Microsoft Power Pages Enterprise Portals Guide (2026)

Low-code customer, partner, and citizen portals on Dataverse — Entra External ID, web-role security, ALM, and a five-phase delivery model from EPC Group, the Microsoft Solutions Partner firm whose founder authored four Microsoft Press books.

Book a Power Pages Strategy Call 888-381-9725

Microsoft Power Pages is the low-code platform for building secure, external-facing websites and authenticated portals on top of Microsoft Dataverse. Enterprises use it for customer self-service, partner extranets, employee benefits, government citizen services, vendor onboarding, and regulated application portals. EPC Group delivers Power Pages engagements with Entra External ID identity, Dataverse RBAC and column-level security, ALM through Power Platform Pipelines, WAF protection, and WCAG 2.1 AA accessibility baked in from day one.

Microsoft Power Pages is the low-code platform for customer-facing portals on Dataverse. Six enterprise patterns — customer self-service, partner extranet, employee benefits, government citizen services, vendor onboarding, regulated application portal. EPC Group's five-phase Accelerator runs $120K-$400K with Entra External ID, RBAC, ALM, WAF, and WCAG 2.1 AA baked in.

Key Facts

Power Pages is built on four architectural pillars — Microsoft Dataverse (the relational backbone), Design Studio (low-code authoring), Liquid templating (server-side rendering), and Power Pages Copilot (AI authoring assistant).
Six enterprise patterns dominate — customer self-service, partner extranet, employee benefits + HR, government citizen services, vendor + supplier onboarding, and regulated industry application portals.
Identity options — Microsoft Entra External ID (B2C, the strategic path), local accounts (discouraged for new builds), B2B SSO through Entra External ID (the partner-portal pattern), and anonymous access (carefully scoped).
Security stack — Dataverse RBAC, web roles + table permissions, column-level security, page permissions, web application firewall (Azure WAF or Cloudflare), and audit logging end-to-end.
Branding — Bootstrap 5 component framework, Liquid web templates and content snippets, and PCF (Power Apps component framework) for TypeScript-based custom components.
ALM is non-negotiable — managed solutions, Power Platform CLI exports source-controlled in Git, Power Platform Pipelines or Azure DevOps for dev-test-prod promotion, Solution Checker on PRs.
Compliance frameworks supported — HIPAA, SOC 2, FedRAMP, FINRA, CMMC, GxP — through Microsoft Purview sensitivity labels propagated from Dataverse columns into Power Pages output.
EPC Group's five-phase Power Pages Accelerator — Assess, Foundation and Identity, Build and Integrate, Secure and Launch, Operate and Evolve — runs $120K-$400K and is anchored to The EPC Group Lifecycle.

The Power Pages architecture, four pillars deep

Power Pages is more than a low-code site builder. It is a layered platform — Dataverse for data and security, Design Studio for low-code authoring, Liquid for server-side rendering, and Copilot for AI-assisted scaffolding. Understanding all four pillars is the difference between a portal that ships on time and a portal that ships with three audit findings.

Dataverse

The relational backbone

What it is

Dataverse is the secure, governed, schema-rich relational data platform that sits under Power Pages. Every table, column, relationship, choice list, business rule, and security role lives in Dataverse — and is shared with model-driven Power Apps, Dynamics 365, Power Automate cloud flows, and Microsoft Copilot Studio agents. Power Pages does not maintain a separate database; it renders Dataverse content to the public internet through web roles, table permissions, and Liquid templates.

Why it matters

A Power Pages site is only as governed as its Dataverse environment. The right architecture decisions — environment topology, managed solutions, table-level security, column-level security, sensitivity labels — are decisions you make about Dataverse, not about Pages. Get Dataverse right and the portal inherits the governance. Get Dataverse wrong and the portal becomes a public-facing audit finding.

Design Studio

The low-code authoring surface

What it is

Design Studio is the modern, web-based authoring environment for Power Pages. Makers compose pages from a component library, bind sections to Dataverse tables, configure forms and lists, manage the navigation tree, and apply themes — without writing code. Design Studio is where a citizen developer can ship a partner-facing portal in three weeks; it is also where a professional developer drops in for the Liquid, the JavaScript, and the PCF components that go beyond the no-code surface.

