Always On IT
Start support

How it works

Four steps. No phone calls.

Always On IT replaces the helpdesk layer of a traditional MSP with a single autonomous AI agent. Here is what happens from the moment you sign up to the moment a ticket closes.

01

Secure sign-up

Create an account with your work email and a passkey. Your tenant is provisioned in a UK region with per-organisation encryption keys before you ever raise a ticket.

02

Identity verification

Each user verifies through your existing identity provider — Microsoft Entra, Google Workspace, or Okta. Device posture is checked on every session, so the AI always knows it's talking to the right person on a trusted endpoint.

03

Live AI support via chat

Open a chat from the web app, Slack or Teams. The AI replies in seconds, holds full context across your devices and prior tickets, and stays available 24/7 — including weekends and the small hours.

04

Automated fixes and guidance

For approved task types the AI acts directly: rotates tokens, resets MFA, restarts services, applies group policy, runs scripted fixes. Where action isn't appropriate, it walks you through the steps with clear, copy-pasteable instructions.

05

Clear boundaries on unsupported issues

If a request falls outside our scope — anything physical, regulated workloads, custom development — the AI says so plainly, points to the page that lists it, and suggests a sensible alternative. No vague promises, no quiet drop-offs.

Under the hood

A single model, scoped tools, narrow blast radius.

Reasoning

A frontier LLM held to a strict IT-support system prompt. Hallucinated fixes are blocked by tool-level validators before they reach a device.

Tools

A curated set of typed actions: M365 admin, Intune/Jamf MDM, Okta/Entra, Google Workspace, common SaaS APIs. Anything outside the set is refused.

Approvals

Destructive actions (mailbox deletion, mass policy changes, off-boarding) require an in-band approval from a named admin on your side.

Decision framework

How support decisions are made.

Always On IT is autonomous. There are no technicians sitting behind the chat — the AI agent decides what to do with each request by running it through five fixed checks. The same checks apply at 03:00 as at 15:00, to every customer, on every ticket.

01

Identity & subscription verification

Every request is tied to a verified user on an active subscription. Unverified sessions get nothing account-specific.

02

Physical access requirement

If a fix would require touching hardware, cabling, or being in a building, the request is out of scope by definition.

03

Platform support

The request must concern a platform on the supported list — Microsoft 365, Google Workspace, Entra, Okta, Intune, Jamf, common SaaS. Other platforms are declined.

04

Risk level

Low-risk reversible actions are executed directly. Destructive or wide-blast-radius actions require an in-band approval from a named admin.

05

Certainty of outcome

If the agent cannot reach a high-confidence answer with the data available, it says so plainly rather than guess.

Issues we handle automatically

Inside the framework

These pass all five checks: verified user, no physical access needed, supported platform, acceptable risk, high certainty of outcome. The agent acts or guides directly, in chat, in seconds.

  • Password resets and MFA re-enrolment on verified accounts
  • Microsoft 365 and Google Workspace mailbox, calendar and sharing issues
  • Email delivery diagnostics — SPF, DKIM, DMARC, quarantine review
  • Conditional access, sign-in failures, token and session troubleshooting
  • Device posture checks and guided fixes on Windows, macOS and mobile
  • SaaS account provisioning and de-provisioning through supported APIs
  • Security hygiene guidance and read-only backup recovery walkthroughs

Issues we don't handle (and why)

Declined, with the reason stated

When a request fails one of the checks, the agent says so plainly and explains which check it failed. No vague holding replies, no quiet drop-offs.

  • Physical hardware repair

    Requires being on site. The agent operates entirely online.

  • On-site networking, cabling or electrical work

    Outside the scope of a remote-only service.

  • Emergency incidents requiring physical access

    A locked server room or a dead switch needs hands, not chat.

  • Regulated workloads (FCA-supervised, NHS clinical systems)

    These require named accountable engineers under specific certifications we do not hold.

  • Bespoke software development and custom integrations

    Out of scope for a support service. We diagnose and configure, we do not build.

  • Anything unsafe, unlawful, or beyond a verified user's authority

    Refused on principle, regardless of how the request is phrased.

Get started

Open a chat. The AI picks up before the second ring — every time.

No onboarding calls. No sales process. Connect your devices and start raising tickets in under ten minutes.

Start support →See pricing