Microsoft Dynamics 365 for Social Housing

Microsoft Dynamics 365 for customer engagement, customer services, sales and marketing, operations, financials - configured template solution for Social Housing organisations wishing to implement Microsoft Dynamics 365.


  • Social Housing entities out the box
  • Full ERP solution from resident to service delivery to ledgers
  • Universal Service Desk Customer Management and 360 customer view
  • Power Apps for housing
  • Field Service and mobile deployment
  • Portals for Self-Service
  • Anti Social Behaviour and Repairs Processes
  • Customer Centred Case Management
  • Property Sales and Marketing inc. Click Dimensions
  • Operational and financial reporting


  • Rapid adoption of Dynamics 365 for Housing Customer Services
  • Power Apps and processes to add to existing Dynamics projects
  • Knowledge transfer/collaboration delivery leaving client team capable
  • Social Housing experienced Consultants who understand the Housing business
  • Training collateral for re-use in knowledge base and Learning Path
  • Integration team available to assist with Housing data
  • Focus on end customer journey and outputs
  • Resident, service activities, mobile, portal, ledgers all referencing same database
  • Fully integrated with Office 365, Outlook, SharePoint
  • Reporting in dashboards and PowerBI is current and dynamic


£6 to £158 per user per month

Service documents


G-Cloud 11

Service ID

1 2 8 3 0 5 2 7 8 4 4 9 4 1 5



Kathryn Styler

0121 214 3100

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Microsoft Dynamics 365
Cloud deployment model Public cloud
Service constraints The Microsoft Dynamics 365 pre-requisites must be met including recent versions of the common browsers, MS Office 2013/16/365 if using Outlook
System requirements
  • Office 365 Account and Licensing Plan
  • Browser including Edge, IE, Firefox, Chrome, Safari

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times P1 support response time is within 2 hours. Out of hours including weekends can be provided with same or different response time subject to additional cost.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Global hours Support Desk for Microsoft Dynamics 365 users including break/fix, advice & assistance and development for the full Enterprise and business edition versions of Dynamics 365, Click Dimensions, Resco, Field Service.

24 hour request logging; service level agreements to suit; update reports; Relationship Manager service; Microsoft upgrades hand-holding; functionality review; Online training to resolve issues; minor development fixes; break / fix reassurance; access to advice and problem resolution; assistance with upgrades; choice of SLA and service levels; rapid provision of minor training and development issues; wider access to experienced team of Dynamics professionals.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A full range of services are provided by Microsoft and RSM for onboarding. From Microsoft there is a customer portal that provides access to extensive resources in a mix of media for setting up, administering and developing the Dynamics 365 solution. RSM will provide more specific and user role oriented training and collateral suitable for use with knowledge base and Learning path. Implementation of The Housing Dynamics solution follows the recognised Microsoft Sure Step pathway through Analysis - Design - Development - Testing - Deployment.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • DOCX
  • XLSX
  • CSV
End-of-contract data extraction Data export facilities are provided for users to extract data at any time, full queries can also be run with SQL Server Reporting Services or Fetchxml depending on infrastructure of deployment.
End-of-contract process At the end of the contractual period the customer can continue to subscribe to Microsoft licences either directly with Microsoft or through another provider and retain full use of the Housing elements of the solution.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Users can access Dynamics 365 for Social Housing on their mobile / tablet browser via the Dynamics mobile app. Form design renders to a pleasing UI for mobile user environments although data is still sourced from the single data service. If working offline users can choose to continue working on records which will synch when re-connected, dashboards are not available however while offline.
Service interface No
What users can and can't do using the API The Web API for Microsoft Dynamics 365 (online & on-premises) provides a development experience that can be used across a wide variety of programming languages, platforms, and devices. The Web API implements the OData (Open Data Protocol), version 4.0, an OASIS standard for building and consuming RESTful APIs over rich data sources.

Users can compose HTTP requests for specific operations or use third-party libraries to generate classes for whatever language or platform required.
API documentation Yes
API documentation formats
  • HTML
  • ODF
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Users with suitable security access are able to create and customise entities, forms, fields, views and layouts; create business and system processes; write dialogs; Create user help and Learning Path content; write and load plug-ins for specific resources; add or edit an image web resource; add JScript to a form; create and manage numerous "solutions"; create and edit dashboards for a range of different users.


Independence of resources Microsoft operate a global network of data centres including in the UK and capacity is maintained and benchmarked for Dynamics, Azure Services and Office.