Why it matters

Design Studio is what makes Power Pages a low-code platform rather than a custom build. It lowers the floor on who can contribute — business analysts, internal-comms teams, customer-success operators — while preserving headroom for senior developers when the pattern needs it. Most enterprises underestimate how much of the portal a non-developer can own, and overestimate how much custom code they actually need.

Liquid templating

The server-side rendering layer

What it is

Liquid is the open-source templating language (originally from Shopify) that Power Pages uses to render Dataverse content to HTML on the server. Liquid powers content snippets, web templates, and the data-binding inside the page composition. Power Pages adds Dataverse-aware Liquid filters and tags — fetchxml queries against Dataverse, web link inheritance, language fallback, and content-snippet substitution — that give developers full control over the rendered output without leaving Liquid.

Why it matters

Liquid is the seam between the no-code Design Studio surface and a professionally engineered portal. It is also the place where security boundaries are most often misunderstood. A Liquid template that issues a fetchxml query without table-permission scope can leak Dataverse rows to anonymous visitors. EPC Group reviews every Liquid template for permission scope before any portal reaches production.

Power Pages Copilot

The AI authoring assistant

What it is

Power Pages Copilot is the integrated AI assistant inside Design Studio. Makers describe what they want in natural language — "build a partner registration form that collects company name, primary contact, and territory and writes to my Dataverse Partner table" — and Copilot scaffolds the form, the table binding, the validation, and the submission flow. Copilot also generates Liquid snippets, suggests theme adjustments, and drafts FAQ content based on knowledge-base inputs.

Why it matters

Power Pages Copilot collapses the time from "we need a portal" to "the portal is in test" by an order of magnitude — for the right kind of work. The governance imperative is the same as every Copilot Studio surface: Copilot accelerates makers, but the makers still own the security review, the Dataverse permission model, and the production readiness gate.

Six enterprise Power Pages patterns

EPC Group has shipped Power Pages portals across every industry vertical. Six patterns dominate enterprise deployments — each with a distinct audience, identity model, integration surface, and security profile. The right pattern is the one where the existing Dataverse footprint, the audience, and the team’s skills line up.

Customer self-service portal

Audience

Authenticated customers (B2C identity)

Customers sign in to view account status, submit service requests, track open cases, download statements, manage subscription preferences, and update profile information. The portal reads and writes to the same Dataverse tables Dynamics 365 Customer Service uses, so cases opened in the portal land directly in the agent queue with no integration layer.

Real-world examples

A regional bank running statements + dispute submission + branch-appointment scheduling. A SaaS company running tier-1 self-service + case management + knowledge-base search. A retail chain running loyalty + warranty + product registration.

Design note

B2C identity is the choice that drives most of the cost. Microsoft Entra External ID for customers (formerly Azure AD B2C) is the supported path going forward. Custom local-account authentication is supported but EPC Group recommends against it for new builds — the maintenance burden is real and the security review is harder to pass.

Partner extranet

Audience

Authenticated partners (B2B identity)

Partners — resellers, dealers, brokers, distributors, referral partners — sign in to manage deal registrations, submit quotes, access enablement content, review commission statements, and collaborate on co-sell opportunities. The portal binds to Dataverse tables shared with Dynamics 365 Sales, so partner-submitted opportunities appear in the partner-channel manager pipeline without integration.

Real-world examples

A manufacturer running a 2,400-dealer network with quote configurators and warranty claims. An insurance carrier running a broker portal with commission visibility and policy lookups. A software vendor running deal registration and co-sell tracking for a 600-partner ecosystem.

Design note

B2B SSO through Entra External ID is the supported pattern when the partner organization is itself a Microsoft tenant. Partners sign in with their own corporate identities, and the portal recognizes them through the cross-tenant trust. For partners not on Microsoft, B2C identity with email + multi-factor authentication is the fallback. Most enterprise deployments need both paths configured.

