Free AI Readiness Assessment

AI Readiness Assessment: Enterprise Microsoft Stack 2026

The AI Readiness Assessment is EPC Group's fixed-fee 4-week engagement that determines whether your organization is ready to deploy Microsoft 365 Copilot, Power BI Copilot, Microsoft Copilot Studio agents, and Azure OpenAI Service custom applications — and produces the roadmap to close gaps where it isn't.

This is the working enterprise AI Readiness Assessment overview EPC Group delivers for Fortune 500 organizations preparing for Microsoft AI rollout.

EPC Group's AI practice is led by Errin O'Connor (CEO, 4-time Microsoft Press author, original Microsoft Power BI beta team member, Project Crescent 2010-2013). Senior architects bring 15+ years of Microsoft AI architecture experience.

TL;DR — 4-Week Assessment

Week	Output
Week 1	Discovery — tenant inventory, identity, data, license, governance baseline
Week 2	Use case prioritization, value modeling, persona analysis
Week 3	Risk assessment, governance gap analysis, compliance mapping
Week 4	Roadmap delivery, phased plan, ADR document

Output: Architecture Decision Record (ADR), 12-month roadmap, business case, governance framework.

Mid-market: $40K-$60K. Fortune 500: $80K-$150K.

What the Assessment Covers

Domain 1: Identity Readiness

Check	Why It Matters
Microsoft Entra ID coverage	Copilot requires Microsoft Entra-anchored identity
MFA at 100% coverage	Required for Copilot Conditional Access
Hardware token / FIDO2 / PIV/CAC for privileged	Required for regulated tenants
Conditional Access policies	Required to enforce Copilot access posture
Microsoft Entra PIM	Required for admin elevation
Inactive account cleanup	Inactive accounts shouldn't burn Copilot licenses
Service account hygiene	Service accounts should not have Copilot
Hybrid identity health	Microsoft Entra Connect / Cloud Sync stable

Typical findings: 5-15% of accounts inactive but still licensed; MFA coverage gaps in service accounts and contractor accounts; Conditional Access policies underdeveloped.

Domain 2: Data Surface Readiness

Check	Why It Matters
Microsoft 365 Group / SharePoint sprawl	Drives Copilot grounding overhead
"Everyone except external users" sites	Creates oversharing risk in Copilot
Sensitivity-label coverage	80%+ on regulated content required
Auto-labeling rules	Required for ongoing label coverage
Microsoft Restricted Search readiness	Day-1 Copilot deployment mitigation
External sharing posture	Sensitivity-label-aware sharing required
Microsoft 365 Group lifecycle policies	Inactive groups create stale grounding
Stale OneDrive content	Departed-employee content drives grounding noise

Typical findings: 30-50% of sites with broad permissions; sensitivity-label coverage at 5-15% pre-assessment; weak external sharing controls.

Domain 3: License Readiness

Check	Why It Matters
Microsoft 365 E3 / E5 backbone	Required prerequisite for Copilot
Microsoft 365 E5 features (Defender, Purview Premium)	Required for Copilot governance
Microsoft Fabric F-SKU sizing	F64+ required for Power BI Copilot
Microsoft Power Platform licensing	Required for Copilot Studio agents
Microsoft Defender for Cloud Apps	Required for BYOAI / Shadow AI governance
Microsoft Entra ID P2	Required for risk-based access
Microsoft Purview Premium	Required for AI Hub and Audit retention

Typical findings: E3 backbone with E5 add-on licensing complexity; Microsoft Fabric capacity not yet provisioned; Microsoft Defender for Cloud Apps not licensed.

Domain 4: Governance Readiness

Check	Why It Matters
Microsoft Purview AI Hub configured	Required for Copilot risk monitoring
Microsoft Purview Audit (Premium) retention	Required for compliance attestation
Microsoft Sentinel for SOC monitoring	Required for AI-related security events
AI ethics committee charter	Required for responsible AI
AI risk register	Required for ongoing governance
AI vendor risk management process	Required for BYOAI control
Workforce AI literacy training plan	Required for adoption and compliance
Acceptable Use Policy (AUP) AI provisions	Required for policy enforcement

Typical findings: AI Hub not configured; AI ethics committee not established; AUP doesn't cover AI tools; workforce AI training plan absent.

Domain 5: Use Case Readiness

Check	Why It Matters
Department-by-department use case inventory	Drives prioritization
Persona-by-persona value modeling	Drives ROI projection
Common workflow patterns	Drives Copilot Studio agent prioritization
High-frequency knowledge lookup scenarios	Drives custom agent value
Power BI semantic model coverage	Drives Power BI Copilot value
Microsoft Dynamics 365 / CRM coverage	Drives Copilot for Sales / Service value
Source code repository coverage	Drives GitHub Copilot value

Typical findings: 30-50% of use cases unidentified; ROI not modeled; persona prioritization absent.

