One platform.
Your Microsoft tenant.
Zero compromise.
TekStack is the only B2B service operations platform purpose-built on Microsoft — certified by Microsoft, deployed into your tenant, governed by Microsoft Entra, and built to replace the web of point solutions your organization has been managing for years.
Not connected to Microsoft.
Built on Microsoft.
There is a meaningful difference between software that integrates with Microsoft 365 and software that is built on Microsoft 365. Most CRM and PSA vendors offer connectors — sync jobs, OAuth tokens, and webhooks that keep two separate systems loosely in step. When those connectors break, your operations stop.
TekStack is different. It is built natively on Microsoft Power Platform and Dataverse — the same infrastructure that powers Dynamics 365. It deploys directly into your Microsoft tenant. It uses Microsoft Entra for identity. It uses Microsoft's audit framework for compliance logging. It runs AI via Azure AI and Copilot Studio. There are no third-party connectors to maintain, no external data stores to govern, and no separate vendor to negotiate with when something needs to change.
For CIOs, this means one governance model, one security framework, one identity provider, and one audit trail — applied consistently across your entire operational stack.
Microsoft ISV partner — certified on Power Platform
TekStack is a certified Microsoft ISV (Independent Software Vendor) partner. The platform is built, tested, and maintained to Microsoft's Power Platform standards — meaning it benefits from Microsoft's security reviews, compatibility testing, and roadmap alignment, not TekStack's proprietary infrastructure.
Deploys into your tenant — not ours
When you implement TekStack, the software is provisioned inside your Microsoft tenant. All data lives in Dataverse under your governance. There is no TekStack cloud that your data passes through. Your IT team manages the environment using the same tools they use for the rest of Microsoft 365.
Microsoft Entra identity — no separate auth layer
TekStack uses Microsoft Entra for all authentication and authorization. Single sign-on, conditional access policies, MFA, and privileged identity management all apply to TekStack automatically — using the policies you've already configured for your Microsoft 365 environment. No separate user directory to manage.
Microsoft compliance framework — audit-ready from day one
All record changes, data access events, and exports are logged through Microsoft's native audit and compliance framework. Your compliance team can pull a complete audit trail using the same tools they use for Exchange, SharePoint, and Teams — without a vendor support request or a custom export.
Six layers of security.
All Microsoft. All yours.
TekStack inherits Microsoft Entra's full security model — one of the most mature enterprise identity and access management frameworks available. Six independent layers of access control apply to every record in the platform.
Role-based access control — 8 role types, 5 access levels
Granular RBAC across every table and entity in the platform — customizable per department, practice area, and business unit.
Business unit hierarchy security
Data is scoped to the business unit the user belongs to, with configurable cross-unit visibility for leadership roles.
Row-level security
Individual records can be restricted to the owning user, team, or business unit — independently of table-level permissions.
Column-level data masking
Sensitive fields — billing rates, contract values, salary data — are masked per role. Users see the record but not the protected field values.
Hierarchy security
Manager-subordinate access rules applied automatically — managers see their direct and indirect reports' records without explicit permission grants.
Team-based security
Access granted to Microsoft Entra groups — aligned to your existing AD structure so security configuration in TekStack reflects your org design, not a separate user model.
Replace the point solution web.
One platform. One vendor.
The average B2B service company runs 7–10 distinct software tools to cover what TekStack handles in a single platform. Each point solution has its own auth model, its own API, its own update cycle, its own vendor relationship, and its own shadow data store outside your governance boundary.
CIOs inherit this web — and spend disproportionate IT capacity managing connectors, reconciling data drift between systems, and responding to the security reviews that every additional vendor generates. Every new point solution is another attack surface, another data processing agreement, another dependency to manage during incidents.
TekStack consolidates the full operational stack — CRM, PSA, help desk, billing, marketing automation, and revenue management — onto a single Microsoft-native data model. One deployment, one governance framework, one vendor, and one set of APIs for your integration layer to consume.
Fewer systems to manage, secure, and support. One Microsoft-native data model replacing CRM, PSA, help desk, billing, marketing automation, and revenue management.
3,000+ endpoints.
Zero rate limits. Fully open.
TekStack is built on Microsoft Dataverse — one of the most capable and well-documented data platforms available. Every table, every field, and every relationship in the platform is available through the OData API. No proprietary query language. No rate limits. No connector marketplace required.
For CIOs managing an integration layer, this means TekStack connects to your existing enterprise architecture using standard protocols. Your iPaaS platform, your ETL tools, your data warehouse, and your custom integrations all use the same Dataverse API they would use for any other Microsoft workload.
The official Dataverse MCP Server takes this further — giving any large language model including Claude, GitHub Copilot, and Azure AI Foundry full read and write access to your TekStack data. AI agents can be built on top of your operational data without a custom integration layer.
