Skip to content

Deployment Checklist

Step-by-step deployment validation checklist for the Compliance Dashboard solution.

Pre-Deployment Checklist

Verify all prerequisites are met before starting deployment.

Licensing

  • Power BI Pro or Premium license verified for target users
  • Dataverse capacity available in target environment (minimum 1 GB recommended)
  • Power Automate Premium license for automated data collection flows
  • Microsoft 365 E5 or E5 Compliance license for Purview Compliance Manager access

Permissions

  • User has Purview Compliance Admin role (required for Purview Compliance Manager API access)
  • User has Power Platform Admin role (required for environment access and DLP policy data)
  • User has Power BI Admin role (required for workspace creation and sharing)
  • User has System Administrator role in target Dataverse environment (required for table creation)

Dependencies

  • Environment Lifecycle Management solution v1.1.0+ deployed (provides zone classification data)
  • Network access to Dataverse environment confirmed (no firewall blocking)
  • Microsoft Entra ID tenant ID and Dataverse environment URL documented

Schema and Flow Deployment

This solution does not ship a packaged .zip file. Create all Dataverse tables, columns, option sets, and flows manually using the guides below.

Create Dataverse Schema

  • Follow Dataverse Schema to create all 5 tables (fsi_controlmaster, fsi_controlassessment, fsi_compliancescore, fsi_complianceexception, fsi_complianceevidence) with columns and option sets
  • Verify all relationships between tables are created
  • Create the 3 security roles (CD Viewer, CD Assessor, CD Admin) as documented in Dataverse Schema

Build Power Automate Flows

  • Follow Flow Configuration to manually build CD-ScoreCalculator and CD-ExceptionMonitor flows in Power Automate designer
  • Configure connection references (Dataverse, Office 365 Outlook, Microsoft Teams) during flow creation
  • Set the CD_NotificationEmail environment variable to the compliance administrator email address

Post-Import Validation

Verify Dataverse Tables

Navigate to Power Apps > Tables and confirm the following tables exist:

  • fsi_controlmaster - Control master table
  • Verify columns: fsi_controlid, fsi_name, fsi_pillar, fsi_weight
  • Check security roles assigned (CD Viewer, CD Assessor, CD Admin)
  • fsi_controlassessment - Assessment records table
  • Verify columns: fsi_controlmasterid, fsi_status, fsi_zone, fsi_score
  • Check relationship to fsi_controlmaster exists
  • fsi_compliancescore - Daily compliance score snapshots
  • Verify columns: fsi_scoredate, fsi_overallscore, fsi_pillar1score
  • Check index on fsi_scoredate column exists
  • fsi_complianceexception - Exception tracking table
  • Verify columns: fsi_severity, fsi_exceptionstatus, fsi_slastatus, fsi_daysopen
  • Check business rule for SLA calculation exists
  • fsi_complianceevidence - Evidence collection table
  • Verify columns: fsi_evidencetype, fsi_sourceurl, fsi_hash
  • Check relationship to fsi_controlassessment exists

Verify Power Automate Flows

Navigate to Power Automate > Solutions > Compliance Dashboard and confirm flows exist:

  • CD-ScoreCalculator flow exists
  • Flow type: Scheduled cloud flow
  • Trigger: Recurrence (Daily at 6:00 AM)
  • Owner: Solution importer
  • CD-ExceptionMonitor flow exists
  • Flow type: Scheduled cloud flow
  • Trigger: Recurrence (Hourly)
  • Owner: Solution importer

Verify Security Roles

Navigate to Power Apps > Security roles and confirm roles exist:

  • CD Viewer - Read-only access
  • CD Assessor - Assessment entry and exception management
  • CD Admin - Full administrative access

Sample Data Loading (Optional)

Load sample data for demonstration and testing purposes.

Prerequisites

  • Python 3.8+ installed
  • Required packages: requests, msal (install with pip install -r requirements.txt)

Set Environment Variables

export AZURE_TENANT_ID="your-tenant-id"
export AZURE_CLIENT_ID="your-client-id"
export AZURE_CLIENT_SECRET="your-client-secret"

Or on Windows: 

$env:AZURE_TENANT_ID = "your-tenant-id"
$env:AZURE_CLIENT_ID = "your-client-id"
$env:AZURE_CLIENT_SECRET = "your-client-secret"

Run Sample Data Loader

  • Confirm the control master source matches your control inventory (the shipped sample contains 62; the validated baseline contains 78) before loading data
  • Navigate to scripts/ directory
  • Run: python load_sample_data.py --environment "https://your-org.crm.dynamics.com"
  • Verify output: "Loaded X control master records"
  • Note: Assessment, score, and exception upload is not yet implemented. Use --export to generate JSON files, then import via Power Apps or Dataverse API.

Verify Sample Data

  • Navigate to Power Apps > Tables > fsi_controlmaster
  • Verify the expected number of control records exist (62 if loading the shipped sample; 78 if loading the validated baseline)
  • Check sample controls: "1.1 - Identity and Access Management", "2.12 - Supervision and Oversight"
  • Navigate to fsi_compliancescore table
  • Verify 90 daily score snapshots exist (today going back 90 days)
  • Check score values are realistic (not all 100 or all 0)
  • Navigate to fsi_complianceexception table
  • Verify sample exceptions exist with varied severities and statuses

Flow Activation

Activate CD-ScoreCalculator Flow

  • Navigate to Power Automate > Solutions > Compliance Dashboard
  • Click on CD-ScoreCalculator flow
  • Verify all connections show green checkmarks (no warnings)
  • If connection warnings exist:
  • Click Edit and fix connection references
  • Save flow
  • Click Turn on to activate flow
  • Click Test > Manually to run immediately
  • Verify flow runs successfully (check run history)
  • Navigate to fsi_compliancescore table
  • Verify new score record created with today's date
  • Check fsi_overallscore value is calculated (not null)

Activate CD-ExceptionMonitor Flow

  • Navigate to CD-ExceptionMonitor flow
  • Verify all connections valid (green checkmarks)
  • Click Turn on
  • Click Test > Manually to run immediately
  • Verify flow runs successfully
  • Navigate to fsi_complianceexception table
  • Verify fsi_slastatus field updated for open exceptions
  • Check exceptions near SLA deadline show "At Risk" status

Power BI Deployment

Open Power BI Template

  • Build ComplianceDashboard.pbit per Power BI Template Specification (no .pbit ships with this repo per the Solution Content Policy)
  • Open in Power BI Desktop (version: latest recommended)
  • Template prompts for parameters

Configure Parameters

  • DataverseEnvironmentUrl:
  • Enter: https://your-org.crm.dynamics.com
  • No trailing slash
  • Use actual environment URL from Power Platform admin center
  • Note: This is a Power BI template parameter, distinct from the deprecated fsi_CD_DataverseEnvironment solution environment variable (which is unused by flows). Do not confuse the two.
  • TenantId:
  • Enter Microsoft Entra ID tenant ID (format: 12345678-1234-1234-1234-123456789abc)
  • Find in Azure Portal > Microsoft Entra ID > Overview
  • Click Load

Authenticate

  • Sign in with organizational account when prompted
  • Select Organizational account authentication type
  • Click Connect
  • Wait for authentication to complete

Verify Data Refresh

  • Power BI Desktop loads data from Dataverse
  • Check status bar: "Loading data..."
  • Wait for refresh to complete (typically 30-60 seconds)
  • Verify no error messages
  • Check table row counts in Model view:
  • ControlMaster: 62 rows (shipped sample) or 78 rows (validated baseline)
  • ComplianceScore: 90 rows (if sample data loaded)
  • ComplianceException: varies based on sample data

Verify Report Pages Render

  • Page 1 - Executive Summary:
  • Overall Score card displays percentage
  • Score Trend line chart shows 30-day history
  • Pillar Scores column chart shows 4 pillars
  • Zone Scores donut chart shows 3 zones
  • Exception Count card displays number
  • SLA Status stacked bar chart displays
  • Page 2 - Pillar Overview:
  • Pillar Cards show individual pillar scores
  • Control Status Matrix displays controls by pillar × status
  • Pillar Trend line chart shows historical trends
  • Non-Compliant Controls table displays affected controls
  • Page 3 - Control Details:
  • Control List table shows the expected number of controls (62 sample / 78 baseline)
  • Assessment History line chart displays (click control to populate)
  • Evidence List table shows linked evidence
  • Regulatory Tags slicer displays filter options
  • Page 4 - Exception Tracker:
  • Open Exceptions card displays count
  • SLA Distribution pie chart shows status breakdown
  • Exception Table displays full exception list
  • Age Distribution histogram shows days open
  • Owner Workload bar chart shows exceptions per owner
  • Page 5 - Trend Analysis:
  • Score Trend line chart shows 90-day history
  • Pillar Trends multi-line chart shows all 4 pillars
  • MoM Change KPI displays month-over-month delta
  • Control Status Changes waterfall chart displays
  • 30-day forecast trendline visible (if enabled in analytics)

Verify DAX Measures Calculate

  • Click Data view in Power BI Desktop
  • Select ComplianceScore table
  • Verify measures appear in field list (right panel)
  • Check key measures:
  • Overall Score: Displays percentage (e.g., "87.5%")
  • Score Trend: Displays delta (e.g., "+3.2%")
  • Compliant Count: Displays integer
  • Exception Count: Displays integer
  • SLA Compliance %: Displays percentage

Publish to Power BI Service

  • Click Publish button in Home ribbon
  • Select destination workspace (or create new)
  • Wait for publish to complete (progress bar reaches 100%)
  • Click Open 'ComplianceDashboard.pbix' in Power BI link
  • Browser opens to Power BI Service
  • Report renders successfully in browser

Configure Scheduled Refresh

  • In Power BI Service, navigate to workspace
  • Click ... next to dataset name
  • Select Settings
  • Expand Scheduled refresh section
  • Click Keep your data up to date toggle to On
  • Set refresh frequency: Daily
  • Set time: 7:00 AM (after score calculation flow at 6:00 AM)
  • Check Send refresh failure notifications to: and enter email
  • Click Apply
  • Verify "Scheduled refresh configured successfully" message

Assign Workspace Access

  • Navigate to workspace settings
  • Click Access tab
  • Add users or groups:
  • Compliance team: Viewer role (read-only dashboard access)
  • Risk managers: Contributor role (can edit reports)
  • Administrators: Admin role (full workspace control)
  • Click Add
  • Verify users receive email notification

Final Validation

Executive Summary Page

  • Overall Score displays realistic value (0-100)
  • Score Trend shows positive/negative/stable indicator
  • Pillar breakdown shows 4 pillars with individual scores
  • Zone distribution shows 3 zones
  • Exception count matches fsi_complianceexception table count
  • SLA Status shows On Track/At Risk/Breached breakdown

Pillar Overview Page

  • All 4 pillars display with scores
  • Control count by status matches expected distribution
  • Pillar trend lines show historical data (if 90 days available)
  • Non-compliant controls table populated (if any exist)

Control Details Page

  • All expected controls display in table (62 sample / 78 baseline)
  • Filtering by pillar/zone/status works correctly
  • Click control in table populates assessment history chart
  • Evidence list shows linked evidence items
  • Regulatory tags slicer filters controls correctly

Exception Tracker Page

  • Open exception count accurate
  • SLA distribution shows realistic percentages
  • Exception table sortable by days open, severity, owner
  • Age distribution histogram shows realistic distribution
  • Owner workload chart shows balanced distribution

Trend Analysis Page

  • 90-day score trend displays continuous line
  • Pillar trends show all 4 pillars with different colors
  • Month-over-month change KPI displays delta
  • 30-day forecast trendline extends beyond current date (if analytics enabled)
  • Control status changes waterfall shows transitions

Interactive Filtering

  • Date range slicers work correctly
  • Zone selector filters all pages
  • Pillar selector filters all pages
  • Drill-through from control details works
  • Clear filters button resets to default view

Rollback Procedure

If deployment issues are encountered and rollback is required:

Delete Power BI Report

  • Navigate to Power BI Service workspace
  • Click ... next to report name
  • Select Delete
  • Confirm deletion
  • Delete dataset as well

Turn Off Power Automate Flows

  • Navigate to Power Automate > Solutions > Compliance Dashboard
  • For each flow (CD-ScoreCalculator, CD-ExceptionMonitor):
  • Click flow name
  • Click Turn off
  • Verify flow status shows "Off"

Delete Solution from Power Apps

  • Navigate to Power Apps > Solutions
  • Locate Compliance Dashboard solution
  • Click ... > Delete
  • Confirm deletion
  • Wait for deletion to complete (2-5 minutes)

Delete Dataverse Tables (Optional)

Warning: This will delete all compliance data. Only perform if data is not needed.

  • Navigate to Power Apps > Tables
  • For each table (fsi_controlmaster, fsi_controlassessment, fsi_compliancescore, fsi_complianceexception, fsi_complianceevidence):
  • Click table name
  • Click Delete table
  • Confirm deletion
  • Verify tables no longer appear in table list

Clean Up Sample Data

If sample data was loaded but production data is needed:

  • Manually delete sample records via Power Apps or Dataverse API
  • Verify all sample records deleted
  • Ready for production data loading

Troubleshooting Common Issues

Issue Cause Resolution
Solution import fails Missing connection reference Create required connections before import
Flow won't turn on Invalid connection Edit flow, update connection references
Power BI can't connect Network restriction Verify firewall allows Dataverse access
No data in dashboard Tables empty Load sample data or create assessments
Refresh fails in Service Authentication expired Re-authenticate dataset credentials
Measures show errors Missing relationship Verify DateTable relationship to ComplianceScore

Next Steps

After successful deployment:

  1. Load Production Data:
  2. Create assessment records for each applicable control
  3. Link evidence items to assessments

  4. Document exceptions with remediation plans

  5. Configure Users:

  6. Assign Dataverse security roles (CD Viewer, CD Assessor, CD Admin)
  7. Add users to Power BI workspace

  8. Configure Row-Level Security if needed (see Power BI Setup)

  9. Schedule Regular Reviews:

  10. Weekly: Review open exceptions and SLA status
  11. Monthly: Analyze trend data and identify patterns

  12. Quarterly: Validate control assessments and update evidence

  13. Integrate with Workflows:

  14. Link to FINRA Supervision Workflow for supervision metrics
  15. Connect to incident reporting processes
  16. Embed dashboard in compliance review meetings

Compliance Dashboard v1.0.3 - Deployment Checklist