we’ve been talking about D365 and how the Dynamics Portal fits into CE. However this article is about how the Portal fits into the Power Platform. So perhaps we should be asking ourselves how D365 CE fits into the Power Platform.

Well, it’s a long story. Really I would say that the best explanation ever was provided by MVP Nick Doelman in this blog post. Give it a read – it’s a great story.

Dynamics 365 and the Power Platform

Here’s the short version: Microsoft loves bundling software together into Platforms, and three applications that worked pretty well together were Power BI, Flow, and PowerApps (Now called “Power Apps”, with a space). Power BI is Microsoft’s premiere business intelligence software – it can connect to various data sources, create reports based on that data, and allows for powerful visualizations, data manipulation and forecasting. Flow (Now called Power Automate, in case you missed it) is a next-generation low/no-code workflow engine, also connecting to a variety of data sources and allowing for the automation (power automation!) and streamlining of repetitive tasks. Finally, PowerApps started as a platform to allow customers to easily build unique purpose-driven applications. This would allow “citizen developers” to build custom applications low/no-code. This began with a set of drag-and-drop tools and low-code functions to build pixel-perfect apps that connect with a large variety of different data sources via connectors.

As this was all coming together into the Power Platform, Microsoft realized that what’s missing from this combo of Flow, Canvas PowerApps, and PowerBI is a citizen developer-friendly data store that is easy to set up and customize. A highly extendable relational database -which could be called the Common Data Service (CDS) and a basic schema with some pre-defined entities like contacts, accounts, and activities – which could be called the Common Data Model (CDM).

Sound familiar?

Turns out Microsoft basically already had such a thing and that was the Dynamics CRM data model and business application layer. For years and years, we in the Dynamics CRM world had learned to adopt the “xRM” mindset and think of CRM as a platform, because of how extendable and robust it is. Dynamics CRM had in fact everything Microsoft was looking for in and therefore CRM formed the basis for this new CDS and CDM. In the spirit of not fixing what isn’t broken, the Unified Client Interface (UCI) was welcomed with open arms and the concept of Model-Driven Apps was born.

The Microsoft Power Platform | workingondata

The Dynamics data model was re-branded CDM and the different customization tools like the solution editor had a PowerApps (later “Power Apps”) label put on them. The power platform was really ramping up now – a complete platform allowing for all aspects of engagement, functionality, analysis, and automation to come together. What had been the “naked” CRM business application layer had become CDS/CDM. the customization tools and UCI came to form Model-driven Apps. The original pixel-perfect apps and tools because known as “Canvas” apps, and then Flow was renamed Power Automate for some reason.

But exactly where does “Dynamics 365” fit in? Is Dynamics 365 gone now? Or is it just ERP now? after all, CRM is just CDS/CDM and Model-driven apps now. The answer lies in the question of what apps we are talking about. The “CRM” part of Dynamics 365 – D365 CE – is no longer a platform, instead, it’s just a brand name (and licensing structure) for a series of first-party Model-Driven apps, that come pre-loaded with all sorts of features and functions that you can’t get otherwise. It’s still very much built on the Common Data Model and very much part of the Power Platform… Although it’s also still very much part of Dynamics 365 as well, so it’s marketed alongside the ERP side of Dynamics, as if things weren’t confusing enough. Maybe a diagram will help.

Dynamics 365 and the Power Platform

Portals and the Power Platform

This brings us back to the Portal. A while back I posted about how finally we get a “blank” Portal that runs off of CDS without needing Dynamics 365 licensing. This is brand new app type, right along Model-Driven and Canvas, known as Portal Apps. The Portal App is identical tech-wise to the Dynamics 365 Portal that we kicked this article off with. Just as Dynamics 365 apps are just first-party model-driven apps that come pre-loaded with features, so are the Dynamics 365 Portal Apps (like the Community Portal, Partner portal, etc.) first-party Portal Apps that use the Dynamics 365 licensing instead of the Power Apps licensing. Or to put it another way, just as CDM + Model-driven apps is a “naked” CRM, so are the Portal Apps, “naked” portals!

So what business value do the Portal Apps add to the Power Platform? Well, just as the portal represented the external “Customer” side of Dynamics Customer Engagement, the Portal Apps allow for external users to interact with your custom line-of-business application. The scenarios are endless just as are the scenarios for Power Apps – the limit is your imagination. Online shopping, profile registrations, service requests, open information, the list goes on – if you are building a line-of-business application with Power Apps and need a way to expose information to or capture interactions or information from external users, Portals is a potential solution.

Thanks for reading! Be sure to like, share and subscribe if you want to see more!

Why it’s a good idea to opt in to early access Power Platform and D365 updates

Managing changes coming from Microsoft and staying on top of the latest updates and deprecated can be quite daunting for many. If you let up on it for a couple of months, as many of us are wont to do, myself included, you can quickly find yourself overwhelmed by what’s new out there simply because of the dramatic pace of change.