?$select=name,revenue,healthscore
&$filter=statecode eq 0
&$orderby=revenue desc
&$top=50
3,000+ endpoints across every TekStack entity — accounts, contacts, projects, tickets, invoices, time entries, resources. Standard OData protocol means any REST client, iPaaS, or data tool connects without a custom adapter.
The official Dataverse MCP (Model Context Protocol) Server gives any LLM full CRUD access to all TekStack data. Connect Claude, GitHub Copilot, Azure AI Foundry, or any MCP-compatible client — no custom integration required.
300+ pre-built Power Automate flows ready to activate. Deep native trigger and action support across all TekStack tables. Azure Logic Apps natively supported for enterprise integration patterns without a middleware layer.
Direct link from Dataverse to Azure Synapse Analytics — continuous export of all TekStack data to Azure Data Lake with no ETL required. Power your enterprise data warehouse, ML pipelines, and advanced analytics on live operational data.
Unlimited customization via Power Apps without code. Your developers can extend TekStack's data model, build Canvas apps, and create custom process flows using the same Microsoft low-code toolkit they use across the rest of your Power Platform investment.
Build your own agents.
On your data. In your tenant.
TekStack's AI architecture is designed for CIOs who want to deploy AI responsibly — not wait for a vendor's roadmap. Every operational data model in TekStack is immediately available to AI agents built with Copilot Studio, Azure AI Foundry, or any LLM via the MCP Server. All AI runs inside your tenant. No data ever leaves your governance boundary.
Official Dataverse MCP Server — your data, any LLM
The official MCP Server exposes all TekStack tables and relationships to any MCP-compatible LLM with full CRUD access. No custom integration layer. No prompt engineering workarounds. Your operational data is a first-class AI resource from day one — Claude, GitHub Copilot, Azure AI Foundry, or any compatible model can query and update TekStack data directly.
Build specialized agents with Copilot Studio — in hours
Copilot Studio connects directly to the Dataverse data model with no custom API work required. CIOs can deploy department-specific agents — project health briefings, billing exception alerts, resource utilization summaries, support triage bots — using the low-code tooling their IT team already manages. No new AI infrastructure to provision.
All AI processing inside your Microsoft tenant
TekStack's built-in AI features — time entry suggestions, ticket triage, meeting recap summaries, invoice flagging — all run via Azure AI services provisioned in your tenant. Client and operational data is never sent to a third-party model or stored outside your governance boundary. Your DPA with Microsoft covers AI processing the same way it covers Microsoft 365.
AI on live operational data — not a stale copy
Because TekStack data lives in Dataverse, AI agents work on the live operational data model — not a nightly export or a cached copy. When an agent queries project health, utilization, or renewal risk, it's reading the same records your operations team sees. No synchronization lag. No data freshness issues.
Deep integration.
Not a connector.
TekStack integrates with every major Microsoft 365 workload at the platform level — not through a connector app or an OAuth sync. For CIOs, this means the integration never breaks, never drifts, and never requires maintenance.
- →Emails linked to account records automatically
- →Calendar events tied to project and deal records
- →Outbound sequences send from Outlook — native deliverability
- →Full sent and received history in the CRM without user action
- →TekStack Conversational AI Agent in Teams chat
- →Meeting recaps → project and deal records automatically
- →Approval flows handled in Teams without app switching
- →~80% of routine operational tasks automated via Teams flows
- →100+ pre-built dashboards — zero setup
- →Live Dataverse connection — data always current
- →Extend with custom reports using same Power BI tooling
- →Row-level security applies to Power BI reports automatically
- →Contracts linked to billing records
- →Project files linked to PSA project records
- →Client documents accessible from account record
- →SharePoint governance applies — no separate DMS
- →Single sign-on — no separate TekStack credentials
- →Conditional access policies apply automatically
- →MFA enforced through Entra — no extra configuration
- →Entra groups drive TekStack security roles
- →Invoices push to Business Central on approval
- →Revenue recognition and WIP synced automatically
- →No re-keying, no reconciliation spreadsheet
- →Finance and delivery see the same numbers
Every layer documented.
Every control yours.
CIOs who have been through enterprise security reviews know that "built on Microsoft" is not a security posture by itself. What matters is how the application layer uses the Microsoft security primitives — and whether your team can configure, audit, and demonstrate compliance without waiting on a vendor.
TekStack's security model is built entirely on Microsoft's primitives — no proprietary access control layer, no separate identity store, no application-level encryption keys to manage. Every security control is configurable through Microsoft Admin Center, Microsoft Entra, and Power Platform Admin Center — tools your IT team already manages.
When a security questionnaire asks about data residency, access controls, audit logging, and encryption at rest, every answer points back to Microsoft's published compliance documentation — not TekStack's. That is a fundamentally different risk posture than software with a custom security layer.