Employee benefits and HR portal

Audience

Authenticated employees (Entra SSO)

Employees sign in (with their corporate identity, no separate account) to enroll in benefits, submit time-off requests, view pay history, complete onboarding tasks, update emergency contacts, and access the HR knowledge base. The portal binds to Dataverse tables that integrate with the HRIS of record (Workday, SuccessFactors, Dayforce, UKG) through Power Automate cloud flows or Azure integration.

Real-world examples

A 18,000-employee health system running open-enrollment + ongoing self-service. A multi-state retailer running onboarding workflows for high-turnover roles. A federal contractor running clearance-status visibility and personnel-action tracking.

Design note

Entra SSO is non-negotiable — employees should not have a separate password to the benefits portal. The portal authenticates through the employer Microsoft Entra tenant and inherits MFA, conditional access, and device-compliance policies. Web roles in Power Pages map to Entra security groups so role-based access is managed in the same place as every other corporate resource.

Government citizen-services portal

Audience

Authenticated and anonymous citizens

Citizens apply for permits, renew licenses, submit code-violation reports, track case status, pay fees, and access public records. Anonymous visitors browse content and start applications; authenticated citizens (through Entra External ID or a state identity provider) see personalized case history and saved data. The portal binds to Dataverse tables that drive caseworker model-driven apps and analytics dashboards.

Real-world examples

A municipal building department running permit applications + inspection scheduling. A state DMV running license renewal + plate transfer. A county health department running food-service permit applications and inspection-result lookup.

Design note

Citizen-services portals are the most common pattern where Entra External ID is paired with an external identity provider — many states have a single-sign-on identity standard for citizens that has to integrate through OIDC or SAML. Power Pages supports both. Accessibility (WCAG 2.1 AA at minimum, Section 508 for federal) is a hard requirement and has to be designed in from the first page, not retrofitted before launch.

Vendor and supplier onboarding portal

Audience

Authenticated vendors (B2B identity)

Prospective vendors register, submit qualifications, upload insurance certificates, complete supplier-diversity surveys, and track approval status. Active vendors sign in to update banking information, submit invoices, review purchase orders, acknowledge receipt, and respond to RFQs. The portal binds to Dataverse tables shared with Dynamics 365 Supply Chain Management or a custom procurement schema.

Real-world examples

A manufacturer running supplier qualification + ongoing PO acknowledgement. A healthcare system running vendor-credentialing and W-9 management. A federal prime contractor running subcontractor onboarding with CMMC self-attestation capture.

Design note

Vendor portals are document-heavy. Dataverse file columns and SharePoint document-library integration both have a place. EPC Group designs the document strategy alongside the table schema — file columns for small structured artifacts (W-9, COI), SharePoint integration for large unstructured artifacts (engineering specs, qualification packets).

Regulated industry application portal

Audience

Authenticated applicants in HIPAA, FINRA, CMMC, or FedRAMP-relevant flows

Patients enroll in care programs, brokers complete continuing-education attestations, defense contractors submit CMMC self-attestations, financial-services applicants complete KYC and AML capture. Every workflow requires identity proofing, audit logging, data-classification handling, and (often) eSignature integration. Power Pages binds to Dataverse with sensitivity labels propagated through to outputs.

Real-world examples

A specialty pharmacy running patient onboarding under HIPAA Business Associate scope. A broker-dealer running continuing-education attestation under FINRA recordkeeping. A defense supplier running CMMC self-attestation capture for prime contractors.

Design note

Regulated portals are where EPC Group spends the most time on the security review. Microsoft Purview sensitivity labels on Dataverse columns, Cloudflare or Azure Front Door web application firewall in front of the portal, audit logging into the unified audit log, eSignature integration through Adobe Acrobat Sign or DocuSign, and a documented privacy-impact assessment before go-live are all standard scope items. Compliance frameworks supported include HIPAA, SOC 2, FedRAMP, FINRA, CMMC, GxP.

