March 28, 202662 min readIntelligence & insights

Implementation Guide: Research case law and synthesize relevant precedents for a specific matter

Step-by-step implementation guide for deploying AI to research case law and synthesize relevant precedents for a specific matter for Legal Services clients.

Use Case Implementation Guide

Hardware Procurement

Attorney/Paralegal Workstation Laptop

Dell TechnologiesDell Latitude 5550 (i7-1365U, 16GB RAM, 512GB SSD)Qty: 10

$1,200 per unit MSP cost via Ingram Micro / TD SYNNEX / $1,550 suggested resale

Primary endpoint for attorneys and paralegals to access cloud-based AI legal research platforms (Clio Work, Clearbrief, Westlaw). 16GB RAM and SSD ensure smooth performance when running multiple browser tabs with AI research tools alongside Microsoft 365 applications and Word add-ins.

Dual QHD Monitors

Dell TechnologiesDell U2723QE UltraSharp 27" 4K USB-C Hub MonitorQty: 20

$480 per unit MSP cost / $620 suggested resale

Dual-monitor setup is essential for legal AI research workflows — attorneys need side-by-side display of AI-generated case summaries alongside original source cases for mandatory verification per ABA Formal Opinion 512. USB-C hub model reduces cable clutter and provides docking capability.

Monitor Arms (Dual)

ErgotronErgotron LX Dual Stacking Arm (45-248-026)Qty: 10

$280 per unit MSP cost / $370 suggested resale

Dual monitor mounting for clean desk setup; improves ergonomics for attorneys who spend 8+ hours reviewing AI research output on screens.

Firewall/UTM Appliance

FortinetFortiGate 40F (FG-40F-BDL-950-12)Qty: 1

$750 MSP cost (hardware + 1yr FortiGuard UTM bundle) / $1,100 suggested resale + $600/yr renewal

Next-generation firewall providing unified threat management, SSL inspection, application control, and IPS. Required for ABA-compliant network security. Supports up to 25 concurrent users with full UTM inspection enabled. FortiGuard bundle includes antivirus, web filtering, IPS, and application control subscriptions.

Wireless Access Point

UbiquitiUniFi U6 Pro (U6-Pro)Qty: 2

$150 per unit MSP cost / $220 suggested resale

Enterprise-grade Wi-Fi 6 coverage for the office. Supports WPA3 enterprise authentication, VLAN segmentation (separate guest from attorney traffic), and centralized management via UniFi Network Controller. Two APs provide coverage for a typical 2,000–4,000 sq ft law office.

Network Switch

UniFi Switch USW-24-POE

UbiquitiUniFi Switch USW-24-PoEQty: 1

$380 MSP cost / $500 suggested resale

24-port PoE+ managed switch to power UniFi APs and connect all workstations. VLAN support enables network segmentation between attorney workstations, guest WiFi, and IoT/printer devices per security best practices.

Uninterruptible Power Supply

APC by Schneider ElectricAPC Smart-UPS 1500VA (SMT1500C)Qty: 1

$520 MSP cost / $680 suggested resale

Battery backup for firewall, switch, and access points in the network closet. SmartConnect cloud management enables MSP remote monitoring of battery health and power events. Provides 15–20 minutes of runtime for graceful shutdown or ride-through during brief outages.

USB-C Docking Stations (if not using monitor hub)

Dell WD19DCS Dual USB-C Dock

Dell TechnologiesDell WD19DCS Dual USB-C DockQty: 10

$200 per unit MSP cost / $280 suggested resale

Alternative to monitor USB-C hub — provides power delivery, dual display output, Ethernet, and USB-A ports for peripheral connectivity. Only needed if selecting non-hub monitors.

Software Procurement

Clio Manage (Complete Plan)

Clio (Themis Solutions Inc.)Complete PlanQty: 10 users

$159/user/month ($1,590/month for 10 users)

Core practice management platform providing matter management, time tracking, billing, calendaring, and client portal. Serves as the central hub integrating with Clio Work/Vincent AI for research workflows. Matter context from Clio Manage feeds into AI research queries for relevant precedent retrieval.

Clio Work with Vincent AI

Clio / vLexSaaS per-seat monthlyQty: 10 users

$199/user/month ($1,990/month for 10 users)

Primary AI-powered legal research and precedent synthesis platform. Includes Vincent AI (powered by vLex's comprehensive case law database covering US federal regulations, state laws, and case law across all 50 states), Clio Library for legal research, and deep integration with Clio Manage. Attorneys can query natural-language questions about case law, receive AI-synthesized precedent summaries with citations, and access full-text case opinions — all within the matter context.

Clearbrief

Clearbrief Inc.SaaS per-seat annualQty: 10 litigation users

$142/user/month billed annually (~$1,704/user/year; $17,040/year for 10 litigation users)

AI-powered citation analysis and brief-writing tool operating as a Microsoft Word add-in. Automatically verifies that citations in briefs are accurate, checks quoted language against source documents, and identifies unsupported factual assertions. SOC 2 Type II certified. Essential companion to AI research — provides the verification layer mandated by ABA Formal Opinion 512 before filing AI-assisted briefs.

Microsoft 365 Business Premium

MicrosoftSaaS per-seat monthly (CSP)Qty: 10 users

$22/user/month CSP cost (~$28.60 suggested resale; $286/month for 10 users at resale)

Foundation productivity and security platform providing Exchange Online, SharePoint Online (used as DMS for firms under 15 attorneys), Microsoft Teams, Entra ID P1 (Azure AD with Conditional Access), Intune MDM/MAM, Microsoft Defender for Office 365 Plan 1, and Microsoft Purview Information Protection. SharePoint serves as the document management system for smaller firms. Entra ID provides SSO and Conditional Access policies for all SaaS legal tools.

Microsoft 365 Copilot

MicrosoftSaaS per-seat monthly add-on (CSP)Qty: per user/month

$30/user/month CSP cost (~$36 suggested resale; $360/month for 10 users at resale)

AI assistant integrated into Word, Outlook, Teams, and Excel. For legal workflows: draft initial correspondence from matter context, summarize lengthy email threads, generate meeting notes from Teams calls with clients, and assist with document drafting in Word. Respects existing SharePoint permissions and document access controls ensuring client matter confidentiality boundaries.

SentinelOne Singularity Control

SentinelOneSingularity ControlQty: per-seat

$4–$6/endpoint/month MSP cost / $8–$12 suggested resale

AI-powered endpoint detection and response (EDR) providing autonomous threat prevention, detection, and response. Required for ABA Model Rule 1.6(c) compliance — proactive cybersecurity measures to protect client data. Replaces Windows Defender with enterprise-grade EDR with MSP-managed SOC visibility via SentinelOne's multi-tenant console. License type: SaaS per-seat monthly (MSP partner).

Huntress Managed EDR

HuntressSaaS per-seat monthly (MSP partner)

$3–$5/endpoint/month MSP cost / $6–$8 suggested resale

Managed threat detection and human-powered threat hunting layer complementing SentinelOne. Huntress SOC analysts provide 24/7 monitoring and incident response escalation. Adds human review to automated EDR — critical for law firms where a breach could result in malpractice liability and bar disciplinary proceedings.

DNSFilter

DNSFilter (now part of Zscaler family)SaaS per-seat monthly (MSP partner)

$1.50–$2/user/month MSP cost / $3–$5 suggested resale

DNS-layer security filtering blocking access to malicious domains, phishing sites, and inappropriate content categories. Deployed at the FortiGate level and via roaming client on endpoints. Provides compliance logging for ABA-required cybersecurity measures.

Axcient x360Recover

Axcientx360Recover

$200–$500/month depending on data volume

MSP-managed backup and disaster recovery for all client workstations and cloud data (Microsoft 365 mailboxes, SharePoint/OneDrive). Provides image-based backup with instant virtualization for business continuity. Critical for protecting irreplaceable client matter files and work product — loss of client files could constitute malpractice. 3-2-1 backup strategy compliance. License type: SaaS usage-based monthly (MSP partner).

Proofpoint Essentials

ProofpointSaaS per-seat monthly (MSP partner)

$3–$4/user/month MSP cost / $6–$8 suggested resale

Advanced email security gateway providing anti-phishing, anti-spam, impersonation protection, and URL defense. Law firms are high-value phishing targets due to wire transfer activity, client trust accounts, and sensitive case information. Layers on top of Microsoft Defender for Office 365 for defense-in-depth.

Prerequisites

Stable internet connection with minimum 100 Mbps symmetrical bandwidth (250+ Mbps recommended for 10+ concurrent users); verify with speed test from ISP modem
Active Microsoft 365 Business Premium licenses for all users (or plan to migrate from existing email/productivity platform as part of this project)
Current firm practice management software identified (Clio Manage recommended; if using MyCase, PracticePanther, or LEAP, confirm AI research tool integration compatibility before proceeding)
Complete inventory of all existing legal software subscriptions: research (Westlaw, Lexis, Fastcase), DMS (NetDocuments, iManage, SharePoint), accounting (QuickBooks, CosmoLex, LeanLaw), e-filing, and e-discovery tools
Client matter data classification completed: identify which matters involve PHI (medical malpractice, PI), PII of minors, EU citizen data (GDPR), or California resident data (CCPA) — this affects vendor selection and data handling requirements
Written authorization from firm managing partner or IT committee to proceed with AI tool deployment, including acknowledgment of ABA Formal Opinion 512 requirements for AI oversight
All attorney and paralegal users have state bar association memberships verified (some tools like Fastcase/vLex provide free access through bar membership that can supplement the primary platform)
Existing firewall and network equipment inventoried with model numbers and firmware versions; plan for replacement if equipment is >5 years old or lacks UTM capabilities
Domain registrar access and DNS management credentials available (needed for email security configuration and SSO setup)
Current cyber insurance policy reviewed to confirm coverage extends to AI tool usage and cloud-based data storage; if not, recommend policy update before deployment
Conference room or training space identified with projector/display for attorney training sessions
Firm's existing AI usage policy reviewed, or acknowledgment that one will be created as part of this project

Installation Steps

Step 1: Network Infrastructure Assessment and Upgrade

Conduct a thorough assessment of the firm's existing network infrastructure. Test internet bandwidth using speedtest.net or iPerf3 from multiple workstations. Verify that the ISP connection supports the minimum 100 Mbps symmetrical requirement. Inspect existing cabling (must be Cat6 or better for gigabit LAN). If the existing firewall is consumer-grade or >5 years old, plan for FortiGate 40F replacement. Document all findings in a site survey report.

