Insurance

Why Microsoft Now for Insurance

Insurance carriers in 2026 are facing a quickly changing regulatory and competitive landscape. This shift has happened faster in the last 24 months than in the previous decade.

The NAIC has adopted Model Bulletin 23-1 (Use of AI Systems by Insurers). This bulletin is now enforceable in over 22 states.

As a result, AI governance is now a compliance requirement. It is no longer just considered a "best practice."

Additionally, it has important implications for rate-filing.

The 2023 amendments to NYDFS 23 NYCRR Part 500 have raised the cybersecurity standards. Key requirements include:

• Explicit multi-factor authentication (MFA)
• Encryption
• Board reporting
• 72-hour incident notification

State-level insurance data privacy laws create overlapping disclosure and consent requirements. Key laws include:

• California Privacy Rights Act
• Colorado AI Act
• Washington My Health My Data Act

Ransomware operators are increasingly targeting property and casualty (P&C) and health carriers. The 2024 Change Healthcare outage cost the industry billions.

Subsequent attacks on regional carriers have made cyber resilience a critical operational issue for underwriting.

Microsoft has created the most complete insurance-aligned cloud platform available. The Microsoft Cloud for Financial Services combines:

• Microsoft 365
• Dynamics 365
• Power Platform
• Azure

This platform includes industry accelerators for:

• Unified customer profiles
• Agent and producer portals
• Claims FNOL (first notice of loss)
• Distributed underwriting workbenches

Microsoft Fabric offers a unified analytics platform that consolidates:

• Policy administration (Duck Creek, Guidewire, Sapiens, Insurity, OneShield)
• Claims systems (Guidewire ClaimCenter, Duck Creek Claims, Snapsheet)
• Reinsurance (SICS, RiskMatch)
• Sensor and telematics
• Third-party data (credit, MVR, CLUE, ISO/Verisk)

All of this is integrated into a single OneLake-backed environment. Microsoft 365 Copilot is deployed in line with the EPC Group NAIC AI Governance Framework. It provides documented, audit-quality AI support for:

• Data management
• Compliance tracking
• Performance analysis

• Data analysis
• Content generation
• Task automation

• Underwriting narrative generation
• Claims correspondence
• Regulatory filing preparation
• Producer correspondence

Insurance CIOs, CDOs, Chief Actuaries, and Chief Underwriters often inquire about deploying Microsoft products rather than their capabilities. They must ensure compliance with:

• NAIC
• NYDFS
• SOX
• State privacy controls

This compliance is essential at carrier scale.

This is the expertise that EPC Group has delivered successfully on hundreds of occasions.

NAIC Model Bulletin 23-1 AI Governance Framework

The NAIC Model Bulletin 23-1 sets clear expectations for insurers using artificial intelligence in decisions that impact consumers. This includes areas such as:

• Underwriting
• Rating
• Claims handling
• Fraud detection
• Marketing
• Retention
• Producer-facing workflows

State adoption is accelerating. By Q1 2026, more than 22 states will have adopted the bulletin as enforceable guidance.

Several states are also working to turn it into regulation. This includes:

• Specific examination protocols

EPC Group's NAIC AI Governance Framework outlines the bulletin's expectations across 9 control domains:

• Governance — AI use policy approved by senior management, board-level reporting, and an AI Risk Committee with documented charter and minutes.
• Risk Management Program — Documented AI risk taxonomy, AI inventory with risk-tiering, and change management for AI system updates.
• Third-Party AI Risk — Due diligence on third-party AI providers (including Microsoft + Azure OpenAI), contractual flow-down of consumer protection requirements, and ongoing monitoring.
• Bias Testing — Pre-deployment fairness testing, ongoing bias monitoring, documented testing methodology, and results retention.
• Consumer Disclosure — Guidelines on when and how to disclose AI use to consumers, plain-language explanations of adverse actions, and appeal pathways.
• Data Quality + Provenance — Documented data sources for AI training and inference, data quality controls, and lineage tracking.
• Audit + Examination Readiness — Examination-quality documentation, model cards, and regulator-ready evidence packages.
• Workforce — AI literacy training for underwriters, claims handlers, and customer service staff.
• Vendor Management — AI vendor inventory, BAA-equivalent agreements for consumer data processing, and SLA + control attestations.

EPC Group typically implements the NAIC AI Governance Framework in a 12 to 20 week engagement. This process follows the phases of the Engagement Operating Model.

We also provide ongoing support through Managed Microsoft Support tiers.

