Managing Consent and Compliance Profiles in Dynamics 365 Real-Time Journeys

5 minutes reading time

Managing Consent and Compliance Profiles in Dynamics 365 Real-Time Journeys

Of all the Dynamics 365 marketing features in real-time journeys, consent management is the one we receive the most questions about.

That’s partly because consent is managed differently in real-time journeys than the deprecated outbound marketing module, creating an additional learning challenge.

Even for new users, this product area is one of the most complex to understand.

However, it’s a critical feature to master whether you are migrating from outbound marketing or deploying real-time journeys anew. Inaccurate configuration of your compliance profiles could send emails to people who haven’t opted in or incorrectly block messages.

One reason for the complexity is that the configuration will vary between organisations.

Consent management setup will depend on multiple factors. This will include the types of messages you send, your audience, and your processing policy.

What’s right for one organisation isn’t necessarily correct for yours.

As a result, ServerSys offers assistance to configure consent settings that align with your processing rules and marketing processes. 

This article offers an introductory overview of the main points and how to implement a consent framework.

Commercial or Transactional?

Consider the various categories of messages you send, such as newsletters, event invites, subscription renewals and promotional offers.

From this list, you should be able to separate the messages requiring consent to comply with your processing policy and regulations, such as GDPR.

People generally expect an email confirmation after submitting a form or making a purchase, so these messages are often considered ‘transactional’, and consent typically isn’t required to send them. Critical account messages about orders, renewals or terms are also generally transactional.

In many other instances, messages are ‘commercial’.

Consent may be needed for these, but it depends on your message, the intended audience, and how you process data. For instance, we work with organisations that send regular email updates to their clients. In line with GDPR processing rules, these commercial communications are defined as being of ‘legitimate interest,’ so explicit consent isn’t needed.

We can’t give legal advice – this is just an example of how some businesses interpret compliance obligations to manage their consent.   

Compliance Profiles

Compliancy profiles: commercial and transactional models

In Dynamics 365 real-time journeys, compliance profiles manage consent enforcement.

Each email or text message must be linked to a compliance profile. If you work with different brands, products or data sources, you might need multiple profiles to handle the various scenarios in your business.

Within each compliance profile, you’ll track your company address and a consent link – the preference centre web form customers will use to manage their subscriptions.

For consent purposes, transactional and commercial communication purposes are automatically created for each profile.

Transactional purposes typically don’t require customisation, though enforcement models for commercial communications may need adjustment.

Essentially, there are two compliance profile customisation choices for commercial purposes.

The default non-restrictive model sends commercial messages unless customers opt out.

To comply with your processing policy, you may want to change this to the restrictive model, where you must have an opt-in from customers to send messages associated with this purpose.

There is a third option, ‘disabled’, but this is typically only used for transaction messages as it bypasses consent opt-in checks to allow any messages to be sent.

You can also apply an enforcement model to the behavioural tracking of email opens, clicks, and form prefills. By default, this is set as non-restrictive.

Topics and preferences for a compliance profile

Topics

You can add several topics within a communication preference record to offer customers greater consent flexibility. For example, people can opt-in to receive newsletters and event invites but opt out of updates about specific products and services.

Topics are optional for commercial communications, but be careful when creating them because at the time of writing there is no option to edit or delete them!

Preference Centre

When you set multiple topics, these can be added to your preference centre web page so customers can select their interests.

You can customise the auto-generated form with your logo and supporting text, but the preference centre can’t be embedded within an existing webpage.

On the form designer, you can add topic tiles and edit these to reference each associated purpose and topic.

Because each email is linked to a compliance profile, each messages will include a link to the preference centre associated with this profile. Clicking this enables customers to update their topic preferences or opt-out entirely.

Email Compliancy Choice

Consent Centre

Once people update their consent using a preference centre form, these changes appear in the real-time journeys consent centre.

Each row in this view lists the email address, channel, purpose, consent status and date. It will also detail the consent type as a general ‘purpose’ or an individual ‘topic’.

From this filtered view of contact point consents, you can see recent unsubscribes, general opt-ins and specific topics opted in/out.

Example Consent Center list of records

Contact Points

In real-time journeys, customer consent is captured by contact points. Crucially, this differs from the contact record.

