Why this exists

Shadow AI is already in your building.

Australian enterprises and agencies have AI pilots everywhere and production nowhere. ChatGPT in browsers, a half-finished Azure OpenAI deployment with no network isolation, Copilot licences nobody measures, and an AI risk register the board cannot read.

Meanwhile agentic coding tools are reshaping engineering productivity, and most organisations have no safe way to adopt them. The answer is not another pilot. It is a governed platform with policy, observability, and cost controls built in, and a measured rollout on top of it.


What you get

A platform, a productivity layer, and a defensible story.

A governed AI platform

Azure AI Foundry hub and projects deployed as Bicep: private networking, Entra identity with per-agent managed identities, content safety, Azure Policy, and Defender wired in.

Engineers measurably faster

GitHub Copilot and Claude Code deployed side by side with org policy, spend caps, audit, and a 30-day productivity baseline. Vendor-honest: the numbers decide.

A CISO-ready governance pack

Risk register, red-team run, prompt injection testing, Sentinel logging, and a one-page Essential Eight and AU AI Assurance Framework control map.

A CFO-ready value model

A use-case clinic producing at least six ranked use cases with hours-saved baselines, plus M365 Copilot readiness so licences stop being shelfware.


How it works

The 90-day plan.

Weeks 0 to 2 · Discover & design

Target state, risk register, policy baseline.

Where AI is already running (sanctioned or not), what the target platform looks like, and the policy baseline that will govern it. Signed off before anything deploys.

Weeks 2 to 6 · Platform build

Foundry landing zone, deployed as code.

Hub and projects via Bicep, private endpoints and egress control, model routing policy across Azure OpenAI, Claude, and open-weight models, logging into Sentinel, and two production-ready agent patterns.

Weeks 4 to 10 · Productivity rollout

Copilot, Claude Code, and M365 readiness.

Engineering squads live with policy and spend caps and a measured baseline; Purview labels, DLP, and SharePoint hygiene bring M365 Copilot to genuine readiness; the use-case clinic builds the value model.

Weeks 10 to 12 · Assure & hand over

Red team, control map, runbooks, readout.

Responsible AI pack signed off by the CISO, an executive readout the board can read, and a handover that leaves your team running the platform. No consultant dependency.


Who this is for

CIOs and CTOs who need production, not pilots.

You lead technology in an Australian enterprise or government agency. The board wants an AI answer, the CISO wants control, engineering wants the tools, and what you have is pilot sprawl.

You want one governed platform, a measured productivity story, and a compliance narrative that survives scrutiny, delivered by a principal who has built governed Azure platforms for state health and government, not a rotating bench.


Scope contract

What's in the box.

Included

  • Azure AI Foundry landing zone (hub, projects, Bicep IaC)
  • Identity and RBAC through Entra, per-agent managed identities
  • Private networking: VNets, private endpoints, egress control
  • Content safety, Azure Policy, and Defender for Cloud wiring
  • Two production-ready agent patterns on Foundry Agent Service
  • Model routing policy: Azure OpenAI, Claude, open-weight models
  • GitHub Copilot and Claude Code rollout: policy, spend caps, audit, baseline
  • M365 Copilot readiness: Purview, sensitivity labels, SharePoint hygiene
  • Responsible AI pack: risk register, red-team run, Sentinel logging
  • Essential Eight and AU AI Assurance Framework control map
  • Use-case clinic with ranked value model (six use cases minimum)
  • Knowledge transfer, runbooks, executive readout

Out of scope (flagged transparently)

  • Model training or fine-tuning beyond a scoped demonstration
  • Bespoke app builds beyond two reference patterns
  • Data platform builds (Fabric, Synapse, Databricks) beyond required connectors
  • Licence procurement: you contract directly with Microsoft and Anthropic
  • Ongoing platform ownership: available separately as a fractional retainer

Questions we get

Straight answers.

Why both GitHub Copilot and Claude Code?

Because the measured outcome is higher with both. Different tools win on different work; we deploy them side by side with spend caps, policy, and a productivity baseline so the numbers, not the vendor, settle the debate.

We already have Azure OpenAI running. Is this still relevant?

Usually yes. A half-deployed Azure OpenAI instance without network isolation, policy, or observability is the most common starting point we see. The platform work brings it under governance rather than replacing it.

How does this relate to the Essential Eight?

Every control we deploy maps onto an Essential Eight and AU AI Assurance Framework one-pager for your CISO. Governance is built in from day one, not documented after the fact.

What does it cost?

Fixed-fee tiers scoped on a 30-minute fit call: a platform foundation tier and a full platform-plus-productivity tier, with an optional fractional AI platform lead retainer after delivery. No time-and-materials.

Do you resell licences?

No. You contract directly with Microsoft and Anthropic; we stay vendor-honest because we sell outcomes, not margin on licences.

What do we have at the end?

A Bicep-deployed AI Foundry platform your team runs, engineers measurably faster with Copilot and Claude Code, knowledge workers ready on M365 Copilot, and a responsible AI pack your CISO has signed off.

Fixed-fee tiers · 90 days · vendor-honest

Ready to get AI out of pilot purgatory?

Book a 30-minute fit call. We'll map where you are, which tier fits, and what 90 days from now should look like. If this isn't the right engagement, we'll say so.