A deployment engineer will perform the following steps. This information is for reference to provide visibility over the changes that will be made to your environment.
We deploy components that utilise the customer's own Microsoft 365 Tenant to provide a tight security posture and defined data sovereignty. Once the technical readiness requirements are met, a deployment engineer will work with you to deploy the Altus solution into your environment.
The deployment consists of:
- Dynamics Solutions
- Power BI Reports
- Teams App
Technical readiness validation
Use the following steps to validate that technical readiness has been achieved:
Log into https://portal.office.com/account/#subscriptions using the credentials provided by the customer. You should be able to see evidence of the licenses applied. In this example we have PowerApps per app and E5 (which also grants Power BI Pro). This satisfies the licensing requirements in Tech Readiness requiring PowerApps, Power BI Pro and Teams.
Log into Teams Administrative Web Portal, click Apps -> Manage your apps, and ensure the "Upload an app to your org's app catalogue" is available:
Open https://make.powerapps.com and use the environment selector in the top-right to select the Power Platform environment created by the customer during technical readiness.
Click on the ⚙-> Advanced Settings
Navigate to Settings -> Security -> Users ->
Your User-> Manage Roles to ensure you have admin permissions.
Log into https://app.powerbi.com and verify you have the option to create a workspace.
Log into Teams Admin Portal and verify you have access to app setup policies, this will be needed to force pin the Altus app into the Teams Client for targeted end users.
Log into the Hub using the customer supplied deployment account. Authentication should succeed.
If all those steps are successful then you are ready to proceed with deployment.
Prepare for solution deployment
The following Solutions will be loaded into the Dynamics environment:
- Altus Controls v1
- Altus Project (Kaizen)
- Altus Project Independent (Atsumeru)
The following activities need to be performed to prepare for solution deployment:
Connect to the following Power Automate connectors that exist in the target Power Platform Environment by navigating to https://make.powerapps.com select the target environment in the top-right, then in the left-nav select Dataverse -> Connections. Add New connection and Search in top right for each of the connections below to Create:
Grant permissions to the Deployment Service Principal
- Open your environment from the Power Platform admin center from https://admin.powerplatform.microsoft.com/environments by selecting the environment desired, then click Settings from the toolbar.
- Click on the Users + permissions drop-down arrow, then click Application Users
- Click + New app User, then select + Add an App and the Altus Deployment app.
App ID: d4c83473-e8ba-4ea1-946f-d3b4ba32acb1
- Select the Business unit and Create the user.
- Select the Altus Deployment_ user from the list, click __Edit security roles and add the System Administrator role to this user.
- Save and Close.
Dynamics solution deployment
The deployment of the Dynamics Solutions is performed via the Altus Hub.
This step is performed by a deployment engineer using their account.
Log into Hub using your Sensei.Cloud account and navigate to the Partner Admin area.
Select the 'Add customer' button located at top left or bottom left of the screen.
Input the following information:
- URL: The Dynamics Org URL discovered in the previous steps.
- Tenant Primary Admin UPN: Enter the customer supplied deployment account
- Functions: Ensure only Altus is selected
- Press 'Save'.
The Tenant Primary Admin UPN / Deployment Account is supplied by the customer from their Azure AD and will be the account that is able to manage the Altus deployment settings in the Hub. This account can be changed later.
Now switch to a new browser session and log into the Hub as the Tenant Primary Admin UPN / Deployment Account specified above.
Log into the Hub using the Primary Admin Account (specified above - Deployment Account) and select the Altus area.
A Dynamics tenant should be listed awaiting deployment. Select the Provision button.
Review your settings and press Grant Permission
This step does not work in Firefox
At this step, depending on the organizational policies regarding granting consent to service principals, a Need admin approval prompt may be displayed. Organizations that do not allow their non-admin users to consent on behalf of the organization to dynamic permissions requests will require a global admin to click the link in the Need admin approval dialog that says 'Have an admin account? Sign in with that account.' and sign in to grant consent for the remaining delegated permissions required by the Hub detailed here.
The message below the Grant Permission button will update to state Successful trust if no issues.
