Lead capture forms and consent management

Forms are how prospects become contacts in the CRM. Customer Insights – Journeys ships a hosted form builder with consent management aligned to GDPR and similar regulations. Using it well — instead of building forms in another tool and integrating loosely — is the difference between clean lead data and a compliance liability.

Form design. The form designer is drag-and-drop with question types: text, email, phone, dropdown, multi-select, date, file upload, custom HTML. Each field maps to a Dataverse column on either Contact, Lead, or a custom table. Validation rules (required, regex, max length) are configurable per field.

Hosted forms. Forms can be:

• Hosted by Microsoft — published at a unique URL on Microsoft's infrastructure. The simplest path; suitable for landing pages, event registrations, simple lead-gen forms.
• Embedded on the customer's website — a JavaScript snippet renders the form inside any page. Form submissions still flow to Microsoft's backend.
• Captcha protection — built-in reCAPTCHA to prevent bots.

Mapping to records. On submission, the system decides whether to create a new record or update an existing one based on:

• Match on email address — the most common rule. Existing contact with this email? Update. No match? Create new.
• Match on multiple fields — match contact by email AND phone for stricter de-duplication.
• Always create — for forms where each submission is a new event (event registration, donation, complaint).

Form submissions are stored as records in their own right, so the historical submission data is preserved even if the contact is later deleted or merged.

Consent capture. Forms have consent fields — checkboxes the user must tick to confirm consent for specific purposes (marketing email, SMS, profiling, data sharing with partners). Each consent is stored separately so the user can opt in to marketing emails but not to SMS.

The consent centre. A separate consent centre holds the customer's consent state — what they've consented to, when, on which form. Journeys check the consent centre before sending: if the customer hasn't consented to email marketing, the journey skips email steps for them.

Double opt-in. GDPR-strict regimes often require double opt-in — the user submits the form (first opt-in), then clicks a link in a confirmation email (second opt-in) before they're added to the marketing list. Customer Insights – Journeys supports double opt-in flows as a built-in pattern.

Preference centre. A customer-facing preference centre (often hosted on Power Pages or as part of the unsubscribe link) lets the contact update their consent state — switch channels off, restrict topics, unsubscribe entirely. Required for GDPR transparency.

Lead vs Contact decision. When a form captures a new person, the system can create a Lead (a qualification-pipeline record) or a Contact (a CRM identity record):

• Lead for cold inquiries from unknown sources — needs qualification before becoming a Contact.
• Contact for known relationships — existing customers, returning event attendees.
• Hybrid — some organisations skip Leads entirely and qualify directly on Contacts.

The choice per form depends on the source's intent.

Source tracking. Forms can carry UTM-style parameters that record where the lead came from — campaign, source, medium, term, content. The values populate the Lead/Contact record so attribution reports work later.

Common pitfalls.

• No consent capture — leads are useless under GDPR without consent; sending marketing email triggers complaints.
• Forms built in a third-party tool without integration — leads land somewhere unconnected to CRM; opportunities lost.
• Bot submissions — without captcha, forms get spammed. Filter out at capture.
• No follow-up automation — a lead captured but unworked is wasted spend. Configure a journey that fires on form submission.

Operational reality. Lead capture is half the marketing investment; treat it with the same discipline as the campaign itself.