That’s a significant difference if you are migrating from outbound marketing, where the ‘do not allow bulk emails’ and ‘do not allow email’ fields on the contact table were checked for consent.

With real-time journeys, there is only one contact point consent per communication channel. For example, regardless of duplicated contacts sharing the same email address, only one contact point will exist for this channel to determine the opt-in or opt-out status.  

Using the consent centre, you can filter consent instructions in bulk across contact points. You can also check consent for individual leads and contacts using the communications tab on these records.

The display can be filtered by multiple contact points (e.g. email or text) and your compliance profiles. For each selection, you can check the communication and tracking statuses.

Each consent purpose is detailed. For example, you can see at a glance the status of commercial emails on a specific contact. This can be expanded to a granular view detailing the consent status of any topics associated with the selected compliance profile (see below). 

Individual contacts consent profile

Double Opt-Ins

Using real-time journeys, you can implement a double opt-in process, which we’ve covered in a separate article.

Loading Consent

Load consent from contacts into consent center

You can load existing consent records if you moving to real-time journeys from  another marketing automation platform.

These can be imported into your consent centre in bulk from Dynamics 365 contacts or leads or using a subscription/marketing list.

There is also an option to add email or phone consent by entering an individual address or number. These aren’t linked to specific records because consent is driven by contact point, not contact (or lead) records.

When loading consent in batches, you’ll need to select which compliance profile these will be mapped to. This also involves selecting the appropriate transactional or commercial purpose and, if necessary, choosing a predefined topic for each type of consent.

When loading consent from all contacts/leads, the system will look at your ‘Do not bulk email’ and ‘Do not email’ fields. If both fields are set to allow, the contact point will be treated as opted-in. But if either field is set to ‘do not allow’, the status will be set to opted out.

The same rule applies if any there are any duplicated email addresses. If any of these fields are set to ‘do not allow’ on duplicated contacts/leads, the consent status for the email address will be ‘opted out’.

Remember, you can only have one contact point for consent. If two contacts share the same email address, one allows emails and bulk emails while the other doesn’t, this email address will have an opted-out consent status.

If some contact points have already been added to your consent centre, loading contacts/leads could overwrite these settings if the same emails and phone numbers are subsequently loaded with different information.

Loading Lists

For that reason, we favour loading consent from subscription/marketing lists. This option provides more control to select specific contacts/leads, which can be loaded to specific compliance profiles and topics. Each load allows you to set an opt-in/out status as appropriate to align with your list, and you can also control whether this should overwrite existing consent records for contact points.

You repeat this process to load multiple lists for each purpose and consent status to finalise your compliance profiles.

When you’ve imported consent, you can see these contact point records in the consent centre, where the source is shown as ‘loaded’.

Once complete, you should be ready to use contact point records to enforce consent, but you may want to review the feature switch shown below.

    Check Contact compliance profile feature switch

    By default, this checks contact attributes in addition to contact point consent.

    However, if you’ve fully loaded your consent information, it may be sufficient to rely on contact points alone and deactivate this control to avoid the risk of some messages being incorrectly suppressed by also checking contact-level attributes.

    Final thoughts

    When your compliance profiles are configured and existing consent statuses are loaded, you’ll be ready to control your message distribution in real-time journeys.

    We hope you’ve found this article helpful in clarifying the terminology and the main processes for managing consent in Dynamics 365.

    As mentioned in our introduction, consent configuration can vary significantly between organisations, so it’s always best to discuss this with your partner to agree on the best way forward.

    We’d be delighted to have that conversation with you, so please get in touch if you have any questions about Dynamics 365 Customer Insights, real-time marketing and compliance profiles.

     

    First Published: April 28, 2025
    Warren Butler - ServerSys Insights and Resources Author for Dynamics 365 and Power Platform. He brings over 20 years of experience covering business transformation, CRM and Microsoft Dynamics to help organisations grow by embracing technology.

    Warren Butler

    Warren is the director of marketing at ServerSys. He brings over 20 years of experience covering business transformation, CRM and Microsoft Dynamics to help organisations grow by embracing technology.

    If you have any questions, please get in touch with us at hello@serversys.com

    Warren Butler - Linkedin profile