Runbook Template Gallery
Junto ships with 43 ready-to-use runbook templates across seven categories. Each template includes pre-built steps, required inputs, and integration mappings — use them as-is or customize them for your environment.
Templates come in three modes:
Fully autonomous — the AI agent executes every step
AI-assisted — automated steps with human decision points
Technician guide — structured procedure for manual execution
User Management & Lifecycle
Automate the most common identity workflows across Microsoft 365 and your PSA.
New User Onboarding
New User Onboarding
Create M365 accounts, assign licenses, add to security groups, configure mailbox settings, and log everything to ConnectWise.
Required integrations: ConnectWise PSA, CIPP
User Offboarding
User Offboarding
Disable accounts, revoke active sessions, reset passwords, convert mailbox to shared, remove licenses, and document in ConnectWise.
Required integrations: ConnectWise PSA, CIPP
Microsoft 365 Password Reset
Microsoft 365 Password Reset
Reset a user's M365 password, optionally force MFA re-registration, and notify the user with their temporary credentials.
Required integrations: ConnectWise PSA, CIPP
Inactive Account Cleanup
Inactive Account Cleanup
Scan for accounts with no sign-in activity over a configurable period, disable them, and create a summary ticket.
Required integrations: ConnectWise PSA, CIPP
Security & Incident Response
Investigate threats, respond to phishing, and audit security posture.
Compromised Account Investigation
Compromised Account Investigation
Investigate a potentially breached account — check sign-in logs, review inbox rules, revoke sessions, reset credentials, and escalate if needed.
Required integrations: ConnectWise PSA, CIPP
Phishing Email Response
Phishing Email Response
Trace a reported phishing email, block the sender, check if other users received it, assess who clicked, and remediate affected accounts.
Required integrations: ConnectWise PSA, CIPP
Endpoint Isolation & Threat Response
Endpoint Isolation & Threat Response
Isolate a compromised endpoint from the network, collect forensic data, and coordinate remediation with the technician.
Required integrations: ConnectWise PSA, SentinelOne, NinjaOne
Audit & Compliance
Run recurring audits to maintain security standards and catch configuration drift.
MFA Coverage Audit
MFA Coverage Audit
Identify users without MFA enabled, generate a coverage report, and create a ticket with remediation steps.
Required integrations: ConnectWise PSA, CIPP
MFA Conditional Access Audit
MFA Conditional Access Audit
Verify that conditional access policies enforce MFA correctly and flag gaps or misconfigurations.
Required integrations: ConnectWise PSA, CIPP
Admin Account Review
Admin Account Review
Audit all accounts with administrative privileges, flag unnecessary admin access, and recommend least-privilege adjustments.
Required integrations: ConnectWise PSA, CIPP
Shared Mailbox Audit
Shared Mailbox Audit
Inventory all shared mailboxes, review delegate access, flag mailboxes with direct login enabled, and report findings.
Required integrations: ConnectWise PSA, CIPP
Inbox Rules Scan
Inbox Rules Scan
Scan user mailboxes for suspicious forwarding rules or auto-delete rules that could indicate compromise.
Required integrations: ConnectWise PSA, CIPP
Conditional Access Policy Drift
Conditional Access Policy Drift
Compare current conditional access policies against a known-good baseline and flag unauthorized changes.
Required integrations: ConnectWise PSA, CIPP
Sign-in Anomaly Detection
Sign-in Anomaly Detection
Detect unusual sign-in patterns — impossible travel, unfamiliar locations, legacy auth usage — and escalate findings.
Required integrations: ConnectWise PSA, CIPP
Security Awareness Review
Security Awareness Review
Review security training completion rates, phishing simulation results, and recommend follow-up actions.
Required integrations: ConnectWise PSA, usecure
Training Compliance Audit
Training Compliance Audit
Audit security training enrollment and completion status across all users and flag overdue learners.
Required integrations: ConnectWise PSA, usecure
Proactive Maintenance
Catch issues before they become tickets.
Patch Compliance Sweep
Patch Compliance Sweep
Check all managed endpoints for pending patches older than 14 days and create a summary ticket with affected devices.
Required integrations: ConnectWise PSA, NinjaOne
Server Health Check
Server Health Check
Inspect CPU, memory, disk usage, critical services, and network connectivity on a server. Flag any metrics outside thresholds.
Required integrations: ConnectWise PSA, NinjaOne
AV Health Audit
AV Health Audit
Verify antivirus agent deployment, check definition currency, and flag endpoints with outdated or missing protection.