Identity — Entra External ID, B2B SSO, local accounts, anonymous

Identity is the most consequential architectural decision in any Power Pages engagement. The wrong identity model means a portal nobody trusts, a portal nobody can sign into, or a portal that fails the security review. Four models are supported and most enterprise deployments mix two or three.

Microsoft Entra External ID (B2C)

What it is — Entra External ID for customers (the modern successor to Azure AD B2C) is the Microsoft identity surface for consumer-facing identity. Customers can sign up with email and password, with social providers (Google, Facebook, Apple, LinkedIn), or with custom OIDC and SAML providers. The tenant is separate from your corporate Entra tenant, with separate directory, separate user objects, separate sign-in policies. Power Pages integrates natively — sign-in, sign-up, password reset, MFA, and profile-editing user flows all configurable in the External ID portal.

When to use — Every external-facing portal where the audience is not already in a Microsoft tenant. Customer self-service, citizen services, public application portals, alumni portals. Entra External ID is the strategic direction Microsoft is investing in — new builds in 2026 should default here unless there is a specific reason to choose otherwise.

Local accounts (Power Pages-managed)

What it is — Local-account authentication means Power Pages manages the credential database itself — username, password, password-reset flow, optional MFA, profile fields. The advantage is simplicity for very small portals; the disadvantage is that you are now operating an identity-provider with everything that implies (breach notification, password-strength policy, MFA enforcement, account-recovery support, audit logging).

When to use — Discouraged for new enterprise builds. Acceptable for very small portals with a captive audience, a short lifespan, and no sensitive data. EPC Group recommends migrating any inherited local-account Power Pages portal to Entra External ID within a planned 6-to-9-month window when feasible.

B2B SSO through Entra External ID

What it is — When the audience is itself in a Microsoft tenant — partner organizations, sister business units running their own tenants, federated agencies — B2B identity through Entra External ID lets those external users sign in with their own corporate credentials. Cross-tenant access policies in Microsoft Entra control which partner tenants can sign in, what claims flow across, and what MFA and conditional-access policies apply. Power Pages recognizes the B2B identity and applies its own web-role authorization on top.

When to use — Partner extranets, dealer networks, broker portals, distributor portals — any portal whose audience is itself enterprise. B2B SSO is materially better UX for the partner (one less password, MFA from their own tenant) and materially better security posture for both sides (their leavers automatically lose access when they leave the partner organization).

Anonymous (public) access

What it is — Power Pages supports anonymous content — pages, lists, forms — visible without authentication. Anonymous users are counted toward the anonymous-user license capacity. Anonymous flows are common for marketing landing pages, public knowledge bases, FOIA-style public-record search, and the first step of a multi-step apply-then-create-account flow.

When to use — When the content is genuinely public, when the form is genuinely available to anyone, or when the journey starts public and becomes authenticated later. Carefully scope Dataverse table permissions to exclude anonymous access for any data that should not be public — the default-deny posture is the only safe one.

The Power Pages security stack — six layers, all required

Power Pages publishes to the public internet. The security posture has to be designed in from day one, not bolted on before launch. EPC Group enforces six layers across every portal — and we will not approve a go-live without all six in place.

Dataverse role-based access control (RBAC)

Dataverse security roles define which users can read, write, append, append-to, assign, share, and delete which tables. Power Pages binds to Dataverse through application-user identity and inherits this baseline. Web roles in Power Pages map to Dataverse access at the portal level — but the underlying Dataverse RBAC is the authoritative permission model and the place security audits start.

Web roles and table permissions

Web roles are the Power Pages-specific authorization layer. A web role grants a portal user access to a set of pages, a set of forms, and a set of Dataverse table-permission scopes (global, contact, account, parent, or self). Table permissions in Power Pages are the difference between "this user can see everyone's data" and "this user can see only the rows linked to their contact record." Misconfigured table permissions are the single most common source of Power Pages security incidents.

Column-level security

Column-level security in Dataverse restricts read, update, and create access to individual columns even for users who otherwise have the table-level role. The classic use case is portal users who can see their account record but cannot see the internal-only credit-score column or the case-priority-flag column. Column security applies through Dataverse and is inherited by Power Pages — define once, enforced everywhere.

