Tag Archives: Customer Engagement

What role for ClickDimensions with the release of Dynamics 365 for Marketing?

Microsoft recently lifted the NDA on Dynamics 365 for Marketing and it is now in Public Preview: you can try it yourself here. Microsoft did a very good job at documenting the solution on Microsoft Docs.

You may get a little confused as to which marketing automation solution to choose for your Dynamics 365 Customer Engagement deployment between Adobe, Dynamics 365 for Marketing, and ISVs such as ClickDimensions.


Dynamics and Marketing… wait a minute!

Now this is not the first time Microsoft launches a Marketing product. Remember Microsoft Dynamics Marketing (MDM)? Microsoft had acquired MarketingPilot in 2012 and launched it as Dynamics Marketing. Unfortunately, it was a failure. It never really got much adoption due to its limited integration with Dynamics CRM and even though it covered a broad functional scope, it was quite complex for end-users. As a result, Microsoft decided to discontinue Dynamics Marketing as of May 15, 2018.

These last years, Microsoft has been hard at work to fill the gap with a Marketing offer for its different segments of customers: Adobe integration for large enterprise scenarios, and a new Marketing solution for more simple needs. At first, Dynamics 365 for Marketing was only meant to be available to small businesses with a limit on the number of users, but this seemed to have changed since last summer.

OK. So what has changed with Dynamics 365 for Marketing?

Well for once, it is built on the Dynamics 365 Customer Engagement (previously known as Dynamics CRM) platform, leveraging familiar UI and extensibility options.

Now this should ring a bell… Other ISVs have done the exact same thing. ClickDimensions is one of the most famous Dynamics 365 Customer Engagement add-on for marketing, and it is completely integrated with its own custom entities and logic, leveraging services sitting in Azure to manage want can’t be done in CRM (emailing delivery at scale, web forms, landing pages, web analytics tracking…).

But almost all ClickDimensions data sits in the CRM database. And that’s one of the issue with such solutions: it literally fills the database with behavioral data. And even though it is scalable (even more so now that it leverages Azure SQL since v9.0), the CRM database was never really meant to store large volumes of behavioral data. Instead, it was more meant to store a customer database with associated transactional data related to sales or service processes and customer interactions (appointments, phone calls…).

Storing behavioral data can rapidly grow your database to very large volumes, especially if you start tracking emailing deliveries, email opens, clicks, website browsing… And Dynamics 365 storage is not known to be cheap: extra storage is billed around 10 $/GB/month (the good news being you get 5 GB free storage for every 20 user licenses).

What does Dynamics 365 for Marketing do differently?


Microsoft has built Dynamics 365 for Marketing with the future in mind.

Instead of storing behavioral data within the Dynamics 365 Customer Engagement database, it leverages instead an embedded version of Dynamics 365 Customer Insights. While this product (still in preview) did not received a lot of coverage, it is meant to bring Big Data, Machine Learning and Intelligence to the hands of business users. It is built on the Microsoft Azure AI platform.

So in short, Dynamics 365 for Marketing uses the Dynamics 365 Customer Engagement as its foundation for integration, where you will find your contacts, customer journeys (for marketing automation), emailing templates, segments (marketing lists) etc. but the heavy works (advanced segmentation, smart matching, customer 360° view that leverages all kinds of data sources) is done in Customer Insights.

Dynamics 365 for Marketing also leverages other existing components to offer a very complete set of features: Voice of the Customer for surveys, Portals, LinkedIn Lead Gen Forms, etc.

How do they compare in features?

Feature ClickDimensions Dynamics 365 for Marketing
Campaign Automation Yes Yes
Email Marketing Yes Yes
Web Forms Yes Yes
(with Portals)
Event Management (Webinar) Yes
(GoToWebinar, WebEx,
Cvent, Eventbrite)
(natively with ON24 or
storing links for others)
Event Management (Conferences…) No Yes
Reporting Yes
(CRM Dashboards,
Power BI Content Packs)
(CRM Dashboards,
Power BI Content Packs)
Surveys Yes

(Voice of the Customer)

Web Intelligence / Analytics Yes Yes
Lead Scoring  Yes Yes
Landing Pages Yes Yes
SMS Messaging Yes
(with 3rd party)
(with 3rd party)
Social Marketing Yes  Yes
(with Social Engagement,


How to choose?

