Care Management Deploy Checklist
How have you deployed Patient Service Center?
- Follow the guidance to deploy Microsoft Cloud for Healthcare solutions powered by Dynamics 365 with proper steps to prepare enviroment, deploy solutions, add users, and assign roles.
- Check the data center regions, countries/regions, and languages supported by International avialability of Microsoft Cloud for Healthcare solutions.
- Ensure the user doing the deployment has Microsoft Power Platform admin, Dynamics 365 admin, or tenant admin privileges.
- Ensure the user doing the deployment has proper licenses assigned for Dynamics 365 Customer Service, Digital Messaging add-on for Dynamics 365 Customer Service, and Healthcare add-on.
- Ensure that preview features aren't enabled in the production instance.
- Create a service account for non-production and production environments to establish connections using a non-interactive account. Change data connections to the service account after deployment. Be sure to train users about the data being created by the service accounts.
- Create and configure sensitivity labels in your tenant and enable them for Teams. For more information, go to Create and configure sensitivity lables on their policies.
- Use a non-default Power Platform environment. Deploying in a default environment will result in reduced functionality and security. For more information about Power Platform environments and best practices, go to Environment overview, Establishing an Environment Strategy for Microsoft Power Platform, and Dynamics 365 Implementation Guide.
- Allocate enough storage space in Power Platform. Admins can only create new environments if there's at least 1GB database storage capacity available in the tenant. For more information, go to Changes for exceeding storage capacity entitlements.
- Deploy Dynamics 365 apps to test development and production environments to align with the overall environment strategy recommendations for industry solutions in Power Platform.
- Make sure no sample data is added to the test and production environments.
- Each tenant is required to deploy the Microsoft Cloud for Healthcare SKU and be assigned before doing the deployment.
- For each user in the tenant, you need to deploy the Microsoft Cloud for Healthcare User Subscription License (USL). Perform user and group mapping for the requisite licenses before deploying the solutions to Power Platform.
- During the environment creation process, ensure to include auditing, data loss prevention (DLP) policies, and role-based access control so the environments can be used safely.
- Monitor the deployed solution from Power Platform admin center.
- Ensure to activate all workflows and actions. Don't leave them in draft mode.
- Ensure to update firewall rules with the URLs required to access Power Platform.
How have you arranged access to the deployed solution?
- Avoid assigning licenses to individual users by creating Microsoft Entra groups that automatically assign users the correct licenses based on their requirements and roles.
- Organize the Microsoft Entra groups that streamline and simplify role-based access control for the environments per the functions and requirements for the business units and application teams.
- Create a Microsoft Entra group for each environment to provide an additional control for controlling access to each Dataverse environment.
- Use Microsoft Entra conditional access policies to grant or prevent access to Power Apps and Power Automate based upon user/group, device, and location. Conditional access policies provide another mechanism to help protect a controlled Power Platform environment from unauthorized access.
- Microsoft Entra multifactor authentication provides a second barrier of authentication, which adds another layer of security. We recommend that you enforce multifactor authentication and conditional access policies for all privileged accounts for added security.
- Plan and implement for emergency access or break-glass accounts to prevent tenant-wide account lockout.
- Limit high privilege access by using a Microsoft Entra group with Privileged Identity Management (PIM) for admin access to the environments.
Have you completed the post-deployment steps for Care management application before go-live?
- Turn on the Enhanced Microsoft Teams Integration option and provide initial consent for Microsoft Teams chats inside Dynamics 365 using appropriate permissions.
- Be sure to acquire and assign other dependent licensing to users based on the dependent licenses associated with the solution. For more information, go to Set up and configure Microsoft Cloud for Healthcare.
- Be sure to assign appropriate role-based access control to the security group for the dedicated environment for Microsoft Care Management app in Power Platform, ideally as part of the environment creation process.
- When you add users, be sure to assign them at least the Basic user role. The role assignment is required for data ingestion.
- Be sure to define the company profile (organization) and business unit hierarchy for security segmentation and reference data before go-live.