Industry · Community foundations, private foundations, grantmakers
For foundations between 50 and 1,000 staff: identity, donor-data stewardship, a compliance posture the audit committee can review, and a governed AI program your trustees can sign off on. One Microsoft Solutions Partner across the stack. Month-to-month. No 12-month lock-in.
The picture today
Three shifts have moved IT from a back-office concern to a board-level oversight matter. Audit and risk committees expect a documented security posture, not assurances. Donor data carries a fiduciary duty of care no commercial business faces. Funders are increasingly asking grantees about their controls, and the same questions flow upward. Here is what we usually find.
Foundations sit on decades of high-trust relationship data: donor names, gift records, grantee financials, board correspondence. Anonymous donor preferences, donor-advised fund records, and family-office relationships carry obligations generic privacy tooling does not address. A single exposure becomes a story in the philanthropy press.
Audit and risk committees now expect a documented security posture, not assurances. Several state attorneys general have signaled growing interest in fiduciary duty over data stewardship. The board meeting is coming, and the answer should be evidence the committee can review.
Capacity-building funders now include grantee technology assessments and AI readiness in their portfolios. The foundation has to model the governance posture it expects from grantees, and have a credible point of view on what good looks like.
Research summaries, grant memo drafts, due-diligence notes: pulled together in consumer AI tools because the workflow is faster. Without a governed alternative inside Microsoft 365, that is where grantee and donor information ends up.
Investment offices are well-instrumented. Grants management has matured. Identity, devices, and data governance often have not kept up. That gap is what makes safe AI deployment hard.
Most foundations pay for capabilities they have never enabled: Microsoft Purview sensitivity labels, Conditional Access, Intune, Defender XDR. These are the same capabilities required for safe Copilot deployment, donor-data segmentation, and audit-defensible posture.
Why now, without urgency theater
And funders are starting to ask the same questions of their grantees. Two numbers explain why this has moved from a future agenda item to a current one.
of major cyber-insurance carriers
now require attestation of MFA, endpoint protection, privileged-access controls, and tested backups before renewing or quoting a foundation's policy. Several have begun requiring evidence, not assurances.
Source: cyber-insurance carrier underwriting guidelines, 2024 to 2025.
funders surveyed
report adding security and IT governance questions to their grantee due-diligence process within the past 24 months. Foundations are increasingly expected to model what they ask of others.
Source: Council on Foundations and PEAK Grantmaking practitioner reports.
The choice in front of the board
The decision is no longer whether to invest in IT governance. It is whether to do it deliberately or reactively.
Path A
Path B
How we help
We run the Microsoft stack for foundations as a managed program, not a project. Identity, device, and data-protection baselines come before AI assistants and grant-management workflows. The CompleteCare stack maps cleanly to the work foundations actually do.
Three CompleteCare tiers fit foundations best. They stack: each requires the one below it.
Microsoft 365 Business Premium operated to a CIS Top 18 IG1 baseline. Identity, devices, email, and data protection: the well-run IT story the audit committee and outside counsel can review. Delivered as a monthly workstream against a 30-60-90 day rolling roadmap, with weekly tenant monitoring and quarterly business reviews.
See CompleteCare Foundations →Microsoft Purview operated as a compliance program for foundation data. Sensitivity labels mapped to donor-data classifications (anonymous donors, named donors, donor-advised funds, family offices), DLP policies covering gift agreements and grantee due-diligence files, eDiscovery for audit-committee requests and legal hold, and retention aligned to foundation fiscal records and grant-agreement obligations. This is the page in the CompleteCare stack written for the audit committee.
See CompleteCare Govern →Microsoft Fabric and Power BI operated as a managed analytics platform: board reporting, grant outcome reporting, program impact dashboards, donor cohort analytics. Built on Microsoft Nonprofit Data Solutions in Fabric where it fits.
See CompleteCare Insight →
Also frequently engaged by foundations:
CompleteCare Intelligence CompleteCare Automate CompleteCare ShieldMicrosoft 365 Copilot and Copilot Studio agents (donor intelligence agent, grantee research agent, board reporter agent) are part of CompleteCare Intelligence, deployed after the Foundations baseline is in place. Explore the full CompleteCare stack →
Prefer to stand it up once, rather than subscribe? Most foundations choose managed services for the lower up-front cost and the accountable partner that comes with it. But every tier is also available as a fixed-scope Project SOW: the same work, delivered as a one-time project you own at the end. Compare the two ways to engage →
Donor privacy
Foundation data carries obligations generic privacy tools do not address. Anonymous donor preferences, donor-advised fund records, family-office relationships, audit-committee files: each has its own access boundary, retention rule, and disclosure posture.
