EPC Microsoft Co-Managed IT is a productized hybrid engagement that embeds named senior EPC architects with your internal IT team. Your CIO retains accountability; EPC contributes architecture expertise + escalation backup. Three published tiers (Small / Medium / Large) sized by user count, workload mix, and architect allocation. Distinct from Managed Lifecycle (EPC owns ops) and Adoption Accelerator (90-day campaign).
Key Facts
- Productized hybrid engagement — not staff augmentation. Three published tier bands: Small ($15K–$25K/mo), Medium ($35K–$55K/mo), Large ($75K+/mo).
- Named senior architect(s) at agreed FTE percentages (25% / 50% / multi-architect Large). Errin O'Connor personally leads Large-tier Co-Managed engagements.
- Accountability stays internal — designed for HIPAA, FINRA, FedRAMP, CMMC 2.0 environments where regulators do not accept "the vendor owns it" as an audit answer.
- Lifecycle stages co-owned: Assess (fortnightly review), Modernize (one co-led slot/quarter), Govern (continuous coverage growth), Operate (escalation backup), Enable (one co-designed campaign/month).
- 6-pillar Microsoft estate coverage: M365 + Copilot, Power BI + Fabric, SharePoint + Viva, Azure, D365 + Power Platform, Security backbone.
- Often a vendor-consolidation play: typically replaces 3-5 specialist vendors at a 15–30% aggregate spend reduction.
- Compliance-native: HIPAA, SOC 2, FedRAMP, FINRA, CMMC, GxP — frameworks baked into the operating model, not bolted on at audit time.
- 90-day termination notice with full handoff package — no proprietary lock-in; runbooks are co-authored from day one.
EPC’s 3 engagement models — which one fits?
EPC’s productized service catalog covers three engagement shapes — full ownership, hybrid augmentation, and fixed campaign. Each one fits a specific accountability + augmentation gap. The most common scoping error is buying the wrong shape for the actual situation. Use the table below as the first-pass triage.
Managed Lifecycle
EPC fully owns ongoing operations
When: You want to focus internal IT capacity on business strategy, application development, or M&A integration — and let EPC operate the Microsoft estate end-to-end with a named SLA.
Accountability: EPC
Ownership: EPC owns the runbooks, the on-call rotation, the incident response, the roadmap, the dashboards, and the lifecycle stage progression.
SLA: 24/7/365 named P0–P3 SLA with senior-architect escalation
Cadence: Continuous; fortnightly architecture review; quarterly executive briefing
Best fit: CIOs whose internal team is small, generalist, or focused elsewhere
Adoption Accelerator
EPC drives a 90-day fixed campaign, then transitions out
When: You already have an internal IT team that can operate the estate after a focused activation push — you just need senior expertise to drive a measurable adoption uplift in 90 days.
Accountability: Joint, with EPC owning the campaign
Ownership: EPC owns the 90-day campaign roadmap, training, change-management collateral, telemetry, and outcomes. Internal team owns the operate motion that begins on day 91.
SLA: Campaign-window only — defined activation/usage uplift target
Cadence: 90-day fixed engagement with formal handoff at week 12
Best fit: Orgs deploying Copilot, Fabric, or a major workload where adoption is the failure-mode risk
Co-Managed IT
You are hereHybrid: named EPC architects + your internal IT team
When: You have a capable internal Microsoft team but lack a deep senior architect bench. Co-Managed embeds named EPC architects on a defined FTE percentage to work side-by-side with your team across all 5 lifecycle stages.
Accountability: Your CIO retains accountability; EPC contributes architecture expertise + cross-vendor coverage
Ownership: Your team owns day-to-day ops + production. EPC owns architecture review, escalation backup, Microsoft change-log advisory, and quarterly executive briefing co-authorship.
SLA: 24/7 escalation backup on P0/P1; defined response SLA scoped to architecture domain
Cadence: Continuous embedding; weekly sprint participation; monthly co-managed sync; quarterly co-authored executive briefing
Best fit: Mid-market F500, regulated industries, vendor-consolidation plays, mature internal IT teams that need senior-architect augmentation
Who Co-Managed IT fits best — 5 buyer personas
Co-Managed is not a universal fit — it is a specific product for a specific accountability + augmentation gap. The five personas below are where the model consistently outperforms both pure managed services and pure project consulting.