Run from multiple workstations to assess bandwidth, latency, and routing to Microsoft 365 endpoints

bash

iperf3 -c iperf.he.net -p 5201 -t 30
# Test from multiple workstations to verify consistent throughput
ping -n 50 eastus.azure.com
# Verify latency to Azure East US (target <50ms)
tracert login.microsoftonline.com
# Verify clean routing to Microsoft 365 endpoints

Note

If ISP bandwidth is insufficient, coordinate ISP upgrade before proceeding. Many law firms are in commercial buildings with limited ISP options — check for fiber availability. Budget 1–2 weeks lead time for ISP upgrades. Document current network topology in a Visio or draw.io diagram for the client file.

Step 2: Deploy FortiGate 40F Firewall and Network Equipment

Rack-mount or desktop-deploy the FortiGate 40F. Perform initial setup via the console port or web GUI (https://192.168.1.99). Register the unit on FortiCloud for MSP remote management. Configure WAN interface with ISP settings (static IP preferred for law firms — request from ISP if not already provisioned). Configure LAN interfaces with VLAN segmentation: VLAN 10 (Attorney/Staff - 192.168.10.0/24), VLAN 20 (Guest WiFi - 192.168.20.0/24), VLAN 30 (IoT/Printers - 192.168.30.0/24). Enable FortiGuard UTM services including web filtering (block high-risk categories), IPS, antivirus, and application control. Configure SSL inspection with a custom CA certificate pushed via Intune to managed endpoints.

FortiGate CLI - Initial Network Configuration

bash

# FortiGate CLI - Initial Network Configuration
config system interface
  edit wan1
    set mode static
    set ip <ISP_STATIC_IP> <SUBNET_MASK>
    set allowaccess ping https ssh
  next
  edit internal
    set vdom root
  next
end

# Create VLANs
config system interface
  edit VLAN10-Attorney
    set vdom root
    set interface internal
    set vlanid 10
    set ip 192.168.10.1 255.255.255.0
    set allowaccess ping https ssh
    set role lan
  next
  edit VLAN20-Guest
    set vdom root
    set interface internal
    set vlanid 20
    set ip 192.168.20.1 255.255.255.0
    set allowaccess ping
    set role lan
  next
  edit VLAN30-IoT
    set vdom root
    set interface internal
    set vlanid 30
    set ip 192.168.30.1 255.255.255.0
    set allowaccess ping
    set role lan
  next
end

# Configure DHCP for Attorney VLAN
config system dhcp server
  edit 1
    set interface VLAN10-Attorney
    config ip-range
      edit 1
        set start-ip 192.168.10.100
        set end-ip 192.168.10.200
      next
    end
    set dns-server1 103.247.36.36
    set dns-server2 103.247.37.37
    set default-gateway 192.168.10.1
    set netmask 255.255.255.0
  next
end

# Enable FortiGuard UTM
config utm
end
# Apply web filter, AV, IPS profiles to firewall policies via GUI for accuracy

Note

Use the FortiGate web GUI for UTM profile configuration — CLI is error-prone for complex UTM policies. Set DNS servers to DNSFilter IPs (will be configured in Step 6). Ensure the FortiGate firmware is updated to the latest stable release before going live. Save a backup configuration to FortiCloud and locally. Set up FortiCloud account under MSP's management tenant for centralized monitoring.

Step 3: Deploy Ubiquiti UniFi Wireless and Switching

Install the UniFi USW-24-PoE switch in the network closet connected to the FortiGate LAN interface. Mount two UniFi U6 Pro access points in optimal locations (use UniFi Design Center for heat mapping if needed). Adopt all devices into UniFi Network Controller (hosted on UniFi Cloud or MSP-hosted controller). Configure SSIDs: 'FirmName-Secure' (WPA3-Enterprise with RADIUS via Entra ID or WPA3-Personal with strong PSK, mapped to VLAN 10), 'FirmName-Guest' (WPA2-Personal, isolated, mapped to VLAN 20, bandwidth-limited to 25 Mbps). Configure switch port profiles to assign appropriate VLANs to wired ports.

UniFi Controller — Network, SSID, and Switch Port Configuration Reference

UniFi Controller - Configure via web GUI at https://unifi.ui.com or local controller

Step 1: Adopt switch and APs via Controller > Devices > Adopt

Step 2: Create Networks: - Attorney Network: VLAN 10, DHCP from FortiGate - Guest Network: VLAN 20, DHCP from FortiGate, Client Isolation ON - IoT Network: VLAN 30, DHCP from FortiGate

Step 3: Create WiFi Networks: SSID: FirmName-Secure, Network: Attorney, Security: WPA3/WPA2, Band: Both SSID: FirmName-Guest, Network: Guest, Security: WPA2, Band: Both, Bandwidth Limit: 25/25 Mbps

Step 4: Assign switch port profiles: Ports 1-12: Attorney VLAN 10 (untagged) Ports 13-14: All VLANs tagged (trunk to APs) Port 23: Management Port 24: Uplink to FortiGate

Note

If the firm requires WPA3-Enterprise (802.1X), you will need a RADIUS server. Microsoft NPS on a Windows Server or cloud RADIUS service like JumpCloud RADIUS can authenticate against Entra ID. For simplicity in firms under 15 users, WPA3-Personal with a strong 20+ character passphrase rotated quarterly is acceptable. Document WiFi credentials in the client's IT documentation (ITGlue/Hudu).

Step 4: Microsoft 365 Business Premium Deployment and Hardening

Provision or verify Microsoft 365 Business Premium licenses for all users via the MSP's CSP partner portal (e.g., Pax8, Sherweb, AppDirect). If migrating from another email platform, plan and execute email migration (BitTitan MigrationWiz recommended). Configure Entra ID (Azure AD) with the firm's custom domain. Enable Security Defaults or, preferably, configure Conditional Access policies for granular control. Enforce MFA for all users using Microsoft Authenticator (phishing-resistant FIDO2 keys recommended for partners/senior attorneys). Configure Intune device enrollment for all firm-owned laptops. Deploy Microsoft Purview sensitivity labels for client matter classification.

Connect to Microsoft Graph and verify M365 Business Premium licenses

powershell

# PowerShell - Connect to Microsoft Graph (run from MSP admin workstation)
Install-Module Microsoft.Graph -Scope CurrentUser
Connect-MgGraph -Scopes 'User.ReadWrite.All','Policy.ReadWrite.ConditionalAccess','DeviceManagementConfiguration.ReadWrite.All'

# Verify all users have M365 Business Premium licenses
Get-MgUser -All | Select-Object DisplayName, UserPrincipalName, @{N='Licenses';E={(Get-MgUserLicenseDetail -UserId $_.Id).SkuPartNumber -join ', '}}

Policy 1: Require MFA for all users, all cloud apps, all locations

Policy 2: Block legacy authentication protocols

Policy 3: Require compliant device for access to SharePoint/Exchange (after Intune enrollment)

Best configured via Entra Admin Center > Protection > Conditional Access > New Policy

Enable Unified Audit Logging

powershell

# Enable Unified Audit Logging
Connect-ExchangeOnline
Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

Configure SharePoint as basic DMS

powershell

# create Client Matters site

# Configure SharePoint as basic DMS
# Create SharePoint site: 'Client Matters'
# Structure: Site > Document Library per Practice Area > Folder per Matter Number
Connect-SPOService -Url https://firmname-admin.sharepoint.com
New-SPOSite -Url https://firmname.sharepoint.com/sites/ClientMatters -Title 'Client Matters' -Owner admin@firmname.com -Template STS#3 -StorageQuota 1048576

Note

If the firm already has Microsoft 365, audit the current configuration thoroughly before making changes. Many law firms have poorly configured M365 tenants with no MFA, no Conditional Access, and permissive sharing settings. Document all changes in the MSP's documentation system. Conditional Access policies should be deployed in Report-Only mode first for 1 week, then enforced. Ensure attorney buy-in for MFA before enforcing — provide hands-on enrollment assistance.

Step 5: Deploy Endpoint Security Stack

Deploy SentinelOne Singularity Control agent and Huntress agent to all firm workstations and any servers. Use Intune to push the SentinelOne MSI package as a Win32 app deployment. Configure SentinelOne policies: Detect+Protect mode, enable Ranger network visibility, configure exclusions for legal software (Clio desktop agent if any, document scanners, legal-specific applications). Deploy Huntress agent alongside SentinelOne. Verify both agents are reporting to their respective MSP consoles. Remove any existing consumer-grade antivirus (Norton, McAfee, etc.) before deploying SentinelOne.