• Microsoft Purview: Offers the documented AI inventory and classification surface.
• Microsoft Sentinel + Defender for Cloud: Provide the audit and monitoring surface.
• Microsoft 365 Copilot + Azure OpenAI + Azure AI Foundry: Deliver the core AI capabilities within the governance framework.

NYDFS 23 NYCRR Part 500 — The Cybersecurity Backbone

NYDFS Part 500 affects all insurance entities licensed in New York. This includes most major national property and casualty (P&C), life, and health carriers.

The 2023 amendments have greatly increased cybersecurity requirements. These updates closely align with the regulatory standards for financial services.

• Documented written cybersecurity policy
• Designated Chief Information Security Officer (CISO)
• Comprehensive risk assessment
• Multi-factor authentication (MFA) for all privileged and remote access
• Encryption for non-public information, both at rest and in transit
• Vulnerability management with a documented assessment cycle
• Penetration testing
• Written incident response plan
• 72-hour incident notification
• Security requirements for third-party service providers
• Training program
• Annual CISO certification to the Superintendent

EPC Group's NYDFS Part 500 reference architecture connects each technical requirement to a specific Microsoft control. The following controls are included:

• Microsoft Entra ID Conditional Access + MFA for the MFA requirement
• Microsoft Purview Information Protection + Customer Key for the encryption-at-rest requirement
• Microsoft Defender Vulnerability Management for the vulnerability management requirement
• Microsoft Defender for Cloud + Sentinel for monitoring, detection, and response requirements
• Microsoft 365 Defender for endpoint, identity, and email protection
• Microsoft Sentinel + Purview Audit Premium for audit logging and retention requirements

Each control includes a documented standard operating procedure, a cadence for evidence collection, and an examiner-ready evidence package.

Microsoft Cloud for Financial Services — Insurance Scenarios

Microsoft Cloud for Financial Services (MCfFS) combines Microsoft products designed for the insurance industry. EPC Group has effectively implemented MCfFS for different regional and national P&C carriers, life carriers, and specialty insurers.

• Common deployment patterns include:

• Integration with existing systems
• Custom solutions for specific business needs
• Enhanced data analytics and reporting capabilities

Producer + Agent Portal. The Dynamics 365 Insurance Accelerator, Power Pages, and Microsoft Entra External ID work together to create branded producer portals. These portals support various functions, including:

• Quote generation
• Application submission
• Commission tracking
• Certification management
• Policyholder lookup

EPC Group has successfully deployed producer portals for 5,000 to over 50,000 producers across regional and national carriers.

Policyholder Self-Service. Our solution combines Power Pages, Dynamics 365 Customer Insights, and Microsoft Bookings to create a comprehensive policyholder portal. This portal supports:

• Policy view
• Billing and payment
• Claims FNOL
• Document upload
• ID card retrieval

It integrates with policy administration systems using FHIR-equivalent insurance APIs that are Acord-aligned. The design is mobile-first and responsive.

Claims FNOL + Workflow. Power Apps, Power Automate, and Dynamics 365 Customer Service collaborate for first-notice-of-loss intake. This includes:

• Web options
• Mobile options
• Agent-assisted options
• Integrated voice options

The system automates claim creation in claims systems and generates claims correspondence using M365 Copilot. It also offers a claims status portal for policyholders and agents.

Distributed Underwriting Workbench. The solution combines Power BI, Microsoft Fabric, and Dynamics 365 into a single underwriter desktop. This desktop integrates:

• Policy administration data
• Third-party data (credit, MVR, CLUE)
• Claims history
• Exposure aggregation
• AI-assisted risk scoring

EPC Group's underwriting workbench deployments have improved cycle times by 40-60% while maintaining or improving loss ratios.

Unified Customer Profile. Dynamics 365 Customer Insights consolidating policy + claims + contact center + agent + digital channel data into a single customer view supporting cross-sell + retention + service excellence.

Power BI for Actuarial + Underwriting + Claims Analytics

EPC Group has shipped Power BI for actuarial + underwriting + claims analytics at insurers writing $50M to $5B+ in premium. The dashboard patterns that consistently drive value:

Loss Ratio + Combined Ratio. The loss ratio can be analyzed by various factors, including:

• Line of business
• Sub-line
• Geography
• Producer
• Agency
• Product
• Policy attributes (deductible, limits, endorsements)

We also track the combined ratio, which includes underwriting, LAE, and expense components. Additionally, we monitor reserve development triangles for incurred and paid losses, along with IBNR tracking.

