AI L1 Techs · Founder writeup
How I'm bringing AI L1 technicians to Syncro MSPs.
AI-powered L1 techs that live inside the Syncro instance you already have. No migration. No new platform. Priced against human L1 labor, not software.
What follows is a founder writeup of what's been built, what proved out, and what Prismatic is bringing to the rest of the industry.
See it work
A real password-reset ticket, hands-off in 90 seconds.
A locked-out user opens a ticket in Syncro. Within 15 seconds, the dispatcher classifies it as a password reset and routes it to the specialist agent. The agent verifies identity, resets the password, and updates the ticket. No human touch required.
What you're seeing is one deploy pattern: customer portal + secondary email loop for identity verification. That's our default ship because most Syncro MSPs already have those pieces in place. Different environment? Different verification flow works fine. No portal, SMS instead of email, AD lookup against your domain, your own escalation path. The dispatcher and specialist pattern stays the same. Only the verification step adapts to what you actually have.
The story
Eighteen years in the trenches, then a layoff, then this.
I've spent 18+ years in IT security and operations, with the last stretch at a small/mid-size MSP running Syncro for a portfolio of clients ranging from 5 to 600+ seats. About two months ago I was laid off, and I'm using that runway to bring something I built during that time to other MSPs in the same operational profile.
That something is a fleet of AI Techs that handle the L1 ticket queue. The password resets, the M365 onboarding and offboarding, the distribution list adds, the printer issues, and the language barriers that eat hours of L1 tech time every week.
This writeup is what I built, what proved out, and what the productized version delivers to MSPs that want to run this in their own environment.
The problem
Half the L1 queue is the same handful of categories.
Run an MSP on Syncro and you know the shape: 2,000–3,000 tickets a month, and a depressing portion of L1 volume is the same handful of categories. Industry data has consistently put password resets and account lockouts alone at 20–35% of help-desk volume. Gartner has been citing the 20–50% range for years, and more recent MSP-segment surveys land around a third. At the MSP where I built this, the rest of the L1 mix was the predictable shape every Syncro shop will recognize:
- Password resets and account lockouts: by far the largest single category, consistent with the 20–35% industry figure
- M365 user lifecycle work: new-hire onboarding, offboarding, license changes, mailbox handoffs (volume varies enormously by client churn)
- Distribution list and group membership changes: small ticket count, but every one is a quick win that doesn't develop your tech
- Printer issues: the canonical complaint that's almost never actually about the printer
Together these four are easily half of the L1 queue at most small-to-mid MSPs running M365-centric stacks. They're repetitive, procedural, and consume your L1's time on work that doesn't develop their skills or grow your business. They're also the categories where customers expect near-instant resolution, but a human L1 in a small shop can't deliver that during peak hours.
The standard MSP playbook for this is some combination of: scripts that handle the easy 20% but break on edge cases, hiring a second L1 (expensive, and they leave), outsourcing to a BPO (cheap but quality is uneven and clients hate the language barriers), or building automation in Make/Zapier with limited LLM integration.
None of these solve the actual problem, which is: an L1 ticket queue is a natural-language problem, not a workflow problem.
What I built
A fleet of specialist techs coordinated by a dispatcher.
A fleet of Python-based AI Techs, each handling a specific job, coordinated through a dispatcher that watches the Syncro ticket feed and routes incoming tickets to the appropriate specialist.
Architecture overview:
- Dispatcher. Watches the Syncro ticket queue via API, reads new tickets, classifies the request type, and routes to the appropriate specialist tech.
- Specialist techs. Each handles a specific job category: M365 onboarding, password reset, DL/group management, printer triage, and so on. Built modularly so adding new categories is fast. Each tech is its own Python module wired into the dispatcher.
- Translation tech. Runs Spanish-language tickets through AI for translation to English so the rest of the team can work them without needing the one Spanish-speaking tech on the floor.
- Logging and escalation. Every tech logs every action back to the original Syncro ticket as comments, so the technician audit trail is preserved. Tickets the techs can't handle confidently are marked with a status that flags them for human review.
The whole fleet runs on the GPT API for natural-language reasoning (intent detection, name resolution, response drafting) and on Microsoft Graph for the actual M365 operations (license assignment, group membership, mailbox configuration).
Why AI-native, not "automation"
Everything routes through a language model first, not string matching.
The reason this works where traditional automation struggles: everything routes through a language model first, not through string matching.
Concrete example: adding someone to a distribution list. Traditional automation needs the exact list name and the exact user identifier. If the ticket says "add Sarah to the marketing DL" instead of "add sarah.thompson@client.com to Marketing-Team@client.com," the script fails. If it says "the marketing list" or "marketing alias," it fails. If it says "markeitng" with a typo, it fails.
An LLM-based tech handles all of these. It looks up Sarah's actual address from Graph, resolves "the marketing DL" against the actual group list (handling misspellings, nicknames, and shorthand naturally), confirms the match, and executes. Same for groups, security policies, shared mailboxes, license assignments. Edge cases that break wildcard-based automation just resolve naturally.