CIO with an invested internal team but no senior Microsoft architect bench
You hired a strong M365 admin, a competent Power BI lead, a SharePoint engineer. They run the lights. But when a Fabric capacity decision hits the table, when a Defender XDR incident escalates past tier-1, or when the CFO asks for a defensible roadmap to migrate from SSIS to Fabric Data Factory — there is no internal senior architect to make the call. Co-Managed embeds named EPC senior architects who have made that call dozens of times. Your team keeps owning the day-to-day; EPC owns the architecture review board seat and the escalation backup. You are not replacing your team — you are giving them the senior bench they never had.
Organization mid-modernization that needs continuity AND deep expertise
You are in the middle of a Microsoft 365 tenant consolidation, a Fabric migration, a Copilot enterprise rollout, a SharePoint Premium activation — and your internal team cannot pause production work to staff the modernization. A pure managed-services takeover is too heavy. A 90-day Adoption sprint will not last long enough. Co-Managed gives you embedded EPC architects who do the modernization heavy-lift while teaching your team to operate what gets built. The architect who designs the Fabric medallion is the architect who attends your weekly sprint and writes the runbook your team inherits.
Regulated industry where accountability MUST stay internal
Healthcare under HIPAA, financial services under FINRA / SOC 2, federal under FedRAMP and CMMC 2.0, clinical research under 21 CFR Part 11 — these industries have regulators who do not accept "the vendor owns it" as an accountability answer. The audit trail, the configuration of record, the access-control attestation, the breach-notification chain — all of those have to live inside your accountable IT organization. Co-Managed is built for this reality. EPC contributes architecture and expertise; your CIO retains ownership of every accountability boundary the regulator inspects.
Mid-market F500 (5K–50K users) — too big for Adoption, too lean for full Managed
Five thousand to fifty thousand users is the awkward middle. The estate is complex enough that a one-shot Adoption sprint cannot cover it; the internal team is mature enough that a full managed-services outsource feels like overcorrection (and the price tag does not pencil). Co-Managed sizes to this gap. You buy named senior architect time at the FTE percentage you actually need — 25%, 50%, on-demand specialists — and pay for that bench instead of a full takeover. The vendor consolidation angle (below) often makes this net-cheaper than the status quo.
Org with an active vendor-consolidation goal
You are running three or four specialist consulting vendors today — one for SharePoint, one for Power BI, one for Azure, one for security. Each has a one-pillar view of your estate; nobody sees the whole thing; integration friction shows up at every handoff. Co-Managed is often a vendor-consolidation play: replace three or four single-pillar vendors with a single EPC Co-Managed engagement that covers all six Microsoft pillars under one named architect lead. Procurement gets a single contract; the architecture gets a single integrated view; the named EPC architect attends the same architecture review board where the previous four vendors sent four different account managers who never spoke to each other.
What you get in the Co-Managed retainer
Six standing inclusions, every month, every tier. These are the connective tissue between “we have a senior EPC architect on the engagement” and “it actually shapes day-to-day decisions inside your IT organization.”
Named senior EPC architects at agreed FTE percentages
You do not buy hours — you buy named people at named allocations. A Small Co-Managed engagement might be one architect at 25% (one full day a week). Medium might be a principal architect at 50% plus a specialist (Fabric, Security, Power Platform) at 25%. Large is multi-architect coverage with on-demand specialists. The architect is named in the SOW. When you ring them, they pick up — they are not a load-balanced ticket queue.
Architecture review board membership with your internal architects
Your EPC architect holds a standing seat on your Architecture Review Board (or whatever you call the body that approves significant Microsoft changes). They review architecture decision records, push back on anti-patterns, bring Microsoft reference architectures (Cloud Adoption Framework, Well-Architected, Fabric medallion, Power Platform CoE Toolkit) into the conversation, and co-sign decisions with your internal lead architect. This is the connective tissue between "we have senior EPC expertise" and "it actually shapes what gets shipped."
Active participation in your sprint / PI / IT council cadence
Your EPC architect joins the cadence your team already runs — weekly Microsoft estate sprint, quarterly PI planning, monthly IT operations council, whatever it is. They are not a quarterly visitor doing a status report; they are in the room when your team plans the next sprint and when escalations get triaged. Their calendar shows your meetings the same as your internal lead architect.
Microsoft estate health dashboards — co-managed
A Power BI dashboard suite covering Purview (sensitivity label coverage, DLP incident rate), Defender (secure score, exposed identity count), Entra (privileged-role drift, conditional access gaps), Fabric (CU% utilization, throttling minutes), and Copilot (active users by license, agent inventory). Your team and EPC both have edit access. EPC seeds the templates; your team owns ongoing operations; both sides annotate incidents and roadmap deltas.