Page permissions

Page permissions in Power Pages restrict which web roles can render which pages. A partner-tier-1 dealer cannot reach the partner-tier-3 page, even if they guess the URL. Page permissions are independent of table permissions — both are enforced, and the union of restrictions is what the user sees.

Web application firewall

Every production Power Pages site sits behind a web application firewall. Microsoft Azure Front Door with Azure WAF is the natively integrated path; Cloudflare is the supported alternative for clients standardized there. WAF rules block OWASP Top 10 patterns, rate-limit suspect traffic, and provide DDoS protection. EPC Group does not allow a Power Pages site to reach production without WAF in front of it.

Audit logging

Power Pages sign-ins, page views, form submissions, and Dataverse writes are all captured. Sign-ins and authentication events flow to Microsoft Entra logs. Dataverse activity flows to the Dataverse audit log and the unified Microsoft 365 audit log. Page-level access can be captured through Application Insights integration. EPC Group ships audit-logging configuration as a managed-solution component of every portal — not a post-launch checklist item.

Branding and design — Bootstrap 5, Liquid, PCF

Power Pages is a branded experience platform — not a generic CMS. Three layers of branding control are available, and most enterprise portals use all three to land the design fidelity the brand team expects.

Bootstrap 5 component framework

Power Pages ships on Bootstrap 5 — the responsive, accessible, well-documented CSS framework. Bootstrap 5 gives makers a consistent grid, accessible typography, well-tested forms, and a component library that works across browsers and devices. Custom themes layer on top through Sass variables; teams that already standardize on Bootstrap can lift design tokens directly.

Liquid templates and content snippets

Web templates and content snippets give developers granular control over layout, navigation, and content reuse. Content snippets are small chunks of HTML or text that can be referenced by name across pages — change once, propagate everywhere. Web templates are the Liquid-rendered layouts behind page composition. Together they make portal-wide branding changes (a holiday banner, an outage notice, a legal-disclaimer footer) trivial to ship.

PCF (Power Apps component framework)

PCF components are TypeScript-based custom components that can be embedded in Power Pages forms and lists. PCF is where teams go when the no-code component library does not cover the experience — a custom map control, a chart, an interactive scheduling widget, an integration with a third-party service. EPC Group ships PCF components when the requirement justifies the engineering investment, and not before.

The EPC Group Power Pages Accelerator — five phases, $120K–$400K

The Accelerator is the fixed-fee, senior-architect-led engagement that takes an enterprise from "we need a portal" to a governed, secured, accessible Power Pages site in production. Anchored to The EPC Group Lifecycle, the five phases run in sequence.

Phase 1 — Assess

2–3 weeks

Audience and identity model defined (Entra External ID, B2B SSO, local, anonymous mix), Dataverse table schema and existing-data inventory documented, accessibility and compliance scope set, license model forecast (anonymous capacity + authenticated capacity), wireframes for the first three user journeys, and a costed roadmap for the build phases.

Lifecycle stage: Assess

Phase 2 — Foundation and identity

3–5 weeks

Power Pages environment provisioned in the right Dataverse environment, identity providers configured (Entra External ID tenant created if needed, B2B trust configured, custom IdP integration if applicable), Dataverse table schema deployed as a managed solution, web roles defined with the right table-permission scopes, and the staging URL accessible behind WAF.

Lifecycle stage: Modernize

Phase 3 — Build and integrate

6–12 weeks

Pages, forms, lists, and workflows authored in Design Studio with Liquid customization where needed, Power Automate flows for downstream orchestration (notifications, case routing, system-of-record writes), eSignature integration where applicable, Application Insights instrumented, accessibility tested against WCAG 2.1 AA, and a penetration test scheduled.

Lifecycle stage: Modernize

Phase 4 — Secure and launch

2–4 weeks

Penetration test remediated, WAF rules tuned to production traffic patterns, table permissions audited by a senior architect, audit logging verified end-to-end, privacy-impact assessment signed off (regulated portals), accessibility audit signed off, content reviewed by legal and brand, soft-launch to a pilot cohort, and the production launch readiness gate completed.