Role-based access — 8 role types, 5 privilege levels
Create, Read, Write, Delete, and Append access configured per role across every table. Eight role types cover user, customizer, system admin, delegate, support user, and custom roles.
Business unit hierarchy
Data scoped to the user's business unit by default. Cross-unit access configured explicitly — no implicit data sharing across practice areas or divisions.
Row-level record security
Individual record ownership applied at the row level — a record can be restricted to its owner regardless of the owner's role-level permissions.
Column-level field-level security
Sensitive fields masked at the database level per role — billing rates, contract values, cost data. The column is hidden from the UI and excluded from API responses for unauthorized roles.
Hierarchy security model
Manager-direct report access chains defined through Entra org structure — managers see subordinate records automatically without explicit grants on every record.
Team and Entra group-based security
Security roles assigned to Entra groups — when a user joins or leaves a group in Entra, their TekStack access updates automatically. No manual role assignment process.
One number.
Everything included.
Software, implementation, data migration, and unlimited support in one subscription. No SI fees. No support tiers. No proprietary infrastructure to maintain.
- ✓CRM or PSA (one module)
- ✓Implementation + data migration
- ✓Unlimited application support
- ✓Max — 1 practice area
- ✓Teams & Outlook integration
- ✓Power BI + AI + MCP server
- ✓CRM, PSA, Help Desk, Billing, Reporting
- ✓Business Central or QBO integration
- ✓Implementation + data migration
- ✓Unlimited application support
- ✓Power BI + AI agents + MCP server
- ✓Full M365 suite integration
- ✓Everything in Business Edition
- ✓Marketing automation included
- ✓Max — 2 practice areas
- ✓10 hrs/month customization
- ✓Unlimited staging environments
- ✓Priority support SLA
Pricing in USD · Annual term · CAD, EUR, GBP, AUD available · See full pricing details →
Questions CIOs
ask us most.
What does "Microsoft-certified" mean for TekStack specifically?
TekStack is a certified Microsoft ISV partner on Power Platform — meaning the product has been reviewed and validated against Microsoft's platform standards. More practically, it means TekStack is built, updated, and maintained on the same versioned Power Platform runtime that Microsoft manages globally. TekStack doesn't maintain its own infrastructure stack — it uses Microsoft's. Security patches, runtime updates, and platform compliance come from Microsoft, not TekStack.
How does the Dataverse deployment work? Is there a shared environment?
TekStack is provisioned as a managed solution deployed into a Dataverse environment in your Microsoft tenant — not into a shared TekStack cloud. Your IT team creates the environment, the solution is deployed, and all data stays in your tenant from that point forward. TekStack has no ongoing access to your data environment without explicit permission. You control the environment lifecycle, data residency, and backup configuration through standard Microsoft Admin Center tooling.
What is the MCP Server and how does it work with our existing AI infrastructure?
The Model Context Protocol (MCP) Server is an officially supported integration layer that exposes all Dataverse tables to any MCP-compatible LLM with full CRUD access. Because TekStack runs on Dataverse, the Dataverse MCP Server works for TekStack data out of the box. Your AI team can connect Claude, GitHub Copilot, Azure AI Foundry, or any other MCP-compatible model to your operational data without building a custom API integration. It runs inside your tenant and respects all existing Entra security roles.
How do we handle data residency requirements for our clients?
Data residency is determined by the Microsoft datacenter region you select when provisioning the Dataverse environment — the same way you select a region for any other Microsoft 365 workload. TekStack has no data centres and no data residency commitments of its own; all residency guarantees come from Microsoft's Dataverse service agreement. Your existing Microsoft DPA covers TekStack's data storage automatically.
Can our IT team customize TekStack without going back to TekStack?
Yes — unlimited customization via Power Apps without code or vendor involvement. Your team can add tables, fields, and views; build Canvas apps on top of TekStack data; configure Power Automate flows; and extend the data model using standard Power Platform tooling. Enterprise plan customers also get 10 hours per month of TekStack customization time for more complex requirements. Customizations are versioned and deployable across environments using Microsoft's standard solution framework.
How does TekStack affect our security questionnaire responses?
Because TekStack uses no proprietary infrastructure, most security questionnaire answers point to Microsoft's published compliance documentation rather than TekStack-specific policies. Data at rest encryption references Microsoft Dataverse's AES-256 encryption. Data in transit references Microsoft's TLS implementation. Access control references Microsoft Entra. Audit logging references Microsoft's compliance framework. Penetration testing and SOC 2 reporting reference Microsoft's Azure and Power Platform certifications. This is a substantially simpler and more defensible posture than software with a custom security layer.
One Microsoft platform.
No compromise on capability.
No generic demo. We'll walk through TekStack's architecture, security model, and API capabilities with your specific IT requirements in under an hour.
No obligation · Architecture review available · Responds within one business day