24/7 escalation backup on P0 / P1 events
Your team owns day-to-day incident response. When a P0 (production-down, material data loss, executive-impacting incident) hits, your on-call lead can page the named EPC architect under a defined response SLA. Co-Managed is not a 24/7 NOC replacement — your team still runs the on-call. But you have a senior architect bench you can escalate to when the situation needs an architecture call your internal lead is not paid enough to make at 2 AM alone.
Quarterly executive briefing — co-authored with your CIO
A formal quarterly deliverable, co-authored by your CIO and the named EPC architect, designed to be presented to the audit committee or board. Covers: estate health scorecard, lifecycle stage maturity deltas, incident retrospective, Microsoft roadmap impact, Copilot ROI, secure score trend. Co-authorship is the key word — this is your CIO's narrative supported by EPC's architecture data, not an external vendor's quarterly business review pretending to be your strategy doc.
The 5 lifecycle stages — how Co-Managed engages each
The The EPC Group Lifecycle is the operating model. In Co-Managed, every stage has explicit answers to three questions: what does YOUR team own, what does EPC own, and what is genuinely co-managed. The table below is part of the SOW, not an aspirational diagram.
Assess
Cadence · Continuous; fortnightly working session
Your team owns
Owns the inventory of record, the CMDB, the license accounting, the in-flight project portfolio.
EPC owns
Brings the Microsoft reference architectures (CAF, WAF, Fabric medallion, Power Platform CoE) and benchmarks your estate against them. Identifies drift, tech debt, and Microsoft-trend gaps your team does not have the bandwidth to track.
Co-managed
A standing fortnightly architecture review where your team and EPC walk the estate together. Architecture decision records are co-signed. Modernization candidates are nominated jointly; priorities are set by your CIO with EPC providing architecture trade-off advisory.
Modernize
Cadence · One co-led modernization slot per quarter; additional slots via separate SOW
Your team owns
Owns execution of in-flight projects; manages business stakeholder relationships; runs UAT and production cutover.
EPC owns
Provides senior architect time on the highest-leverage modernization slot of each quarter — typically a workload migration or a major Microsoft-net-new (Fabric, Copilot, SharePoint Premium, Azure landing zone refresh).
Co-managed
Each quarterly modernization slot is structured so your team operates the result on day-one. The architect who designs the Fabric medallion authors the runbook your team will use to operate it; the architect who configures the Defender policy package walks the analyst who will tune it through every rule.
Govern
Cadence · Continuous; quarterly coverage growth target
Your team owns
Owns the policy-of-record, the access-control attestation, the audit-log retention configuration, the compliance evidence package.
EPC owns
Brings continuous Purview + Defender + Entra posture improvements: sensitivity label coverage growth, DLP rule tuning, conditional access drift remediation, access-package recertification cadence.
Co-managed
Governance work is the most natural Co-Managed surface area — the regulator wants accountability internal, and the work requires senior expertise. Your CIO signs the policy; EPC's architect provides the technical implementation and the cross-customer benchmark for what good looks like.
Operate
Cadence · 24/7 named escalation backup; weekly operational sync
Your team owns
Owns the 24/7 on-call rotation, the ITSM ticket queue, the change advisory board, the production deployment authority.
EPC owns
Provides escalation backup on P0/P1 events; advisory on operational anti-patterns surfaced through estate dashboards; Microsoft change-log review (M365 message-center, Fabric capacity advisory, Copilot wave releases).
Co-managed
EPC does not replace your operations team or run your NOC. EPC is the senior bench your team escalates to when the incident is past their experience level. The escalation paths and named architect contacts are documented in your runbook; tabletop drills test them quarterly.
Enable
Cadence · One co-designed enablement campaign per month
Your team owns
Owns the end-user training delivery, the internal change-management collateral, the relationship with business sponsors.
EPC owns
Brings the persona-level enablement playbooks (finance, legal, HR, sales, ops, IT), the prompt libraries, the Copilot agent inventory templates, the Fabric semantic model patterns, the SharePoint Premium adoption playbooks.
Co-managed
Enablement campaigns are co-designed: your team's stakeholder knowledge plus EPC's pattern library. Your trainers deliver; EPC's architect provides the technical content and the named usage targets pulled from comparable engagements.