And when the lookup is genuinely ambiguous, say there are two plausible "Sarahs" or two distribution lists with similar names, the tech writes back to the requesting user with the candidates and asks which one they meant. Just like a human technician would on the same ticket. It's not brute-forcing a guess.
It knows when to ask.
That's the actual unlock. Microsoft adding native AI features to their admin tools is interesting, but it's a different problem: those tools assume the user knows what they want inside the admin console. An L1 ticket is the opposite. A customer typing what they need in plain English, and the work is figuring out what that actually means in M365/AD/Syncro terms.
Why we're not an "AI helpdesk"
No migration. No rip-and-replace. Just techs inside your Syncro.
Most "AI helpdesk" vendors are selling you a new platform. New ticketing system, new client portal, new workflows, new training, new everything. The pitch is always "the destination is worth the migration."
Maybe. But every MSP owner who's actually done a platform migration knows it's an 18–24 month project that often never fully completes. New helpdesks get bought; old helpdesks rarely get fully decommissioned. You end up running two systems, with techs who default back to the one they know.
Prismatic is structured differently. We don't sell you a platform. We sell you AI-powered techs that plug into the Syncro instance you already have. Each tech does a specific job: passwords, DLs, M365 admin, ticket triage, knowledge-base answers, dispatch. They run 24/7. They don't quit. They cost less per month than a human L1 hire costs per week.
You keep your Syncro. You keep your workflows. You keep your client portal. You keep your billing setup. You keep your contracts. You just add L1 capacity, the way you'd add a human hire. Except this one is already trained and already integrated.
No migration. No rip-and-replace. No 2-year project. Just a tech that works for you.
Scope
What an AI L1 Tech doesn't do.
No tier-2 troubleshooting. No on-site work. Nothing that needs physical access or human judgment. Tickets the tech can't handle confidently get flagged for human review. Same escalation workflow your human L1 already uses.
What proved out
The honest accounting.
Honest accounting of what actually went into production versus what was built and demonstrated:
Spanish-to-English translation: live in production. Eliminated the bottleneck of routing Spanish tickets to one specific tech and removed the team's dependence on Google Translate for context. This was the clearest single win. Every Spanish ticket got translated automatically the moment it hit the queue, with the original preserved in the audit trail.
Dispatcher: built and operational. The architecture for routing tickets to specialist techs worked as designed. Tickets came in, got classified, and got handed off to the right tech.
M365 onboarding/offboarding, password reset, DL management, and printer triage techs: built and demonstrated. All wired to MS Graph for the actual operations, all working end-to-end in test conditions, all reporting back to Syncro tickets correctly. None of these reached unattended 24/7 production before the role ended.
I'm not going to claim numbers I don't have. The Spanish translation tech saved real time and frustration. The rest worked in demonstration but didn't run long enough to generate the kind of metrics a buyer would want.
The honest framing is: the architecture is proven, the techs are built, and Prismatic is the productized deployment for MSPs that want to run this in production from day one.
What a Prismatic deployment looks like
Cloud-hosted, customer-specific, four-week stand-up.
Productizing for other MSPs means a cloud-hosted deployment (not running on a developer laptop), customer-specific KB and ticket taxonomy training, and an integration spec for the customer's Syncro instance, M365 tenants, and any other tools in their stack.
The dispatcher and the tech architecture is reusable across deployments. The customization is in the customer's ticket categories, KB, and escalation rules. A typical deployment runs roughly:
- Week 1: Discovery, integration spec, Syncro API access, M365 Graph permissions, KB ingestion, ticket taxonomy mapping
- Weeks 2–3: Dispatcher and first two or three specialist techs deployed and tuned against live tickets
- Week 4: Additional techs added based on the customer's most-frequent ticket categories
- Ongoing: Monthly retainer covers monitoring, tuning, and adding new techs as new categories emerge
Pricing scaffolding (subject to scoping conversation):
- Initial deployment: $10,000–30,000 depending on integration complexity and category count
- Monthly retainer: $3,000–8,000 per AI L1 Tech deployed, where one AI Tech roughly equates to the ticket-handling capacity of one human L1
For context, that's 60–80% cheaper than hiring an equivalent human L1, but priced at the value of replacing one rather than the cost of an "automation tool."
Why now, why me
I built this stack at one MSP. I want to deploy it at others.
I built this stack at one MSP. I want to deploy it at others. The Syncro and MS Graph integration code is already written; Prismatic is the wrapper that delivers it to MSPs that don't have an in-house developer to build it themselves but absolutely want the outcome.
If you run a small or mid-size Syncro MSP and any of this resonates, I'd value a 15-minute conversation. Not pitching, just validating. I'm running 10–15 of these conversations over the next few weeks to make sure what I'm productizing is what MSPs actually want, before scaling outbound.
Book a call
Fifteen minutes, no pitch.
If this resonates and you'd like to talk through what an AI L1 Techs deployment in your shop might look like, pick a slot that works.