Service usage metrics Yes
Metrics types The Organisation Insights dashboard provides a constant and quick view of metrics such as the number of active users, most active users for reads and changes, page requests, total operations calling the SDK and for form loads, dashboards and report requests with other elements added as required.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft Dynamics 365

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported to Excel either statically or dynamically, edited and re-imported if the excel spreadsheet structure is maintained. Direct reporting can also be used in Fetchxml reports from the Online database and held in Azure or a private cloud.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Service level is 99.9% uptime with a credit available of 25% if this falls below 99.9%, 50% if it falls below 99% and 100% if service availability falls below 95% relevant to that particular months subscription fee.
Approach to resilience A detailed examination of data services and application development lifecycle are available at Microsoft's Trust website Microsoft build trusted cloud on the four principles of Security, privacy, compliance and transparency. This party audits include SOC1 Type 2 reports, ISO/IEC 27001 and 27018, security assessments for penetration testing.
Outage reporting System administrators are notified by email and the 365 portal updates a running notification, the Organisational Insights Dashboard will update and Yammer and social media may also be used.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication Multi-Factor Authentication requires use of multiple methods to access the cloud. Providing strong authentication with a range of verification options, while accommodating a simple sign-in process. It provides user-friendly experience that works with Microsoft Azure Active Directory and Microsoft accounts and includes support for wearables/fingerprint-based approvals. Password enforcement increases security of traditional passwords by imposing length/complexity requirements, forced rotation and account lockout.
Token-based authentication enables authentication via Active Directory Federation Services (AD FS) or third-party secure token systems.
Role-based access control (RBAC) enables access based on the user’s role, making it easy to only give the amount of access required.
Access restrictions in management interfaces and support channels Role-based access control (RBAC) enables you to grant access based on the user’s assigned role, making it easy to give users only the amount of access they need to perform their job duties. You can customize RBAC per your organisation’s business model and risk tolerance.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 09/01/2017
What the ISO/IEC 27001 doesn’t cover There are no elements of the hosting solution not covered by this certification
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Dynamics 365 relies on Azure Active Directory to provide authentication for user access, helping to protect Dynamics 365 from unauthorized access. It simplifies the management of users and groups, and enables you to assign and revoke privileges easily.

Dynamics 365 uses the same identity platform as Office 365, so a user of both services has the same username and password. Customers can federate an on-premises Active Directory or other directory stores to enable using corporate credentials to authenticate. Dynamics 365 uses encryption to protect your data. Connections established between customers and Microsoft datacenters are encrypted, and all public endpoints are secured using industry-standard Transport Layer Security (TLS). TLS effectively establishes a security-enhanced browser-to-server connection to help ensure data confidentiality and integrity between desktops and datacenters.

We also provision you with your own logically isolated data repository to maximize the security and integrity of your data. And, when systems become outdated or are no longer operational, Microsoft operations personnel follow rigorous data-handling procedures and hardware disposal processes.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All development in Microsoft Dynamics 365 is carried out in the Security Development Lifecycle which helps developers address compliance requirements.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Dynamics 365 is hosted in Microsoft datacenters and uses their security measures and mechanisms to protect data. Microsoft blocks unauthorized traffic to and within datacenters using a variety of technologies. We constantly maintain, enhance, and verify the infrastructure, and employ regular penetration testing to continually validate the performance of security controls and processes.
Dynamics 365 is designed on the principles of the Security Development Lifecycle, a mandatory Microsoft process that embeds security requirements into every phase of development. The Dynamics 365 operations team also follows the rigorous standards set by Microsoft Operational Security Assurance to help protect customer data.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach To ensure that activities within the service are legitimate, and to detect breaches or attempted breaches, Dynamics 365 takes advantage of the cloud service infrastructure and security mechanisms. The Dynamics 365 environment deploys antimalware software that helps protect infrastructure against online threats. Microsoft also provides intrusion detection, distributed denial-of-service (DDoS) attack prevention, and regular penetration testing to help validate security controls.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Microsoft employs a risk-management model of shared responsibility with the customer.
Microsoft is responsible for the platform including services offered and provides a cloud service that can meet the security, privacy, and your compliance needs.
As a customer, you are responsible for the environment once the service has been provisioned. You must identify which controls apply to your business and understand how to implement and configure them to manage security and compliance with applicable regulatory requirements. RSM offers implementation guidance to help accomplish these tasks and better manage the risk. Any incident can be reported through the 365 portal.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £6 to £158 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Full versions with dummy data provided on a trial basis that can then be converted to a full subscription if required.
Link to free trial

Service documents

Return to top ↑