One quick win would be to opt-in to early access to new features as early access becomes available, so you can start testing, learning, and leveraging them right away. This advice will always apply, but here’s the guide to early access features at the time of this writing.

For each of the various major releases, you can opt in for early access about 2 months prior. So for the features set to release in Apr 2020, you’ve been able to get early access since February. Wave 2 will release in October, so you’ll be able to opt in in August.

Opt-in timeline for 2020

Here are some reasons to opt-in:

  • You will have more time to test and learn new features
  • You will be able to identify potential problems (such as with deprecated features) faster
  • You’ll get a jump start on development
  • You will be ahead of the curve in terms of knowledge and readiness

I have definitely spoken to a few people who express concerns when it comes to opting in to early upgrades, because it might cause instability with production environments. Putting that aside, it’s a no-brainier to start testing out and leveraging early access features if you’ve got multiple environment that you can use to do so. The early access updates are available for all types of environments, including trial, sandbox, and production. So don’t hesitate to do so for your non-production environments.

Here’s how:

  1. Sign in to the Power Platform admin center.
  2. Select the environment to update.
  3. Under Updates, you’ll see that the new release wave is available. Select Manage.Manage opt-in update
  4. Select Update now, and then proceed through the confirmation dialog boxes to enable the new features and capabilities of the release wave.Opt-in update now
  5. After the update is complete, all early access features will be enabled for your model-driven apps in your environment.

Remember, you can’t opt-out of the eventual upgrade – that’s actually the beauty of SaaS; it forces a different dynamic than the “giant upgrade, sit around and wait, fall desperately behind, repeat” one. It’s for that reason that i’d recommend some best practices in terms of your approach to upgrades:

  • Download the release plans when they become available: Reading these will give you a good idea of what the next release includes. Essential for members of the community! At the time of this writing, the current release plan is in two waves: wave 1 and wave 2.
  • Stay up to date with the Roadmap: This will give you a sense of what’s coming:
  • Ensure you have sufficient environments: Production, UAT, Test and Development at a minimum. This is separate from “play” environments that you use for learning. This keeps development far away from your live environment so that early opt-in, not to mention your dev work, won’t break production.
  • Opt in to the early access updates from the Power Platform admin center, and test and evaluate new features against your requirements regularly: Begin with your sandbox environment. An update might introduce new functionality that you can leverage in new engagements as a consultant, solve a pain point on an existing system, or even remove the need for a third-party tool and introduce a cost-cutting shift. So many times I’ve consulted with clients who left feeling like “they should have known better” after paying big bugs for a custom solution when they could have used recently-introduced D365 features OOTB to fullfill all the requirements!
  • Leverage both early opt-in and preview features: The most time-consuming task is testing the updates, so the earlier that you start test features you know are coming the longer you have to test. You want to catch issues as early as possible. This would apply to leveraging preview features as well, although preview features can always change, it still gives you a lot of extra time to test features and prepare.

Hopefully, this makes you more comfortable and excited about staying on top of the latest and greatest. Opting-in to early upgrades is one great piece of that puzzle!

What the heck are we supposed to call Microsoft’s online CRM platform anyway?

Ah, CRM. If you have lived in Dynamics CRM land for a long time, you know exactly what I mean when I say CRM. It used to be pretty simple; It’s Microsoft’s CRM product: Dynamics CRM. Then Microsoft branding and marketing got involved and we got a long ever-changing road of really confusing terminology.

In case you’ve been living under a rock… or you know, think of Dynamics as a brand of ERP products (we’ll get to that later), CRM stands for Customer Relationship Management. Essentially, if you are a business, and have customers, then you need a CRM system. Depending on the size of your business, that might just be a black book, or a series of Excel spreadsheets, or a database of some kind. A first-class CRM product would be called for if you have salespeople who need to track contacts, accounts, sales and opportunities. You might also need one to track customer service cases or to manage marketing campaigns.

In any event, Dynamics CRM started as a first-class CRM product that just happened to be very customizable (perhaps “xRM” rings a bell?). You could use it as just a CRM (you know, like Salesforce), or you could customize it to do almost anything you want with it (I’ll get to that later too). We always just called it “CRM”. That’s it. Not “Dynamics CRM” or anything like that, Just “CRM”. Everyone knew what we were talking about.

So when did the confusion begin really? Well originally, Dynamics CRM was on-prem. Fast forward to a few years ago (please don’t tell me it’s been almost 10) and Microsoft decided that like literally everything else that exists now Dynamics CRM would be offered in the cloud as SaaS. At first, the online version was called “Microsoft Dynamics CRM Online”. Nice.