Premium Production + Renewal Retention. Written premium + earned premium tracking with new business vs renewal mix, retention rates by product + segment + producer, lapse + cancellation analytics, midterm endorsement premium impact.

Claims Frequency + Severity. We analyze claims frequency by line, geography, and policy attributes. We also assess the average claim severity and cycle time, from first notice of loss (FNOL) to closure. Additionally, we evaluate the following factors:

• Litigation rate
• Subrogation recovery rate
• Supplier performance

• Medical bill review
• ISO
• Body shop network

Catastrophe Exposure. We integrate CAT models with RMS, AIR Worldwide, Verisk, and CoreLogic. This allows for fast exposure aggregation by:

• Peril
• Geography
• Treaty year

We also track PML (probable maximum loss) against reinsurance treaty layers. Additionally, we provide real-time storm-track exposure for active CAT events.

Reinsurance. Treaty performance tracking with cession + recovery + commission accounting. Facultative + treaty allocation. Reinstatement premium tracking. Reinsurer credit risk monitoring.

Producer + Agent Analytics. Producer scorecards combining premium production, loss ratio, retention, growth trajectory, certifications, and compliance status. Agency rollups for regional + national distribution.

Power BI Premium capacity sizing for enterprise insurers typically ranges from P3 to P5. This corresponds to Fabric F-SKU models F64 to F256. These sizes enable tenant-wide deployment for:

• 2,000 named users
• 20,000 named users

EPC Group has completed many capacity sizing and cost optimization projects. These engagements typically reduce Power BI Premium spending by 30% to 50%.

Microsoft Fabric for Insurance Data Lakes

Microsoft Fabric is a major release in analytics for the insurance industry. It marks a significant shift since the cloud data warehouse era. Fabric streamlines various processes, including:

• Claims fraud detection
• Pricing model development
• Catastrophe modeling
• Regulatory reporting
• Retention modeling

With Fabric, you can replace the fragmented systems of Snowflake, Databricks, on-premise SAS, and Hadoop with a unified, OneLake-backed analytics environment.

EPC Group has migrated regional + national carriers to Fabric. The reference architecture:

Ingestion layer. The ingestion layer includes various systems and data sources essential for policy administration and claims processing. These systems are:

• Policy admin systems: Duck Creek, Guidewire, Sapiens, Insurity, OneShield
• Claims systems: Guidewire ClaimCenter, Duck Creek Claims, Snapsheet
• Billing systems
• Reinsurance systems: SICS, RiskMatch
• CAT models: RMS, AIR, Verisk, CoreLogic
• Third-party data: credit, MVR, CLUE, ISO/Verisk public records
• Sensor and telematics: auto, commercial fleet, property IoT
• External data: SDOH, geospatial, weather

Storage layer. OneLake employs a medallion architecture with three levels: bronze (raw), silver (cleansed), and gold (analytics-ready). All tables in the gold tier are in Delta Lake format.

We provide industry data models that are Acord-aligned for property and casualty (P&C). Additionally, we offer custom dimensional models for life and health.

Compute layer. The Fabric Lakehouse combines a warehouse, real-time analytics, and notebooks. Notebooks support Python and Spark for various tasks:

• Fraud detection using gradient boosting and graph analytics
• Pricing model development with GLM, GAM, and machine learning
• Retention modeling

The warehouse is designed for traditional BI workloads. Real-time analytics handle CAT-event-time data ingestion and storm-track exposure.

Serving layer. Power BI semantic models are created using the Fabric warehouse and lakehouse. The Direct Lake connection eliminates the need for Power BI import refresh cycles. Additionally, it offers row-level security for state insurance department reporting boundaries.

Governance. Microsoft Purview for catalog + lineage + classification. Sensitivity labels for non-public information (NPI) across the entire data estate. Audit logs to Sentinel for NYDFS + SOX compliance reporting.

Catastrophe Modeling + Reinsurance Analytics

CAT modeling and reinsurance analytics are essential tasks for P&C carriers. EPC Group offers CAT and reinsurance solutions that combine several powerful tools:

• Microsoft Fabric: Data unification and machine learning for CAT scenarios.
• Power BI: Executive and actuarial dashboards.
• Azure OpenAI: Natural-language analysis for CAT scenarios and support for reinsurance broker correspondence.

CAT Model Integration. We offer direct integration with key CAT model exports. These include RMS, AIR Worldwide, Verisk, and CoreLogic. This integration allows for fast aggregation of CAT exposure based on several factors:

• Geographic location
• Property type
• Risk characteristics

• Geographic location
• Property type
• Risk assessment

• Geographies
• Perils (hurricane, severe convective storm, wildfire, earthquake, flood)
• Treaty years

Our system tracks PML (probable maximum loss) against reinsurance treaty layers and retention. It also calculates AAL (average annual loss) for pricing and reserves.

