Features

What iSolve.IT does

An overview of the features of iSolve.IT:

How iSolve.IT works
Request
TW
“Please set me up with access to the marketing drive.”
Employee · Microsoft Teams
iSolve.IT
iSolve.IT
processes the request
Draws on context
Knowledge base
AI engine
System profile
Live status
Outcome · depending on the case
Answer & solution
Solves right in the chat
Handover to IT
Escalates as a ticket
Action after approval
Executes once approved
01 · CHAT

In the web chat and in your usual messenger

You reach iSolve.IT in the web browser and via the common messengers. The answer comes back through the same channel the question was asked on.

Microsoft Teams · #it-support
TW
Can I get Adobe Illustrator for the marketing project?
Sure. I have a free Adobe CC license, Tobias still has to approve it, I'll get back to you in seconds.
Adobe CC assigned · approved by Tobias
TW
Perfect, thanks.

Web chat

Browser interface with login via a one-time code. Ongoing conversations and tickets in the sidebar. Answers appear as streaming text. Files and screenshots via drag & drop.

Messenger integration

Supported are Microsoft Teams, Slack, Zulip, Telegram, and Rocket.Chat. Attachments are sent along as a messenger file.

  • /new, start a new conversation
  • /issues, show your own tickets
  • /status <ticket no.>, check the status of a ticket
  • /solved, mark the current conversation as solved
02 · KNOWLEDGE & CONTEXT

Context sources

For every answer and every action, iSolve.IT draws on three data sources. When you change something in a source, it takes effect immediately, without any restart.

Context sources · active
System profile
OS · Office · Mail · VPN · Printers
active
Knowledge base
243 articles · 12 new last week
active
Live status
MS 365 · checked every 5 min
active
Assistants
Actions · Ticket · Escalation · Office · IT
5 active

System profile

The stored description of the customer's IT environment. It is evaluated on every request so that answers match the specific version and configuration state.

  • Operating system, Office versions, mail and authentication system, domain, VPN
  • Network drives, printers, standard software
  • Your own notes and specifics

Company knowledge base

Manually maintained articles from the IT department as well as automatically generated articles from solved cases (see section 03).

Live status

Microsoft 365 and business applications configured on the customer side are checked every 5 minutes. In the event of an active outage, the notice is included in affected answers.

Specialized assistants

Requests are routed internally to the right assistant: action, ticket, and escalation assistant as well as specialists for Office topics and general IT. Off-topic requests are declined.

03 · KNOWLEDGE BASE

Knowledge base and solution review

The knowledge base holds two kinds of articles: those the IT department maintains itself, and those the system generates automatically from solved cases.

Knowledge review · pending draft
Reset VPN certificate cache on macOS 14.4
Automatically generated from conversation #a-4172 · anonymized
On macOS 14.4 with AnyConnect 5.0 there is a known bug in the certificate cache. To fix it: quit AnyConnect completely, search for "VPN" in Keychain Access and remove the cache entries, restart AnyConnect.
Duplicate check: no similar articles

Automatic article drafts

When a conversation is marked as solved or a ticket is closed, the system generates an article draft. Personal data (names, email addresses, IP addresses, identifying timestamps) are removed before storage.

Solution review

Admins see each draft next to the underlying conversation and decide with a click to approve or discard. Duplicates are detected automatically. A badge in the sidebar shows the number of open drafts.

04 · ACTIONS

Standard changes with approval

Standard changes such as a group membership, a password reset, a license assignment, or a new account are captured directly in the chat. An authorized person approves them, then the system carries them out.