Lifecycle stage: Govern

Phase 5 — Operate and evolve

Steady-state with quarterly enhancement releases

24/7 managed operations with senior-architect escalation, quarterly enhancement releases through Power Platform Pipelines, ongoing accessibility re-tests, license-capacity monitoring (anonymous + authenticated bands), Dataverse storage management, and an annual architecture review against the EPC Group reference patterns.

Lifecycle stage: Operate

Most engagements land in the $185,000–$275,000 band. The $120K floor is a single-audience customer self-service portal on existing Dataverse with one Salesforce integration. The $400K ceiling is a multi-audience partner extranet with deal registration, commission visibility, three external integrations, custom PCF components, and a complete brand-system implementation.

Why EPC Group on Power Pages

Nearly three decades of Microsoft consulting leadership, four Microsoft Press books, the original Power BI beta team, 1,500+ Power BI deployments, 70+ Fortune 500 clients, and 216+ M&A tenant consolidations spanning 1.83 million users. Power Pages descends from Adxstudio Portals, which descended from Dynamics CRM portals — every previous generation of this product is one EPC Group has shipped against.

11,000+

Microsoft engagements

1,500+

Power BI deployments

70+

Fortune 500 served

1.83 million

M&A users migrated

Microsoft Press author — Power BI, SharePoint, Azure

Founder Errin O'Connor authored four Microsoft Press titles and was on the original Power BI beta team (Project Crescent). Nearly three decades of Microsoft consulting leadership inform every Power Pages engagement — Power Pages descends from Adxstudio Portals, which descended from Dynamics CRM portals, all platforms EPC Group has shipped across.

Microsoft Solutions Partner — 6 designations

EPC Group holds 6 Microsoft Solutions Partner designations spanning Data and AI, Modern Work, Security, Infrastructure, Digital and App Innovation, and Business Applications. Power Pages sits at the intersection of Business Applications (Dataverse, model-driven Power Apps, Dynamics 365) and Digital and App Innovation — both designations apply.

1,500+ Power BI and Power Platform deployments

EPC Group has delivered 1,500+ Power BI deployments and hundreds of broader Power Platform engagements. Power Pages portals are routinely paired with Power BI reports embedded for authenticated users — the portal becomes a single surface for transaction and insight.

70+ Fortune 500 enterprises served

EPC Group has served 70+ Fortune 500 enterprises and led 216+ M&A tenant consolidations spanning 1.83 million users. Partner extranets, vendor onboarding portals, and customer self-service portals appear in nearly every post-merger consolidation — Power Pages is in our standard playbook.

Related EPC Group Microsoft hubs

Microsoft Cloud Orchestrator

The integrated Microsoft cloud delivery model.

Microsoft 365 Consulting

The tenant Power Pages identity sits inside.

Dynamics 365 Consulting

The Dataverse-native business apps Power Pages binds to.

Microsoft Fabric Expertise

OneLake, Lakehouses, and Direct Lake — analytics under the portal.

Azure Consulting Services

Azure Front Door, WAF, integration services under the portal.

M365 Admin Center Reference

The identity surface Power Pages B2B SSO inherits.

Digital Transformation 2026

Where Power Pages fits inside the enterprise transformation.

Power Platform Enterprise Hub

The five-pillar parent — Power Apps, Automate, BI, Copilot Studio, Pages.

Frequently asked questions

When does Power Pages make sense versus a Power Apps canvas app or a custom Next.js build?

Power Pages is the right choice when the audience is external (customers, partners, citizens, vendors, applicants), the data already lives in Dataverse or will be put there, the workload is form-driven and content-driven rather than highly interactive, and the team owns or is building Power Platform skills. Canvas Power Apps are the right choice when the audience is internal employees on mobile devices, when the experience is pixel-precise and highly interactive, and when the Dataverse/SharePoint/SQL backend is appropriate. A custom Next.js build (the path EPC Group also delivers) is the right choice when the experience needs to be a marketing site at internet scale, when the design fidelity Power Pages can deliver is not enough, when there is heavy non-Dataverse data integration, or when the audience expects a consumer-grade brand experience the no-code platform cannot match. We have shipped patient portals on Power Pages and we have also told clients the right answer was Next.js on Vercel — pick on fit, not on platform allegiance.