Download SentinelOne Windows Agent MSI from management console

Wrap with IntuneWinAppUtil.exe

Upload to Intune > Apps > Windows > Add > Windows app (Win32)

Wrap SentinelOne MSI with IntuneWinAppUtil

shell

IntuneWinAppUtil.exe -c .\SentinelOne -s SentinelOneInstaller.msi -o .\Output

Intune Win32 App install/uninstall commands and detection rule for SentinelOne

shell

# Install command:
msiexec /i SentinelOneInstaller.msi SITE_TOKEN=<YOUR_SITE_TOKEN> /q /norestart

# Uninstall command:
msiexec /x SentinelOneInstaller.msi PASSPHRASE=<YOUR_PASSPHRASE> /q

# Detection rule: File exists - C:\Program Files\SentinelOne\Sentinel Agent\SentinelAgent.exe

Huntress Agent deployment via Intune or RMM — download installer from Huntress portal with org and account keys embedded

powershell

powershell -ExecutionPolicy Bypass -File .\InstallHuntress.powershellv2.ps1 -acctkey <ACCOUNT_KEY> -orgkey <ORG_KEY>

Verify SentinelOne and Huntress agent deployment and service status

powershell

Get-Service SentinelAgent | Select-Object Name, Status
Get-Service HuntressAgent | Select-Object Name, Status

Note

SentinelOne and Huntress coexist without conflict — SentinelOne provides autonomous EDR while Huntress adds human-powered threat hunting. Both are MSP-standard tools with multi-tenant management consoles. Ensure SentinelOne anti-tamper is enabled. Test that legal applications (Clio, browser-based tools) function correctly after SentinelOne deployment — occasionally SSL inspection or behavioral analysis can interfere with legitimate legal software. Create exclusions proactively for known legal software directories.

Step 6: Configure DNS Filtering and Email Security

Configure DNSFilter at two levels: (1) at the FortiGate as the upstream DNS resolver for all DHCP-served clients, and (2) via the DNSFilter roaming agent on each endpoint for off-network protection. Create a DNSFilter policy blocking: malware, phishing, botnet C2, newly registered domains, and optionally adult/gambling content. Deploy Proofpoint Essentials for inbound/outbound email security — update MX records to point to Proofpoint, configure connection to Exchange Online, enable URL defense, attachment sandboxing, and impersonation protection (critical for wire fraud prevention in real estate closings and trust account management).

DNSFilter - FortiGate Configuration

shell

# Set DNSFilter as DNS servers in FortiGate DHCP scope:
config system dhcp server
  edit 1
    set dns-server1 103.247.36.36
    set dns-server2 103.247.37.37
  next
end

DNSFilter Roaming Agent

shell

# Deploy via Intune. Download MSI from DNSFilter management console.

msiexec /i DNSFilter_Agent.msi AGENT_KEY=<YOUR_AGENT_KEY> /q /norestart

Proofpoint Essentials - Update DNS MX records at domain registrar:
Priority 10: mx1-us1.ppe-hosted.com
Priority 20: mx2-us1.ppe-hosted.com
Remove old MX records pointing to Microsoft 365 directly

Proofpoint - Configure M365 Connector: In Exchange Admin Center > Mail Flow > Connectors

Create inbound connector from Proofpoint (partner organization)

Restrict inbound mail to only accept from Proofpoint IP ranges

Note

MX record changes require 24–48 hours for full propagation — schedule this change during a low-activity period (Friday evening). Monitor mail flow closely for the first 48 hours after Proofpoint deployment. Configure Proofpoint quarantine digest emails so attorneys can review blocked messages. Wire fraud via email impersonation is the #1 cyber threat to law firms — emphasize the impersonation protection features to the firm.

Step 7: Configure Backup and Disaster Recovery

Deploy Axcient x360Recover for comprehensive backup coverage. Configure cloud-to-cloud backup for Microsoft 365 (Exchange Online mailboxes, SharePoint/OneDrive document libraries, Teams data) — this protects against accidental deletion, ransomware, and Microsoft outages. For any on-premise file servers or NAS devices, deploy an Axcient BDR appliance or use x360Recover Direct-to-Cloud. Configure backup policies: hourly backups during business hours, 90-day retention minimum (check with firm for any matter-specific retention requirements — many jurisdictions require 7+ year retention of closed matter files). Test backup restoration monthly.

Add organization > Connect Microsoft 365 tenant via OAuth

Select all user mailboxes for protection

Select all SharePoint sites (especially ClientMatters site)

Select all OneDrive accounts

Configure backup frequency: 3x daily for Exchange, 1x daily for SharePoint/OneDrive

Set retention: 90 days point-in-time, 7-year archive for closed matters

Axcient x360Recover

bash

# Verify backup status and perform monthly test restore

# Verify backup via Axcient portal:
# x360Recover > Organization > Protected Items > Verify last successful backup timestamp
# Perform test restore of a single mailbox item and SharePoint file monthly

Note

Law firms have extremely strict data retention requirements that vary by jurisdiction and practice area. Before configuring backup retention, consult with the firm's managing partner about their document retention policy. Some state bars require keeping client files for 7–10 years after matter closure. Ensure backup encryption is enabled (AES-256) both in transit and at rest. Document the backup configuration and test results in the MSP's documentation system. Include backup status in monthly MSP reports to the client.

Step 8: Deploy Clio Manage Practice Management Platform

If the firm is not already on Clio Manage, provision the Clio Manage Complete plan for all users. Configure the firm's practice areas, matter types, custom fields, billing rates, and trust accounting settings. Set up the matter numbering convention (e.g., YYYY-NNNN format). Import existing matters, contacts, and calendar entries from the prior PM system (Clio provides migration tools and services). Configure SSO via Microsoft Entra ID for seamless authentication. Enable Clio's API access for future integrations. Set up user roles and permissions ensuring attorneys only see matters they are assigned to (ethical wall support for conflict checks).

Navigate to Settings > Firm > Practice Areas — Add all practice areas: Litigation, Corporate, Family Law, Real Estate, etc.

Settings > Firm > Matter Numbering — Set format: {YEAR}-{AUTO_INCREMENT} (e.g., 2025-0001)

Settings > Billing > Rates — Configure hourly rates for each attorney and paralegal

Settings > Users > Add Users — Provision all attorney and staff accounts

Settings > Security > Single Sign-On — Configure SAML SSO with Microsoft Entra ID: In Entra Admin Center: Enterprise Applications > New Application > Clio. Download Federation Metadata XML. Upload to Clio SSO settings. Map attributes: email, first_name, last_name

Settings > API > Enable API access for integration with Clio Work

Enable Clio Ethical Walls (if available on plan): Settings > Ethical Walls > Create Wall — Assign matters and users to restrict access

Note

If the firm is migrating from another practice management system (MyCase, PracticePanther, Smokeball), budget 2–4 additional weeks for data migration. Clio offers a dedicated migration team for complex migrations — engage them early. SSO configuration with Entra ID eliminates separate Clio passwords and enables Conditional Access policy enforcement (e.g., block access from unmanaged devices). Verify that the Clio Manage plan supports the number of users and features needed before signing the contract.

Step 9: Deploy Clio Work with Vincent AI - Primary Research Platform

Provision Clio Work licenses for all attorneys and paralegals who will conduct legal research. Clio Work includes Vincent AI (powered by vLex's comprehensive legal database) and Clio Library. Link Clio Work to the existing Clio Manage instance so that research is automatically associated with the correct client matter. Configure default jurisdiction settings (e.g., state-specific case law databases for the firm's primary practice jurisdictions). Set up user preferences for research output format (memo style, summary style, citation format). Create shared 'Research Collections' for common practice areas so attorneys can access prior research on similar topics.

Admin navigates to Clio Work Admin Panel (https://work.clio.com)

Assign Clio Work licenses to all research users

Verify integration with Clio Manage: Clio Work > Settings > Integrations > Clio Manage > Authorize

Confirm matter list syncs between Clio Manage and Clio Work

Configure Default Research Settings: Settings > Research Preferences > Default Jurisdiction: [Primary State]

Settings > Research Preferences > Citation Format: Bluebook

Settings > Research Preferences > Include Federal Courts: Yes

Create Practice Area Research Collections: Collections > New Collection > 'Civil Litigation Precedents'

Collections > New Collection > 'Contract Disputes Research'

Collections > New Collection > 'Employment Law Cases'

Verify Vincent AI activation: Open any matter > Research tab > Confirm AI assistant is available

Run test query: 'What are the key elements of negligence in [State]?'

Verify response includes case citations with links to full opinions

Note

Vincent AI's effectiveness depends on well-structured queries. As part of training (Phase 4), develop a prompt library specific to the firm's practice areas. The integration between Clio Work and Clio Manage is critical — all research should be tagged to a matter for billing purposes (research time) and for building the firm's internal knowledge base over time. Verify that Vincent AI's jurisdictional coverage includes all states where the firm practices. For multi-jurisdictional firms, confirm that federal circuit court coverage aligns with the firm's geographic footprint.

Step 10: Deploy Clearbrief Citation Verification Add-in

Install the Clearbrief Microsoft Word add-in for all litigation attorneys and paralegals. Clearbrief operates within the existing Word environment, requiring no new application learning. Configure SSO via Microsoft Entra ID (Clearbrief supports SAML). Provision user licenses via the Clearbrief admin portal. After installation, each user authorizes the add-in within Word and can immediately begin analyzing briefs for citation accuracy — Clearbrief highlights citations, checks quoted language against source documents, and flags unsupported assertions. This is the critical verification layer required by ABA Formal Opinion 512 for any AI-assisted legal writing.

