Co-Managed IT
Director-level IT, sitting above your internal T1.
We are the directors, architects, and senior engineers your firm would never hire one of — owning Azure, identity, networking, security, and strategy while your internal hand-on-keyboard owns the day-to-day. One contract. One executive-readable roadmap. No ticket black holes.
Built for 50–100 seat professional-services firms with one IT person already in-seat.
Law firms, accounting and CPA firms, RIAs and wealth managers, AEC firms, healthcare-adjacent and general professional services. Your internal IT person handles tickets, hardware, and onboarding. We handle everything that requires a director, an architect, or a Tier 3/4 engineer — without the hire, the recruiting cycle, or the key-person risk.
We are the same firm other MSPs hand their hardest Azure, identity, and network escalations to. You get that capability directly, dedicated, and bound to your roadmap.
Director-led co-managed engagement
$15,000/mo
Single-tier engagement
- Acting Director of IT · monthly executive cadence
- T3 / T4 escalation, Azure, identity, network, firewall, M365
- Security operations + compliance evidence support
- Project delivery without separate SOWs for in-scope work
- AI enablement: workflow automation + vendor reviews
Where we plug in.
We do not replace your internal IT. We make them more effective by owning the layers above them — strategy, architecture, advanced engineering, and the platforms a Tier 1 generalist isn’t expected to operate alone.
| Domain | C2 owns | Your internal IT owns |
|---|---|---|
| Strategy & direction | Acting director / CIO function. Quarterly roadmap, budget, vendor strategy, board-readable reporting. | Day-to-day execution against agreed plan. |
| Identity & access | Entra ID architecture, Conditional Access, PIM, SSO + SCIM rollouts, lifecycle automation. | User onboarding/offboarding tickets, MFA resets, group requests. |
| Endpoints | Intune design, baselines, Autopilot, app packaging, compliance policies, OS upgrades. | Hardware swaps, end-user troubleshooting, peripheral support. |
| Network, firewall, perimeter | Architecture, change windows, firewall rule review, segmentation, VPN/ZTNA design, ISP escalations. | Cable, jack, AP swap, escalating outages. |
| Azure & cloud | Landing zones, governance, IaC, cost management, security baselines, App Service / Functions / AKS workloads. | No expectation — owned by C2. |
| Microsoft 365 | Tenant administration, Exchange, SharePoint/OneDrive governance, Teams policy, Purview. | Mailbox & DL requests, Teams membership, basic SharePoint permissions. |
| Security operations | EDR/XDR posture, identity-threat response, hardening, incident command, exec briefings. | First-touch alert triage, end-user reporting workflow. |
| Projects | Migrations, M&A IT integration, M365 / Azure builds, identity rebuilds, compliance evidence packages. | Onsite hands, asset moves, end-user comms. |
| AI enablement | Workflow automation with Power Automate + LLMs, vendor selection, build-vs-buy reviews, internal AI policy. | Front-line user enablement once tools are deployed. |
| Tier 3 / Tier 4 escalation | 24/5 advanced engineering escalation. Root-cause analysis, vendor case ownership through resolution. | Tier 1 / Tier 2 ticket ownership and ticket-system hygiene. |
Capabilities.
The full senior-engineering stack, available without you assembling — or paying for — the full roster of specialists.
Azure landing zones & governance
Bicep / Terraform IaC. Management groups, policy, cost guardrails, log architecture. Built to be auditable on day one.
Identity — Entra ID, Conditional Access, PIM
Identity-first security posture. Privileged access reviewed monthly. Break-glass paths defined and tested.
Intune & endpoint management
Autopilot, configuration baselines, app packaging, compliance reporting. Same baseline whether you have 50 or 500 endpoints.
Networking & firewalls
Architecture, segmentation, change governance, firewall rule reviews, VPN / ZTNA design and migration.
Azure data platform
Synapse, Data Factory, Databricks. Built and operated, including secure landing zones and governed data sharing for analytics teams.
Posit Workbench & Connect
R / Python analytic environment administration in production — license, identity wiring, model deployment, governance.
GitHub, Azure DevOps, AAP
Pipelines, repository governance, automation runbooks. Ansible Automation Platform for hybrid environments.
C# microservices in Azure
App Service, Functions, AKS. We build the integrations and internal tools your team needs but can’t afford to assemble in-house.
ArcGIS Enterprise
Production deployment and administration experience for spatial analytic platforms.
AI transformation advisory
Workflow automation with Power Automate + LLMs and vendor selection / build-vs-buy reviews — grounded in what your stack can actually deliver.
Compliance-aware by default.
We work in environments where audit failures and identity incidents are existential. The same controls discipline carries into every engagement.
SOC 2 readiness
Control mapping, evidence pipelines, audit prep.
HIPAA
Administrative, physical, and technical safeguards aligned with M365 / Azure.
CMMC / DFARS / NIST 800-171
Federal-grade controls implemented in hybrid civilian and contractor environments.
Bar / state-bar data handling
Confidentiality, conflicts, and retention rules built into M365 / Azure governance.
GLBA / FTC Safeguards
Financial-services-aligned risk and access controls.
FedRAMP-aware operations
Authority-to-operate-style discipline carried into commercial engagements.
Proof.
3+ years
Acting Director of IT for a NY-area mid-size law firm (~50–75 seats).
Federal civilian agency
Built and operate the Azure private-cloud data-science platform — Synapse, Data Factory, Databricks, Posit Workbench/Connect, ArcGIS Enterprise, and IRT analytic servers.
Top-tier escalation
T3 / T4 Azure and on-prem support for other MSPs — networking, identity, firewall, and Azure work their teams hand off.
Named references and case studies available under NDA.
How we engage.
A predictable rhythm — designed so your leadership always knows what's next, what's improving, and what's at risk.
01 · Discover
Two-week assessment: stack, identity posture, project backlog, ticket history, compliance gaps.
02 · Stabilize
Quick-wins quarter: identity hygiene, Conditional Access, baseline Intune, firewall review, monitoring.
03 · Operate
Director-led monthly cadence: roadmap reviews, T3/T4 ticket ownership, project delivery, security posture.
04 · Advance
Quarterly modernization: Azure consolidation, AI enablement, compliance evidence, vendor consolidation.
The C2 differentiator
Co-managed IT, backed by an AI-native engineering practice.
Most co-managed IT firms run a help desk and resell licensing. We build production AI systems for federal mission environments — that engineering depth shows up in how we run your stack: better automation, sharper telemetry, fewer manual processes.
Cognitive Infrastructure is our framework for closed-loop, self-healing systems. Your firm doesn’t need to license it to benefit from the discipline behind it.
Ready to scope?
Request a stack assessment proposal.
Two-week assessment of your current stack, identity posture, project backlog, ticket history, and compliance gaps. You get a written proposal with a roadmap, regardless of whether we engage further.