How does the Power Pages license model work — authenticated versus anonymous users?

Power Pages licenses two distinct capacity types and they are billed separately. Anonymous-user capacity is sold in packs of 100 anonymous monthly users — that is unique visitors counted by Power Pages telemetry per calendar month. Authenticated-user capacity is sold per authenticated monthly user — every distinct identity that signs into the portal in a calendar month counts toward this band. Authenticated users include B2C identities (Entra External ID), B2B guests (cross-tenant SSO), and custom identity providers. The two axes are independent — a portal can be heavy on one and light on the other, and you license both bands separately. EPC Group models both during architecture, builds a conservative initial license forecast, and includes capacity monitoring as a steady-state managed-operations responsibility. SKU details and pack sizes change; verify with Microsoft licensing at purchase date.

How much Dataverse capacity will a Power Pages portal consume — and how do we plan for it?

Dataverse capacity is licensed in three bands — database (the relational store), file (binary attachments, file-column content), and log (audit logs and long-running operations). Power Pages portals touch all three. A customer-service portal handling 200,000 cases per year with attachments will burn through file capacity faster than database capacity. A partner portal with light transaction volume but a five-year regulatory retention requirement will burn through log capacity. A vendor-onboarding portal collecting W-9 PDFs, COI PDFs, and qualification packets is file-heavy. EPC Group sizes each band during the Assess phase, recommends initial capacity, and instruments capacity monitoring as part of managed operations. Most enterprises buy too much database capacity and too little file capacity — the file column allowance per environment is finite and worth modeling.

What is the ALM and DevOps story for Power Pages — can we do dev-test-prod and source control?

Yes, and EPC Group treats this as table stakes. Power Pages content is exported and unpacked through the Power Platform CLI and source-controlled in Git alongside the rest of the solution. Power Platform Pipelines orchestrates promotion from dev to test to production environments, with approval gates between stages. The Power Platform Solution Checker runs on pull requests and blocks merges with critical findings. Managed solutions are the default for everything reaching production. The non-negotiables are the same ones we apply across the Power Platform — no maker authoring directly in production, no shortcut deploys, no unmanaged solutions in prod. Power Platform Pipelines is the native Microsoft surface; Azure DevOps Pipelines and GitHub Actions are both supported alternatives for teams already standardized there.

How does Power Pages handle accessibility — is it WCAG 2.1 AA out of the box?

The Power Pages platform ships with accessibility-compliant building blocks — Bootstrap 5 components, accessible forms, ARIA-aware navigation, keyboard-navigable lists. The platform passes WCAG 2.1 AA at the component level. What the platform does not do is guarantee your custom content, your custom Liquid, your custom PCF components, your custom themes, or your editorial choices pass WCAG 2.1 AA. Accessibility on a Power Pages portal is the responsibility of the team that builds it — not the platform. EPC Group includes WCAG 2.1 AA testing in every portal engagement, runs accessibility audits before launch, and ships portals to government clients under Section 508 standards. The earlier accessibility is designed in, the less expensive it is to remediate — retrofitting accessibility two weeks before launch is a project all on its own.

Can Power Pages integrate with non-Microsoft systems — Salesforce, ServiceNow, SAP, custom APIs?

Yes, through Power Automate and through custom code. The pattern is that the portal binds to Dataverse for the user-facing experience, and Power Automate cloud flows handle the integration with whatever system of record sits behind the workflow. A partner portal that needs to write opportunities to Salesforce uses a Power Automate flow with the Salesforce connector. A vendor portal that needs to read PO data from SAP uses Power Automate with the SAP ECC connector or a custom REST connector. A service portal that writes incidents to ServiceNow uses Power Automate with the ServiceNow connector. For high-volume or real-time scenarios, Azure Integration Services (Logic Apps, Service Bus, API Management) carries the traffic and Dataverse holds the working copy. EPC Group designs the integration architecture during the Assess phase — picking the right surface (Power Automate, Azure, custom code in a PCF component) for each integration.