Approval pending · admin.i-solve.it
Create AD user · MS 365 license

New employee · marketing team · M365 E3.

action: ad.user.create
upn: lea.hoffmann@albrecht.services
groups: [marketing, all-staff]
license: Microsoft 365 E3
approval-rule: four-eyes principle

Supported systems

All systems run through the same approval and audit system:

  • Microsoft 365 / Entra ID — groups, licenses, MFA reset, user creation, devices (wipe / retire)
  • Exchange Online — distribution lists, mailbox delegation, auto-reply
  • Google Workspace — feature set analogous to Microsoft 365
  • Active Directory — via a secure local SSH proxy
  • Linux — user management via a secure local SSH proxy
  • Synology NAS — users and groups
  • Adobe Admin Console — enterprise users and product profiles
  • Jira — user and group management
  • Jamf Pro — Apple device management (macOS, iOS)
  • Slack — users, groups, and channels
  • Zulip — administration

Composite workflows

Several actions can be executed as a composite workflow:

  • clone_user, create a new user with the permissions of a specified template person, in all activated systems
  • onboard_user, create a new user based on a role template
  • offboard_user, reversible offboarding in two phases: immediate lockout with session revocation, out-of-office message, and mailbox delegation; after 30 days, return of the license and conversion into a shared mailbox
  • schedule_onboarding, planning around the start date with a hardware ticket and automatic provisioning

Governance

Rules control who may approve which actions:

  • Owner fast-track, owners of a group or resource approve requests to it directly
  • M-of-N, multi-approval (e.g. two of three) for sensitive actions
  • Strict mode, no admin override; only the responsible person decides
  • Allowlist mode, only rule-covered requests are accepted
  • Four-eyes principle, no one approves their own request
  • Security-critical actions (MFA reset, device wipe, account lifecycle, password, mailbox delegation) in strict mode out of the box
05 · ROLE TEMPLATES

Role and department templates

In a role template you define once which groups, licenses, and applications a role needs. On every new hire, the system falls back on the same template.

Role template · Marketing
Access
marketing@ all-staff@ creative-cloud
Licenses
Microsoft 365 E3 7 / 25Adobe CC 3 / 5
Software (via MDM)
Adobe IllustratorFigmaSlack
Inherits from
Base template · All-Staff

Contents of a template

Access per system (groups, distribution lists, licenses per provider), equipment (target operating system, hardware, applications), and MDM groups for automatic software rollout via Entra groups.

Selection from connected systems

During maintenance, groups and licenses are loaded directly from the connected systems, including current usage (e.g. "7 of 25 in use").

Inheritance

A role template can reference a base template, for example a standard template with apps and access that all employees receive. The derived role carries only the deviations. Lists are merged, access per system is combined.

PowerShell script generation

A template can contain a step list, from app installations to your own PowerShell code. From this the system generates a PowerShell + winget script for IT to run on the Windows machine. The server does not run the script itself.

06 · MONITORING

Live status of business applications

Alongside classic IT services, industry-specific applications can also be connected, such as prepress software, order management systems, or your own web services.

Live status · last check 2 min ago
Exchange Online
mail.office365.com
Normal
Teams
teams.microsoft.com
Normal
SharePoint
albrecht.sharepoint.com
Normal
Entra ID
MFA latency elevated
Notice
Internal DMS
dms.albrecht.local · HTTP 200
Normal
Order DB
TCP 5432 · via SSH tunnel
Normal

Availability checks

Tools are stored per business process. One check per tool: HTTP, TCP port, UDP probe, or ping. Internal services behind the firewall are reached via the local SSH proxy. Check interval: 5 minutes.

Microsoft 365 service health

The official Microsoft service health for Exchange, Teams, SharePoint, and Entra is queried every 5 minutes. In the event of a reported outage, the notice is included in answers about affected services.

07 · TICKETS

Tickets and handover to internal IT

If a request can't be solved automatically or needs a second pair of eyes, the case goes to internal IT – and only then is a ticket created.

Tickets · board view
Open · 3
Excel pivot crashes
#2451 · Julia K.
New printer 3rd floor
#2453 · Paul R.
In progress · 2
SharePoint access
#2448 · Tobias A.
VPN issues HR
#2449 · Marie L.
Done · 1
Adobe license TW
#2446 · completed

When a ticket arises

On being marked "not solved", on active escalation by the employee, or on manual creation by an admin. Conversations closed due to inactivity do not create a ticket.