Storm-Time Workflows. Real-Time Analytics in Fabric supports active CAT events. Key features include:

• Storm-track exposure aggregation updated every 15 minutes.
• Claims volume forecasting for adjuster staffing.
• Reinsurance trigger event tracking with automated reinsurer notification.

Reinsurance Treaty Analytics. We track treaty performance by monitoring cession, recovery, and commission accounting across multi-year treaty programs. Our services include:

• Facultative and treaty allocation
• Reinstatement premium tracking
• Reinsurer credit risk monitoring against AM Best and S&P ratings

Claims Fraud Detection

Claims fraud detection provides one of the best returns on investment for Microsoft Fabric + Azure AI in the insurance industry. EPC Group has successfully implemented fraud detection solutions for:

• Regional property and casualty (P&C) carriers
• National property and casualty (P&C) carriers

These solutions have led to documented recoveries of:

• $5M annually for mid-sized carriers
• $75M+ annually for large carriers

The reference architecture includes several key components:

• Graph analytics on Fabric Lakehouse for analyzing claimant, provider, attorney, and auto body shop networks.
• Gradient boosting models on Spark notebooks to calculate the Suspicious Activity Score on the first notice of loss.
• Azure OpenAI and Document Intelligence for analyzing unstructured documents, such as police reports and medical narratives.
• Power BI dashboards for SIU (Special Investigation Unit) case management.
• Integration with SIU case management systems, including ISO ClaimSearch and NICB.

Engagement Operating Model — Insurance Application

EPC Group's 7-phase Engagement Operating Model (Discover, Architect, Plan, Build, Validate, Deploy, Run) — documented at /engagement-model — is the underlying delivery framework for insurance engagements. Insurance-specific phase content:

Discover. Our services include:

• NAIC Model Bulletin 23-1
• NYDFS Part 500
• SOX compliance
• State privacy posture assessment
• Policy administration
• Claims management
• Reinsurance
• CAT model inventory
• Current Microsoft 365 + Azure tenant assessment
• Third-party AI inventory
• NPI data flow mapping

Architect. NAIC AI Governance Framework design, NYDFS Part 500 reference architecture, Microsoft Cloud for Financial Services scenario selection, Fabric data platform architecture, CAT modeling architecture, fraud detection architecture.

Plan. Phased rollout sequence (underwriting vs claims vs producer vs analytics), change management for underwriters + claims handlers + producers, training curriculum.

Build. We focus on several key areas to enhance your enterprise solutions:

• Tenant configuration
• Identity and access design implementation
• Sensitivity label deployment for NPI
• Microsoft Fabric workspace, lakehouse, and warehouse build
• Power BI actuarial, underwriting, and claims semantic model build
• CAT model integration
• Fraud detection model build

Validate. We provide validation for several frameworks and controls, including:

• NAIC AI Governance Framework validation
• NYDFS Part 500 control validation
• SOX IT general controls validation (when in scope)
• Penetration testing
• User acceptance testing with underwriting, claims, producer, and actuarial stakeholders

Deploy. Phased production rollout, Hypercare period with on-site SME support, policy admin + claims vendor coordination for production cutover.

Run. Managed Microsoft Support (Extended Coverage or 24x7x365 tiers), quarterly governance reviews, annual NAIC AI Governance Framework review, annual NYDFS CISO certification support, continuous improvement.

Engagement Investment

EPC Group insurance engagement tiers:

Foundation ($150K-$300K, 12-16 weeks): This phase includes the discovery, architecture, and initial build for one Microsoft workload. Options include:

• NAIC AI Governance
• Power BI actuarial analytics
• Fabric claims data lake

This offering is ideal for regional carriers or single-line carriers.

Enterprise ($350K-$750K, 20-32 weeks): Foundation + multi-workload + Engagement Operating Model full lifecycle + Managed Microsoft Support transition. Suitable for national mid-market carrier or specialty carrier.

Platform ($750K-$2.5M, 36-60 weeks): This solution includes a full deployment of the Enterprise + Microsoft Cloud for Financial Services, the Fabric platform, and a Center of Excellence.

It is suitable for:

• National multi-line carriers
• Top-25 P&C carriers

Ongoing operations via /managed-microsoft-support-tiers — Extended Coverage or 24x7x365 tiers appropriate for insurance 24x7 catastrophe response requirements.