Do I Still Need an ITSM If Dex Resolves Before the Ticket? A CIO's Decision Map
Do you still need an ITSM if agentic IT resolves before the ticket? Yes — here's the CIO decision map of what Dex eliminates and what stays the record.
If you've watched Dex resolve a request before a ticket was ever opened, the next question is almost reflexive: then why am I still paying for an ITSM? It's the right instinct to interrogate, and the answer is yes — you still need one, but for a narrower and more valuable set of jobs than it does today. This post is the decision map: what an autonomous IT engine like Dex actually eliminates, what your ITSM should stay the system of record for, and the single question that tells you which side of the line any given request falls on. It's the natural follow-on to the case that the audit trail is the product — once you trust what autonomy did, you have to decide where the record of it lives.
The short answer: yes, and it matters more, not less
Dex doesn't replace your ITSM. It removes the tickets that were never worth a ticket in the first place.
That distinction is the whole post. A ticket is a container for work that needs to be tracked, routed, and remembered. Most routine IT work needs none of that — a password reset doesn't need a queue, it needs to be done. Dex does it, logs it, and moves on. But the work that genuinely needs tracking, routing, and remembering doesn't go away when autonomy arrives. It gets more concentrated. When the routine 80% stops flowing into the queue, everything left in the ITSM is a meaningful case: an escalation, a change with real blast radius, a compliance-relevant decision, an incident. The system of record isn't diminished by agentic IT. It's sharpened.
This is worth saying plainly because Dex is built by the team behind SysAid — an ITSM trusted by 3,000+ organizations. We are not arguing the category away. We're drawing the boundary that lets both tools do what each is genuinely good at.
The decision map
Every inbound request hits one fork. Dex asks a single question at intake: can this be resolved under an explicit policy, without a human? That question routes everything.
- Yes — resolvable under policy. Dex investigates the request, plans the change, and executes it against the real backend (Microsoft 365, Entra ID, Exchange, SharePoint, and beyond) under delegated permissions. No ticket is opened. An audit record is written to both the native M365 logs and Dex's Activity Log. This is the L1-through-L3 surface: routine Tier 1 work and the deeper Tier 2 and Tier 3 troubleshooting, configuration, and engineering-adjacent tasks that used to require a senior tech.
- No — needs human judgment. Dex escalates into the ITSM as a ticket with the full reasoning chain attached: what it investigated, which policy blocked it, what it tried, where it stopped. The engineer who picks it up reads a paragraph instead of re-interviewing the user.
The audit trail flows back to the ITSM either way. That's the part most people miss when they assume "no ticket" means "no record." The record always exists — it just isn't always a ticket.
What Dex eliminates
Dex eliminates the ticket as the unit of work for anything routine and policy-bounded. Concretely:
- Password resets and account unlocks, including the cases self-service password reset never covered — MFA loss, lockouts after repeated failures, Conditional Access interactions.
- MFA recovery, group and license access, software provisioning, onboarding and offboarding steps.
- Deeper Tier 2 and Tier 3 work — multi-step configuration, environment-specific troubleshooting, the "I need a senior engineer for this" tasks that used to sit in a queue for a day. Dex runs up to 40 reasoning steps per task and doesn't give up on the first error.
For all of it, the loop closes without a human and without a ticket. The user described a problem in Teams or Slack; the problem is gone. What Dex removes here isn't the record of the work — that's preserved in the audit log — it's the coordination overhead of the work: the intake form, the routing, the assignment, the escalation handoff, the "any update?" follow-up. That overhead is what made routine IT expensive, and it's what disappears.
What your ITSM stays the system of record for
Everything that survives the "needs human judgment" fork belongs in the ITSM. This is not a consolation prize — it's the higher-value half of IT operations:
- Escalations. The cases Dex hands off — novel issues, policy edge cases, security incidents — land as tickets with full context. The ITSM tracks them, routes them, and enforces the SLA on them.
- Change management. A change with blast radius — anything touching many users, production systems, or security posture — needs an approval trail and a rollback plan. That's a system-of-record job, and it stays one.
- Approvals. When policy requires a human to sign off (a privileged access grant, an exception request), Dex routes the request through the ITSM's approval flow with the investigation already attached, so the approver decides in seconds.
- SLA, reporting, and capacity planning. The aggregated history — volume, trends, repeat issues, top categories — is the input to every planning conversation. The ITSM owns it.
- The long-term record. For SOC 2, ISO 27001, HIPAA, and GDPR, the historical ticket trail is a deliverable. Auditors and security teams need continuity that spans years. That's the ITSM's job, and no autonomous engine changes it.
The clean way to see it: Dex owns the short memory — what this user prefers, what this integration's quirks are, what worked last time. The ITSM owns the long memory — the authoritative, durable record of every IT decision the organization has made. Both are real. Neither is redundant. We walked this split in more depth in ITSM is a router, agentic IT does the work, which is the companion framework to this decision map.