If there are any authentication issues reported at this time please ensure that the deployment principal is set up correctly and that the user attempting to do the deployment has access to the target Dynamics environment.
Confirm the settings here reflect the correct agreed deployment state (Confirm customer expectation on package deployment frequency), then select Grant Permission.
Select Deploy Altus to initiate the deployment, then wait for the result.
Upon confirmation of a successful deployment, the screen will resolve to the below.
Select the List Solution Updates button under Operations.
Select Deploy update at the bottom of the right panel.
The deployment status may be checked via the List Deployments operation.
Select the Details operation on the running deployment.
When the deployment has completed successfully, you will see a status of Success.
In Dynamics 365 Wave 2 enabled environments the unprocessed solution component virtualEntityPrivilegeCreate is displayed. This is an expected message from the Dynamics platform.
Add Altus Admin Role
We need to add Altus Admin Role to both the Deployment and the AltusDeployment Accounts.
Navigate to PowerApps Portal, ensure you are in the correct environment (eg CRM). Click on Apps then Altus application.
When loaded, select Advanced Settings under the top-right settings (cog icon) menu.
Select Security under the System heading.
Select Users, and locate the Deployment Account.
Under the deployment account user screen, select Manage Roles in the top ribbon.
Locate the Altus Admin User role and enable it for the selected user.
Press OK to save.
Repeat the above steps for the AltusDeployment account
The above steps are used to allocate Altus _ User role to a selected user (See below).
Power BI reports
Demo data: Having demo data can produce more visually appealing reports to look at during review. If this is desired please follow the instructions outlined here: Altus demo data loader. This is an automated process, and if you plan on loading demo data, please do not customise the environment before demo data has been loaded.
The latest copies of the report templates are found here. From this page you can select which version of the reports you would like to deploy.
The following reports will be deployed:
- Altus Work
- Altus Project
- Altus Portfolio
- Altus Portfolio - Innovation
- Altus Portfolio - Intake
- Altus Strategy
- Altus Resource
Log into Power BI for the customer environment and create two workspaces
- One for the PROD reports where XXXXXXXXX.crmY.dynamics.com represents the org unique name (found in the URL of the environment)
Altus - XXXXXXXXX
- One for the TEST reports used to stage upgrades to the reports before applying them to PROD. This will initially be an exact copy of the reports deployed to the above workspace.
Altus (TEST) - XXXXXXXXX
Altus staff member will Download the report PBIT files.
The remaining steps of this section will be performed by a Partner.
For each file perform the following steps. (More detailed version of these steps is available in Report Customisation)
- Open the file in Power BI Desktop.
- Provide the Altus URL for your Altus Deployment in the parameter for “Altus URL” in the format: https://ALTUSENVIRONMENTNAME.crm#.dynamics.com (for the Altus Portfolio Report, leave the Idea Effort Multiplier parameter set to 100)
- Provide the Altus_TDSServer value, which should be just the server name from the Altus URL above, example: ALTUSENVIRONMENTNAME.crm#.dynamics.com
- Provide the Altus_TSDDatabase value, which should be just the environment name value from the Altus URL above, example: ALTUSENVIRONMENTNAME
- Sign in if prompted using credentials that have access to the data source (Dataverse)
- Specify "Organizational" for privacy settings if prompted.
- Click “OK” and wait for the data to load to the report.
- Once the data has loaded, feel free to browse the report and view the changes specified by the versions page in the new template.
- OPTIONAL: from the File menu > Options and Settings > Options > Current File > Data Load tab, click to “Enable parallel loading of tables”. This will allow refreshes to occur in less time as the data will be loaded to the tables in a parallel manner instead of waiting for each table load to finish before loading the next table’s data.
- Click “Publish” from the Home ribbon > Share section.
