SPEX · Connect & Share

A SPEX product

Cloud Automation Platform (CAP)

Enterprise automation that runs entirely in your own Azure tenant. PowerShell-native, contract-driven and built for organizations that need control, traceability and operational resilience.

Explore a pilot

CAP architecture: ITSM, API, scheduler and AI agent requests flow through contract validation, queues and domain workers to Entra ID, Microsoft 365, Exchange and Azure services, all inside the customer's Azure tenant.

Why CAP

Most Microsoft 365 organizations automate through one of two compromises. Proprietary SaaS suites can introduce another control plane, another licensing model and workflow logic tied to a vendor-specific designer. Loose scripts avoid all that, right up until they run your business with no owner, no audit trail and no recovery plan.

CAP takes a different approach: a code-first automation platform deployed as infrastructure as code into your own Azure tenant. Activities are plain PowerShell. Requests arrive as versioned contracts. Runs are designed to be queued, auditable and recoverable, and CAP runtime and operational data remain in the environment you already govern.

Proprietary SaaS

  • New stack
  • Additional licensing layer
  • Vendor-specific logic
  • External control plane

Loose scripts

  • No governance
  • Fragile
  • Hard to maintain
  • No audit

CAP

  • Existing Azure estate
  • Consumption-based
  • PowerShell-native
  • Contract-driven

How CAP works

CAP request flow in six steps: requests from ITSM, API or AI enter as a versioned JSON contract, queue for buffered recoverable execution, run through a domain worker as an approved enterprise action and record status and audit evidence.

Your tenant, your data

Deployed via Bicep into your own Azure subscription: Container Apps, Service Bus, Key Vault and Log Analytics. CAP runtime and operational data remain in your environment by design.

PowerShell-native activities

Automation logic is plain PowerShell, so your team extends the platform with skills it already has.

Modular domain verticals

One queue and one worker per domain. Start where the demand is and add verticals as you grow.

Contract-based intake

Every request is a versioned JSON envelope. Any ITSM capable of producing the versioned request contract can submit work, keeping the intake layer replaceable.

Failure recovery and audit

Failed messages park for replay instead of disappearing, and action outcomes are recorded in the audit trail.

Where AI fits

An AI agent can only be trusted with operations that are bounded, typed and audited. Every CAP activity is all three. The Intelligence edition on the roadmap adds an agent gateway on top of the same versioned contracts, so AI joins as a client of the platform rather than a rewrite of it.

CAP Intelligence: in development

Two models compared: an AI agent with direct access to enterprise systems has no guardrails, no approval boundaries and no audit, while in the CAP model the agent calls governed, contract-validated actions through an AI action gateway with policy, approval and a full audit trace.
The Intelligence edition model: AI consumes bounded, governed actions rather than receiving privileged backend access.

Editions

Available

CAP Core

Deterministic ITSM-driven automation, available today.

In development

CAP Intelligence

AI action gateway.

Planned

CAP Governance

Cross-action policy, approval and advanced audit controls.

Each edition is additive. Core delivers standalone value and later layers can be enabled without replacing the underlying automation model.

Best fit for

  • Microsoft-centric organizations
  • Azure already in use
  • Critical cross-system workflows
  • Fragmented scripts or Power Automate estates
  • ITSM-driven provisioning
  • Regulated or high-control environments

Pilot examples

Identity & Enterprise Apps

App registrations, owners, credentials, approvals and lifecycle.

Collaboration

Teams, SharePoint, workspace ownership and lifecycle.

ITSM-driven Actions

Service request to governed enterprise execution with status feedback.

Start small

CAP Core is available today. Start with one domain. Prove one use case. Expand only when value is demonstrated.

  • One Azure tenant
  • One domain
  • One intake path
  • 1 to 3 governed actions
  • Defined proof criteria

Scope a CAP pilot

Start with one domain and one high-value use case. We will help you scope a focused pilot in your Azure environment.

Discuss a pilot