Go to Microsoft 365 Admin Center > Settings > Integrated Apps > Get Apps

Search for 'Clearbrief' in the Office Add-in Store

Deploy to specific users or groups (Litigation team)

Set deployment method: Fixed (always available in Word ribbon)

Open Microsoft Word > Insert tab > Get Add-ins > Search 'Clearbrief'

Install and authorize with firm Clearbrief account

Configure SSO: Settings > Authentication > SAML/SSO > Microsoft Entra ID

In Entra ID: Enterprise Applications > New > Clearbrief

Configure SAML with Clearbrief metadata URL

Assign licenses to litigation users

Configure default settings: Citation format: Bluebook, Jurisdiction: [Primary State + Federal], Auto-check on document open: Enabled

Clearbrief Admin Portal URL

bash

# Clearbrief Admin Configuration
# https://app.clearbrief.com/admin

Note

Clearbrief is SOC 2 Type II certified — verify current certification status during vendor due diligence. The Word add-in approach means zero learning curve for attorneys who already work in Word. Clearbrief should be positioned to the firm as the 'trust but verify' tool — it verifies that AI-generated research citations are real, accurate, and properly quoted. This directly addresses the hallucination risk that has led to sanctions in cases like Mata v. Avianca (where an attorney submitted fake AI-generated case citations). Centralized deployment via Intune ensures all litigation users have access without manual installation steps.

Step 11: Deploy Microsoft 365 Copilot

Activate Microsoft 365 Copilot licenses for all users via the CSP partner portal. Copilot requires Microsoft 365 Business Premium as a prerequisite (already deployed in Step 4). Before enabling Copilot, review and restrict SharePoint permissions to ensure proper ethical wall enforcement — Copilot can surface content from any SharePoint site the user has access to, which could breach client confidentiality between matters. Configure Copilot sensitivity label awareness so it respects Microsoft Purview sensitivity labels. Enable Copilot in Word, Outlook, Teams, and Excel. Disable Copilot in any applications where it's not appropriate (e.g., restrict access to certain SharePoint sites containing highly sensitive matters).

Bulk assign Microsoft 365 Copilot licenses via PowerShell

powershell

Connect-MgGraph -Scopes 'User.ReadWrite.All'
$copilotSku = Get-MgSubscribedSku | Where-Object { $_.SkuPartNumber -eq 'Microsoft_365_Copilot' }
$usersToAssign = Get-MgUser -Filter "department eq 'Legal'" -All
foreach ($user in $usersToAssign) {
    Set-MgUserLicense -UserId $user.Id -AddLicenses @{SkuId = $copilotSku.SkuId} -RemoveLicenses @()
    Write-Host "Assigned Copilot to $($user.DisplayName)"
}

Assign Copilot licenses: Navigate to Microsoft 365 Admin Center > Billing > Licenses > Microsoft 365 Copilot > Assign to users

Audit SharePoint permissions BEFORE enabling Copilot: Navigate to SharePoint Admin Center > Sites > Each site > Permissions

Ensure attorneys only have access to their own matters — remove 'Everyone except external users' from any client matter sites

Configure Copilot Settings: Navigate to Microsoft 365 Admin Center > Copilot > Settings

Enable Copilot for Word, Outlook, Teams, and Excel

Review data access settings — confirm Copilot respects existing M365 permissions

Enable sensitivity label awareness in Copilot settings

Critical

CRITICAL SECURITY NOTE: Copilot inherits the user's permissions in SharePoint and OneDrive. If SharePoint permissions are overly permissive (e.g., all attorneys can see all matters), Copilot will surface content across matters — potentially violating ethical walls and client confidentiality. Audit and restrict SharePoint permissions BEFORE enabling Copilot. This is the single most important security step in the entire Copilot deployment for a law firm. Consider restricting Copilot access to a pilot group of 2–3 attorneys for the first 2 weeks to identify any permission issues before firm-wide rollout.

Step 12: Create and Deploy Firm AI Usage Policy

Draft a comprehensive AI Usage Policy tailored to the firm's practice areas and jurisdictions. This policy is required by ABA Formal Opinion 512 and various state bar guidelines. The policy should cover: approved AI tools (whitelist approach), prohibited uses (no client data in unapproved AI tools like ChatGPT), mandatory human review requirements, citation verification procedures, client disclosure requirements, and incident reporting procedures. Have the policy reviewed by the firm's managing partner and ethics partner. Distribute to all attorneys and staff, require signed acknowledgment, and file in the firm's policy repository.

Deliverable: AI Usage Policy document (see Custom AI Components section for template)
Distribution: Upload to SharePoint > Firm Policies library
Acknowledgment: Use Microsoft Forms or DocuSign for signed acknowledgment
Tracking: Create a SharePoint list to track which users have signed

Microsoft Forms – Create Acknowledgment Form

Go to forms.office.com

New Form > 'AI Usage Policy Acknowledgment'

Fields: Name, Date, 'I have read and agree to the AI Usage Policy' (required checkbox)

Share link with all attorneys and staff

Set submission notification to go to Managing Partner and MSP contact

Warning

This is a non-negotiable step. Multiple attorneys have already faced sanctions for using AI without proper oversight (Mata v. Avianca, Park v. Kim, etc.). The policy should be treated as a living document, reviewed quarterly, and updated as AI tool capabilities change. Some state bars (California, Florida, New York, Texas) have issued their own AI guidance — ensure the firm policy incorporates state-specific requirements. The MSP should provide the policy template but the firm's attorneys must review and approve it for legal accuracy.

Step 13: Conduct Attorney and Staff Training

Deliver a structured training program over 2–4 weeks. Training should be conducted in small groups (3–5 people) organized by role and practice area.

Session 1 (2 hours): Overview of AI capabilities, ABA ethics requirements, firm AI policy review, and hands-on demo of all deployed AI tools.

Session 2 (2 hours): Deep-dive into Clio Work + Vincent AI — conducting legal research, synthesizing precedents, creating research memos, and properly citing AI-assisted research.

Session 3 (1.5 hours): Clearbrief citation verification workflow — checking AI-generated citations, verifying quoted language, and the brief-filing verification checklist.

Session 4 (1 hour): Microsoft 365 Copilot for legal workflows — drafting correspondence, summarizing emails, meeting notes.

Session 5 (1 hour): Practice area-specific prompt engineering — custom prompts for the firm's common research patterns.

Record all sessions for future onboarding of new attorneys.

Deliverable: Training slide deck (PowerPoint on SharePoint)

Deliverable: Recorded training sessions (Teams meeting recordings saved to SharePoint)

Deliverable: Quick Reference Cards (one-page PDFs for each tool)

Deliverable: Practice Area Prompt Library (see Custom AI Components section)

Deliverable: Research Verification Checklist (see Custom AI Components section)

Schedule training via Microsoft Teams: Create Teams channel: 'AI Training and Resources'

Upload all training materials to channel Files tab

Schedule recurring 'AI Office Hours' (30 min weekly for first 2 months)

Note

Attorney adoption is the make-or-break factor for this project's success. Expect resistance from senior partners who have used Westlaw/Lexis for decades. Frame AI tools as augmentation, not replacement — the attorney still must review, verify, and exercise professional judgment on all AI output. Use real matters (with client consent or anonymized) in training demos to demonstrate practical value. Track adoption metrics (logins, queries per user, research time per matter) after training to identify attorneys who need additional support. The weekly 'AI Office Hours' during the first 2 months provides a low-pressure forum for attorneys to ask questions and share tips.

Step 14: Post-Deployment Monitoring and Optimization Setup

Configure ongoing monitoring for all deployed systems. Set up MSP dashboard views for: Clio Work usage metrics (queries per user, research sessions per matter), SentinelOne threat detection summary, Huntress incident feed, DNSFilter block statistics, Axcient backup status, FortiGate UTM alerts, and M365 security score. Configure automated alerting for: failed backups, security incidents, license compliance issues, and system outages. Set up monthly reporting template for the firm that includes: AI tool utilization metrics, security posture summary, backup compliance, and recommendations for optimization.

SentinelOne — Verify all agents reporting: SentinelOne Console > Sentinels > Filter by site > Verify count matches deployed endpoints

Huntress — Verify agent reporting: Huntress Dashboard > Organizations > [Firm Name] > Verify agent count

Microsoft 365 — Security Score Baseline: security.microsoft.com > Secure Score > Document baseline score. Target: Improve score by 20+ points within 90 days of deployment

Set up M365 Alert Policies: compliance.microsoft.com > Policies > Alert policies. Enable: Unusual volume of file deletion, Unusual external user activity, Malware campaign detected, Phishing URLs clicked

Axcient — Backup Monitoring: x360Recover portal > Reports > Failed Backups > Set email alert to MSP NOC

Monthly Report Template (create in MSP's PSA/reporting tool). Sections: Executive Summary, AI Utilization Metrics, Security Incidents, Backup Status, Recommendations, Upcoming Renewals

Note

Monthly reporting to the firm is critical for demonstrating ongoing value and justifying the managed services fee. Include ROI metrics in monthly reports — track the number of AI research queries, estimated time saved per query (baseline vs. traditional research), and projected billable hour recovery. Use these metrics during quarterly business reviews (QBRs) to justify continued investment and identify expansion opportunities (additional AI tools, more licenses, etc.).

Custom AI Components

Legal Research Prompt Library

Type: prompt

A curated collection of optimized prompts for Vincent AI / Clio Work research queries, organized by practice area. These prompts are designed to maximize the quality and relevance of AI-generated case law research and precedent synthesis. Each prompt includes jurisdiction parameters, temporal constraints, and specificity markers that guide the AI to return the most relevant precedents. This library should be stored in the firm's shared SharePoint and maintained as a living document.

Implementation:

plaintext

# Legal Research Prompt Library for Vincent AI / Clio Work

Version 1.0 | [Firm Name] | [Date]

GENERAL LITIGATION

Prompt GL-01: Case Law Survey on a Legal Issue

Research and synthesize all significant [State] case law addressing [LEGAL ISSUE] within the last [10/15/20] years.