- Copy the Embed URL (website or portal) for each report in the Power BI Service and configure each required setting in the Settings > Configuration Settings Area of Altus, under the Power Bi Insights heading. In the initial setup these will be in the Inactive Altus Config Settings list. You will need to activate these first:
- Altus Work: PowerBIReport_MyWork_IQA
- Altus Project Leadership: PowerBIReport_Insights_IQA
- Altus Portfolio Leadership: PowerBIReport_PortfolioInsights_IQA
- Altus Portfolio Innovation: PowerBIReport_InnovationInsights_IQA
- Altus Portfolio Intake: PowerBIReport_IntakeInsights_IQA
- Altus Strategy Leadership: PowerBIReport_StrategyInsights_IQA
- Altus Resource: PowerBIReport_ResourceInsights_IQA
Setting up Scheduled Refresh for Altus - XXXXXXXXX Workspace:
- Navigate to selected Workspace. Then hover over the location shown below, then select Schedule Refresh
- Setup the credentials used for refresh, selecting Organizational as Privacy Level
- Configure the Scheduled Refresh.
- Repeat step 3 for all Power BI reports by selecting them in left hand coloumn.
- Navigate to selected Workspace. Then hover over the location shown below, then select Schedule Refresh
Share the Reports. Since the security model for Power BI is separate to Altus, the end-users must be allowed access to the reports. This can be done either by adding all the target users to the Workspace or share each individual report with the target user groups.
If it is desired to update the reports to the latest version after the initial deployment, please find these steps here.
Microsoft Teams App
The Altus App will be added to the Microsoft Teams environment.
- Downloaded the manifest from: https://teams.altus.pro/.
- In the Microsoft Teams client in the target environment, select Apps -> Manage your apps -> Upload an app to your org's app catalogue.
- Provide the manifest downloaded in the previous step.
- Log into the M365 Teams Admin Portal.
- Navigate to Teams Apps -> Setup Policies.
- Click Add to add a new policy
- Add the Altus App to the list of Pinned Apps, name the policy and save it.
- From the App setup policies page, highlight the newly added policy and select Manage Users to add users to the policy who should receive the App pinned into their Microsoft Teams client.
After the solutions components are deployed, the deployment engineer will then perform the following tasks.
Set date format
Setting the date format can be found here: Advanced Settings > Administration > System Settings
Ensure that the customer has not already customized this. It is an organizational level setting. Also there is a caveat that it does not impact already existing users who must change their own personalization settings in the app. These settings can be found in the classic Dynamics settings area:
Disable auto save functionality
By default, Dynamics 365 environments are provisioned with an auto save forms feature turned on. When the feature is turned on, whenever a user opens a form in Dynamics, the form will auto-save every 30 seconds while the user has that form open. In addition, if the user chooses to navigate away from the form that they had open, the form will auto save just prior to navigating away.
We recommend that this setting be Disabled so that the Save and Save and Close buttons function as named.
Be aware that the setting is global to the Dynamics 365 environment (so if you turn it off, it will be turned off across all forms in Power Platform environment).
The setting can be found in System Settings in the Dynamics Advanced Settings portal, and is present on the General tab.
More information on this feature can be found here: https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/customize/manage-auto-save
Verify that process workflows have been enabled
Sometimes during the solution import activities, workflows are successfully created in the environment but for some reason fail to activate. In most circumstances, selecting to manually activate an inactive workflow will resolve the issue.
To check on the status of deployed workflows:
- Open https://make.powerapps.com
- Select the correct environment
- Click Solutions
- Click Atsumeru
- Filter on all the Process types in the type column
- Check the Status column and verify that all of the Process Statuses are set to On
- If you locate any processes where the status is set to Off, select the ellipsis (...) for that item, then press Turn On
Configure bulk record deletion jobs for workflows and system jobs
Altus leverages the use of Workflows and Plugins in the environment. This generates logging activity in some Dataverse tables which over time will grow and have the potential slow down the environment. Creating these jobs will ensure that the log files are trimmed from time to time to avoid any quota or performance issues.
- Open https://make.powerapps.com.
- From the cog menu, select Advanced Settings.
Select Settings > Data Management.
Select Bulk Record Deletion.
In the Look for list, select System Jobs.
