› Work

Selected engagements.

Sanitized to vertical, technologies on the forefront. Each card opens to the full case study.

2025 → Current · Federal

Two parallel federal tracks, one architecture.

Stack
AVD with Hybrid AdvantageCopilot StudioAzure AI FoundryConditional AccessIntuneDefender for EndpointWindows Hello for BusinessCredential GuardGCC-High

When modern endpoint and agentic AI are scoped as separate tracks — common in federal programs — they collide at authentication, authorization, and data exposure inside the device fleet they share. This engagement bridges the two into one architecture.

  • AVD with Hybrid Advantage (public preview) architecture leadership for persona-based end-user experience
  • $2M+ in cost savings, security gaps, and modern-tooling integration points identified
  • Conditional Access remediations and Intune ↔ Defender architecture integrations
  • Security design and implementation direction for Copilot Studio agentic workflows
  • Existing tenant configuration mapped to agent-required M365 policies and integration points
  • Foundry and Copilot Studio language-model isolation, sizing, and fine-tuning design
  • Cost analysis and credit-consumption modeling for sensitive-data agent use cases
FederalModern endpointAgentic workflowsIdentity & security
Read full case study
2025 · Healthcare

Policy parity across cloud and on-prem, under ISO 27001.

Stack
AutopilotIntuneActive Directory consolidationGroup PolicyConditional AccessLAPSBitLockerISO 27001

The hard problem in healthcare endpoint modernization at this scale is policy parity between cloud-managed and on-premises-managed devices, while consolidating group-policy sprawl from multiple Active Directory domains into a unified Intune posture — all under ISO 27001.

  • 22,000 endpoints unified across ten business units; policy parity between cloud and on-prem management
  • 2,000+ legacy GPO conflicts and security misconfigurations remediated to ISO 27001
  • Autopilot adoption strategy and Zero Touch provisioning across the device profiles
  • Hybrid and cloud-first device models for clinical kiosks, knowledge workers, BYOD
  • Role-based management with Encryption, LAPS, Conditional Access
  • Mentored existing infrastructure team on modern identity practices through cutover
HealthcareModern endpointComplianceBYOD
Read full case study
2024 · Financial Services

Windows 11 transformation that doubled as Copilot readiness.

Stack
Windows 11IntuneApplication packagingCopilot for M365Power AppsPower BIPurview DLPDSPMIAM

A 25,000-endpoint Windows 11 transformation across three tenant environments simultaneously, folded together with the Purview DLP and data-oversharing assessment that established the gating posture for downstream M365 Copilot enablement. Two outcomes from one program plan.

  • 25,000-endpoint Windows 11 transformation across three tenant environments, phased deployment
  • 400+ application packages with dynamic group assignment and licensing optimization
  • AI-powered deployment feedback layer (Copilot + Power Apps + Power BI) for real-time visibility
  • Purview DLP and data-oversharing assessment establishing M365 Copilot readiness posture
  • IAM partnership to formalize the data-protection posture Copilot rollout inherits
Financial ServicesMulti-tenantWindows 11Copilot enablement
Read full case study
2023 · Channel

AI workshops and operational support, in the moment of consolidation.

Stack
Copilot ChatMicrosoft TeamsModern authenticationBYODHelpdesk automationMulti-tenant consolidation

Multi-tenant consolidation is the operational moment where AI value compounds — and where rollouts stall on identity boundaries and helpdesk burden. Engaged through a Microsoft Partner channel relationship to architect the operational layer.

  • Enterprise Copilot Chat solution integrated with Teams for intelligent helpdesk automation
  • Real-time operational support layer during multi-tenant consolidation
  • Copilot readiness envisioning workshops with ROI scenarios and governance requirements
  • C-suite business cases for AI transformation
  • BYOD application delivery policies and modern authentication frameworks
  • Cross-domain security boundary management design
ChannelCopilot adoptionExecutive enablementAdoption strategy
Read full case study