First, you should know that Dynamics 365 for Marketing is still in preview (some say it will hit GA in April 2018) while ClickDimensions has been around since 2010 and has a well established situation and a strong customer base. So you shouldn’t rush.

In terms of pricing, there is still no information on what Dynamics 365 for Marketing will cost, and this will certainly be a major criteria.

Technology-wise, Dynamics 365 for Marketing was built with the latest cloud technologies available when ClickDimensions inherited design choices that were driven by earlier versions of CRM and their limitations. Nonetheless, ClickDimensions offers very regular updates and has a rich roadmap for the future.

Even though both products tend to have a similar functional scope, I believe Dynamics 365 for Marketing has a more “future-proof” architecture and will be better scaled for large volumes of data and complex 360° customer view and dashboards.

Wait & see!

The right questions to ask when designing a security model in Dynamics 365

Where to start when it comes to security in Dynamics 365 Customer Engagement?
In this post I will help you ask and hopefully answer the key questions that arise when you design a security model.
I will also provide important warnings to consider and I will give you a simple method on how to lay down on paper the foundations of your security model and its business rules.

Dynamics 365 Security Design

What type of owner for your records?

It’s a crucial question. As I mentioned in my last article dedicated to the security context, the owner of a record defines the record’s position in the hierarchy of business units, and to which user or team it is linked to.

A user?

This means that the record belongs to the business unit of its owning user.

This is the default behavior in CRM, but is it always for the best?
Pay attention to scenarios where users are cross-departments and could work on records that can be functionally linked to different business units.
Example: I am part of the global management of a firm and as such, I sit on top of the hierarchy. At the same time, I work on an opportunity that is functionally related to the “Analytics – France” business unit. How to make sure that users belonging to that business unit also see my opportunity, if it is technically linked to a business unit above them (mine), and if they can only see opportunities that belong to their business unit? (You’are allowed to draw!)

A team?

Teams can become quite handy when it comes to dispatching data in the right place in the hierarchy of business units.
This also lets you manage independently how you dispatch users between business units (and this might not be even necessary!)

On the other hand, choosing to assign data to teams requires a bit of consideration on how to (possibly) automate these assignments, depending on business rules.
Example: when an opportunity is related to the “Business Apps – France” business unit (through a custom lookup), then assign the opportunity to the default owning team that is configured on this business unit.

A few good questions you should ask…

Beyond the classic “who should do what?”

  • Where to dispatch my users? Sometimes it is not even necessary to dispatch them in business units, especially if your security model is based on teams.
  • Where to dispatch my data? That’s the critical point

Don’t forget!

  • Who can see notes?
    Be careful with received ideas!
    Note security is not inherited from the entity it is attached to.
    They also have an owner and should not be forgotten in your security model. Otherwise you might have a surprise one day if a user makes an advanced find.
  • Who can see activity feeds publication?
    Just like for notes, visibility on publications does not depend on the visibility of records they are attached to.
    In fact, the Publication entity does not have an owner… everybody can see all of them, provided they have at least a read privilege on the entity.
  • Can we distinguish the rights on different types of activities?
    It is not possible to have different privileges on different types of activities.
    The security of an email, appointment or task should be handled in a single way.
  • What is the impact for the Outlook synchronization if my activities belong to teams?
    Be careful with Outlook default filters. They are often based on the owner.
    You should review each type of activity individually and update your organization’s default filters accordingly, for example with this great tool by Tangy Touzard: Sync Filter Manager.
  • How to manage security for a record that can be assigned to anybody in the organization?
    For example, a task can be assigned to different people, or a case can be handled by multiple users in their life-cycle.
    You should carefully review the path and life-cycle of your records, and make sure that they remain visible to the right users during their processing.

Warning: designing and implementing a security model can take time!