In the search criteria area, add criteria similar to the following:
- System Job Type – Equals – System Event or Workflow
- Status - Equals - Completed
- Status Reason – Equals – Succeeded or Canceled or Failed
- Completed On - Older than X Days - 30
- In the Name text box, type a name for the bulk deletion job eg [Altus - Bulk Delete Completed System Jobs > 30 days].
- Select a date and time for the job start time, preferably a time when users are not in customer engagement apps.
Select the Run this job after every check box, and then in the days list, select the frequency you want the job to run. (eg once a day or every few days).
Optional: If you want a notification e-mail sent, select the Send an email to me (email@example.com) when this job is finished check box.
- Choose Next, review the bulk deletion job, and then choose Submit to create the recurring job.
The process can take a while depending on how many items are in the table (especially on the first run). It deletes approximately 100 items every 2 seconds so if you have millions of records this can take a day or two. 10 million for example will take around 2 days to complete and the capacity statistics on the admin portal of Power Apps also takes around 24 hours to reflect that deletion.
Add individual users into the Altus Security Roles
This functionality will soon be moving to the PPAC - Power Platform Admin Center
Navigate to the default environment security centre:
- Navigate to https://home.dynamics.com.
- Select Altus for Project App.
- Select ⚙->Advanced Settings.
- Select Settings->Security.
- Select Security->Users.
- Select a user to add to Altus.
If you do not see the target user in the user list, they may not yet have been added to the Dataverse environment. Please see the Microsoft Documentation on ensuring users are added to the Dataverse. Additionally there are Power Automate Flow actions that can be used to expedite the addition of users to an environment.
- Click Manage Roles in the toolbar.
- Add the Altus role(s) relevant to the user. *Note: All Altus users must have the "Basic User" role assigned.
- Repeat for all relevant users.
Ensure that all users have been granted the Basic User security role (formerly known as Common Data Service User) in addition to which Altus security roles that they require. This is required for end-users accessing non-default Power Platform environments.
(Optional) Configure AAD Sync of users
It is possible to set up AAD sync of users from a group into a Dynamics team. That team can then be granted roles that give access to Altus (which would therefore allow membership of those roles to be determined by an Microsoft 365 group).
The steps to set this up are as follows:
- Create an M365 Group or identify an existing M365 Group that you wish to use for synchronization. Identify the Object Id of this Group (this is easily visible from Azure Active Directory).
- From the Dynamics Advanced settings portal, select Settings > Security.
- Select Teams.
- Select All AAD Office Group Teams.
- Select + New.
- Enter the Team Name (as you would like it to appear in Dynamics), select an Administrator, select AAD Office Group as the Team Type and enter the Azure AD Object ID that you identified in Step 1, then press Save and Close
- Select your newly created team.
- Select Manage Roles.
- Select the role(s) that you would like to automatically grant to members of the identified M365 Group, then press Ok.
- Note that members of the M365 Group will not appear in the list of team members in the Dynamics team until the user next logs in to Dynamics/PowerApps. At which time their role access will be automatically granted.
- If an existing User is later removed from the M365 Group their Role access will be removed.
(Optional) Enable Flows and update connections
For various reasons it might be necessary to validate Flow connections and update their connections.
- Open https://make.powerapps.com
- Click Solutions.
- Select Atsumeru.
- Change the filter to Cloud Flow.
- Validate the status of each Flow listed. The Status must be On in order to enable the associated feature. If a Flow is not On:
- Click on the Flow
- A new window will appear with the Flow details page.
- Click Edit in the toolbar.
- Update the connections, or create new connections if necessary when prompted.
- Click Continue.
- Click Save.
- Validate the Flow Status is On.
(Optional) Configure Flow Teams settings for proposals
In order for the proposals workflow to post status messages to teams, a team and channel must be nominated.
If the customer doesn't already have a team/channel for this, create one and then locate the two settings in the Altus App -> Settings -> Configuration Settings -> Inactive Settings view:
- Proposal team (default suggested name: Project Workflow Approvals)
- Proposal channel (default suggested name: General)
Update and activate these settings with the name of the team, and the name of the channel the Flow will use to post approvals.
Be aware the settings name is suffixed with _IQA, this is intentional, please leave this in place.
