Episode Details

Ever shared Dataverse data through email attachments or spreadsheets—only to wake up at 2am wondering who might have access? There’s a better, safer way that won’t make your CISO sweat, and yes, it’s built into Power Platform already. Want to know how to give partners and customers just the access they need, nothing more?Today we’re building a customer portal with Power Pages—step by step—showing you how to keep your data secure, permissioned, and controlled, all while looking like a true extension of your own brand. Let’s fix the ‘just share it’ problem, for good.Why Internal Apps Aren’t Enough: The Portal DilemmaIf you’ve ever rolled out a Power App that became the star of your internal team, you know the next question isn’t far behind. Just when you think you’ve nailed the workflow—approval processes humming, dashboards up-to-date—someone from sales, maybe even the CFO, leans in and says, “Can our customers use this too?” That single question often grinds a smooth project to a halt, transforming a tidy internal solution into a can of worms you can’t just seal shut again.Here’s the reality for most organizations leaning on Dataverse: your team has years of customer data, structured processes, and even some automation humming quietly in the background. But the minute you need to actually show any of that to someone outside your physical office or VPN, things get messy. You know, that sinking feeling when marketing wants to create an onboarding portal for new partners, or support suggests a ticketing portal for vendor issues. Of course, copying data and emailing spreadsheets takes five minutes. Fifteen minutes later, though, you’re trying to track who sent what, to whom, and where it ended up. The moment data leaves Dataverse or your app, your grip on privacy and compliance loosens.And it isn’t just theoretical risk. We’ve all heard the stories—one too many, honestly—like the finance manager who exported a batch of invoice records for a vendor and, thanks to a wonky Excel filter, ended up attaching every customer’s info instead. Suddenly your CFO’s inbox has half the company’s sensitive data sitting one accidental forward away from a competitor. If you ask a Chief Information Security Officer about the most anxiety-inducing phrase in a project, it’s probably “I just sent them the file—it seemed easier.”Now, that ease of internal sharing is deceptive. Internal Power Apps are quick wins because everyone’s part of your tenant, inheriting permissions, authentication, and policy controls without any heavy lifting. Internal users sign in, and their access is governed by tried-and-true security groups or roles you already manage. Compliance audits are routine. Data stays inside the blast walls of your identity provider. But the second you want to reach outside—open a door for a customer, a partner, or even a vendor with a custom login—every layer of security, compliance, visibility, and even branding gets complicated. See, Power Pages was Microsoft’s answer to requests for secure, external-facing portals built on top of Dataverse. But let’s be honest—most people who see the “add external users” option in Power Pages don’t realize what’s under the hood. Clicking through that wizard gives you a working website, but making it actually safe for production, keeping sensitive records hidden from prying eyes, and ensuring users only see what they’re supposed to? That’s not just an optional step—it’s a project in itself. And yet, plenty still find themselves on the wrong side of this boundary. There’s a recurring pattern: someone spins up Power Pages in a hurry, goes through the default steps, tests a few records, and it all looks fine. But then, a vendor logs in, and they’re staring at other customers’ orders or internal notes that shouldn’t be exposed. The fallout isn’t just a privacy incident; it’s lost trust, support tickets piling up, and sometimes even compliance breaches that have regulatory implications, especially for finance, healt