The seminal/landmark case establishing the current standard

Key appellate decisions that refined or modified the standard

Any circuit splits or conflicting authority within [State]

The current majority rule and any minority positions

For each case, provide: full citation (Bluebook format), the specific holding relevant to [LEGAL ISSUE], key facts that distinguished the case, and the procedural posture

Jurisdiction: [State] state courts and [Federal Circuit] federal courts

Note

Exclude: Unpublished opinions unless they represent the only authority on a sub-issue

Prompt GL-02: Opposing Argument Anticipation

I am representing the [plaintiff/defendant] in a [TYPE] case involving [BRIEF FACTS]. Identify the strongest case law arguments the opposing side is likely to raise regarding [SPECIFIC ISSUE]. For each potential argument:

Cite the cases they are most likely to rely on (Bluebook format)

Summarize the holding and key facts of each case

Identify distinguishing facts or subsequent authority that could be used to counter each argument

Suggest the most effective counter-argument with supporting authority

Jurisdiction: [State] and federal courts in the [Circuit]

Prompt GL-03: Standard of Review Research

What is the applicable standard of review for [SPECIFIC LEGAL ISSUE] on appeal in [State/Federal Circuit]? Provide:

The standard of review (de novo, abuse of discretion, clearly erroneous, etc.)

The seminal case establishing this standard in [jurisdiction]

How appellate courts in [jurisdiction] have applied this standard in the last 5 years

Any exceptions or circumstances that might warrant a different standard

Full Bluebook citations for all cases referenced

CONTRACT LAW

Prompt CL-01: Contract Interpretation Precedents

Research [State] case law on the interpretation of [SPECIFIC CONTRACT PROVISION TYPE, e.g., 'non-compete clauses', 'indemnification provisions', 'force majeure clauses']. Focus on:

The rules of contract construction applied in [State]

How courts have interpreted similar provisions in the last 10 years

Any per se rules or presumptions that apply

Cases where courts found the provision enforceable vs. unenforceable, with distinguishing factors

Any statutory overlay (e.g., state-specific non-compete statutes)

Provide full Bluebook citations and brief parenthetical descriptions for each case.

EMPLOYMENT LAW

Prompt EL-01: Employment Discrimination Standards

Synthesize the current legal framework for [TYPE OF DISCRIMINATION, e.g., 'age discrimination under ADEA'] claims in the [Federal Circuit]. Include:

The prima facie case elements under McDonnell Douglas / direct evidence framework

Recent circuit authority on each element (last 5 years)

The employer's burden at each stage

Summary judgment standards specific to [discrimination type] in this circuit

Any recent en banc decisions or Supreme Court guidance affecting the analysis

Damages framework and any caps

All citations in Bluebook format with parenthetical descriptions.

PERSONAL INJURY

Prompt PI-01: Negligence Elements Research

Provide a comprehensive analysis of the current state of [State] law on [SPECIFIC NEGLIGENCE ISSUE, e.g., 'premises liability for commercial property owners', 'medical malpractice standard of care']. Address:

The elements the plaintiff must prove

The applicable standard of care and how courts have defined it

Key defenses available (contributory/comparative negligence, assumption of risk, statute of limitations)

Recent jury verdicts and appellate decisions in [State] on similar facts

Any relevant statutory provisions

Expert witness requirements, if applicable

Focus on [State] Supreme Court and appellate decisions. Include Bluebook citations.

FAMILY LAW

Prompt FL-01: Custody Standard Research

Research the current legal standard for [SPECIFIC CUSTODY ISSUE, e.g., 'modification of custody orders', 'relocation with a minor child'] in [State]. Include:

The governing statute and its full text

The 'best interests of the child' factors as defined by [State] courts

Recent appellate decisions applying these factors (last 5 years)

Any presumptions (e.g., joint custody presumption, preference for status quo)

The burden of proof and who bears it

Any guardian ad litem or custody evaluator requirements

All citations in Bluebook format.

META-PROMPTS (For Any Practice Area)

Prompt MP-01: Verify and Expand AI Research

I previously found the case [CASE NAME, CITATION]. Please:

Confirm this case has not been overruled, reversed, or distinguished on the relevant point

Identify all cases that have cited this case and how they treated it (followed, distinguished, criticized)

Identify any more recent cases that address the same legal issue with updated reasoning

Flag if this case is from a jurisdiction that is not binding on [TARGET JURISDICTION]

Prompt MP-02: Research Memo Draft

Based on my research query about [TOPIC], draft a legal research memorandum with the following structure:

Question Presented (one clear, concise sentence)

Brief Answer (2-3 sentences)

Statement of Facts (use the following facts: [INSERT FACTS])

Discussion (organized by legal issue, with CREAC structure: Conclusion, Rule, Explanation, Application, Conclusion for each issue)

Conclusion

Use Bluebook citation format throughout. Flag any areas where the law is unsettled or where additional research may be needed.

USAGE GUIDELINES

Always replace bracketed [PLACEHOLDERS] with matter-specific information
Always specify the jurisdiction — never rely on AI to guess
Always verify citations using Clearbrief before filing any document
Review AI output for hallucinated cases — check that every cited case actually exists
Save completed research to the matter in Clio Manage for billing and knowledge management
Update this library quarterly with new prompts that prove effective

AI Research Verification Checklist

Type: workflow

A mandatory verification workflow that attorneys must follow before relying on any AI-generated legal research in a client matter. This checklist implements the requirements of ABA Formal Opinion 512 and provides a documented audit trail showing that human review was conducted on all AI-assisted research. The checklist should be implemented as a Microsoft Forms checklist that attorneys complete and attach to the matter in Clio Manage.

Implementation:

AI Research Verification Checklist

Required for all AI-assisted legal research per ABA Formal Opinion 512

Implement as a Microsoft Form linked in Clio Manage matter notes

Microsoft Form Configuration:

Form Title: 'AI Research Verification Checklist'
Form URL: Create at forms.office.com and share firm-wide
Responses: Store in SharePoint > ClientMatters > AI-Verification-Logs

Form Fields:

Section 1: Matter Identification

Matter Number (Short text, required)
Matter Name (Short text, required)
Attorney Name (Short text, required)
Date of Research (Date, required)
AI Tool Used (Choice: Vincent AI/Clio Work | Westlaw CoCounsel | Lexis+ AI | Copilot | Other)

Section 2: Research Query Documentation

Research Question/Query Submitted to AI (Long text, required) — Instruction: 'Paste the exact query you submitted to the AI tool'
AI Output Summary (Long text, required) — Instruction: 'Briefly summarize what the AI returned'

Section 3: Citation Verification (Complete for EACH cited case)

Number of cases cited in AI output (Number, required)

I verified that each cited case actually exists by checking it in the original database (Checkbox, required)

I verified that each case citation is in correct Bluebook format (Checkbox, required)

I read the relevant portions of each cited case to confirm the AI's characterization is accurate (Checkbox, required)

I verified that no cited case has been overruled, reversed, or negatively treated on the relevant point (Checkbox, required)

I ran Clearbrief analysis on any draft document incorporating this research (Checkbox, required for litigation)

Cases that required correction or were removed (Long text, optional) — Instruction: 'List any cases the AI cited incorrectly or that did not exist'

Section 4: Confidentiality Confirmation

I did not input any client-identifying information into an unapproved AI tool (Checkbox, required)

All research was conducted using firm-approved AI tools only (Checkbox, required)

I used the matter number rather than client name when possible in AI queries (Checkbox, required)

Section 5: Professional Judgment

I have applied my independent professional judgment to the AI output and am not relying solely on the AI's analysis (Checkbox, required)

I am confident that the legal conclusions in my work product are supported by the verified authorities (Checkbox, required)

I have identified any gaps in the AI research that require additional manual research (Checkbox, required)

Additional research needed (Long text, optional)

Section 6: Attestation

I certify that I have completed all verification steps above and that the AI-assisted research in this matter meets my professional obligations under ABA Model Rules 1.1 and 1.6 and Formal Opinion 512 (Checkbox, required)

Electronic Signature (Short text, required) — Instruction: 'Type your full name as electronic signature'

Power Automate Workflow:

Trigger: When a new form response is submitted

Action: Create a PDF of the completed form

Action: Save PDF to SharePoint > ClientMatters > [Matter Number] > AI-Verification-Logs

Action: Create a note in Clio Manage (via Clio API) attached to the matter: 'AI Research Verification completed by [Attorney] on [Date]. See attached form.'

Action: If any 'Cases that required correction' field is not blank, send email notification to Managing Partner with details

Implementation Steps:

Create the Microsoft Form using the fields above

Create the SharePoint document library: ClientMatters > AI-Verification-Logs

Build the Power Automate flow connecting Forms > SharePoint > Clio API

Test with a sample matter

Train all attorneys on the workflow during Session 2 training

Make completion of this form mandatory before filing any AI-assisted brief or memo

Clio Manage to SharePoint Research Archival Integration

Type: integration

A Power Automate workflow that automatically archives completed AI legal research sessions from Clio Work into the firm's SharePoint document management structure, tagged by matter number and practice area. This ensures all AI-generated research is preserved as part of the client file for malpractice protection, knowledge management, and regulatory compliance.