(Optional) Configure Microsoft Teams approvals tab
Within Microsoft teams, in the team and channel identified above, select to add a new tab.
From the Add a tab dialog, select Website.
Open a browser (or a new browser tab if you are navigating to Teams over the web) and navigate to https://flow.microsoft.com.
Ensure that you are connected to the environment that will contain the Altus deployment artefacts. If required, switch to the correct environment.
When connected to the correct environment, from the left menu select Action items > Approvals.
Once the Approvals page loads, select the Url in the address bar and copy it to your clipboard.
Return to the teams interface, and enter Approvals as the tab name and paste the URL that you just copied to your clipboard. Uncheck 'Post to the channel about this tab', then press Save.
The Flow Approvals page will now display as a Tab within your Teams Channel.
The Approvals tab will not render correctly when viewing teams in a browser, it will only work within the Teams Desktop Client.
(Optional) Configure timesheet Notifications
Three Power Automate Flows are provided along with the Altus solution in a disabled state; the following table details their purpose.
|Unsubmitted Timesheet Reminder||Timesheet user||When configured to run (e.g. Monday 9am)||Sends an email to all users required to complete a timesheet in the last period who have not done so.|
|Timesheet Submit For Approval Notification||Timesheet manager||On submission||Notifies the timesheet manager that a timesheet is awaiting approval.|
|Timesheet Rejection Notification||Timesheet user||On rejection||Notifies the timesheet user that a timesheet manager has rejected a submitted timesheet.|
To enable these Flows, please follow the following steps:
Navigate to Solutions, and find the Atsumeru Solution.
Filter the solution contents to show Cloud Flows.
Open the flow and authenticate/update the connections for the flow and Save and Close.
Click the ellipsis (...) next to the Flow of interest, and select Turn On.
The notification email body may be modified as necessary.
Additional configuration steps for 'Unsubmitted Timesheet Reminder' Flow
Edit the Flow named Unsubmitted Timesheet Reminder.
Select the first step at the top of the process named Recurrence.
Select Edit on the step contents and select Show advanced options.
Configure the Flow to run on the first day of the timesheet period cycle at a suitable time, eg 9:00am.
Set the recurrence interval to match the length of a timesheet period, eg 1 week.
Configure the Period Length variable to match the number of days in a period (including weekends).
Configure the Optional Delay In Days variable only if the reminder is desired to be sent on a day other than the first day of a period.
(Optional) Enable Dataverse search
Dataverse search enables the search bar at the top of each model-driven app within an environment to search enabled tables (entities) that are included within that particular model-driven app. The search results are then filtered according to the records that the current user has permission to see (according to their security role/s)
System Administrator can enable it by following the enable Dataverse Search document provided by Microsoft.
Dataverse search requires an index which will consume dataverse storage.
We have enabled search on suggested tables (entities), if there is a customization layer made on top of a given table (entity) you may have to enable Dataverse search for the customized tables (entities) for that customized solution by following this document provided by Microsoft: Select tables for Dataverse search.
Dataverse capacity management
Since Altus requires a Dataverse Power Platform environment - this will consume at least 1 GB of Dataverse quota. This section details how to monitor and resolve Dataverse quota problems.
In April 2019 Microsoft introduced a new capacity-based model for tracking power platform storage and database usage. In this new storage model, environment creation rights are governed by the amount of available database capacity instead of being based on user license entitlement.
Within this new capacity model, the following points are important to understand:
- A new environment may not be created without a minimum of 1 GB database capacity available.
- Some administrative actions for environments are disabled while the organization is in capacity deficit.
- Capacity deficit will need to be resolved at time of license renewal.
Check capacity usage
Organization capacity usage can be observed in the Power Platform Admin Center > Resources > Capacity.
You should be presented with a breakdown of capacity usage similar to the following image:
If your capacity portal does not appear this way, your organization may be operating under the legacy storage model. Run through the process found at the following link to confirm: Legacy storage capacity - Power Platform | Microsoft Docs
Please notify your implementation contact if this is the case, as there may be deployment implications.