How does Power Pages compare to a SharePoint-based external sharing site?

They are different tools for different jobs. SharePoint external sharing — through guest accounts, Microsoft 365 groups with guest access, or SharePoint sites with external sharing enabled — is the right surface when the use case is document collaboration with named external counterparts. Think of a customer who needs to review draft contracts, a partner who needs to share product roadmaps, a vendor who needs to upload qualification documents. SharePoint is excellent at this and the per-user cost is favorable when the audience is small. Power Pages is the right surface when the use case is a structured application — forms, workflows, data capture, transaction processing, status tracking — that needs to scale to hundreds or thousands of external users, with a branded experience, with audience-specific identity, and with table-row-level security. Mixing the two is common — a Power Pages portal often surfaces SharePoint document libraries through embedded content for the document-collaboration parts of the journey.

What does an enterprise Power Pages engagement actually cost?

The EPC Group Power Pages Accelerator runs $120,000 to $400,000 depending on portal complexity, the number of audiences (a partner portal serving distributors, resellers, and brokers is three audiences), the depth of integration (one Dataverse-only flow versus six external-system flows), the regulatory scope (HIPAA, FINRA, CMMC, FedRAMP-relevant), and the design fidelity required. Common bands — a single-audience customer self-service portal on Dataverse with one Salesforce integration and standard branding lands near the $120,000 floor. A multi-audience partner extranet with deal registration, commission visibility, three external integrations, custom PCF components, and a complete brand-system implementation lands near the $400,000 ceiling. Most engagements land in the $185,000 to $275,000 band. Managed operations and quarterly enhancement releases are priced separately to the portal footprint. Microsoft license costs (Power Pages capacity, Dataverse capacity, Entra External ID identities) are separate and modeled during Assess.

Ready to ship a governed Power Pages portal?

Book a strategy call with an EPC Group senior architect. We will walk your audience and identity model, evaluate your existing Dataverse footprint, scope the right Power Pages pattern, and size the right Accelerator engagement for your tenant.

Book a Strategy Call Call 888-381-9725

contact@epcgroup.net · 888-381-9725 · www.epcgroup.net

Microsoft Power Pages Enterprise Portals Guide (2026)

Book a Power Pages Strategy Call 888-381-9725

Key Facts

Power Pages is built on four architectural pillars — Microsoft Dataverse (the relational backbone), Design Studio (low-code authoring), Liquid templating (server-side rendering), and Power Pages Copilot (AI authoring assistant).
Six enterprise patterns dominate — customer self-service, partner extranet, employee benefits + HR, government citizen services, vendor + supplier onboarding, and regulated industry application portals.
Identity options — Microsoft Entra External ID (B2C, the strategic path), local accounts (discouraged for new builds), B2B SSO through Entra External ID (the partner-portal pattern), and anonymous access (carefully scoped).
Security stack — Dataverse RBAC, web roles + table permissions, column-level security, page permissions, web application firewall (Azure WAF or Cloudflare), and audit logging end-to-end.
Branding — Bootstrap 5 component framework, Liquid web templates and content snippets, and PCF (Power Apps component framework) for TypeScript-based custom components.
ALM is non-negotiable — managed solutions, Power Platform CLI exports source-controlled in Git, Power Platform Pipelines or Azure DevOps for dev-test-prod promotion, Solution Checker on PRs.
Compliance frameworks supported — HIPAA, SOC 2, FedRAMP, FINRA, CMMC, GxP — through Microsoft Purview sensitivity labels propagated from Dataverse columns into Power Pages output.
EPC Group's five-phase Power Pages Accelerator — Assess, Foundation and Identity, Build and Integrate, Secure and Launch, Operate and Evolve — runs $120K-$400K and is anchored to The EPC Group Lifecycle.