Help Center
Log in
Log in

How can we help?

Common topics:

AI, Tickets, Agents
Help Center
In this Article:
    1. Atera Support
    2. Library
    3. Special notices

    Robin (IT Autopilot) Security & Compliance FAQ

    Julian Kudo

    Robin (IT Autopilot), is Atera’s autonomous IT agent and AI-powered assistant for IT teams and end users. This FAQ covers the most common security, privacy, and compliance questions, so you can better understand how Robin operates, protects data, and fits into your environment.

     

    Data privacy and hosting

    Where is my data hosted?

    Robin’s AI model runs on Microsoft Azure OpenAI, which provides enterprise-grade security and data sovereignty. For North American customers, all customer data is stored in the United States on dedicated Azure infrastructure. For European customers and the rest of the world, data is stored in Europe.

     

    Is my data used to train OpenAI, Microsoft, or Atera models?

    No. Customer data is never shared with OpenAI or Microsoft, and is not used to train any AI models, including Atera’s own. Your data is fully segregated and used solely to service your environment.

     

    Are customer environments isolated from one another?

    Yes. Customer environments are logically separated within Azure. Each organization’s data is isolated, ensuring there is no cross-tenant data access.

     

    Is data encrypted?

    Yes. All data is encrypted both at rest and in transit using industry-standard encryption protocols.

     

    Does Robin access or crawl local files on end-user devices?

    No. Robin does not crawl, read, or index content from local files, such as PDFs stored on a user’s desktop, during normal operation, background scans, or support sessions.

     

    Abuse and content safety

    Does Robin have safeguards to filter harmful or malicious content? 

    Yes. Robin uses Microsoft Prompt Shield to block malicious prompts, abuse attempts, and harmful content before it reaches the AI model.

    This layer is always on and cannot be disabled, ensuring interactions stay compliant and professional.

     

    Identity verification and safety controls

    How does Robin handle high-sensitivity tasks like password resets?

    Any high-sensitivity task, particularly password resets, triggers a mandatory multi-factor authentication step through a one-time password (OTP). This helps ensure the person requesting the action is who they claim to be.

    How does identity proofing work?

    Requests are validated against the user’s registered devices. Robin confirms that the request originates from a known, authorized endpoint before proceeding. In most cases, those devices are provisioned through a direct integration with Azure AD.

    Are Robin’s actions limited in scope?

    Yes. All AI operations are restricted to predefined IT support boundaries. Robin cannot act outside the scope you define for it.

     

    Approvals and human-in-the-loop

    Is human approval required before Robin executes high-risk actions?

    Yes. There is mandatory technician approval for high-risk scripts and code. When Robin generates or recommends a script, it does not become active or executable right away. It is presented as a suggestion, and a human must review, approve, and explicitly enable it before Robin can use it.

    How do approval flows work? What happens if the manager field in AD is missing or inconsistent?

    Approval flows are fully customizable. You can define who approves, such as one manager, two managers, or any manager from a specific group, and where the approval data comes from, such as Azure AD,

    Workday, or any other HR system. If the conditions are not met, the ticket will be escalated. 

    Can we create our own business rules and guardrails?

    Yes. Robin supports custom instructions, knowledge base articles, and playbooks, where you define business-specific rules in plain language, including approval flows, escalation criteria, guardrails, and boundaries. Robin follows these instructions just like a new technician following your runbook.

     

    Audit trail and visibility

    Are Robin’s actions logged?

    Yes. Every action Robin takes is logged under a unique Robin technician ID. The logs include the original user prompt, Robin’s reasoning, and the executed action or code. This provides greater visibility than a human technician, since every step is recorded.

    Can we export audit logs for compliance or forensic analysis?

    Yes. All audit trails are exportable, either through manual export or via API. You can integrate this data into your existing compliance and forensic workflows.

    Does Atera support SIEM integration for Robin’s activity?

    Yes. Atera offers direct SIEM integration so Robin’s activity logs can be forwarded to your Security Operations Center (SOC) or SIEM platform.

     

    Deployment and end-user access

    Is Robin browser-based, an installed application, or something else? How does the end user interact with it?

    Robin’s deployment is flexible and entirely up to you. It can operate behind your existing ITSM, such as Freshservice, ServiceNow, or Jira, by sitting on the ticket queue and processing tickets as they arrive. End users can also interact with Robin through Microsoft Teams, Slack, email, or a dedicated service portal. You choose which channels to enable. 

    Is there a direct Robin portal that end users can access?

    Yes. Atera provides an optional service portal. However, enabling it is entirely your decision. Many organizations prefer Robin to work behind their existing ITSM and communication channels rather than exposing a separate interface.

     

    Need more information?

    For more information regarding Atera’s security, privacy and compliance status, visit our Trust Center.

    Have a question not covered here? Contact our support or your Atera account team.

     

     

     

    Copyright © Atera Networks Ltd.2023

    apple store app google play app

    AICPA SOC for Service Organizations and ISO 27001 certified