North Ark
← All case studies
AI Consulting & ImplementationSecure

Professional services — permissions-aware RAG assistant in Teams

Multi-discipline professional services firm, 85 staff · Professional services

Staff were pasting SOPs, job packs, and client templates into public ChatGPT to get answers fast — with no audit trail and no guarantee sensitive content stayed inside the firm. Leadership needed an internal assistant that respected SharePoint permissions and could ship in weeks, not quarters.

The problem

Approved procedures lived across SharePoint libraries, Teams channels, and PDF archives. New hires asked the same questions in Slack. Compliance could not prove who accessed what. A Copilot rollout was on the roadmap, but the firm needed a governed assistant on their documents now — without retraining everyone on a new workflow.

Constraints

  • Documents span HR, operations, and client delivery — access must mirror Entra groups
  • No client PII in model training; answers must cite source documents
  • Pilot live in Teams within four weeks; expand only after security sign-off

Approach

  1. Step 1

    Data & access discovery

    Mapped SharePoint sites, libraries, and sensitivity labels to Entra ID groups. Identified pilot libraries (onboarding, delivery SOPs, templates) and excluded archives outside scope.

  2. Step 2

    Data preparation & vector index

    Normalised documents, applied chunking and metadata enrichment, and built an Azure AI Search vector index with hybrid retrieval — keyword plus embeddings for accurate SOP lookup.

  3. Step 3

    RBAC, guardrails & cloud services

    Deployed Azure OpenAI in-region with private endpoints. Enforced document-level filters from Entra group membership, prompt safety, citation-only answers, and audit logging — no anonymous cross-library access.

  4. Step 4

    Teams delivery & adoption

    Shipped a Teams app for the pilot cohort with feedback loops, admin dashboard for index health, and runbooks for adding libraries. Optional Productivity Partnership for monthly expansion.

Deliverables

  • Azure AI Search vector index on approved SharePoint libraries
  • Azure OpenAI assistant with Entra RBAC and source citations
  • Microsoft Teams app — pilot cohort live
  • Data preparation playbook and index refresh runbook
  • Security & governance sign-off pack for internal IT

Results

Time to answer
Typical SOP lookup dropped from ~15 min search to under 2 min
Shadow AI risk
Pilot cohort moved off public ChatGPT for approved procedures
Permissions
Answers scoped to Entra groups — HR docs never surfaced to delivery staff
Stack
Azure OpenAI · AI Search · Entra ID · SharePoint · Teams · Private networking

For the first time we have an assistant that knows our procedures and respects who is allowed to see them — not another shadow IT experiment.

Head of Operations

Facing something similar?

Similar outcome: Enterprise SOP Assistant Pilot — $9,500–$12,500 · 3–4 weeks.

Book Enterprise SOP Assistant Pilot$9,500–$12,500See all outcomes