What is IN scope — and what is explicitly NOT
Co-Managed has a narrower scope than Managed Lifecycle on purpose — your team owns the day-to-day, so EPC’s role is specifically architecture review, escalation backup, modernization slot leadership, and quarterly briefing co-authorship. The table below is published up front so procurement can compare like-for-like and your CIO can budget against it.
| Item | In Co-Managed? |
|---|---|
| Named senior EPC architect(s) at agreed FTE percentages (25% / 50% / on-demand) | IN scope |
| Architecture Review Board membership + co-signed architecture decision records | IN scope |
| Active sprint / PI / IT council participation on your existing cadence | IN scope |
| Co-managed estate health dashboards (Purview + Defender + Entra + Fabric + Copilot) | IN scope |
| 24/7 escalation backup on P0 / P1 events with named architect response SLA | IN scope |
| Quarterly executive briefing — co-authored with your CIO | IN scope |
| Microsoft change-log advisory (M365 message-center, Fabric, Copilot, Defender, Entra) | IN scope |
| Lifecycle stage maturity scoring across estate (quarterly delta) | IN scope |
| One co-led modernization slot per quarter (workload named at onboarding) | IN scope |
| One co-designed enablement campaign per month | IN scope |
| Microsoft Partner Center attribution for FastTrack + co-sell where applicable | IN scope |
| Co-Managed runbook library — written so YOUR team operates on day-one | IN scope |
| Quarterly tabletop drill on escalation paths + on-call handoffs | IN scope |
| Cross-vendor coordination where you are still running specialist vendors | IN scope |
| Knowledge transfer artifacts — every architecture decision documented for handoff | IN scope |
| Annual SLA review + tier-band re-evaluation | IN scope |
| Day-to-day operations — your internal team owns the runbooks and the on-call queue | Separate SOW |
| 24/7 NOC replacement — Co-Managed is escalation backup, not first-line response | Separate SOW |
| End-user helpdesk (password resets, device break-fix, Intune endpoint support) | Separate SOW |
| Greenfield tenant migrations (separate fixed-fee SOW — see Cloud Orchestrator hub) | Separate SOW |
| M&A tenant consolidations (separate fixed-fee SOW) | Separate SOW |
| Custom application development (.NET, React, Power Pages portals beyond CoE templates) | Separate SOW |
| Fortune 500 RFP responses or third-party-led procurement support | Separate SOW |
| Multi-vendor 3rd-party integration projects (Salesforce, SAP, Workday) — separate SOW | Separate SOW |
Three productized tiers
Tier bands are sized by user count, workload mix, and named-architect FTE percentage. Illustrative monthly bands are published below; the final fee is set after the two-week fixed-fee assessment so both sides are pricing the actual estate, not a brochure.
Co-Managed IT — Small
5,000–15,000 users · 1–2 active workloads · mature internal team
$15,000 – $25,000 / month
Illustrative band — finalized after 2-week assessment
Inclusions
- 1 named senior architect at ~25% allocation (1 day/week)
- Architecture Review Board seat
- Fortnightly architecture review (60-min)
- 1 quarterly co-led modernization slot
- 1 monthly co-designed enablement campaign
- P0 / P1 escalation backup — 24/7
- Quarterly executive briefing — co-authored
- Co-managed estate health dashboard
Not included (separate SOW)
- —On-demand multi-specialist coverage
- —Sustained > 25% architect availability
Co-Managed IT — Medium
15,000–50,000 users · 3–5 active workloads · multi-pillar coverage
$35,000 – $55,000 / month
Illustrative band — finalized after 2-week assessment
Inclusions
- 1 named principal architect at ~50% allocation
- 1 named specialist (Fabric / Security / Power Platform) at ~25%
- Architecture Review Board seat + sub-architect council seats
- Weekly tactical sync + fortnightly architecture review
- 1 quarterly co-led modernization slot + 1 governance slot
- 2 monthly co-designed enablement campaigns
- P0 / P1 / P2 escalation backup — 24/7
- Quarterly executive briefing + monthly executive scorecard
- Co-managed governance dashboard + estate health suite
- Backup architect rotation for vacation / continuity
Not included (separate SOW)
- —Full M&A or tenant migration program scope
- —Sustained > 75% combined architect availability
Co-Managed IT — Large
50,000+ users · all 6 Microsoft pillars · vendor-consolidation play common
$75,000+ / month
Illustrative band — finalized after 2-week assessment
Inclusions
- 2 named architects (principal + senior) at combined ~100% allocation
- 2–4 ongoing named specialists (security, Fabric, Power Platform, Copilot, Azure)
- On-demand sub-specialist bench (FastTrack-co-sell, Purview, Sentinel, Entra)
- Weekly architecture review + monthly executive-level sync
- Modernization slot per pillar per quarter
- Continuous enablement program (weekly campaigns)
- P0 / P1 / P2 / P3 escalation backup — 24/7 with named backup architect
- Quarterly board-ready briefing + monthly executive scorecard
- Full estate dashboard suite (6 dashboards) — co-managed
- Microsoft FastTrack co-coordination where applicable
- Vendor-consolidation handoff coordination
Not included (separate SOW)
- —Greenfield migrations or M&A consolidations beyond one named event per year
The vendor-consolidation play
Co-Managed is, in many cases, a vendor-consolidation play. Mid-market F500 organizations commonly run three or more single-pillar Microsoft consulting vendors today, each sending a different account manager to a different review board, billing against a different SOW, and pointing fingers at every cross-pillar boundary. Co-Managed collapses that stack into one named architect-led contract covering all six pillars. Below is the honest answer on when this works and when it does not.