Configured for foundation accountability
CompleteCare Govern configures Microsoft Purview, Microsoft Entra ID, and Microsoft Agent 365 to those boundaries so AI never crosses a line that policy has not drawn.
Sensitivity labels
Labels mapped to anonymous donors, named donors, donor-advised funds, and family offices, so every document carrying privileged information is classified at creation.
Conditional access
Conditional Access policies that scope Microsoft 365 Copilot prompt context to the data each staff member is cleared to see, enforced at the identity layer.
Agent audit trails
Microsoft Agent 365 audit trails that document every agent interaction with donor or grantee information, in the format your audit committee and outside counsel can review.
Responsible-AI policy
A responsible-AI policy in the language your trustees, outside counsel, and grantees can review and that your audit committee can adopt as board resolution.
Foundations we serve
Outcomes
| Outcome | Target |
|---|---|
| License savings via Microsoft Nonprofit Program | Up to 75% for qualifying foundations |
| Time to CIS IG1 baseline on Foundations | 6 to 9 months on the monthly workstream |
| Donor-data classification model deployed and labeled | 90 days under Govern after Foundations is in place |
| Time to first governed agent (board reporter, donor intel, grantee research) | 90 days under Intelligence |
| Audit-committee posture | Quarterly governance documentation refreshed as part of the QBR cycle |
Centered Networks is a charity-authorized Microsoft Cloud Solution Provider. We help qualifying private and community foundations access the Microsoft Nonprofit Program: free Microsoft 365 Business Basic for up to 300 users at eligible foundations, grant-funded F1 frontline SKUs, and up to 75% off paid Microsoft 365 licensing (Business Premium, Business Standard, E3, E5, Copilot, security and compliance). We operate the licensing as your Partner of Record.
Why Centered Networks
Modern Work, Security, Infrastructure (Azure), Data and AI (Azure), Digital and App Innovation (Azure): verified by Microsoft, and held by roughly the top 2% of Microsoft partners globally. The Data and AI designation specifically validates our AI practice, which matters to trustees evaluating an AI program for an organization whose reputation is its asset.
Twelve years operating foundation tenants. We know the donor-data classification problem, the audit-committee documentation rhythm, and the grant-cycle data flows that most managed-service providers have never encountered.
Every CompleteCare tier produces evidence the board and audit committee can review: not a status report, but a governance document. The quarterly business review is designed to be share-worthy with your audit committee.
One Service Delivery Manager. One Quarterly Business Review. One number to call. The SDM runs the monthly roadmap review and owns the relationship across every tier you hold.
No 12-month lock-in. We earn the renewal every month. The structural commitment is on us, not on you. Give 30 days written notice and a tier stops.
Questions
Yes. 50 to 150 users is our sweet spot. CompleteCare Foundations runs about $4,500 per month for that band. Govern and Insight stack on top when the work demands.
Yes, and probably more. The CRM is the system of record, but the donor data ends up in Outlook, Teams, SharePoint, and OneDrive every day: meeting notes, gift agreements, briefing memos. Govern is what classifies, labels, and protects the donor data that lives in the Microsoft tenant alongside the CRM.
Start with a Frontier Briefing: a 90-minute, no-charge session for trustees that translates Microsoft's AI direction into the language the board can act on. From there, the Discovery Sprint scopes a 90-day plan. AI deployment is months 2 through 3, not week 1.
Foundations delivers the identity, device, and data-protection baseline (CIS IG1). Govern operates the compliance program on top of that baseline: sensitivity labels, DLP, eDiscovery, and retention, at a depth that matches a foundation's donor-data obligations. Foundations is the prerequisite.
Yes. This is part of how Insight and Intelligence get scoped for foundations. The foundation needs to model the governance it expects from grantees, and the grantee-research agent built in Intelligence specifically incorporates technology-readiness as a data dimension.
The Microsoft Nonprofit Program offers up to 75% off paid Microsoft 365 licensing, plus free Microsoft 365 Business Basic for up to 300 users at eligible foundations. (Microsoft retired the legacy Business Premium and Office 365 E1 grants on July 1, 2025; Business Basic is now the entry-level grant.) As your CSP, we handle eligibility, place license requests, and operate them as Partner of Record. See our Microsoft Licensing for Nonprofits page for details.
Two weeks of structured discovery tailored to a foundation. We identify the highest-impact use cases across grantmaking, donor stewardship, and operations; assess your donor-data governance readiness; and deliver a 90-day roadmap your board can review. No commitment beyond insight.
Prefer to start at the board level? Request a Frontier Briefing: a 90-minute session for trustees, no charge.
A senior member of our team will reach out within one business day.