Implementation:

Power Automate Cloud Flow

plaintext

# Archive Clio Research to SharePoint

# Power Automate Cloud Flow: Archive Clio Research to SharePoint
# Trigger: Scheduled (daily at 11:00 PM) or Manual
# This flow uses the Clio API to retrieve recent research activity and archives it to SharePoint

Prerequisites:

Clio API application registered (Settings > API > Applications > Create)

SharePoint site 'ClientMatters' with document library 'AI-Research-Archive'

Power Automate Premium license (for HTTP connector to Clio API)

Flow Definition (Power Automate):

Step 1: Get Clio Access Token

Action: HTTP
Method: POST
URI: https://app.clio.com/oauth/token
Headers: Content-Type: application/x-www-form-urlencoded
Store: Parse JSON > access_token

Request Body

text

grant_type=client_credentials&client_id={CLIO_CLIENT_ID}&client_secret={CLIO_CLIENT_SECRET}

Step 2: Get Recent Matters with Activity

Action: HTTP
Method: GET
Headers: Authorization: Bearer {access_token}
Store: Parse JSON > matters array

URI

text

https://app.clio.com/api/v4/matters.json?fields=id,display_number,description,practice_area,status&updated_since=@{addDays(utcNow(),-1)}&status=Open

Step 3: For Each Matter with Research Activity

Action: Apply to each (matters array)

Step 3a: Get Research Notes for Matter

Action: HTTP
Method: GET
URI: https://app.clio.com/api/v4/notes.json?fields=id,subject,detail,date,type&matter_id=@{items('Apply_to_each')?['id']}&type=research&created_since=@{addDays(utcNow(),-1)}
Headers: Authorization: Bearer {access_token}

Step 3b: Create or Get SharePoint Folder

Action: SharePoint - Create folder (ignore if exists)
Site: ClientMatters
Library: AI-Research-Archive
Folder Path: /@{items('Apply_to_each')?['practice_area']}/@{items('Apply_to_each')?['display_number']}

Step 3c: For Each Research Note

Action: Apply to each (notes array)

Step 3d: Create Archive Document

Action: SharePoint - Create file
Site: ClientMatters
Library: AI-Research-Archive
Folder: /@{items('Apply_to_each')?['practice_area']}/@{items('Apply_to_each_2')?['display_number']}
File Name: Research_@{formatDateTime(utcNow(),'yyyy-MM-dd')}_@{items('Apply_to_each_2')?['id']}.html
Content: HTML formatted version of the research note with metadata header

Step 3e: Update SharePoint Metadata

Action: SharePoint - Update file properties
Matter Number: @{items('Apply_to_each')?['display_number']}
Practice Area: @{items('Apply_to_each')?['practice_area']}
Research Date: @{items('Apply_to_each_2')?['date']}
Attorney: (extracted from note author)
AI Tool Used: Vincent AI

Error Handling:

Configure 'Run after' on each action to handle failures
Send Teams notification to MSP channel on any flow failure
Log all successful archives to a SharePoint list for audit trail

SharePoint Library Structure:

SharePoint library folder hierarchy

plaintext

AI-Research-Archive/
├── Civil Litigation/
│   ├── 2025-0001/
│   │   ├── Research_2025-07-15_12345.html
│   │   └── Research_2025-07-18_12348.html
│   └── 2025-0003/
├── Employment Law/
│   └── 2025-0002/
└── Family Law/
    └── 2025-0004/

Notes:

This flow requires Power Automate Premium ($15/user/month) for the HTTP connector
Alternative: Use the Clio connector in Power Automate if available (check current connector catalog)
The Clio API rate limit is 600 requests per hour per application — sufficient for nightly archival
All archived documents inherit SharePoint permissions from the parent site
Configure SharePoint retention policies to match the firm's document retention policy (typically 7+ years)

AI Usage Analytics Dashboard

Type: workflow

A Power BI dashboard that aggregates AI tool usage metrics across the firm, providing the managing partner and MSP with visibility into adoption rates, research patterns, cost-per-query efficiency, and ROI metrics. This dashboard pulls data from Clio Work API, Microsoft 365 usage reports, and Clearbrief admin reports to create a unified view of the firm's AI investment performance.

Implementation:

Power BI Dashboard: Legal AI Usage Analytics

Data Sources: Clio API, Microsoft 365 Admin Reports, Manual CSV from Clearbrief

Dashboard Pages:

Page 1: Executive Summary

KPIs (Card Visuals):
Total AI Research Queries (MTD / QTD / YTD)
Average Queries per Attorney per Week
Estimated Hours Saved (queries × 1.5 hours avg traditional research time)
Estimated Revenue Recovered (hours saved × avg billing rate)
AI Tool Spend (MTD)
ROI Ratio (revenue recovered ÷ AI tool spend)

Page 2: Adoption by Attorney

Bar Chart: Queries per attorney (descending)
Line Chart: Weekly query trend per attorney
Table: Attorney | Role | Queries This Month | Queries Last Month | Trend
Conditional Formatting: Flag attorneys with <5 queries/month as 'Low Adoption'

Page 3: Research by Practice Area

Pie Chart: Query distribution by practice area
Bar Chart: Most researched legal topics (extracted from query keywords)
Table: Practice Area | Queries | Avg Time to Complete | Matters Served

Page 4: Quality and Compliance

KPI: Verification Checklists Completed vs Research Sessions (compliance rate)
Bar Chart: Citation corrections identified per month (from checklist data)
Table: Matters with unverified AI research (flagged for review)

Page 5: Cost Analysis

Stacked Bar: Monthly cost by tool (Clio Work, Clearbrief, Copilot)
Line Chart: Cost per query trend (total spend ÷ total queries)
Gauge: Current month spend vs budget

Data Refresh:

Clio API: Daily refresh via Power Automate dataflow
M365 Usage Reports: Weekly via Graph API
Clearbrief: Monthly CSV upload (until API available)

Power BI Implementation:

Create Power BI workspace: '[Firm Name] AI Analytics'

Create dataflows for each data source

Build semantic model with relationships: - Attorneys (dimension) -> Research Queries (fact) - Practice Areas (dimension) -> Matters (dimension) -> Research Queries (fact) - Date (dimension) -> Research Queries (fact)

Build report pages as described above

Configure scheduled refresh: Daily at 6:00 AM

Share dashboard with Managing Partner and MSP contact

Embed in Microsoft Teams channel 'AI Analytics' for easy access

DAX Measures:

DAX Measures

dax

Hours Saved = [Total Queries] * 1.5
Revenue Recovered = [Hours Saved] * AVERAGE(Attorneys[BillingRate])
ROI Ratio = [Revenue Recovered] / [Total AI Spend]
Adoption Rate = DISTINCTCOUNT(Queries[AttorneyID]) / COUNTROWS(Attorneys)
Compliance Rate = [Verified Research Sessions] / [Total Research Sessions]

Notes:

Power BI Pro license required ($10/user/month) for Managing Partner and MSP users
Alternatively, use Power BI Embedded in a SharePoint page for view-only access
The 1.5 hours saved per query is a conservative baseline from vLex benchmarking studies
Adjust this multiplier after 90 days based on actual attorney feedback
This dashboard is a key deliverable for QBR meetings with the firm

Firm AI Usage Policy Template

Type: prompt

A comprehensive AI usage policy template customized for law firms, covering all requirements from ABA Formal Opinion 512 and state bar guidelines. This policy should be reviewed by the firm's attorneys for legal accuracy, then adopted as a binding firm policy. The MSP provides this as a value-added deliverable during implementation.

Implementation:

plaintext

# [FIRM NAME] ARTIFICIAL INTELLIGENCE USAGE POLICY

Effective Date: [DATE] | Version 1.0

Approved by: [Managing Partner Name]

1. PURPOSE AND SCOPE

This policy governs the use of artificial intelligence (AI) tools, including generative AI, large language models, and AI-assisted legal research platforms, by all attorneys, paralegals, staff, and contractors of [FIRM NAME]. This policy implements the requirements of ABA Formal Opinion 512 (July 2024), ABA Model Rules 1.1 (Competence), 1.4 (Communication), 1.6 (Confidentiality), 5.1 and 5.3 (Supervision), and applicable [STATE] bar guidance.

2. APPROVED AI TOOLS

The following AI tools are approved for use with client matter information:

Clio Work with Vincent AI — Legal research and precedent synthesis
Clearbrief — Citation verification and brief analysis
Microsoft 365 Copilot — Document drafting, email summarization, meeting notes (within M365 environment only)
[Add any additional approved tools]

Critical

All other AI tools are PROHIBITED for use with any client information, including but not limited to: ChatGPT, Google Gemini, Claude, Perplexity, or any other general-purpose AI chatbot or tool not listed above. Violation of this provision may constitute a breach of client confidentiality under Rule 1.6.

3. MANDATORY HUMAN REVIEW

3.1. All AI-generated legal research, analysis, and drafted content MUST be reviewed by a licensed attorney before:

Inclusion in any document filed with a court or tribunal
Delivery to a client
Reliance upon for legal advice
Inclusion in any legal memorandum or opinion letter

3.2. All case citations generated by AI MUST be independently verified by:

Confirming the case exists in an authoritative database
Reading the relevant portions of the cited case
Verifying the AI's characterization of the holding is accurate
Checking that the case has not been overruled or negatively treated
Running Clearbrief analysis on any brief or motion before filing

3.3. The AI Research Verification Checklist MUST be completed for every matter where AI-assisted research is used. Completed checklists are stored in the matter file.

4. CONFIDENTIALITY REQUIREMENTS

4.1. Client names, case numbers, and identifying information should be minimized in AI queries where possible. Use matter numbers rather than client names.

Warning

4.2. Sensitive information (trade secrets, privileged communications, settlement terms, medical records) should NOT be input into AI tools unless the tool's data processing agreement explicitly prohibits use of inputs for model training.