When vendor consolidation makes sense
You are running three or more specialist vendors today — say, one for SharePoint operations, one for Power BI/Fabric, one for Azure infrastructure, one for security. Each one has a per-pillar viewpoint, sends a different account manager, and bills against a different SOW. Integration friction shows up at every cross-pillar boundary (the Fabric vendor blames the Azure vendor; the SharePoint vendor cannot get a straight answer from the security vendor). A single Co-Managed engagement — one named EPC architect, six pillars, one contract, one architecture review board seat — typically saves 15–30% on aggregate vendor spend and eliminates the integration friction. The vendor-consolidation savings are usually what justifies the Co-Managed budget to a CFO.
When vendor consolidation does NOT make sense
If one of your specialist vendors has unique value EPC cannot replicate (a vertical-specific SaaS integration, a proprietary IP relationship, a long-standing executive sponsor), Co-Managed should be ADDITIVE rather than a replacement. EPC's view is honest: we will tell you which of your existing vendors we recommend keeping. Co-Managed is not a land-and-expand grab to displace other consultants — it is a productized service that fits a specific accountability + augmentation gap. If your current vendor stack is healthy, the right answer might be a fixed-fee accelerator (a 6-week Fabric assessment, a 90-day Copilot adoption sprint) rather than Co-Managed.
SLA — escalation response + resolution targets
In Co-Managed, your team owns first-line response — the SLA covers the architecture escalation, not the initial ticket triage. Severity definitions are committed to writing; the named EPC architect is the responder, not a tier-1 dispatcher. P0 and P1 coverage is 24/7/365 with named backup architect rotation for vacation and continuity.
| Severity | Definition | Response | Resolution target | Coverage |
|---|---|---|---|---|
| P0 escalation | Production-down or material data loss; your on-call requests senior architect engagement | 15 minutes — named architect paged | 4-hour architecture-level decision or workaround | 24/7/365 |
| P1 escalation | Degraded service; architecture-level decision or pattern advisory needed beyond your team | 1 hour | Same business day | 24/7/365 |
| P2 advisory | Architecture review request, sprint planning input, modernization slot scoping | 4 business hours | 3 business days | Business hours (extended on request) |
| P3 advisory | Roadmap question, Microsoft change-log clarification, vendor coordination request | Next business day | 1 business week | Business hours |
Microsoft estate covered
Co-Managed covers the full Microsoft enterprise stack a mid-market or Fortune 500 CIO is actually operating. The Large tier engages all six pillars under one named principal architect; the Medium tier engages three to five; the Small tier engages one to two. Pillars not in active scope still receive change-log advisory so nothing surprises the roadmap.
Microsoft 365 + Copilot
Tenant architecture review, Copilot for M365 adoption + agent governance, license posture optimization, message-center change management, SharePoint Online governance.
Power BI + Microsoft Fabric
Premium / Fabric capacity tuning advisory, Direct Lake semantic model architecture, OneLake lakehouse governance, refresh-failure runbook authorship, Fabric CU% optimization patterns.
SharePoint + Viva
SharePoint Online governance architecture, hub-site information architecture, SharePoint Premium agents, oversharing remediation patterns, Viva Connections / Topics / Engage advisory.
Azure
Azure landing zone hygiene review, Azure Policy + Defender for Cloud posture advisory, cost governance + reservation optimization, Azure OpenAI + AI Foundry guardrails.