The audit trail is the bridge, not the boundary
The reason "resolve before the ticket" doesn't create a records gap is that Dex writes the record whether or not a ticket exists. Every action — and every refusal — produces an audit entry capturing who requested it, which policy authorized it, what executed against the backend, and the outcome. That entry lands in two independent places: your native Microsoft 365 logs and Dex's own Activity Log, so you can reconcile one against the other.
This is what lets the two systems share a boundary without a seam. The ITSM's view of your environment stays complete even for the work that never became a ticket, because the audit stream feeds it. Escalations arrive as tickets; resolved work arrives as audit records; the system of record sees all of it. The record is written by the execution layer that made the API call — not narrated by a model describing what it thinks it did — which is exactly why it's defensible in front of a board. The full guardrail and governance model behind that is on our security page.
So the audit trail isn't the line between Dex and the ITSM. It's the bridge across it. Autonomy without a record would be a records gap. Autonomy with a record is just a more efficient path to the same system of record you already trust.
How to draw the line in your own org
You don't need a taxonomy of ticket types to decide what goes where. You need one question, asked at intake: can this be resolved under an explicit policy, without a human?
- If yes, it should never become a ticket. If it's still becoming a ticket today, that's Tier 1-through-3 work Dex should be resolving, and the queue time is pure waste.
- If no, it belongs in the ITSM as a system-of-record case — and it should arrive there with context attached, not as a blank form the user has to fill out for the third time.
A practical way to pressure-test a vendor — or your own current setup — against this map:
- "When a routine request is resolved, does a ticket exist?" If yes, you're still paying the coordination tax on work that didn't need it.
- "When something escalates, what does the ITSM receive?" The right answer is a ticket with the full reasoning chain, not a bare "user needs help."
- "Is there a record of the work that resolved without a ticket?" If the answer is no, that's a governance gap. If it's "yes, in the native logs and an activity log you can reconcile," you have a complete system of record with far less noise in it.
Run those three and the decision map draws itself. The ITSM isn't the thing agentic IT replaces. It's the thing agentic IT finally lets you use for what it was always meant to do — the judgment calls, the audit, the record — instead of drowning it in password resets.
You still need an ITSM. You just don't need it to be your help desk anymore.
Frequently asked
- Do I still need an ITSM if Dex resolves issues before the ticket?
- Yes. Dex eliminates the ticket for the routine work it resolves end-to-end — but it doesn't eliminate the need for a system of record. Your ITSM stays authoritative for the cases Dex escalates (novel issues, policy edge cases, security incidents), for cross-team change management, for SLA and audit reporting, and for the historical record of every IT decision the org has made. Dex resolves the L1-through-L3 work that used to fill the queue; the ITSM owns the smaller, harder queue that remains plus the paper trail for everything.
- What does Dex eliminate, and what does the ITSM keep?
- Dex eliminates the ticket as the unit of work for routine, policy-bounded requests — password resets, MFA recovery, group and license access, provisioning, and the deeper Tier 2 and Tier 3 troubleshooting that used to require a senior engineer. The ITSM keeps everything a system of record is for: escalations with full context, change approvals that need a human, SLA tracking, compliance reporting, and the long-term ticket history auditors and security teams rely on. The boundary is 'did this need human judgment?' — if no, Dex resolves it; if yes, it lands in the ITSM.
- Does Dex replace ServiceNow, Jira, or SysAid?
- No. Dex works alongside your ITSM, not in place of it. It resolves requests before they become tickets and writes an audit record for each action; the cases that genuinely need a human escalate into ServiceNow, Jira, SysAid, or whichever ITSM you run, with the full reasoning chain attached. Your ITSM investment gets more valuable as the routine noise drops away from it — every ticket it does handle is now a meaningful one.
- How do escalations and audit records flow back into the ITSM?
- When a request matches no policy or needs human judgment, Dex escalates it into the ITSM as a ticket with the full investigation chain attached — what it checked, which policy blocked it, and what it tried. For the work Dex resolves without a ticket, it writes an audit entry to both the native Microsoft 365 logs and its own Activity Log, so the ITSM's system-of-record view of the environment stays complete even for the actions that never became tickets.
- Where should a CIO draw the line between Dex and the ITSM?
- Draw it at judgment. If a request is routine and policy-bounded, Dex should resolve it end-to-end and the ITSM should never see a ticket. If a request needs a human decision — a change with blast radius, an exception to policy, a security incident, an approval — it belongs in the ITSM as the system of record. The decision map is a single question asked at intake: can this be resolved under an explicit policy without a human? Everything else is a system-of-record question, and the ITSM answers it.