Product

A first-class citizen that does things.

aidizen ships Aids — per-customer Linux containers bound to a real identity in your IDM. An Aid shows up in Teams, takes DMs, and takes action against your admin surface. Everything they do is logged in your own audit trail under their name — because they are a first-class citizen in your enterprise, not an employee, not a bot identity.

End-user view

The full Teams DM flow.

A live example. Doug needs to grant a new hire an E3 license. He doesn't need to know what an "Entra group" is, or where the M365 admin centre lives. He just DMs Sam, the way he DMs anybody.

  1. Doug opens Teams, finds SamHelpDesk@clinicalcarepartners.com in the directory, starts a DM.
  2. Doug types the request in plain English.
  3. Sam parses it, summarises the intended action, and asks for explicit confirmation.
  4. Doug confirms with yes. Sam runs the change against Microsoft Graph as itself.
  5. Audit log entry lands in M365 under Sam's name, on behalf of Doug, including Doug's confirmation.
SH
Sam HelpDesk
SamHelpDesk@clinicalcarepartners.com · Available
Can you give Sarah Lin an E3 license? She started today.
I'll assign E3 to sarah.lin@clinicalcarepartners.com. Confirm with "yes".
Sam HelpDesk · just now
yes
Done. Sarah now has 1 license (E3). Logged m365.license.assign at 10:14.
Sam HelpDesk · 3s ago
also reset doug's password
I'll force a password reset for doug@clinicalcarepartners.com at next login. Confirm with "yes".
Sam HelpDesk · 1s ago
Type a message…
Behind the scenes

What happens between DM and audit log.

Five hops. The customer's audit log is the source of truth — everything the Aid does ends there.

  • 1. DM arrives. A Teams message triggers a Microsoft Graph change-notification webhook to the customer's container.
  • 2. Reasoning. The container hands the message to the configured orchestrator (Claude / GPT / local LLM / OpenClaw / Hermes) over MCP.
  • 3. Tool call. The orchestrator picks a tool from the aidizen MCP server (e.g. m365_license_assign).
  • 4. Confirmation gate. Any state-changing tool requires explicit user confirmation in the DM. No exceptions.
  • 5. Action + reply. The container calls Graph as the Admin app, posts the result as Sam, and the action lands in the customer's audit log.
# A typical confirmed run, conceptually
on teams_dm(from=doug):
  intent = orchestrator.reason(message)
  if intent.is_state_changing:
    reply("I'll {{summary}}. Confirm with 'yes'.")
    await user_confirm()
  result = mcp.call(intent.tool, intent.args)
  reply("Done. {{result.summary}} — logged {{result.audit_id}}")

# Audit log entry, customer-side:
# actor:    SamHelpDesk@clinicalcarepartners.com
# action:   m365.license.assign
# target:   sarah.lin@clinicalcarepartners.com (E3)
# on_behalf_of: doug@clinicalcarepartners.com
# confirmed_at: 2026-05-21T10:14:08Z
Tool catalog · v1

Thirteen admin tools that cover ~80% of helpdesk volume.

Narrow surface on purpose. The Aid declines anything outside the catalog. Anything genuinely unusual escalates to a human — by design, not as a bug.

m365_user_create
m365_user_disable
m365_user_password_reset
m365_user_mfa_reset
m365_license_assign
m365_license_revoke
m365_license_inventory
m365_group_member_add
m365_group_member_remove
m365_distribution_list_create
m365_shared_mailbox_grant
m365_directory_lookup
m365_audit_query

Every tool emits a structured audit record. v2 expands the catalog (conditional access, device, Exchange transport, SharePoint sharing). Customer-specific runbooks land in v3 as the skills marketplace.

The brain is yours

Bring your own LLM. Or run one locally.

The orchestrator slot is pluggable. We integrate over MCP, so any compliant harness can drive aidizen's tool surface. The deployment, the audit, the integration to Teams — all identical regardless of which brain is selected.

  • OpenAI-compatible — Anthropic Claude, OpenAI GPT, vLLM, llama.cpp, anything that speaks the API.
  • OpenClaw — gateway, memory, skills, scheduled work.
  • Hermes — Nous Research's open agent harness.
  • Local-only mode — for HIPAA / GDPR / SOC2 customers that need the model to stay in-tenant.

Orchestrator slot

Claude
OpenAI
OpenClaw
Hermes
vLLM (local)
llama.cpp (local)

Swap orchestrators per-customer without changing anything about the audit trail, the tool surface, or the end-user experience.

Identity model

Same Aid, any IDM.

The pattern — "a first-class citizen in your enterprise that acts like an admin" — is what makes the audit story work. We're building on open identity protocols (some we're authoring) so that pattern is portable.

Today · Entra ID

Microsoft 365 + Entra is v1. The Aid uses two app registrations: a narrow one for chat, a broader one for admin actions. Graph subscriptions deliver DMs.

Shipping

Next · Okta, Google Workspace, JumpCloud

The same Aid pattern, the same audit posture, against each IDM's native primitives. Identity adapter swap; the rest is unchanged.

Roadmap · 2026

Later · HRIS / employee systems

The system that already knows who an employee is should also be where the Aid identity is provisioned. That's the v3 horizon and the protocol work is for.

Horizon · v3

Operator workflow

Onboarding a new customer.

Customer's identity admin (one-time, ~15 min)

Creates the AIAid user (e.g. SamHelpDesk@yourco.com), registers two app registrations (chat scope + admin scope), and grants admin consent. Our shell script drives this via Graph; it's roughly three commands.

Our operator (one-time per customer, ~5 min)

Runs onboard-customer.sh on aidizen's hosting infrastructure (peasyCloud). The script allocates a port, generates secrets, brings up the per-customer container, walks the AIAid user through a device-code login, and starts the Graph webhook subscription.

End users (zero-time)

They just start DM'ing the Aid in Teams. No client install, no browser extension, no portal. The Aid is a first-class citizen in your enterprise.

Day-2 operations — credential rotation, persona swaps, capability changes, customer offboarding — all have runbooks. All operator-side. None customer-facing.

What aidizen is not

Scope is the feature.

We chose to ship one thing well rather than ten things half-built. The boundary is part of the product.

Not a general-purpose chatbot

Scope is admin actions, period. The Aid declines anything outside its tool catalog.

Not a human replacement

Strong on the high-frequency, well-defined surface. Anything genuinely unusual escalates to a human.

Not multi-channel (today)

Microsoft Teams DM is the v1 surface. Email and SMS land in v3 — explicitly later, not sooner.

Not a Bot Framework deployment

The Aid is a first-class citizen in your enterprise, not a bot, not a service account. That distinction is the entire audit-and-compliance story.

Want to see it run against a real tenant?

We'll bring a Sam HelpDesk into a sandbox, DM it together, then show you the audit log.

Claim your free Aid See security model