4.3. All approved AI tools have been vetted by the firm to confirm:

SOC 2 Type II certification (or equivalent)
Contractual prohibition on using client data for AI model training
Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
Data residency within the United States
Incident notification obligations

5. CLIENT DISCLOSURE

5.1. [FIRM NAME] [will/will not] proactively disclose the use of AI tools to clients. [Choose one based on firm preference and jurisdiction requirements.]

5.2. If a client asks whether AI was used in their matter, attorneys MUST respond truthfully.

5.3. If required by a court order, local rule, or jurisdiction-specific requirement, attorneys MUST disclose AI usage as directed.

6. BILLING

6.1. Time spent using AI tools is billable to the extent it reflects the exercise of professional judgment, including formulating research queries, reviewing and verifying AI output, and synthesizing results.

Warning

6.2. Attorneys should NOT bill clients for the full amount of time that traditional research would have taken if AI substantially reduced the actual time spent. Billing must reflect actual value delivered.

6.3. AI tool subscription costs [are/are not] passed through to clients as a disbursement. [Choose based on firm billing policy.]

7. SUPERVISION

7.1. Partners and supervising attorneys are responsible for ensuring that associates and paralegals under their supervision comply with this policy (Model Rules 5.1, 5.3).

7.2. Paralegals may use approved AI tools for research but all AI-generated work product must be reviewed by a supervising attorney before use.

8. TRAINING

8.1. All attorneys and paralegals must complete the firm's AI tools training program before using AI tools on client matters.

8.2. Continuing education on AI tools and ethics will be provided [quarterly/annually].

8.3. New hires must complete AI training within their first [30] days.

9. INCIDENT REPORTING

9.1. Any suspected AI-related incident must be reported immediately to [Managing Partner / IT Contact / MSP], including:

AI-generated citation that was discovered to be fabricated after filing
Client data inadvertently input into an unapproved AI tool
AI tool security breach or suspicious activity
Ethical complaint related to AI usage

10. POLICY REVIEW

This policy will be reviewed and updated [quarterly] by [Managing Partner / Ethics Committee] in consultation with the firm's managed IT provider. Updates will be communicated to all personnel and require renewed acknowledgment.

ACKNOWLEDGMENT

I, [NAME], have read, understand, and agree to comply with the [FIRM NAME] Artificial Intelligence Usage Policy. I understand that violation of this policy may result in disciplinary action and may constitute a violation of my professional ethical obligations.

Signature: ___________________________
Date: ___________________________
Bar Number: ___________________________

Testing & Validation

NETWORK

Run iperf3 speed test from 3 different workstations to verify minimum 100 Mbps symmetrical throughput through the FortiGate.
Verify latency to Azure East US (login.microsoftonline.com) is under 50ms.
Confirm VLAN isolation by attempting to ping a device on VLAN 10 from a device on VLAN 20 — ping should fail.

iperf3 throughput test and latency check commands

bash

iperf3 -c <server_ip> -t 30
ping login.microsoftonline.com

FIREWALL

Attempt to access a known malicious test URL (e.g., EICAR test page at eicar.org) from an attorney workstation and verify FortiGuard web filtering blocks it.
Verify SSL inspection is working by checking the certificate chain on HTTPS sites shows the FortiGate CA certificate.

DNS FILTERING

From an attorney workstation, attempt to resolve a known malicious domain and verify DNSFilter blocks the resolution.
Check DNSFilter dashboard to confirm the workstation appears as a managed endpoint.
Test from a laptop off-network (on cellular) to verify the roaming agent is active.

MICROSOFT 365

Verify all users can sign in with MFA enforced.
Test Conditional Access by attempting to access SharePoint from an unmanaged personal device — access should be blocked or restricted per policy.
Verify audit logging is enabled by performing a test action and checking the unified audit log within 30 minutes.

ENDPOINT SECURITY

Verify SentinelOne agent is active on all workstations by checking the SentinelOne console agent count matches deployed endpoint count.
Run the EICAR test file to verify SentinelOne detects and quarantines it.
Verify Huntress agent is reporting by checking the Huntress dashboard.

EMAIL SECURITY

Send a test phishing simulation email (via Proofpoint's built-in phishing simulator or KnowBe4) and verify it is quarantined.
Confirm MX records point to Proofpoint by running 'nslookup -type=MX firmname.com' and verifying Proofpoint addresses.
Test that legitimate email delivery is working by sending test messages to and from external addresses.

Verify MX records point to Proofpoint

bash

nslookup -type=MX firmname.com

BACKUP

Trigger a manual backup via Axcient x360Recover and verify it completes successfully.
Perform a test restore of a single mailbox item (email) from backup to confirm recoverability.
Verify SharePoint site backup by restoring a test document.
Document restore time for SLA benchmarking.

CLIO MANAGE

Log in as each user role (partner, associate, paralegal, admin) and verify appropriate access permissions.
Create a test matter and verify matter numbering follows the configured format.
Test SSO by signing in via Microsoft Entra ID and confirming seamless access without separate Clio password.

CLIO WORK / VINCENT AI

Log in as an attorney user and run the test query: 'What are the key elements of a breach of contract claim in [firm's primary state]?'
Verify the response includes: (1) specific case citations with full Bluebook format, (2) links to full-text opinions in Clio Library, (3) jurisdiction-appropriate results.
Time the query and document baseline response time.

CLEARBRIEF

Open a sample brief in Microsoft Word with known citation errors (create a test document with one fabricated case citation and one real but incorrectly quoted case).
Run Clearbrief analysis and verify it flags the fabricated citation and identifies the misquoted language.
Verify Clearbrief SSO works via Entra ID.

MICROSOFT COPILOT

Open Word and verify Copilot icon appears in the ribbon.
Test by asking Copilot to draft a sample client engagement letter.
Open Outlook and test email summarization on a thread with 5+ messages.
In Teams, verify Copilot can generate meeting notes.

Critical

ETHICAL WALL ENFORCEMENT: Test by logging in as an attorney and verifying Copilot does NOT surface content from SharePoint sites the attorney lacks permission to access.

SHAREPOINT DMS

Verify the ClientMatters site structure is correct with appropriate folders.
Upload a test document and verify metadata columns are populated.
Test that permissions restrict access appropriately — Attorney A should not see Attorney B's matters unless both are assigned.
Verify the AI-Research-Archive library exists and the Power Automate archival flow runs successfully.

AI VERIFICATION CHECKLIST

Submit a test AI Research Verification Checklist via Microsoft Forms.
Verify the Power Automate flow triggers, creates a PDF, saves it to the correct SharePoint matter folder, and creates a note in Clio Manage attached to the test matter.

END-TO-END WORKFLOW

Simulate a complete legal research workflow. The entire workflow should complete in under 30 minutes.

Create a new matter in Clio Manage.

Open Clio Work and run a research query tied to that matter.

Review AI-generated precedent synthesis.

Draft a research memo section in Word using the results.

Run Clearbrief to verify citations.

Complete the AI Verification Checklist.

Verify the research is archived in SharePoint.

Record time entry in Clio Manage.

PERFORMANCE BASELINE

Document baseline metrics for future comparison. These baselines will be compared at 30/60/90 day reviews.

Average time for a research query in Vincent AI.

Average time for Clearbrief citation check on a 10-page brief.

Copilot response time for email summarization.

SharePoint document upload/retrieval time.

Client Handoff

The client handoff meeting should be scheduled as a 2-hour session with the managing partner, all attorneys, and the office manager. Begin by reviewing the project scope and confirming all deliverables are complete.

Walk through each deployed system with a live demonstration:

Show the Clio Work + Vincent AI research workflow using a real practice area example, demonstrating how to formulate queries, review AI-synthesized precedents, and verify citations.

Demonstrate the Clearbrief citation verification process on a sample brief.

Show Microsoft 365 Copilot capabilities in Word, Outlook, and Teams with legal-specific examples.

Walk through the AI Research Verification Checklist process and explain why it is mandatory for ABA compliance.

Provide the following documentation package (printed and in a shared SharePoint folder):

AI Usage Policy — signed copies from all attorneys.

Legal Research Prompt Library — printed quick reference cards for each practice area.

AI Research Verification Checklist — printed copies and link to Microsoft Form.

System Architecture Diagram — showing all deployed tools, integrations, and data flows.

MSP Contact Card — helpdesk number, email, escalation contacts, and SLA response times.

Vendor contact information for Clio, Clearbrief, and Microsoft support.

Network documentation — WiFi credentials, VLAN structure, FortiGate admin access (MSP-managed).

Backup and disaster recovery procedures — what is backed up, how to request a restore, RTO/RPO targets.

Review success criteria with the managing partner:

All attorneys can independently conduct AI-assisted legal research within 2 weeks.

Average adoption rate exceeds 80% of licensed users within 60 days.

Zero instances of unverified AI citations in filed documents.

Positive attorney feedback on time savings (target: 30%+ reduction in research time per matter).

All security controls passing — MFA enforced, backups running, EDR active on all endpoints.

Schedule the first monthly review meeting and the 90-day QBR. Confirm the weekly AI Office Hours schedule for the first 2 months of post-deployment support.