  • Title, description, interactive to-do list, responsibility, due date
  • Status: Open → In progress → Done
  • Two views: list or board (Trello style), status change via drag & drop
  • Comments are delivered through the employee's original channel (web or messenger)

Handover by email

Via named email targets (a person or a team), iSolve.IT hands over steps that can't be automated to the responsible party by email or asks a follow-up question — traceable and without a media break.

Admin takeover

Admins can follow along in ongoing conversations and take them over. During the takeover, iSolve.IT pauses. The employee sees the answers with the sender marking "Staff". A typing indicator shows that an answer is being written.

Inactivity detection

After 15 minutes without a reply, a follow-up with yes/no buttons is posed. After 1 hour, a notice about the planned closure in 24 hours follows. After about 25 hours, the conversation is closed automatically. No ticket arises.

08 · SECURITY & DATA PROTECTION

Security and data protection

iSolve.IT is GDPR-compliant and runs for each customer in its own single-tenant instance.

Audit log · last 7 events
14:32:07ad.user.create · lea.hoffmann@…OK
14:31:52approval.granted · tobias.a@…OK
14:30:41vpn.cache.reset · anna.h@…OK
14:28:19ticket.close · #2451DONE
14:24:03m365.license.assign · Lea H.OK
14:20:12chat.escalate · tobias.a@…HUMAN
14:14:36login.success · admin@…OK

Passwordless login

Login via a one-time code to the company email address. Session duration: 7 days. Web chat access requires a login. An optional allowlist limits the permitted email domains.

Encrypted credentials

Credentials for connected systems (Microsoft 365, Google, Exchange, Adobe, Active Directory, Linux, Synology, Jira, Jamf Pro, Slack, SSH proxy, messenger) are stored encrypted in the database.

Audit log

Logged are ticket actions, user and role changes, login events, connection changes, approval decisions (with a note on read action, owner fast-track, or classic approval), on- and offboarding workflows, as well as conversation takeovers.

Single-tenant per customer

One installation per customer, without data mixing between customers. Cloud operation in German data centers or self-hosting by the customer. Delivered as a Docker container.

FAQ

Frequent questions

What is iSolve.IT?+

iSolve.IT is an AI-powered service desk for internal IT requests. Employees ask their questions directly in the web chat and in the messenger they already use (Microsoft Teams, Slack, Zulip, Telegram, Rocket.Chat). iSolve.IT answers standard questions, gathers missing information, triggers approval-gated actions in Microsoft 365, Google Workspace, Exchange, Active Directory, Linux, Synology, Adobe, Jira, Jamf Pro, Slack, and Zulip, and creates structured tickets when the internal IT team needs to take over. All with real company context from the system profile, a knowledge base that grows on its own, and live status. GDPR-compliant, single-tenant, as a cloud service or self-hosted.

How exactly does iSolve.IT save my IT team time?+

Three levers. First: standard changes such as group membership, password resets, license assignment, or mailbox delegation are no longer worked off as tickets but executed by the system after approval – typically saving 5–15 minutes of pure manual work per case. Second: onboarding and offboarding run role-based across all systems at once (Microsoft 365, Google, AD, Linux, Synology, Adobe, Jira, Slack, Zulip) instead of being rebuilt one by one – hours turn into minutes. Third: the AI answers recurring employee questions instantly, drawing on your company-specific knowledge base, so IT is no longer interrupted for every routine problem.

Do we have to replace or migrate our existing tools?+

No. iSolve.IT doesn't replace your stack – it plugs into it. It sits as a layer over your existing landscape, talks to the systems you already have (Microsoft 365, Google Workspace, Exchange, Active Directory, Linux, Synology, Adobe, Jira, Jamf Pro, Slack, Zulip), and orchestrates them – without you migrating or retiring anything. Large platforms usually want to become the new center that you migrate your entire stack onto; iSolve.IT takes the opposite path. That's exactly why adoption stays easy: no rip-and-replace, no months-long migration project.