Dynamics 365 + Power Platform
D365 Sales / Customer Service / Finance environment hygiene, Power Platform CoE Toolkit operations advisory, maker governance, DLP connector policy, environment lifecycle.
Security Backbone
Microsoft Defender XDR posture, Microsoft Sentinel runbook upkeep, Entra ID conditional access drift remediation, Purview DLP + Insider Risk + Communication Compliance.
For deeper context on individual pillars, see Microsoft 365 consulting, Azure consulting services, and the Microsoft Cloud Orchestrator Practice hub.
Onboarding — how the first 90 days run
The first 90 days run on a published cadence so both sides know what is happening and when. Onboarding ends with the first co-authored quarterly executive briefing — at which point the engagement is operating at steady state.
Weeks 1–2
Assessment + team integration
A 2-week fixed-fee assessment runs in parallel with onboarding. The named architect inventories the estate, meets your internal lead architect and team leads, attends your existing sprint / IT council to understand the cadence, and identifies the highest-leverage modernization candidates. Output: a baseline maturity score per lifecycle stage, a costed 12-month roadmap, and a Team Operating Agreement that documents who-owns-what between your team and EPC.
Weeks 3–4
Architecture baseline + ARB onboarding
The named EPC architect is onboarded to your Architecture Review Board, your ITSM (ServiceNow / Jira / Halo / Zendesk), your collaboration channels (Teams / Slack), and your incident management process. The architecture-of-record document is co-produced — neither pure EPC nor pure your-team, but the genuine shared reference. The escalation paths are documented and reviewed.
Weeks 5–8
Instrumentation + dashboards + tabletop drill
Co-managed estate health dashboards are built (Purview, Defender, Entra, Fabric, Copilot) and edit-access shared with your team. The first quarterly modernization slot is scoped and kicked off. A tabletop drill is run on P0 escalation: a simulated incident exercises the escalation chain end-to-end, surfacing any gaps in the runbook before they hit production.
Weeks 9–12
First modernization ships; first quarterly briefing
The first co-led quarterly modernization slot ships — sized realistically in 4 weeks (a Fabric Direct Lake conversion of one workspace; a Defender for Cloud Apps policy package; a SharePoint hub sensitivity-label onboarding). The runbook for ongoing operation is co-authored. The first quarterly executive briefing is delivered, co-signed by your CIO and the named EPC architect, against the 90-day baseline and the rolling 12-month roadmap.
When Co-Managed IT does NOT fit
Honest scoping is part of the product. If your situation matches any of the four below, Co-Managed is the wrong shape and a different EPC product (or no engagement at all) is the right call. We will tell you that on the scoping call instead of selling you a tier you do not need.
- Pure project engagement. You have a specific one-time deliverable — a tenant migration, an M&A consolidation, a Fabric build, a Power BI semantic model, a Copilot pilot. The right fit is a fixed-fee SOW under the Microsoft Cloud Orchestrator Practice hub or a specific service-line page, not an ongoing Co-Managed retainer.
- Pure outsourcing. You want a vendor to OWN the Microsoft estate so your internal team can focus elsewhere. The right fit is EPC Managed Microsoft Lifecycle — full ownership of operations under a named SLA. Co-Managed assumes your team is still operating the estate.
- A 90-day fixed campaign. You need a focused activation push — Copilot rollout, Fabric adoption, SharePoint Premium go-live — measurable usage uplift in 90 days, then handoff. The right fit is EPC Microsoft Adoption Accelerator.
- No internal IT team at all. Co-Managed requires an internal team that can own day-to-day operations. If your IT function is fully outsourced today, the right fit is Managed Lifecycle (EPC owns it) or a phased approach: a fixed-fee accelerator first, then a tier-up to Managed Lifecycle once internal capacity exists.
Compliance posture
Co-Managed is delivered compliance-native — frameworks baked into the operating model, not bolted on after an auditor lands. Because accountability stays inside your organization, Co-Managed is the structurally right fit for regulators that do not accept “the vendor owns it” as an audit answer. The covered frameworks are HIPAA, SOC 2, FedRAMP, FINRA, CMMC, GxP, plus GDPR and 21 CFR Part 11 for clinical research workloads. Federal-vertical engagements are GCC + GCC High aware and FedRAMP-aligned at the methodology level (FedRAMP authorization itself attaches to the underlying Microsoft cloud services, not to consulting service-lines).
