Customer Portals with Power Pages and Dataverse: How to Replace Risky Email Sharing with a Secure, Branded External Portal

Ever shared Dataverse data through email attachments or spreadsheets—only to wake up at 2am wondering who might have access? There’s a better, safer way that won’t make your CISO sweat, and yes, it’s already built into Power Platform. In this episode, we take the real incidents behind that “just send the file, it’s faster” habit—mis‑filtered exports, forwarded invoices, leaked customer lists—and turn them into a clear case for doing it properly with a customer portal instead of inbox‑driven access.We start with the portal dilemma most teams face: internal Power Apps are quick wins because everyone sits safely inside your tenant, but the moment sales or support asks, “Can our customers use this too?”, security, compliance, and branding all get harder at once. You’ll hear how default Power Pages setups lull people into a false sense of security—tables added in a rush, web roles left too broad, and external contacts seeing far more than anyone intended—plus what actually has to change before you dare call a portal “production ready.”From there, we walk through the safe path to connecting Power Pages to Dataverse. We talk about picking the right tables, locking down anonymous access, designing web roles for customers, partners, and vendors, and shaping permissions so each external user sees only “their” rows and fields—not your entire customer or HR universe. Along the way, we cover why external users live as Dataverse contacts, how portal security is separate from your internal roles, and what goes wrong when you assume Azure AD protections magically apply to everyone.Finally, we connect security to experience and trust. You’ll see how branding, login flows, and clean information architecture turn your portal from a risky afterthought into a credible extension of your company—one that replaces ad‑hoc file sharing with a controlled, auditable, and on‑brand way for customers and partners to work with your data. By the end, “let’s just email it” won’t feel like the easy option anymore.WHAT YOU LEARNWhy emailing Dataverse exports and spreadsheets is one of the highest‑risk “quick fixes” in everyday projects.How Power Pages exposes Dataverse tables to external users—and where default table and web‑role settings can go dangerously wrong.How to design web roles, table permissions, and row‑level rules so customers, partners, and vendors only see their own data.Why external users as Dataverse contacts follow a different security model than internal Power Apps users.How to combine security and branding so your portal feels like a trusted extension of your business, not a rushed side project.CORE INSIGHTThe core insight of this episode is that the real risk isn’t exposing Dataverse—it’s exposing it without the right guardrails. When you treat Power Pages portals as first‑class, externally facing products—with deliberate table selection, web roles, row‑level security, and branding—you turn “just share the file” chaos into a controlled, auditable front door for customers and partners.WHO THIS IS FORPower Platform makers whose internal apps are now being asked to “go external” for customers and partners.Architects and admins responsible for securing Dataverse data in external‑facing portals.Security and compliance teams worried about uncontrolled exports, forwarded spreadsheets, and oversharing.Business owners and project leads who want a professional, on‑brand customer or partner portal without sacrificing control.ABOUT THE HOSTMirko Peters is a Microsoft 365 and Power Platform consultant and the host of M365.FM, focused on modern work, security, and architectures that actually hold up in production. He helps organizations move from ad‑hoc sharing and internal‑only apps to governed, external‑ready solutions on Microsoft 365, Dataverse, and Power Pages, where access and branding are designed—not improvised. In M365.FM, Mirko turns real oversharing stories and portal missteps—like the ones behind this episode—into practical patterns listeners can apply in their own environments.Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.