How does the AI know our system environment?+

iSolve.IT works with three context sources that feed into every answer and every action. (1) The system profile describes what runs in the company: operating system, Office versions, mail and authentication system, domain, VPN, network drives, printers, standard software, your own notes. (2) The company knowledge base holds manually maintained IT articles plus drafts that are generated automatically after each solved case and published after a quick review. (3) Production knowledge checks Microsoft 365 and your business applications every 5 minutes – the AI proactively consults the live status before it diagnoses. Changes take effect immediately, without a restart.

Which systems can iSolve.IT drive for standard changes?+

Microsoft 365 and Entra ID (groups, licenses, devices, MFA reset, user creation), Exchange Online (distribution lists, mailbox delegation, auto-reply), Google Workspace (a full mirror of the MS365 catalog), Active Directory via secure local access (password reset, account lifecycle, AD groups), Synology NAS, Adobe Admin Console (product profiles, user groups), Linux (user management via a secure local SSH proxy), Jira (users and groups), Jamf Pro (Apple device management, macOS/iOS), Slack (users, groups, and channels), and Zulip administration. All systems run through the same approval and audit system. Steps that can't be automated are handed off by iSolve.IT to a person or team via named email targets.

How does the knowledge base work?+

The knowledge base holds manually maintained articles and automatically generated drafts. After each solved case, the AI writes an anonymized draft article (names, emails, IP addresses, and identifying timestamps are removed). An admin sees all drafts in the solution-review view next to the original conversation and approves or discards with one click. Duplicates are detected automatically.

Who is allowed to approve which actions?+

Rules define who may approve what – e.g. marketing group membership is decided by the marketing lead. There is an owner fast-track (owners of a group approve requests to their group themselves), M-of-N multi-approval for sensitive actions, a strict mode that rules out admin override, and an allowlist mode that only accepts rule-covered requests. No one can approve their own request (four-eyes principle). Security-critical actions like MFA reset or device wipe are in strict mode out of the box.

How is iSolve.IT operated? Cloud or on-premise?+

iSolve.IT is fully containerized (Docker). Each customer runs their own separate single-tenant installation – there is no data mixing between customers. It typically runs self-hosted on your own infrastructure or in a German data center operated by our hosting partner uvensys. Email is sent through your existing SMTP setup, and all messenger and provider connections are configured entirely in the admin area – without touching configuration files.

How secure are our credentials?+

All messenger credentials and cloud credentials (Microsoft 365, Google, Exchange, Adobe, Active Directory, Linux, Synology, Jira, Jamf Pro, Slack, SSH proxy) are stored encrypted in the database – never in plain text. For internal company systems (AD, NAS) there is an integrated encrypted SSH proxy via a jump host with host-key verification. For each service, an admin decides with a toggle whether it should be reached directly or through the SSH proxy.

How is login secured?+

Login is done via a one-time code sent to the company email – no password, no reset overhead. Optionally, an allowlist can define which email domains may sign in (e.g. only @company.com), with individual external addresses as exceptions. The web chat always requires login – no anonymous requests. Messenger users are already authenticated through the company's own messenger.

What does iSolve.IT cost?+

iSolve.IT is licensed per installation. Concrete prices depend on the number of employees, the integrated systems, and the operating model (self-hosted vs. hosted by us in a German data center). Please request an appointment via the demo request form – we reply within 24 hours with an individual quote.

How does the AI handle data protection?+

iSolve.IT is GDPR-compliant: AI-generated knowledge articles are anonymized automatically. Deleting an account anonymizes the user in conversations and tickets, so reporting is preserved but there is no personal reference. Every AI call is recorded with tokens and model, so you can analyze usage per model and phase – including a configurable retention period. A complete audit log records all relevant admin actions.

Does the AI stay on topic or answer anything?+

The AI stays strictly on topic: IT and Office support. Off-topic requests such as small talk, creative writing, or legal and medical advice are politely declined. This ensures clear purpose limitation and prevents misuse of the system.

Features in detail · iSolve.IT