Required integrations: ConnectWise PSA, SentinelOne
Endpoint Health Audit
Endpoint Health Audit
Check RMM agent connectivity, verify device check-in status, and identify endpoints that have gone offline.
Required integrations: ConnectWise PSA, NinjaOne
Network Health Check
Network Health Check
Verify network device health, review active alerts, and check uplink status across monitored sites.
Required integrations: ConnectWise PSA, Auvik
Certificate & Domain Expiration
Certificate & Domain Expiration
Track SSL certificate and domain registration expiration dates, and create tickets for upcoming renewals.
Required integrations: ConnectWise PSA, CIPP
Uptime & Reboot Management
Uptime & Reboot Management
Identify endpoints with extended uptime that need rebooting, and coordinate scheduled reboots.
Required integrations: ConnectWise PSA, NinjaOne
RMM Agent Health Check
RMM Agent Health Check
Audit RMM agent versions, connectivity status, and deployment coverage across managed endpoints.
Required integrations: ConnectWise PSA, NinjaOne
Change Management
Plan, execute, and verify changes with built-in safety checks.
Software Deployment
Software Deployment
Deploy software packages to targeted endpoints, verify installation, and document results in ConnectWise.
Required integrations: ConnectWise PSA, NinjaOne
Conditional Access Rollout
Conditional Access Rollout
Deploy conditional access policies to an M365 tenant with a staged rollout plan and rollback steps.
Required integrations: ConnectWise PSA, CIPP
Email Security Policy Update
Email Security Policy Update
Update Microsoft 365 email security policies (anti-phishing, anti-spam, safe links) with validation and rollback plan.
Required integrations: ConnectWise PSA, CIPP
Post-Change Verification
Post-Change Verification
After a deployment or configuration change, verify that all systems are functioning as expected and flag any regressions.
Required integrations: ConnectWise PSA, CIPP, NinjaOne
Client Lifecycle
Standardize how you onboard, baseline, and review client environments.
Tenant Health Baseline
Tenant Health Baseline
Perform a comprehensive inventory of an M365 tenant — users, licenses, policies, security settings — to establish a configuration baseline.
Required integrations: ConnectWise PSA, CIPP
Tenant Baseline Audit
Tenant Baseline Audit
Compare current tenant configuration against an established baseline and report drift.
Required integrations: ConnectWise PSA, CIPP
Security Scorecard
Security Scorecard
Calculate an overall security posture score based on MFA adoption, admin accounts, conditional access, and endpoint protection.
Required integrations: ConnectWise PSA, CIPP, SentinelOne
Support & Troubleshooting
Guided diagnostics for common support scenarios.
Slow Computer Diagnosis
Slow Computer Diagnosis
Walk through performance diagnostics — CPU, memory, disk, startup programs, running processes — and recommend fixes.
Required integrations: ConnectWise PSA, NinjaOne
Outlook Sync Troubleshooting
Outlook Sync Troubleshooting
Diagnose Outlook synchronization issues — check connectivity, profile configuration, mailbox health, and cached mode settings.
Required integrations: ConnectWise PSA, CIPP
VPN Connectivity Troubleshooting
VPN Connectivity Troubleshooting
Diagnose VPN connection failures — check client configuration, network connectivity, authentication, and firewall rules.
Required integrations: ConnectWise PSA, NinjaOne
Disk Space Cleanup
Disk Space Cleanup
Identify large files, temp folders, and old profiles consuming disk space, then clean up with technician approval.
Required integrations: ConnectWise PSA, NinjaOne
System Hygiene & Administration
Keep your managed environments clean and cost-efficient.
License Waste Audit
License Waste Audit
Identify unused or underutilized Microsoft 365 licenses by analyzing sign-in activity against assigned licenses.
Required integrations: ConnectWise PSA, CIPP, Pax8
License True-Up
License True-Up
Reconcile actual license usage against purchased quantities and recommend adjustments.
Required integrations: ConnectWise PSA, CIPP, Pax8
Stale Endpoint Cleanup
Stale Endpoint Cleanup
Identify endpoints that haven't checked in within a configurable period and flag them for removal or investigation.
Required integrations: ConnectWise PSA, NinjaOne
Disk Space Audit
Disk Space Audit
Scan all managed endpoints for low disk space and create tickets for devices below threshold.
Required integrations: ConnectWise PSA, NinjaOne
RMM Coverage Audit
RMM Coverage Audit
Compare known endpoints against RMM-managed devices to identify gaps in monitoring coverage.
Required integrations: ConnectWise PSA, NinjaOne