Maintenance

Monthly Maintenance Tasks (MSP Responsibility)

Review AI tool usage metrics in the Power BI dashboard; prepare monthly report for managing partner showing adoption rates, queries per attorney, estimated time saved, and ROI calculations
Verify all backup jobs completed successfully for the month; perform one test restore of a random mailbox item and SharePoint document
Review SentinelOne and Huntress dashboards for any security incidents or anomalies; address any open alerts
Check FortiGate firmware and FortiGuard signature updates; apply patches during maintenance window (Saturday 2-6 AM)
Review Microsoft 365 Secure Score and address any regression; target continuous improvement
Review DNSFilter block logs for any false positives reported by attorneys
Verify all Clio Work and Clearbrief licenses are properly assigned and active
Check Power Automate flows (research archival, verification checklist) for failures; remediate any failed runs

Quarterly Maintenance Tasks

Conduct Quarterly Business Review (QBR) with managing partner: review AI ROI metrics, discuss any new AI tools or capabilities, plan any expansion, address any concerns
Update the Legal Research Prompt Library based on attorney feedback and new prompt patterns discovered
Review and update the AI Usage Policy to reflect any changes in ABA guidance, state bar rules, or firm practice
Rotate WiFi PSK if using WPA3-Personal; update on all managed devices via Intune
Review Clio Work/Vincent AI platform updates and new features; communicate changes to attorneys
Conduct vendor risk assessment review — verify SOC 2 certifications are current for all AI vendors
Review cyber insurance policy to ensure continued coverage of AI tool usage
Test disaster recovery: simulate complete workstation failure and verify attorney can be productive on a replacement device within 4 hours

Annual Maintenance Tasks

Full security audit of all deployed systems; generate compliance report for firm records
Renew all software licenses and hardware support contracts; negotiate pricing based on usage data
Review and refresh endpoint hardware if approaching 4-year lifecycle
Conduct mandatory AI ethics refresher training for all attorneys (can count toward CLE credits in many jurisdictions)
Review FortiGate hardware lifecycle — plan replacement at 5-year mark
Comprehensive backup restore test — full matter file recovery simulation

Escalation Path

Tier 1 (MSP Helpdesk): Password resets, basic application issues, connectivity problems — 30 min response SLA
Tier 2 (MSP Senior Engineer): SSO/integration issues, Clio configuration changes, security incidents — 2 hour response SLA
Tier 3 (Vendor Support): Clio Work/Vincent AI platform issues → Clio Support; Clearbrief issues → Clearbrief Support; M365/Copilot → Microsoft Support. MSP opens vendor tickets on behalf of firm
Critical (Security Incident): SentinelOne/Huntress alert indicating active threat → MSP SOC immediate response; isolate affected endpoint; notify managing partner within 1 hour; engage incident response plan

Critical

Critical Security Incident: SentinelOne/Huntress alert indicating active threat → MSP SOC immediate response; isolate affected endpoint; notify managing partner within 1 hour; engage incident response plan.

SLA Targets

AI tool availability: 99.9% (dependent on vendor SLAs)
MSP helpdesk response: 30 minutes during business hours
Critical security incident response: 15 minutes 24/7
Backup RTO: 4 hours for full workstation recovery; 1 hour for individual file/email restore
Backup RPO: Maximum 24 hours data loss (hourly backups during business hours reduce this to ~1 hour in practice)

Model/Platform Update Monitoring

Subscribe to Clio, Clearbrief, and Microsoft product update blogs/newsletters
Review major platform updates before they auto-deploy; test in pilot group if possible
Monitor legal AI industry news for new tools, regulatory changes, or security incidents affecting legal AI platforms
Reassess vendor landscape annually — the legal AI market is evolving rapidly and better/cheaper options may emerge

Alternatives

Westlaw Precision + CoCounsel (Thomson Reuters)

Replace Clio Work + Vincent AI with Thomson Reuters Westlaw Precision and CoCounsel as the primary AI research platform. CoCounsel is Thomson Reuters' most advanced AI offering, featuring agentic workflows that handle multi-step legal research tasks. Westlaw Precision provides the industry-leading case law database with KeyCite citation verification. Available in tiered plans from On Demand ($75/user/month) to All Access ($500/user/month), with the Westlaw Precision + CoCounsel bundle at approximately $428/user/month.

Cost: Significantly more expensive — $428/user/month vs $199/user/month for Clio Work, resulting in ~$2,290/month additional cost for 10 users.
Integration: Does not integrate natively with Clio Manage practice management; attorneys must context-switch between platforms. Better fit for firms already in the Thomson Reuters ecosystem or those using HighQ as their DMS.
Capability: Arguably deeper case law database and more mature AI features than Vincent AI as of mid-2025; KeyCite is considered by many to be superior to Shepard's.
Recommendation: Choose Westlaw + CoCounsel when the firm is already a Westlaw subscriber, has budget for premium tools, practices primarily in complex litigation requiring the deepest possible case law coverage, or is dissatisfied with Vincent AI's comprehensiveness after a trial period.

Lexis+ with Protégé AI (LexisNexis)

Replace Clio Work + Vincent AI with LexisNexis Lexis+ featuring Protégé AI as the primary research platform. Protégé uses retrieval-augmented generation grounded in the full LexisNexis case law database with Shepard's Citations integration. Unique advantage: Protégé can connect to iManage, SharePoint, NetDocuments, and other DMS platforms to query and draft from the firm's internal knowledge alongside published case law. Pricing approximately $1,458/user/month at enterprise level, with basic Lexis+ plans starting around $171/month.

Tradeoffs

Warning

Cost: Premium pricing, especially at enterprise tier — potentially $14,580/month for 10 users at full Lexis+ AI pricing, though basic Lexis+ research starts at ~$171/user/month.

Integration: Strongest DMS integration story — direct connections to iManage, NetDocuments, and SharePoint allow attorneys to search both published case law and their own firm documents simultaneously. Does not integrate natively with Clio Manage.

Capability: Shepard's Citations is the gold standard for citation treatment analysis. Protégé's ability to search internal firm documents alongside case law is a unique differentiator.

Note

Recommendation: Choose Lexis+ with Protégé when the firm uses iManage or NetDocuments as their DMS and wants unified search across internal and external sources, when the firm has a strong existing LexisNexis relationship, or when Shepard's Citations is preferred over KeyCite or vLex's citation treatment.

Budget-Conscious Approach: Paxton AI + Fastcase

For solo practitioners or small firms (1–3 attorneys) with tight budgets, use Paxton AI ($159/user/month) as the primary AI research tool with Fastcase (free via bar membership) as the supplemental case law database. Skip Microsoft 365 Copilot and Clearbrief to minimize costs. Use free Fastcase/vLex bar membership access for basic case retrieval and Paxton AI for AI-powered research synthesis and analysis. Maintain the full security stack (endpoint protection, backup, email security) as these are non-negotiable.

Cost: Dramatically lower — approximately $159/user/month for AI research vs $199–$428/user/month for primary recommendations. Eliminating Copilot saves $30/user/month and Clearbrief saves $142/user/month. Total savings of approximately $212–$441/user/month.
Capability: Paxton AI covers all 50 states with SOC 2 + HIPAA certifications, but its case law database depth may not match Westlaw/Lexis/vLex for obscure or historical cases. No integrated citation verification tool (Clearbrief) — attorneys must manually verify all citations, increasing research time. No DMS integration capabilities.
Risk: Without Clearbrief, the citation verification burden falls entirely on the attorney, increasing the risk of AI hallucination-related errors reaching filed documents.
Recommendation: Choose this approach for solo practitioners, new practices with limited capital, or practices focused on transactional work (where case law research is less critical than contract analysis). Not recommended for litigation-heavy practices where citation accuracy is paramount.

Enterprise Approach: Harvey AI

For large firms (20+ attorneys), consider Harvey AI as the primary AI research and drafting platform. Harvey is an enterprise-grade GPT-powered platform trusted by top Am Law firms, offering the most advanced AI capabilities in legal tech. However, it requires a minimum of 20 seats at approximately $1,200/user/month, with an annual entry point of approximately $288,000.

Cost: Extremely expensive — $288,000+/year minimum entry point. Only viable for firms with 20+ attorneys and substantial technology budgets.
Capability: Most advanced AI capabilities available, including complex multi-step legal reasoning, document analysis, and drafting. Backed by $300M Series D funding (February 2025) at $3B valuation, indicating strong vendor viability.
Access: Not available to SMB firms — enterprise sales process with 20-seat minimums.
Recommendation: Only recommend to Am Law 200 or equivalent firms with substantial budgets and a commitment to AI-first legal practice. Not appropriate for the typical MSP client in the 5–15 attorney range. MSPs serving larger firms should explore Harvey's partner program opportunities.

Self-Hosted Open Source RAG Approach

Build a custom legal research tool using open-source components: LawGlance or similar open-source legal AI framework, combined with a self-hosted RAG (Retrieval-Augmented Generation) pipeline using LangChain or LlamaIndex, an open-source LLM (Llama 3, Mistral), and a vector database (Weaviate, ChromaDB) indexed against freely available case law from CourtListener/RECAP or free Fastcase access.

Warning

Cost: Lowest ongoing subscription cost — primarily cloud compute ($500–$2,000/month for GPU instances) plus MSP engineering time.

Critical

Capability: SEVERELY LIMITED — open-source tools lack access to authoritative, licensed case law databases (Westlaw/Lexis). Free case law databases like CourtListener have incomplete coverage, particularly for state court decisions. No Shepardizing or KeyCite equivalent for citation treatment. No professional liability coverage from a vendor.

Critical

Risk: EXTREMELY HIGH — using a self-built research tool for client matters without comprehensive, authoritative case law access could constitute malpractice. AI hallucination risk is higher with general-purpose LLMs not fine-tuned for legal reasoning. No SOC 2 or compliance certifications.

Warning

Complexity: Very high — requires ML engineering expertise that most MSPs do not have.

Critical

Recommendation: DO NOT RECOMMEND for client-facing legal research. May have limited value as an internal knowledge management tool for searching the firm's own documents, work product, and internal memos — but even this use case is better served by Lexis+ Protégé or Clio Work's internal document features. Only consider if the firm explicitly wants an internal-only knowledge base with no client-facing research output.

Want early access to the full toolkit?

← All Legal Services solutions