We rarely plan enough time to handle complex security models, thinking that it’s “just” configuration.

Security can require quite some work:

  • Automatic creation and configuration of owning teams
    Especially if your model is complex, with a large number of business units that evolve in time.
    Keep in mind that teams also need a security role in order to own records!
  • Automatic assignment of records based on business rules
  • Automatic configuration of users based on their profile

Document your model and create a data security inventory 

Create a spreadsheet with the entities that you use in your projet, their type of owner, and how the owner should be determined.

For example:

Entity Owner Business rule to identify the owner
Contact Team Depending on the contact’s country:

  • Contact > Country > Country’s owning team
Lead User The user who creates the lead (default behavior)
Account Not relevant, as in this model all users should see all accounts
Opportunity Team Depending on the managing department of the opportunity

  • Opportunity > Department > Department’s owning team
Note User / Team It depends:

  • If the note is attached to a contact or opportunity, then the note should be assigned to the same owner as the contact or opportunity
  • If the note is attached to another kind of entity, then the owner should be its creator.
Product Organization N/A
Price List Organization N/A

Dynamics 365 Security: context, context, context!

Have I mentioned how important the context is?

Whenever you address a security question in Dynamics 365 Customer Engagement, there are always two contexts that you must take into consideration: the data context and the user context.

LockThe data context: it is provided by the record’s owner but also (and it’s very important), by the Business Unit of its owner (whether it is a user or a team).

The user context: his or her Business Unit as well as his or her different security roles. Whether those roles are assigned directly to the user, or to the teams he or she belongs to. The respective context (especially Business Unit) of these various roles is crucial.

How should you configure your user rights?

There are several ways, but you mainly have two options to configure the rights of users in Dynamics 365:

  • With security roles that are directly assigned to them.
    …and that apply in the context of the user’s Business Unit.
  • With security roles that are assigned to teams they belong to.
    …and that apply in the context of the team’s Business Unit.

It is of course possible (and sometimes necessary) to mix and match the two options, with both roles that are directly assigned to the user and others that are assigned to teams he or she belongs to:

Team or User security role

How to know the context of a security role?

Well, that’s an easy one: it’s written on it when you assign it!
A security role’s access level is only defined by the context of the user or team to which it is assigned:
Security Role and Context

Why should you assign at least one security role directly to a user instead of relying solely on team-based security?

It is recommended that even with a security model based on roles that are assigned to teams, users should have at least one security role directly assigned to them. It is mandatory if you want your users to be able to access personal CRM options, formats, languages, or have default forms, personal views, personal charts and personal dashboards (because they would need to be the owner of them, as it can’t be a team).

Base security role

You should also know that if you want users to be owner of records that only them should see, a security role containing a “read” privilege with a “user” access level, assigned to a team the user belongs to would not work. That would mean that the team can be the owner of the record, not the user belonging to the team.

Yes, security roles are additive… but be careful, they are additive in their respective context!

Security roles apply exclusively in the context of the user or team they are assigned to (and so in the context of the Business Unit of the user or team)


 Security Roles Cumulation
It is a misconception to think that because a user is part of a team, they can benefit from the team’s security role in their own user context. In fact, they benefit from each security role, but in their respective contexts.
Security Roles Accumulation
Stay tuned for more hands-on examples!

Basic (but important) considerations about the Dynamics 365 security model

The Dynamics 365 security model

When it comes to data, security defines who has the right to do what on a record in the respective context of the user and the data.

Concerning the User Interface, security lets you adapt a number of items for users:
  • Forms
  • Dashboards
  • Command bar buttons
  • Business Process Flows
  • The sitemap (or sitemaps, since 8.2, thanks to Business apps)
  • Views (since 8.2, thanks to Business apps)
  • Charts (since 8.2, thanks to Business apps)
On top of that, security also allows to define access to specific features, such as Excel Export, Printing, the use of the App for Outlook…

Standing at the crossroads

Data security must be conceived as a meeting point between data and the user’s rights. The security model’s backbone, that enables those meetings, is the business units hierarchy.

