matt-taylor.tech
← Back to projects

Work · National food brokerage · Since 2024

Enterprise AI rollout, policy, and governance

Claude Enterprise Claude Code GitHub Copilot Microsoft Copilot Studio Model Context Protocol (MCP) GitHub organization Azure Key Vault Microsoft 365 / Entra ID Microsoft Purview

I own the company's AI program end to end across roughly 1,000 employees: the governance that makes it safe, the developer platform that makes it productive, and the rollout and adoption that make it real. The work breaks into three tiers of governance sitting on top of a managed developer platform, all wired into the company's existing identity and information-protection stack.

Why this exists

AI tools deliver real leverage only when they are governed, connected to the organization's actual data, and adopted with intent. Left ungoverned, they create data-handling and shadow-IT risk; left unconnected, they are generic chatbots. This program puts clear policy and guardrails in place, gives builders a safe and repeatable way to ship, and integrates the tools into the systems the company already runs so output is grounded in real context.

Tier 1: Company-wide AI Policy

Authored the corporate AI Policy, co-owned with Human Resources and Business Intelligence, that governs how everyone in the company uses AI. It defines the approved enterprise tools, a clear definition of Protected Information (client-confidential, commercially sensitive, and personal or regulated data), an output-ownership principle that treats AI output as a draft to be checked rather than a finished product, data-handling rules, and an incident-response path.

Tier 2: AI-Assisted Development Policy

A separate technical policy governing anyone who builds applications, scripts, automations, or integrations with AI, including IT's own work, which is held to the same requirements without exemption. It covers sanctioned tools and accounts, code in private source control, secrets kept out of code and in an approved secret store, least-privilege and per-application access, isolated development environments, managed deployment rather than raw code handed to end users, and named ownership with a handoff path.

Tier 3: Developer handbook, how-tos, and repo template

  • A 22-section developer handbook walking through the whole delivery loop: editor to Git to pull request to managed deployment, working safely with AI-generated code, tests, logging, secrets, packaging, versioning, and support.
  • Eight how-to guides including a day-one onboarding path with glossary and an end-to-end Microsoft Graph integration tutorial written in both PowerShell and Python.
  • A production-ready repo template (README, project guidance for the AI assistant, an operational runbook, environment-example, and Git configuration) so a new project starts standardized and enforces the standards without friction.

The managed developer platform

The governance rides on real infrastructure: an isolated non-production tenant where developers can build and test with broad access safely because it holds no production data, per-developer domain-joined and baseline-secured workstations, and a dev-to-production promotion flow where IT provisions production access scoped to least privilege. Code lives in a private GitHub organization; secrets live in an approved secret store; internal code signing is on the roadmap.

Rollout and adoption

The rollout centers on Claude Enterprise, Claude Code, GitHub Copilot, and Microsoft Copilot Studio agents, all governed under the one policy. Copilot Studio agents ship as Teams apps for self-service, including a company-wide HR and benefits assistant with citation-back-to-source behavior. Model Context Protocol connections ground the assistants in the company's own systems under the same access controls as the rest of the estate. Adoption is driven with power-user enablement, prompt-engineering training, and tracking.

What this demonstrates

  • Leading an enterprise AI program end to end from policy and platform through rollout and adoption, not just enabling a SaaS license.
  • Writing the governing policies rather than inheriting them, across both a company-wide use policy and a technical development policy, co-owned with HR and Business Intelligence.
  • Building the paved road a handbook, how-tos, repo template, and managed dev platform so builders move fast within guardrails.
  • Holding IT to the same standard the development policy applies to IT's own work without exemption.