Patient Outreach Deploy Checklist
How have you deployed Patient outreach?
- Check the data center regions, countries/regions, and languages supported by International availability of Microsoft Cloud for Healthcare solutions.
- Ensure that the user doing the deployment has Microsoft Power Platform admin, Dynamics 365 admin, or tenant admin privileges.
- Create a service account for non-production and production environments to establish connections using a non-interactive account. Change data connections to the service account after deployment. Be sure to train users about the data being created by the service accounts.
- Ensure that preview features aren't enabled in the production instance.
- Create and configure sensitivity labels in your tenant and enable them for Teams. For more information, go to Create and configure sensitivity labels on their policies.
- Use a non-default Power Platform environment. Deploying in a default environment will result in reduced functionality and security. For more information about Power Platform environments and best practices, go to Environment overview, Establishing an Environment Strategy for Microsoft Power Platform, and Dynamics 365 Implementation Guide.
- Allocate enough storage space in Power Platform. Admins can only create new environments if there's at least 1GB database storage capacity available in the tenant. For more information, go to Changes for exceeding storage capacity entitlements.
- Deploy Dynamics 365 apps to test development and production environments to align with the overall environment strategy recommendations for industry solutions in Power Platform.
- Make sure no sample data is added to the test and production environments.
- Each tenant is required to deploy the Microsoft Cloud for Healthcare SKU and be assigned before doing the deployment.
- For each user in the tenant, you need to deploy the Microsoft Cloud for Healthcare User Subscription License (USL). Perform user and group mapping for the requisite licenses before deploying the solutions to Power Platform.
- During the environment creation process, be sure to include auditing, data loss prevention (DLP) policies, and role-based access control so the environments can be used safely.
- Monitor the deployed solution from Power Platform admin center.
- Be sure to activate all workflows and actions. Don't leave them in draft mode.
- Be sure to update firewall rules with the URLs required to access Power Platform.
How have you arranged access to the deployed solution?
- Avoid assigning licenses to individual users by creating Microsoft Entra groups that automatically assign users the correct licenses based on their requirements and roles.
- Organize the Microsoft Entra groups that streamline and simplify role-based access control for the environments per the functions and requirements for the business units and application teams.
- Create a Microsoft Entra group for each environment to provide an additional control for controlling access to each Dataverse environment.
- Use Microsoft Entra conditional access policies to grant or prevent access to Power Apps and Power Automate based upon user/group, device, and location. Conditional access policies provide another mechanism to help protect a controlled Power Platform environment from unauthorized access.
- Microsoft Entra multifactor authentication provides a second barrier of authentication, which adds another layer of security. We recommend that you enforce multifactor authentication and conditional access policies for all privileged accounts for added security.
- Plan and implement for emergency access or break-glass accounts to prevent tenant-wide account lockout.
- Limit high privilege access by using a Microsoft Entra group with Privileged Identity Management (PIM) for admin access to the environments.
Have you completed the post-deployment steps for Patient outreach before go-live?
- Use the post-configuration guide to ensure that you completed the post-configuration steps in the recommended order.
- Turn on the Enhanced Microsoft Teams Integration option and provide initial consent for Microsoft Teams chats inside Dynamics 365 using appropriate permissions.
- Be sure to acquire and assign other dependent licensing to users based on the dependent licenses associated with the solution.
- Be sure to assign appropriate role-based access control to the security group for the dedicated environment for Patient outreach in Power Platform, ideally as part of the environment creation process.
- When you add users, be sure to assign them at least the Basic user role. The role assignment is required for data ingestion.