Things were simple until it was decided in 2016 to rebrand CRM under the Dynamics 365 umbrella along with several different ERP products. CRM would appear in this suite of software – along with the ERP products AX and NAV – but wouldn’t be called CRM anymore. Instead you had a few different busniess apps – “Dynamics 365 for Sales”, “Dynamics 365 for Customer Service”, etc. Each of these apps was just CRM but with a narrow sitemap containing only the module in question. Of course there were also apps like “Dynamics 365 for Finance” which was NAV under the hood or “Dynamics 365 for Operations” which was AX under the hood. In terms of licensing you didn’t get a license for CRM as a whole anymore, instead there were different Dynamics 365 plans which included different apps from this unified selection.

In a way it did all make sense from a marketing perspective; since the desire was to mainstream the Dynamics products that had previously been under a different business umbrella. A popular blog post from 2016 compared it to when they bundled a bunch of previously separate products like Word, Outlook, PowerPoint and Excel into “Office 365”. Instead you have a bunch of previously separate products that collectively are called the same thing – Dynamics 365. The difference really is that with the Office 365 product the separate apps are still called the same thing that they were before they were bundled. Word is still Word, Excel is still Excel. With Dynamics 365, you didn’t have a direct line of naming succession, and CRM was now called different things depending on the business application.

Further to all this, Dynamics CRM had for some time been pushed as a more than “just” a CRM application. It had been pushed as a platform. Some of you may have been around long enough to remember this:

CRM was actually xRM. Meaning that it was a platform that you could build a wide range of business applications on top of that went way beyond just CRM. Dynamics CRM was highly customizable and was in fact a great platform to serve this purpose. It was so robust that we even built a Portal product to sit on top of it and allow businesses to engage with their customers at a whole new level. Well, now that platform with all those applications and the Portal and all that…doesn’t officially exist anymore. Sure it still exists under the hood of Dynamics 365 Sales, Dynamics 365 Customer Service, and so on, but what should we call the platform now? Just “Dynamics 365”?

Here’s the thing. If you find yourself attending D365 community events or UG events, or worse still if you work on projects that have both a CRM and ERP element to them and D365 is the selected platform, you might bump into the situation were you start up a conversation with someone about Dynamics 365 and very quickly realize that you are speaking different languages. To the ERP person “Dynamics 365” means the ERP product. Dynamics 365 IS an ERP product to them. For you, it’s the opposite. When you say “Dynamics 365” what you really mean is “CRM” but you can’t say that anymore. Or you know, you could say screw it and keep calling it CRM anyway.

Realizing that there had to be some way of distinguishing the portion of Dynamics 365 that came from the platform that had been CRM, Microsoft decided in 2017 to introduce the name “Dynamics 365 Customer Engagement” to refer to the product that had been CRM but wasn’t allowed to be called that anymore. All was well. Soon the confusion started to abate. We had “Dynamics 365 Business Central” for “BC” for short, and that was the new name for NAV online. Then you had “Dynamics 365 Finance & Operations” and that was the new name for AX. And of course you had CE for CRM. So now you just had to get over the habit of saying “Dynamics” (or CRM) when you meant “CE”. Easy.

That is until Microsoft officially announced that CE is gone from the Microsoft cloud. The apps are still there, but they won’t be referred to collectively as “customer engagement” anymore. Instead we are back to them not really having a collective name and just being separate D365 apps again.

I kid, I kid…

So why the change? CE was a perfectly good name to describe the online CRM offering no? Of course there is a problem with this. CE is the name for the online version of the CRM product, right? Well, increasingly, the online product isn’t really the same product as the on-prem product anymore – it’s not even built on the same foundations. Under the hood, the underlying platform has shifted from what was CRM to what is now the Power Platform. No one explains it better than Nick in his amazing blog post explaining the Power Platform. Long story short – we got xRM, but in the form of the Common Data Service, and Dynamics 365 apps are just vertical apps built on this service. It’s all part of the power platform. So, there is no distinct CE product that is separate from the Power Platform anymore – least not for much longer from a tech or infrastructure perspective.

CE is now the name for the on-prem product. CRM is truly gone. Meanwhile, we are still stuck trying to figure out how to refer to “the set of model-driven premium business apps that you pay separate licensing costs for that aren’t ERP”. Or in other words “the CRM stuff”. Well, for now at least, the correct way to reference any of the individual apps is “[Insert Dynamics 365 app name] running on Common Data Service”, so for example “Dynamics 365 Sales running on Common Data Service”. Yes, that’s a mouthful and also notice there is no “for” in the title anymore. Therefore, as a whole, the set of apps should be called “Dynamics 365 apps running on Common Data Service”.

That all said, I might suggest a better name: wait for it.

Dynamics 365 Power Apps


Hope you enjoyed the read! I’ve been gone for a while but hope to post more frequently again and will be making some updates to my site. Stay tuned, like and share!