I will elaborate more on importance of the context of the user and the data in an upcoming article.

CRM Crossing Paths Dynamics 365

 Customizing views and forms IS NOT securing data

Once configured, the security model applies regardless of the entry point of your users: through the Web interface, the Web Services, the SQL Filtered Views (On-Premise), the mobile application, the reports…

It is important to understand that forms that are associated with security roles do not restrict in any way access to CRM data. Contrary to field level security, forms are just an ergonomic presentation of your data (UI). The same goes for the columns you chose to display in a view, or the filter you decide to apply to it. Any user can bypass them by doing a simple Advanced Find.

Here’s an example of the impact of a JavaScript injected into a CRM form, that completely reveals and unlocks it:

CRM JavaScript Injection EN

On a similar note, resourceful users who have a read access to CRM data can access it through the Dynamics 365 Web Services, and thus be able to export them one way or another, even if the “Export to Excel” button is hidden to them.

Security can only be configured server-side, through the configuration of your users’ rights (business units hierarchy, users/teams configuration and their security role, entity relationships, field level security, positions…), and if necessary through custom logic that is executed with Plugins or Workflows. 

Example of hacks

By injecting this JavaScript code in a form, a user can display all hidden tabs, sections and fields, make editable all read-only fields, and remove any requirements for mandatory fields.

This injection can be done with the console of your browser, or by minifying this code and copying it as a bookmark URL (more examples here).

javascript: var form = $("iframe").filter(function () {
    return $(this).css("visibility") == "visible"
try {
    form.Mscrm.InlineEditDataService.get_dataService().validateAndFireSaveEvents = function () {
        return new Mscrm.SaveResponse(5, "")
} catch (e) { }
var attrs = form.Xrm.Page.data.entity.attributes.get();
for (var i in attrs) {
var contrs = form.Xrm.Page.ui.controls.get();
for (var i in contrs) {
    try {
    } catch (e) { }
var tabs = form.Xrm.Page.ui.tabs.get();
for (var i in tabs) {
    var sects = tabs[i].sections.get();
    for (var i in sects) {
Another option is to install and use Sonoma Partners’ Dynamics CRM DevTools inthe Google Chrome extensions store:
Sonoma Partners Dynamics CRM DevTools

New certification: MB2-877 Microsoft Dynamics 365 for Field Service

5 new Business Applications exams were announced earlier this month. Among them, a Dynamics 365 Customer Engagement one: MB2-877: Microsoft Dynamics 365 for Field Service. It should count towards the MSCA and MCSE certification paths.

Dynamics 365 Field Service

Even though Field Service skills were already tested in the MB2-718: Dynamics 365 for Customer Service exam, it’s good to have a new, dedicated exam, as the MB2-718 exam was much too dense in terms of content in my opinion.

Skills measured:

  • Set up and configure Field Service (15 – 20%)
  • Manage work orders (15 – 20%)
  • Schedule and dispatch work orders (15-20%)
  • Manage Field Service mobility (10 – 15%)
  • Manage inventory and purchasing (10 – 15%)
  • Manage the Connected Field Service solution (5 – 10%)
  • Manage Agreements (10 – 15%)

More information here.

How to train for MB2-877: Microsoft Dynamics 365 for Field Service? Well, on top of hands-on experience, you should find everything you need on the Dynamics Learning Portal: there is an Exam Preparation Guide, a Self Assessment and 4 dedicated courses:

You should be able to pass this new exam on and after December, 11th 2017.

Let’s also expect a new exam for Project Service Automation for 2018!

Dynamics 365: the sessions your must watch from Microsoft Ignite

Microsoft has released on their YouTube channel a great deal of sessions that were recorded at the Microsoft Ignite conference that took place this week in Orlando, Florida. Many of them are on Dynamics CRM 365 Customer Engagement (CE for short).

One of them is particularly insightful for architects and developers, as it relates to platform considerations: solution management (Microsoft is more than ever pushing for managed), virtual entities, new types of attributes, .NET SDK changes, new admin API… A MUST WATCH

Lots of other sessions have been recorded on Dynamics 365: