Thursday, February 28, 2013

Reporting From MVP Summit and Answers to your Questions

I try to get out three blog posts per month and, given it is a short month I am therefore writing a blog post while I sit in an MVP session. I generally shy away from doing this as, frankly it is ‘safer’.

Other than telling you I am sitting in a room amongst the greats of CRM listening to the Product Managers of CRM impart their vision and thoughts, my hands are very much tied as to what I can say. Microsoft take the MVP NDA very seriously and I respect that. What I can say is the dialogue between the Product Managers and the MVPS is healthy, robust and respectful and I am proud to be part of it.


My Rules For Answering The Questions

In my last post, I encouraged readers to ask me questions to ask at Summit. While I can say the information provided about CRM now and in the future was comprehensive the rule I must follow is “I can only talk about it if I can find it online” or if I get formal approval. From a practical perspective this means I can mostly talk about Polaris and, to a lesser extent, upcoming releases such as Orion and Leo ( The good news is I passed on this blog to the Microsoft product team and have received the formal green light. For additional information, if history is any guide, most of what we learn at Summit comes out at Convergence anyhow Winking smile

The Questions

Ankit Shah asked about:

  • When shall Dynamics CRM support HTML 5?
  • What happens, post-Orion with custom ribbon buttons
  • Is the new Flow UI going to be the end of jscript? What is the alternative for us?
  • Will the internet lead capture be made available internationally?
  • How do we change the goal roll-up system job scheduling time?

Simon Hertzel asked about:

  • The upgrade path from here and beyond and whether fixes will be delivered separately to feature improvements
  • Code parity between online and on-premise
  • The provision of development and test environments for CRM online

Roman Finkel asked about:

  • Can we convert field types rather than delete and re-create fields?
  • Can we have dependent option sets?
  • Can we have online forms?

Jeff Loucks asked:

  • Do you prefer Magiannos or McCormicks?
  • What are the four steak restaurants in Bellevue?

The Answers

Html 5 Support

The Polaris cross-browser client is HTML 5 compatible so you can start developing today. Please note that if your client uses an older browser (or iPad safari) they may not be fully HTML 5 compliant.

Custom Ribbon Buttons

I cannot talk about post-Orion but I can tell you Polaris supports classic form custom buttons by putting them in their own bar at the top of the form.

J-script support in Flow Forms

Polaris ‘Flow UI’ forms have no support for jscript. However, as stated here ( ) it is intended for Orion to bring back form scripting.

Internet Lead Capture Form

I have no information to share on the availability of the internet capture form, or any web form in the product.

Goal Roll-up Scheduling Time

Similarly I have nothing to share on this one, sorry.

Upgrade Path and the Delivery of Fixes vs Updates

Again, Extreme 2013 comes through with the goods ( ). Bob confirmed that fixes would be delivered as rollups and these would NOT contain feature updates, which will, therefore, need to be delivered separately.

Code Parity

Reading between the lines of this (, this ( and this ( suggests Microsoft is adopting an ‘online first’ policy with on-premise catching up annually.

Provision of Test and Development Environments

According to this ( Office 365 allows for multiple instances but charges a monthly fee, as feared by Simon. If the amount is $500+ as suggested my Simon in his original post to me, this would be difficult to maintain when a system is on-going for a small business. In fact, it may be cheaper to fire up a new Office 365 account, add in a couple of users for testing and pay for it this way i.e. $50 per user per month or thereabouts. There may even be an option of firing up an ‘on-premise’ version on a cloud IaaS with an MSDN license, if it is for development.

Field Type Conversion

Nothing to share on this.

Dependant Option Sets

The simplest way of achieving this today is with filtered lookups as per my article here. For now it makes sense to stick with that.

Online Forms

Nothing to share on this.

Magianno’s or McCormicks?

Personally, I would take McCormicks every time.

The Four Steakhouses of the Apocalypse

This is a trick question as there are, according to Bing, five of them (


There are a lot of interesting things that have been happening in the release of Polaris and all indications are it is not letting up in Orion. We are, indeed, living in interesting times.

Tuesday, February 26, 2013

Head, Heart and Hands: Setting Up Your Team For Success

Apologies for the slow posting this month. I do have a blog post written answering all questions sent for Summit which is with Microsoft for the green light (I do not want to lose my MVP status due to a misplaced sentence) which I intend to post before the end of the month i.e. in a few days.

In the interim here is another ‘management’ post about setting up your team for success. I am also using my new Surface Pro to type this on so we will see how that goes.

Motivation Theories

I did an MBA about ten years ago and learned a bunch of ways to encourage people to do things you need them to do and set it up so they actually enjoy it. You learn how to divine what gets them out of bed in the morning and whether a dinner out with their partner or a bag of cash is going to get the best results.

Of the various theories we covered, one has stuck with me and is quite easy to use. It is Kehr’s Compensatory Model ( The paper is quite academic so feel free to  move to the pretty picture on page 12.


The author of this paper was my lecturer which was HIS motivation for teaching it.

Essentially, people are driven by Implicit motives (what is in their heart), Explicit motives (what is in their head) and Perceived abilities (hands/what they believe they can do).

