Deployment checklist for Microsoft Sustainability Manager
How have you deployed the Microsoft Sustainability Manager solution?
- Check the data center regions, countries/regions, and languages supported by International availability of Microsoft Sustainability Manager.
- Ensure that the user doing the deployment has Microsoft Power Platform admin, Dynamics 365 admin, or tenant admin privileges.
- Establish a comprehensive plan to manage data connections, including configuring them with the required service account details and assessing the transition mechanisms between development, testing, and production environments.
- Ensure that preview features aren't enabled in the production instance.
- Create and configure sensitivity labels in your tenant and enable them for Teams. For more information, go to Create and configure sensitivity labels and their policies.
- Use a non-default Power Platform environment. Deploying in a default environment results in reduced functionality and security. For more information about Power Platform environments and best practices, go to Environments overview, Establishing an Environment Strategy for Microsoft Power Platform and Dynamics 365 Implementation Guide.
- Ensure the solution has undergone all required types of testing and has been formally accepted by the business stakeholders.
- Allocate enough storage space in Power Platform. Admins can only create new environments if there's at least 1GB database storage capacity available in the tenant. For more information, go to Changes for exceeding storage capacity entitlements.
- Deploy Dynamics 365 apps to test development and production environments to align with the overall environment strategy recommendations for industry solutions in Power Platform.
- Make sure no sample data is added to the test and production environments.
- Each tenant is required to deploy the Microsoft Sustainability Manager SKU and be assigned before doing the deployment.
- For each user in the tenant, you need to deploy the Microsoft Sustainability Manager USL. Perform user and group mapping for the requisite licenses before deploying the solutions to Power Platform.
- During the environment creation process, be sure to include auditing, DLP policies, and role-based access control so you can use the environments safely.
- Monitor the deployed solution from Power Platform admin center.
- Be sure to update firewall rules with the URLs required to access Power Platform.
How have you arranged access to the deployed solution?
- Avoid assigning licenses to individual users by creating Microsoft Entra groups that automatically assign users the correct licenses based on their requirements and roles.
- Organize the Microsoft Entra groups that streamline and simplify role-based access control for the environments per the functions and requirements for the business units and application teams.
- Create a Microsoft Entra group for each environment to provide an additional control for controlling access to each Dataverse environment.
- Use Microsoft Entra conditional access policies to grant or prevent access to Power Apps and Power Automate based on user/group, device, and location. Microsoft Entra conditional access policies provide another mechanism to help protect a controlled Power Platform environment from unauthorized access.
- Microsoft Entra multifactor authentication provides a second barrier of authentication, which adds another layer of security.
Have you completed the post-deployment steps for Microsoft Sustainability Manager before go-live?
- Turn on the Enhanced Microsoft Teams Integration option and provide initial consent for Microsoft Teams chats inside Dynamics 365 with global administrator rights.
- Be sure to acquire and assign other dependent licenses to users based on the dependent licenses associated with the solution. For more information, go to Set up and configure Microsoft Cloud for Sustainability.
- Be sure to assign appropriate role-based access control to the security group for the dedicated environment for Microsoft Sustainability Manager in Power Platform, ideally as part of the environment creation process.
- When you add users, be sure to assign them at least the Basic user role. The role assignment is required for data ingestion.
- Be sure to define the company profile (organization) and business unit hierarchy for security segmentation and reference data before go-live. This reference data includes important information such as fuel types, vehicle types, facilities, spend types, and contractual instrument types. For more information, go to Microsoft Sustainability Manager configuration guide.
- For data import from OneDrive scenarios, ensure that users have the required Microsoft 365 license and a browser policy that allows all cookies. Without this setting, users won't be able to connect to their OneDrive to ingest files.
- If using, configure Azure Synapse Link between Dataverse and Azure Synapse Analytics based on the prerequisites.
- Be sure the Power Query locale setting aligns with the imported data. If it's not aligned, use one of the following methods to adjust and avoid any issues for data import:
- Change the locale of the CSV or text file.
- Define a default locale setting.
- Use a non-default locale setting on a Change type operation.
- Change the Power Query project option.
- Change the operation system regional settings on users' computers.
For more information, go to Set a locale or region for data (Power Query) and Data types in Power Query for details.