Azure, done the Microsoft way.

01 / CAF: Strategy + Plan

Cloud Adoption Framework Advisory

A Microsoft aligned cloud strategy your exec team can sign, your finance team can model, and your platform team can actually build.

We run the CAF Strategy and Plan phases end to end. Business case, motivations, target state, workload rationalisation (the 6 Rs), operating model, and a 12 month roadmap that sequences landing zone, migration, governance, and skills uplift.

• Strategy workshop, motivations, outcomes, KPIs
• Business case with TCO and run rate modelling
• Portfolio rationalisation across the 6 Rs
• Operating model, CCoE, RACI, ways of working
• Roadmap phased over 12 to 18 months

Typical shape: 4 to 6 week fixed fee engagement. Exec ready deliverable.

02 / CAF: Ready

Secure Landing Zone (SLZ)

Our flagship offer. An enterprise grade Azure landing zone, built to CAF and ALZ reference architecture, delivered in 3 weeks for a fixed A$55k.

Hub and spoke or Virtual WAN, management groups, policy baseline, identity, connectivity, logging, and a Bicep (or Terraform) codebase deployed through GitHub Actions. Built on Azure Verified Modules so you inherit Microsoft's own quality bar.

• Management group hierarchy and subscription vending
• Policy as Code baseline, Essential 8 aligned
• Hub networking, Firewall, Bastion, Private DNS
• Identity, Entra ID, PIM, Conditional Access baseline
• Observability, Log Analytics, Defender, Sentinel ready

Typical shape: Fixed price A$55,000, 3 weeks. See the offer.

03 / WAF: All five pillars

Well-Architected Review

A structured review of a workload against the five WAF pillars, with a ranked remediation backlog you can hand straight to delivery.

We run the Microsoft Well-Architected Review process, score the workload across Reliability, Security, Cost Optimisation, Operational Excellence, and Performance Efficiency, then package findings into a prioritised backlog with effort estimates and a suggested delivery sequence.

• Pillar scoring with evidence and benchmarks
• Risk register mapped to business impact
• Remediation backlog sized and sequenced
• Executive readout and architect deep dive

Typical shape: 2 to 3 week fixed fee per workload.

04 / CAF: Govern

Governance and Policy as Code

Guardrails that scale. Azure Policy, management groups, and tag governance delivered as code, reviewed in pull requests, and tested before they hit production.

We design a policy taxonomy aligned to Essential 8, CIS, and ISO 27001, implement it with Bicep or Terraform, and wire it into your pipelines. The result: predictable posture, no surprise drift, and audit ready evidence on day one.

• Policy baseline, deny and audit, with exemptions workflow
• Management group design and vending
• Tag and naming standards, enforced via policy
• Compliance reporting, Azure Policy and Defender
• Remediation pipelines with safe rollouts

05 / CAF: Secure

Security, Sovereign and IRAP Readiness

Defence in depth designed around Microsoft's Secure methodology and the Australian Signals Directorate Essential 8.

We assess posture, close the gaps, and operationalise detection with Defender for Cloud and Sentinel. For regulated workloads we prepare the environment and documentation for IRAP assessment (PROTECTED) or ISM aligned delivery.

• Posture assessment, Secure Score and Defender baseline
• Identity hardening, Entra ID, PIM, Conditional Access, phishing resistant MFA
• Threat protection, Defender XDR, Sentinel SIEM and SOAR
• Data protection, Purview, Key Vault, customer managed keys
• Essential 8 and IRAP readiness uplift

06 / WAF: Operational Excellence

Platform Engineering and IaC

Golden paths that make the secure option the easy option. Bicep or Terraform, Azure Verified Modules, and GitHub Actions pipelines that every team can ride.

We build the internal developer platform: reusable modules, opinionated templates, environment promotion, and automated compliance. Teams get production grade foundations on day one, instead of reinventing them per project.

• IaC codebase, Bicep or Terraform, AVM aligned
• Module library and pattern catalogue
• CI/CD pipelines, GitHub Actions or Azure DevOps
• Environment promotion with What-If and Pester gates
• Developer self service, subscription and workload vending

07 / WAF: Cost Optimisation

FinOps and Cost Optimisation

Real savings, not spreadsheet theatre. We use the FinOps Foundation framework and Microsoft Cost Management to find waste, right size workloads, and put controls in place so spend stays honest.

Past engagements have recovered material savings on Azure estates through reservation and savings plan strategy, rightsizing, storage tiering, dev and test automation, and tagging hygiene. Includes an ongoing FinOps cadence if you want it to stick.

• Cost discovery and anomaly detection
• Reservation and savings plan strategy
• Rightsizing and scheduling across compute and data
• Showback and chargeback via tags and budgets
• FinOps operating model, roles and rituals

08 / CAF: Adopt

Modern Workplace and AVD

Azure Virtual Desktop, Windows 365, Intune, and Entra designed as one platform so your people get fast, secure, device independent access.

Landing zone aligned AVD builds, FSLogix profiles, image factory pipelines, and Conditional Access baselines. For regulated estates we harden the whole stack against Essential 8 and ISM.

• AVD landing zone, personal and pooled host pools
• Image factory via Azure Image Builder
• Intune baselines and app deployment
• Zero trust access, Entra ID and Conditional Access
• Cost controls, scaling plans and reservations

09 / CAF: Adopt (AI)

Modern AI Enablement

A governed, multi vendor AI platform and the productivity layer that actually pays for itself.

We stand up Azure AI Foundry as your single governance surface for every model (Azure OpenAI, Claude, open weights) and every agent, then roll out GitHub Copilot and Claude Code to your engineers and Microsoft 365 Copilot to the rest of the business. You get sovereignty, auditability, and a measured ROI model that your CFO will actually sign off on, in 90 days.

• Azure AI Foundry platform, Bicep deployed, Foundry Agent Service, MCP registry, private networking, Entra per agent identity
• Multi model choice, Azure OpenAI, Claude (Anthropic) and open weight models through Foundry, one policy surface
• Developer velocity, GitHub Copilot agent mode and Claude Code for Enterprise, with spend caps, audit and a measured baseline
• Knowledge worker rollout, Microsoft 365 Copilot readiness (Purview, sensitivity labels) and use case clinics
• Responsible AI and Essential 8, risk register, red teaming, prompt injection testing, Sentinel logging, AU Assurance Framework mapping

10 / CAF: Manage

Fractional Cloud Lead

Principal level Azure leadership, on retainer, for organisations that need the authority without the headcount.

Architecture review, platform direction, vendor management, and executive cover. Typically booked as a fixed set of days per month, with clear outcomes and a shared backlog. Ideal for government programs and mid market firms that want senior Azure judgement on tap.

• Architecture authority, ADRs and design reviews
• Vendor management, SI oversight and QA
• Platform direction, roadmap and standards
• Executive reporting, steerco and board level

Typical shape: Retainer, 4 to 8 days per month, quarterly review.