- Healthcare: Active BAAs, HIPAA Security Rule mapped to Purview + Defender posture. Your CISO retains the audit-evidence chain. See Healthcare IT consulting — HIPAA Microsoft 2026.
- Federal / Tribal / Defense: GCC + GCC High aware; CMMC 2.0 control mapping. Your accountable IT organization holds the ATO; EPC contributes architecture advisory. See Government + Federal Microsoft consulting — FedRAMP / CMMC 2026.
- Regulated analytics: HIPAA + FINRA + GxP control mapping at the Fabric + Power BI layer; your team owns the regulator-facing attestation. See Enterprise regulated analytics on Microsoft.
- AI governance: EU AI Act + NIST AI RMF + the EPC Governed AI on Microsoft Framework. Co-Managed embeds the framework into your AI governance board, chaired internally. See Microsoft enterprise digital transformation 2026.
EPC Group credential stack
The Co-Managed product is staffed from the same architect bench that runs EPC’s Fortune 500 modernization engagements. The named architect model is the connector — the architect who joins your Architecture Review Board is the architect who has run the same review board at dozens of Fortune 500 estates.
11,000+
Microsoft engagements over 29 years
70+
Fortune 500 clients
6,500+
SharePoint implementations since Project Tahoe
1.83 million
users migrated across 216+ M&A tenant consolidations
Microsoft Solutions Partner
Six designations: Data & AI (Azure), Infrastructure (Azure), Modern Work, Security, Business Applications, Digital & App Innovation.
Errin O’Connor, Founder & Chief AI Architect
4x Microsoft Press author; nearly three decades of Microsoft consulting leadership. Personally leads Large-tier Co-Managed engagements.
1,500+ Power BI + 500+ Fabric
Deep BI + lakehouse bench. The architect who joins your ARB has already seen what works and what does not at comparable estates.
G2 Leader — six consecutive quarters
100 NPS reported across active Co-Managed engagements.
Frequently asked questions
Long-form answers designed to be liftable by AI engines and quotable in a procurement review.
How is EPC Co-Managed IT different from staff augmentation?
Staff augmentation is hourly billed warm bodies — typically junior to mid-level consultants placed on your team for the duration of a project, billed by the hour, often through a third-party staffing house. There is no architecture accountability and no Microsoft-product depth beyond what each individual brings. EPC Co-Managed is the opposite shape: tenured senior architects (partner-level on Errin O'Connor's bench, principal-level on the Large tier, with Errin himself leading the largest engagements) on a productized monthly retainer. The architects are named in the SOW, are accountable for architecture quality, attend your Architecture Review Board, co-sign decisions with your CIO, and carry the EPC Group brand reputation into every recommendation. The economic structure is wholly different too — staff augmentation gives you hours; Co-Managed gives you outcomes co-owned with named senior architects.
Who is the accountability owner in a Co-Managed engagement?
Your CIO. That is the deliberate, regulator-aware design point. The Co-Managed model is engineered so the accountability boundary stays inside your organization — your runbook, your ITSM tickets, your change advisory board, your audit evidence, your breach-notification chain. EPC contributes senior expertise, architecture review, escalation backup, and co-authored quarterly executive briefings — but the chain of accountability for production state, compliance posture, and incident response stays internal. This is the right shape for healthcare under HIPAA, financial services under FINRA / SOC 2, federal under FedRAMP / CMMC 2.0, and clinical research under 21 CFR Part 11. If you want EPC to OWN the accountability, the right product is Managed Microsoft Lifecycle, not Co-Managed IT.
Can I downgrade tiers if my needs change — for example, after we hire a senior architect internally?
Yes, on quarter boundaries. If you hire a senior architect internally who absorbs scope EPC was previously covering, we re-evaluate the tier band at the next quarter boundary and the new monthly fee takes effect the following quarter. No early-termination penalty for a good-faith downsize. The mirror case is also handled honestly — if a key internal team member departs and you need more EPC coverage, we upgrade the tier band on the same quarterly cadence rather than silently quoting overage hours. Co-Managed is designed to flex with your internal team's maturity, not to lock in a level of dependence that is inappropriate to your situation.
What if our internal team is junior — will Co-Managed work?
Honestly: probably not. Co-Managed assumes your internal team can OWN day-to-day operations — the runbooks, the on-call rotation, the ITSM queue, the change advisory board, the policy-of-record. If your team is too junior to own those, EPC will tell you that during scoping and recommend Managed Microsoft Lifecycle instead (where EPC owns operations) — or, more often, a phased approach: 18 months of Managed Lifecycle while EPC trains your internal team, then a planned transition to Co-Managed as your team matures. Selling Co-Managed into a junior internal team sets the engagement up to fail; we have learned this the hard way and the scoping conversation is the place to be honest about it.