For effortless achievement (the ‘flow experience’, similar to Csikszentmihalyi’s concept of ‘the zone’), all three must be in alignment.

As an example of misalignment, alignment of Explicit and Perceived abilities means someone can do something but their heart may not be in it. An example may be giving up smoking. Our head tells us it is good for us and we certainly have the ability but if our heart is not in it, it simply will not happen without a lot of willpower (volition).


Using The Model

How I use this model is in one-on-one meetings. By discussing what gives people passion (heart), where they want to go with their career (head) and whether they have the tools to do their job (hands) identifies what is blocking them from doing the best job they can.

To be honest it feels a little weird being in a small room and trying to pry the innermost thoughts of my team out in the open but using a model like this adds a level of formalism which makes it easier.

Addressing the Gaps

Let us say the person has passion (heart) and they are heading where they want to go in their career (head) but their skills are not quite up to scratch or they do not have access to the information they need (hands). This is addressed with things like training, mentoring or setting up better information systems.

If the heart is lacking i.e. their career is on track and they have the tools they need but they are going through the motions, perhaps a better understanding of their needs is required, perhaps there needs to be more fun in the workplace or perhaps they have fears which need to be addressed.

If the head is lacking i.e. they love their work and they have the tools they need but they lack direction, this can be addressed by giving them a vision to work towards, setting clear goals or removing goal conflicts.


If you are managing a team and have one-on-ones with them (perhaps it is the annual appraisal), Kehr’s model provides a useful framework for starting a conversation about what is working well and, more importantly, what is in the way. It also then gives guidance on how to address these problems. Unlike other models it is also easy to explain so your team understand the framework and appreciate what you are trying to do. Good luck.

Sunday, February 10, 2013

Bad CRM Security Habits To Break

This time next week I will be on a plane heading to the MVP Summit at Seattle/Bellevue/Redmond. So, if you have any questions for the Microsoft Dynamics CRM Team in Redmond, feel free to add them below. I promise to ask all the questions you post (even the cheeky ones) and, for the answers which do not get me kicked out of the MVP programme, I will post the responses.

To the blog. There are some bad habits, when it comes to security, which are a remnant of previous versions of CRM (and from just doing things to cut corners when under pressure). I will show you what they are, why they are “poor man’s security” and the better approach.

Hiding Fields

Before CRM 2011, there was NO comprehensive field level security. Essentially, if you had access to the record, you had access to all the fields on the form. There was no way to let one user see a field on a record and guarantee another user could not see it. You could work around things a little bit with things like using jscript to hide tabs or hide fields on the form but you could always add the field as a column in an Advanced Find and see its contents this way. Even if the Searchable property is marked to ‘No’ this just means the field is not available as a condition for the Advanced find; it is still available as a column.

A cursory search on the internet generates many claims of field level security for CRM 4. There is even a Microsoft white paper on the ‘workarounds’ for version 4 which describes how plug-ins can be used to block the Advanced Find workaround above. However, the paper acknowledges the plug-ins cannot intercept access to the Filtered Views, as is done with Dynamic Excel exports.

Therefore, even the commercial products on the market at the time claiming field level security , unless they knew more than Microsoft themselves, either used unsupported methods or were not complete.

In my experience of CRM implementations back then, given the option of a comprehensive (and expensive) plug-in solution or some cheap jscript which was not airtight but did a rough job of it, the client picked the jscript every time. These systems are now being upgraded to CRM 2011 and, frankly, there is no excuse for this nonsense in a CRM 2011 system.

The Better Option for Fields

In CRM 2011 we now have proper field level security. When configuring the field, you tick the box.


Then you set up a security profile and say which users or teams can access it.


Ideally, in my opinion, the security profiles should be linked to a security role, rather than a user/team, to simplify on-going administration maintenance (users come and go but roles remain) but, given we had nothing before, this is a vast improvement.

Hiding Entities and Poor Assumptions

This section covers a couple of entity security sins. Firstly, the obvious one. With the sitemap, it was always possible to ‘hide’ entities by editing the XML. After all, if a user cannot click on the entity, they cannot access it, right? The second sin is the poor assumption that entity security ends with configuring user access via the security roles. For example, if we want to secure activities, all we need to do is set up our Business Units and set up the correct security roles, right?

The answer in both cases is, surprisingly (especially in the second case), “no”. Again, the CRM hacker’s favourite tool, Advanced Find undoes our good intentions.

In the first example, the Advanced Find lets us access all entities (even ones not linked to any other entity e.g. configuration setting entities, or in the sitemap). In the second example, while it is true we cannot access the activities (CRM security is sufficiently robust for that), we can access the child records such as notes. If there are good reasons to secure appointments, it is a fair bet that the same rules need to be applied to notes. If not, a user could pull up Advanced Find and access all the note records in the system and probably access inappropriate information. When setting up security, never forget the child entities, especially notes.


Security configuration in CRM has come a long way from version 4 but some habits die hard. Field level security should not be confused with user experience design and, now the tools are there to set field level security properly, they should be used. Also, when considering the security required to meet a business’ needs, think of the information being held, not just the entities otherwise notes will trip you up every time.

Good luck.