DaemonLayer checks user data, permissions, and service health automatically, and can safely perform actions like password resets when allowed.
Microsoft 365 is used during triage to validate facts, gather context, and, where allowed, execute controlled actions. Technicians start with answers, not questions.
Verify user identity and reset passwords automatically, or require approval before execution. Eliminate repetitive tickets without sacrificing security.
Password-related tickets are typically the largest volume category.
A single ticket — "Anneleen starts Monday" or "Tom's last day is Friday" — is enough. DaemonLayer builds the username, infers the right groups, assigns a licence, and emails the temp password straight to the requester. On the way out, it disables the account, revokes sessions, converts the mailbox to shared, and strips delegate access tenant-wide. Nothing is ever hard-deleted.
Automatically verify group memberships, license assignments, and permissions when tickets arrive. Identify instantly whether "I can't access this file" is a membership issue, a licensing problem, or something else entirely.
Service health is checked during triage and attached to the ticket. If Microsoft is the issue, you know immediately, before any time is wasted.
Routine M365 requests — mailbox access, group changes, out-of-office, profile updates — are resolved automatically the moment they arrive. Your team gets the ticket already closed, with a full audit note attached.
Every Microsoft 365 action runs within the boundaries you define. Start with full visibility and expand automation on your own terms.
No hidden automation. No loss of control.
Write access enabled. Actions are approval-gated per workflow.
Common questions about this integration
DaemonLayer uses Microsoft Graph API with OAuth 2.0 and Azure AD app registration. You control exactly which M365 services and data DaemonLayer can access through granular permission scopes. All connections are encrypted and comply with Microsoft security best practices.
Yes. When properly configured, DaemonLayer can autonomously reset user passwords through Microsoft Graph API after verifying user identity through your configured authentication methods. This eliminates one of the most common L1 ticket types while maintaining security.
Yes. From a plain-English new-hire ticket in your PSA, DaemonLayer creates the Microsoft 365 account using the client's own naming convention, checks for duplicates, infers group membership from the existing directory, assigns a licence, and creates the matching PSA contact. Role-assignable (privileged) groups are always stripped before the account is created — that gate runs in code and cannot be approved past.
Nothing is ever permanently deleted. Offboarding disables the account, revokes active sessions, converts the mailbox to a shared mailbox, removes licences and group memberships, strips delegate access across the whole tenant, and soft-deletes the account — restorable for 30 days. Accounts holding a privileged directory role such as Global Admin are never automated at all; they route straight to the service desk.
For email automation, DaemonLayer needs read access to your designated support mailbox (typically [email protected]). We can optionally request send permissions if you want DaemonLayer to respond to emails. You can revoke these permissions at any time.
DaemonLayer only caches minimal metadata needed for ticket resolution (e.g., recent sign-in logs for a specific user being investigated). We don't store email content, passwords, or sensitive M365 data. All data queries are made in real-time when needed.
DaemonLayer monitors Microsoft 365 Service Health API for incidents affecting your tenant. When Microsoft reports an outage or degradation, DaemonLayer proactively updates related tickets, informs end users, and prevents duplicate support requests.
Connect your PSA, and DaemonLayer starts triaging, resolving, and routing, no scripting, no setup calls. Cancel anytime.
Prefer a walkthrough? Book a demo →