Domain 6: Compliance Readiness

Check	Why It Matters
HIPAA BAA executed	Required for healthcare Copilot
FINRA Rule 3110 supervision program	Required for financial services Copilot
FedRAMP Moderate / High tenant	Required for federal Copilot
CMMC Level 2 readiness	Required for DoD Copilot
EU AI Act conformity assessment	Required for high-risk AI in EU
NIST AI RMF mapping	Required for federal alignment
ISO 42001 alignment	Voluntary but valuable for international
GDPR / CCPA / EU Data Boundary	Required for European tenants

Typical findings: BAA execution status unverified; supervision program absent; NIST AI RMF mapping not started.

Assessment Methodology

Week 1: Discovery

• 6-10 hour-long stakeholder interviews
• Microsoft 365 admin center reports
• Microsoft Entra ID reports
• Microsoft Purview Compliance Manager assessment
• Microsoft Defender Secure Score
• SharePoint sites and OneDrive permissions audit (sample)
• License utilization reports

Week 2: Use Case Prioritization

• Persona-based use case workshops
• ROI modeling per persona
• Department-level adoption potential analysis
• Custom Microsoft Copilot Studio agent prioritization
• Power BI Copilot semantic model assessment
• GitHub Copilot adoption analysis (engineering)

Week 3: Risk and Governance Assessment

• Microsoft Purview AI Hub readiness
• Sensitivity-label gap analysis
• Oversharing risk assessment (sample)
• Compliance framework mapping (HIPAA / FINRA / FedRAMP / CMMC / EU AI Act / NIST AI RMF)
• AI vendor risk catalog
• BYOAI / Shadow AI inventory

Week 4: Roadmap Delivery

• Architecture Decision Record (ADR)
• 12-month phased roadmap
• Business case with ROI projection
• Governance framework recommendation
• Pilot scope and success metrics
• License procurement plan
• Executive presentation

Deliverables

Architecture Decision Record (ADR)

20-50 page document covering:

• Current-state architecture
• Target-state architecture
• Decision criteria
• Trade-offs analyzed
• Risk register
• Mitigations

12-Month Roadmap

• Months 1-3: Foundation (governance, identity, sensitivity labels)
• Months 3-6: Pilot (50-200 users, persona-based)
• Months 6-9: Phased scale (departments)
• Months 9-12: Enterprise-wide + custom Copilot Studio agents

Business Case

• ROI projection per persona (typical: 25-35% time savings on covered tasks)
• License investment over 12 months
• Governance and tooling investment
• Total cost of ownership
• Net present value

Governance Framework

• AI ethics committee charter
• Microsoft Purview AI Hub program
• Microsoft Sentinel detection rule library
• Workforce AI literacy training plan
• AUP AI provisions
• AI vendor risk management process

Frequently Asked Questions

How long does the assessment take?

4 weeks fixed-fee, with optional 1-2 week extension for complex multinational or regulated-industry scenarios.

How much does it cost?

EPC Group fixed-fee:

• Mid-market (under 5,000 users): $40K-$60K
• Enterprise (5,000-15,000 users): $60K-$100K
• Fortune 500 (15,000+ users): $100K-$200K

Who participates?

EPC Group team:

• Senior AI architect (engagement lead)
• Senior security architect (governance)
• Senior data architect (Power BI / Fabric)
• Senior compliance specialist (regulated industries)

Customer team:

• IT executive sponsor
• IT operations lead
• Information security lead
• Compliance / legal lead
• Department leaders (HR, Finance, Sales, Engineering)

What if we're already deployed?

For existing Copilot deployments, EPC Group offers a Copilot Health Audit instead — focused on adoption, governance, oversharing, and Microsoft Purview AI Hub posture. Same fixed-fee pricing.

What if we use multi-cloud?

Microsoft 365-anchored AI assessment (the default) covers Microsoft Cloud. For multi-cloud AI strategy (Microsoft + AWS Bedrock + Google Vertex), assessment scope expands. Mid-market multi-cloud: $80K-$120K. Fortune 500: $200K-$400K.

Does this work for regulated industries?

Yes. Healthcare (HIPAA), financial services (FINRA, SEC), government (FedRAMP, CMMC), pharma (GxP), and EU AI Act-regulated organizations are EPC Group's primary AI assessment customers.

What's the next step after assessment?

Most clients proceed to a 90-day Microsoft Copilot Pilot Implementation ($150K-$350K fixed-fee) covering 50-200 users with measurable success criteria. Larger enterprises move to Enterprise Implementation ($400K-$1.5M) for full production rollout.

Who delivers AI Readiness Assessments?

EPC Group senior architects with combined Microsoft 365, Microsoft Fabric, Microsoft Purview, Microsoft Defender, and AI governance experience. Errin O'Connor leads the practice.

Next Steps

Schedule a 30-minute AI Readiness Assessment scoping call at /schedule or call (888) 381-9725. Errin O'Connor or a senior architect takes scoping calls personally.

Related reading: Copilot for Microsoft 365 Complete Deployment Guide, Microsoft Copilot Governance Framework for Regulated Industries, vCAIO Services, AI Governance Framework Enterprise, and Enterprise AI Center of Excellence Microsoft Setup Guide.