Skip to main content
Scheduled agents run on a cron cadence — daily, hourly, weekly — and execute tasks based entirely on your custom instructions and enabled tools. Unlike triggered agents that react to a specific ticket, scheduled agents work without any PSA entity. They’re ideal for proactive operations like compliance audits, account hygiene, and recurring M365 administration.
Think of triggered agents as reactive (something happened, go handle it) and scheduled agents as proactive (go check on things, take action if needed).

Triggered vs scheduled agents

Triggered AgentScheduled Agent
Starts whenA PSA event occurs (ticket created, updated, etc.)A schedule fires (daily at 8 AM, every hour, etc.)
Works onA specific ticket or time entryNo entity — runs from custom instructions alone
ContextTicket details, end client company, contactMSP-wide context, available tools, custom instructions
Use caseResolve issues, triage, communicate with usersAudits, hygiene, compliance, recurring admin tasks
ConversationContinues across runs on the same ticketFresh conversation each schedule fire

How it works

1

Schedule fires

At the configured cadence (e.g., daily at 6 AM), the agent starts a new execution.
2

Agent reads instructions

The agent loads your custom instructions, enabled tools, and any loaded skills. There is no ticket to analyze — your instructions define the task.
3

Agent uses tools

The agent executes the task: querying M365 environments, searching documentation, running RMM scripts, or any other enabled tool.
4

Results and approvals

The agent can request technician approval (TIL) before sensitive actions, send notifications via Teams or email, and create tickets for issues it finds.
If the agent requests Technician-in-the-Loop approval or kicks off an RMM script, the execution pauses until the technician responds or the script completes. The agent then resumes with full context of what it was doing.

Setting up a scheduled agent

1

Create a new agent

Go to WorkflowsCreate and select Agent.
2

Set the trigger to Scheduled

Under Trigger, select Scheduled and configure your cadence (e.g., daily at 6:00 AM, weekly on Mondays).
3

Skip the entity filter

Since this agent doesn’t process tickets, you don’t need to configure a FIND_ENTITIES filter. The verification step will confirm this is valid for scheduled agents.
4

Enable tools

Select the tools the agent needs. For M365 tasks, the relevant Microsoft 365 tools are auto-enabled based on your integration’s permission groups.Other commonly used tools for scheduled agents:
  • Search tools — Find Documentation, Find Tickets by Content/Metadata
  • Communication tools — Send Teams Message, Send Email
  • Management tools — Create New Ticket, Trigger or Schedule Workflow
  • Resolution tools — Execute RMM Script
5

Write custom instructions

This is the most important step. Your custom instructions define exactly what the agent does each run. Be specific about:
  • What to check or audit
  • Which companies/tenants to operate on (or all)
  • What thresholds or criteria to act on
  • What action to take when issues are found
  • How to report results
See use cases below for examples.
6

Configure safety controls

  • Test mode: Start with test mode on. The agent will log what it would do without taking real actions.
  • Technician-in-the-Loop: Enable TIL on your M365 permission groups for any write operations. The agent will pause and request approval before making changes.
  • Access profiles: Use the Helpdesk or IT Admin preset to ensure TIL is required on sensitive operations.
7

Set the schedule and enable

Configure your schedule cadence, set execution windows if needed (e.g., only during business hours), and enable the workflow.

Use cases

Goal: Detect unauthorized admin role assignments across M365 tenants daily.Tools: Microsoft 365 (Directory Roles, Audit & Reports)Custom instructions example:
For each connected M365 tenant:
1. List all current directory role assignments for privileged roles
   (Global Administrator, Exchange Administrator, SharePoint Administrator,
   Security Administrator, Privileged Role Administrator)
2. Compare against the audit log for role assignment events in the last 24 hours
3. If any new admin assignments are found, send a Teams notification to the
   security channel with: who was assigned, which role, when, and by whom
4. If no new assignments are found, do not send any notification
Goal: Find and disable accounts with no sign-in activity for 90+ days.Tools: Microsoft 365 (User Management, Audit & Reports)Custom instructions example:
For each connected M365 tenant:
1. Search for user accounts where the last sign-in date is more than 90 days ago
2. Exclude service accounts and break-glass accounts (accounts containing
   "svc-", "breakglass", or "emergency" in the display name)
3. For each inactive account found, request technician approval before disabling
4. Once approved, block sign-in for the account
5. After processing all accounts, send a summary to the IT Admin Teams channel
   listing accounts disabled and any that were skipped
Always enable Technician-in-the-Loop for agents that disable accounts. A misconfigured filter could lock out active users.
Goal: Monthly password rotation for privileged accounts.Tools: Microsoft 365 (Security, Directory Roles), Generate PasswordCustom instructions example:
For each connected M365 tenant:
1. List all users with Global Administrator or Privileged Role Administrator roles
2. Also list any service accounts (accounts with "svc-" in the display name)
3. For each account, generate a new secure password and request technician
   approval before resetting
4. Once approved, reset the password
5. Send the new credentials securely to the designated admin contact via
   a secure link
6. Log a summary of all rotated accounts as an internal note
Goal: Identify outdated KB articles based on recent ticket trends.Tools: Find Documentation, Find Tickets by Content, Send Teams MessageCustom instructions example:
1. Search recent resolved tickets from the past 7 days for recurring topics
2. For each topic, search the documentation library for related KB articles
3. Flag any articles that haven't been updated in 6+ months but relate to
   a topic with recent ticket activity
4. Send a summary to the documentation-review Teams channel with article
   titles and the ticket topics they relate to
Goal: Weekly summary of tickets that haven’t been updated in 7+ days.Tools: Find Tickets by Metadata, Send Teams MessageCustom instructions example:
1. Search for all open tickets that haven't been updated in the last 7 days
2. Group by assigned technician
3. Send a summary to the service-desk Teams channel listing each technician
   and their stale tickets, sorted by age
Coming soon: Audit enterprise applications (app registrations and service principals). This capability is on the roadmap and will unlock additional scheduled agent use cases.

Best practices

Enable test mode for your first few runs. Review the agent’s execution log in Event History to verify it’s doing what you expect before enabling real actions.
Any agent that modifies accounts, resets passwords, or disables users should require TIL approval. Use the Helpdesk or IT Admin access profile on your M365 integration to enforce this.
Scheduled agents have no ticket to provide context — your custom instructions are the entire task definition. Include: what to check, which tenants/companies, what thresholds trigger action, and how to report results.
Match the schedule to the urgency of the task. Security audits might run daily, password rotations monthly, documentation reviews weekly. Avoid running more frequently than needed.
If an agent should only operate on certain client tenants, specify that in your custom instructions. The agent has access to all connected M365 tenants by default.