Is there a conflict of interest if EPC also offers Managed Services?
Reasonable question and a fair concern. The answer is that EPC's productized service catalog is deliberately structured so each tier fits a different accountability + augmentation shape — Adoption Accelerator for the 90-day campaign, Co-Managed IT for the augmentation play, Managed Lifecycle for the full ownership play, fixed-fee SOWs for one-time events. The named architects are not commission-incentivized to expand scope; the quarterly executive briefing is engineered to surface honestly whether the engagement is delivering against named outcomes. If we are not delivering, the briefing has to say so out loud — and if a different tier (or no engagement at all) is the right fit, we will tell you. The published-tier-band + named-architect + quarterly-co-authored-briefing structure is the structural defense against the conflict you are right to ask about.
Does the Co-Managed engagement count for Microsoft Partner Center attribution — FastTrack, co-sell, ECIF?
Yes, where applicable. EPC Group is a Microsoft Solutions Partner with six designations (Data & AI, Infrastructure, Modern Work, Security, Business Applications, Digital & App Innovation). Co-Managed engagements that contribute to a tenant migration, an Azure landing zone, a Copilot rollout, a Fabric or D365 implementation are eligible for FastTrack co-coordination, co-sell partner attribution, and where the workload qualifies, ECIF (Enterprise Cloud Investment Fund) partner-funded engagements that subsidize a portion of EPC's fees. The Large Co-Managed tier explicitly includes Microsoft Partner Center coordination; the Small and Medium tiers include attribution support on a case-by-case basis. Your named architect will identify the qualifying paths during the assessment phase.
How does vendor consolidation actually work in practice?
Three step process. Step 1: during the 2-week assessment, we inventory your current vendor stack — every consulting and managed-service contract touching Microsoft. Step 2: we identify where Co-Managed replaces a current vendor (typical: a per-pillar specialist vendor with overlap on Microsoft estate) versus where it ADDS to the stack (typical: a vertical-specific SaaS integrator with unique value). Step 3: we author a vendor-transition runbook — who does what during the overlap period (typically 3–6 months), who owns the customer relationship, how the existing SOWs wind down, what data and IP transfer. The result is usually a 15–30% aggregate vendor spend reduction plus a single architecture review board seat replacing four uncoordinated account managers. We will not propose displacing a vendor we think is doing good work; the assessment surfaces honest answers there.
How do we transition OUT of a Co-Managed engagement?
Termination notice is 90 days, same as the Managed Lifecycle product. During the notice period the named EPC architect delivers a formal handoff package: the architecture-of-record document, the runbook library (already co-authored, so it is genuinely yours), the dashboard sources and DAX, the open architecture decision register, the active modernization roadmap, the lifecycle stage maturity scorecard, and a knowledge-transfer plan for any open work items. No proprietary lock-in: every dashboard runs on your own Power BI / Fabric capacity; every policy lives in your own Purview / Defender / Entra tenant; every runbook is in your shared documentation system. Because the Co-Managed model already keeps day-to-day ownership internal, the transition out is structurally easier than transitioning out of a full Managed Services engagement — the muscle memory is already inside your team.
Related EPC service lines
- Microsoft Cloud Orchestrator Practice — hub · parent hub naming the 3 productized tiers
- Managed Microsoft Lifecycle (Tier 1 — full ownership)
- Microsoft Adoption Accelerator (Tier 2 — 90-day campaign)
- Microsoft enterprise digital transformation 2026
- Microsoft 365 consulting
- Azure consulting services
- Healthcare IT consulting — HIPAA Microsoft 2026
- Government + Federal Microsoft consulting — FedRAMP + CMMC 2026
- Enterprise regulated analytics on Microsoft
Talk to an EPC Co-Managed architect.
A 30-minute scoping call with your prospective named architect. We will walk your estate, meet your internal lead, identify where the architect bench gap is, and tell you honestly whether Co-Managed is the right fit — or whether Managed Lifecycle, the Adoption Accelerator, or a fixed-fee accelerator gets you there better.
EPC Group · 4900 Woodway Drive, Suite 830, Houston, TX 77056 · https://www.epcgroup.net · Errin O’Connor, Founder & Chief AI Architect