Overview of deploying Fundraising and Engagement
This article provides an overview of how to deploy Fundraising and Engagement. This solution has two main components:
- A Microsoft Power Platform app that you install and configure
- Services that are hosted on Microsoft Azure. These services provide features like recurring donation processing, bank Automated Clearing House (ACH) batching, and automated rollup calculations.
Deployment includes installing both components through Microsoft Cloud Solution Center and configuring the app.
This article also provides steps for updating an existing installation to a newer version and troubleshooting information to help you resolve common issues you might come across.
During the deployment process, you need to configure the Microsoft Power Platform app and the services hosted on Microsoft Azure to work together. There are two ways to perform this configuration:
- Deploy with the Microsoft Cloud for Nonprofit installer: This method leaves only a couple of areas that you need to manually configure.
- Deploy manually: You need to configure everything manually. You still start with some common steps outlined in Deploy with the Microsoft Cloud for Nonprofit installer.
Important
We recommend that you deploy with the installer. The installer automatically sets up all the information needed in Azure.
Post-deployment considerations
Post-deployment, we recommend that you take steps to evaluate and harden the solution, including:
- Secure deployment of SQL.
- Protect built-in users, including the default FundraisingSAUser.
- Configure of SQL firewall rules.
- Protecting your key vault secrets, including secrets key rotation program.
- Validate that your encryption requirements are met. Encryption is your responsibility to validate, including confirmation that the current version is enabled.
- Deploy automated logging and monitoring. We recommended that you configure Azure Security Center to monitor your SQL server, storage accounts, and your web services.
- Regularly check the Solution Center and What's new in Microsoft Cloud for Nonprofit to see if an upgrade is available.
Important
Users with access to Fundraising and Engagement may work with sensitive data. We recommend that administrators and users enable multi-factor authentication to increase the security of their environment.
To provide payment processing capabilities, the Fundraising and Engagement solution integrates with Stripe, Moneris, and iATS payment gateways. Organizations should evaluate which gateway is right for them and consult the relevant instructions.
Note
Microsoft doesn't provide guidance on compliance review of the solution nor the validation of solution for PCI DSS.
Prerequisites
- Dynamics 365 Sales Enterprise
- Microsoft Entra ID
Learn more about Azure and extending Dynamics 365
Users provisioning Fundraising and Engagement Azure environments should have a solid understanding of both the Azure components that are created and configured and the Dynamics 365 environment that uses this functionality.
We recommend the following courses and certification paths.
| Learn more about | Educate | Accreditation | Discussion |
|---|---|---|---|
| Azure Fundamentals | Learning Path | Exam | Community |
| Dynamics 365 Fundamentals | Learning Path | Exam | Community |
See also
Overview of Azure Components used by Fundraising & Engagement
The following Azure components are created during the Microsoft Cloud Solution Center deployment. Review them to understand what they do and how they support Fundraising and Engagement.
| Component | Type | Purpose |
|---|---|---|
| Background services | App service | The function processes to manage rollup queries and calculations. This component primarily writes values back to Dynamics 365 Sales. |
| Recurring donation engine | App service | A process that manages the recurring gift process and generates the results in the form of transactions that are written back to Dynamics 365 Sales. |
| App service plan | App service plan | The service plan created during the creation of the Azure environment. This plan can be edited after creation. |
| API insights | Application insights | The corresponding application insights instance that corresponds to the created APIs. IMPORTANT: Support for this version of Application Insights is being removed. To review which Azure regions are impacted, go to Create an Application Insights resource. If you attempt to deploy to a region that isn't supported, you might receive a deployment error in Microsoft Cloud Solution Center, Azure portal, or both. |
| Vault | Key Vault | The secure storage that brokers sensitive information such as authentication information to Dynamics 365. |
| Payment vault | Key Vault | The secure storage that brokers sensitive information for payment processing. |
| Azure SQL Database | SQL Database | The Azure SQL Database that stores data passed to it from Dynamics 365. |
| Azure SQL Server | SQL Server | The Azure SQL Server that's created by default for the Azure SQL Database. |
| Logging storage | Storage account | The storage account that holds the logging information from the recurring donation engine. |
| Azure2Dataverse | Managed identity | The managed identity used for accessing Dataverse and Dynamics 365 from Azure resources. |
Note
You need to sign in via Azure portal as a user with Owner permissions for the subscription in which the resources are deployed.
Important
Throughout the installation process, the installer or manual deployment scripts apply and remove permissions and make other changes to the deployed resources. After completing the steps, be sure to review and re-apply any customizations on those resources if required by your organization's policies or customizations.