Addressing a capacity deficit
Many products are recommended to be deployed to a new environment. If the available capacity is less than the 1 GB required for new environment creation, one or multiple of the following options will need to be investigated.
1. Delete unused / unnecessary environments
If any existing environments can be deemed unnecessary or unused, you may wish to delete them. This will immediately return at least 1 GB of database capacity per deletion excluding size of environment content.
2. Free up storage space
Please visit the following page for a list of common procedures that may be followed to reclaim storage from existing environments and solutions: Free up storage space - Power Platform | Microsoft Docs
3. User licensing
Capacity may be sourced via the purchase of user licenses. See the Power Apps and Power Automate Licensing Guide for purchasing information.
Per app plans currently do not provide any additional capacity as detailed in the licensing guide. This is expected to change, however no ETA is known at this stage. Per user licensing provides 400 MB database capacity per license as expected.
4. Purchase a capacity add-on
Capacity add-ons may be sourced via purchase of add-on capacity in 1 GB increments. See the Power Apps and Power Automate Licensing Guide for purchasing information.
More information on these add-ons can be found here: Capacity add-ons - Power Platform | Microsoft Docs
(Optional) Enable audit logging
The Microsoft Power Platform Dataverse provides an optional audit logging facility when necessary.
Enabling Audit logging is a 2 step process:
Enable Global Audit settings in Settings (gear icon) > Advanced settings > Settings > Auditing > Global Audit Settings.
Enable auditing on the entities where you wish to track activity.
Audit logging consumes additional dataverse quota.
(Optional) Demonstration data
Altus Demo Data Loader
The Altus Demo Data Loader can be used by to upload demo data into an Altus system.
Both consultants and clients can use this feature. To access the demo data loader feature you must have access to the client’s Altus environment in the Sensei Hub
- Log into the Partner Admin section of the Sensei Hub.
- Click the Altus button for the client’s environment.
- Click the Edit button under the Operations menu, for the URL you'd like to load the demo data into.
- Log into the Altus section of the Sensei Hub.
- Click the Edit button under the Operations menu, for the URL you'd like to load the demo data into.
You will now see the new Demo Data item under the Operations menu.
When you click the Demo Data button you are given the option to select a date from the date picker and click Load or click Unload.
- Date picker: this field determines the dates that this data will be loaded with. The demo data already loads data that is 3 months old, so you do not need to back-date this field unless you would like the data to be older than 3 months old. This field will automatically default to today’s date, but you can select a date in the past or future.
- Load: once you have selected a date, or left the default date, click Load to begin the demo data load process.
- Unload: if you would like to remove demo data that was previously loaded into the environment click Unload to begin the demo data unload process. Note: this will only remove demo data based on the current demo data for your release ring, if the demo data is upgraded where some items have been removed it will miss these during demo data unload and they will require manual removal.
When you have clicked Load or Unload the Altus Demo Data Deployment Status screen will show. This screen shows you the progress of the data Load or Unload process.
As the process runs the progress field will display the current progress.
This screen doesn’t refresh automatically, so you will need to manually refresh the screen to see the latest progress value.
The Load and Unload processes each take approximately 15 minutes to run.
- Running: the process has begun and is underway.
- Demo Data Loading/Unloading: the data is being loaded.
- Success: the process has finished without any major errors.
- demoDataLoadException: errors have occurred with the Load/Unload process.
- demoDataLoadActivityException: errors have occurred with the Load/Unload process.
Once the process is complete you will see a Demo Data file log in the Deployed section of the screen.
- If there is a green tick next to the Demo Data file the Load/Unload has completed successfully.
- If there as a red lightning bolt next to the Demo Data file the Load/Unload has completed but with errors.
To see the full details of this Load/Unload process, please review this log file.
If the Load/Unload was not successful, no log file will be made available on the screen. If this happens you will need to contact the Altus Product Development team to review the issue.
A history of the Load/Unload process is recorded for the environment.
If you open this screen and the Load and Unload buttons are greyed out, this is because the system is currently Running a process. Refresh the screen to see the updates on this process.