Back to blog

Datto BCDR + AI: How MSPs Are Automating Backup Monitoring

8 min read

A Reddit thread about datto backup automation recently surfaced something MSPs have been quietly building on their own: AI that checks Datto BCDR screenshot verifications, auto-handles common errors, restarts failed services, repairs agent communications, and only creates tickets when something actually needs human attention. The comment describing the workflow got 17 upvotes — the highest in the thread — and multiple replies asking “how do I set this up?” The interest isn’t surprising. Backup monitoring is one of the most tedious, high-volume, high-stakes tasks in MSP operations, and most teams still do it manually.

The Manual Backup Monitoring Tax

Every morning, someone on your team opens Datto and checks the backup status for every protected device across every client. They’re looking at screenshot verifications, checking for failed backups, reviewing agent health, and scanning for devices that haven’t reported in. For an MSP managing 200+ Datto-protected devices, this daily review easily takes 30-60 minutes.

Here’s what the manual process actually looks like:

  1. Open the Datto portal. Check the dashboard for red flags — failed backups, missed screenshots, offline agents.
  2. Investigate each failure. A failed screenshot might mean the backup is corrupt, or it might mean the VM failed to boot because of a driver issue, or the screenshot service timed out. Each one requires a different response.
  3. Cross-reference the device. Which client owns this server? Is this a critical line-of-business server or a secondary DC? What’s the RPO requirement? That information lives in your PSA or documentation platform, not in Datto.
  4. Attempt remediation. Restart the Datto agent, repair communications, retry the backup, reboot the protected machine if needed.
  5. Create a ticket if it persists. If the issue doesn’t resolve with basic remediation, create a ticket in ConnectWise or your PSA with the relevant context.
  6. Document the check. Log that the review was completed, even for the devices that passed. Some clients require proof that backups are being monitored.

The worst part: 80-90% of what you check every morning is fine. The backup succeeded, the screenshot verified, the agent is healthy. You’re spending the bulk of your time confirming that nothing went wrong, not fixing things that did. That ratio — 90% confirmation, 10% actual work — is exactly the pattern that AI handles well.

What AI-Driven Datto Backup Automation Looks Like

The Reddit workflow that generated so much interest follows a specific pattern. It’s not a simple script that checks pass/fail. It’s an intelligent triage process that mirrors what a good technician does — but runs automatically, every time, without fatigue or missed checks.

Step 1: Ingest the Alert

When a Datto BCDR backup completes (or fails), the system generates an alert. The AI workflow picks up that alert — either via Datto’s API, webhook, or through the ticket it creates in your PSA — and begins processing.

Step 2: Classify the Issue

Not all backup failures are equal. The AI classifies the alert into categories:

  • Screenshot verification failure — The backup completed but the screenshot check failed. This is the most common “failure” and is often transient.
  • Backup job failure — The backup itself didn’t complete. Could be disk space, VSS errors, locked files, or network issues.
  • Agent offline — The Datto agent on the protected machine isn’t communicating.
  • Missed backup window — The backup didn’t run at all during the scheduled window.
  • Storage threshold — The Datto device is approaching capacity limits.

Each category has a different remediation path. A screenshot failure gets a retry. An offline agent gets a communication repair attempt. A storage threshold gets flagged for capacity planning. The classification determines what happens next.

Step 3: Attempt Automated Remediation

For common, well-understood failures, the AI takes action:

  • Screenshot failures: Retry the screenshot verification. If it fails again, check whether the VM boot configuration is correct and attempt a boot with adjusted settings.
  • Agent communication issues: Send a restart command to the Datto agent via the RMM. Verify the agent comes back online.
  • Transient backup failures: Check if the failure reason is a known transient condition (VSS timeout, temporary network disruption). If so, queue a retry and monitor the result.

These are the same steps your technician would take. The difference is that the AI runs them at 3 AM when the backup completes, not at 9 AM when someone gets around to checking.

Step 4: Evaluate the Result

If the automated remediation succeeds — the screenshot now verifies, the agent comes back online, the retry completes — the AI logs the event and moves on. No ticket. No technician time. Just a record that an issue occurred and was resolved automatically.

If the remediation fails, the workflow escalates.

Step 5: Escalate with Context

This is where the AI-driven approach differs most from a simple script. When a failure persists after automated remediation, the AI doesn’t just create a ticket that says “Datto backup failed.” It creates a ticket with:

  • The specific device and client
  • What failed and when
  • What automated remediation was attempted and why it didn’t work
  • The device’s backup history (has this happened before? how often?)
  • The client’s RPO/RTO requirements (from your documentation platform)
  • Recommended next steps based on the failure pattern

The technician who picks up that ticket doesn’t start from zero. They start from “automated remediation failed, here’s what was tried, here’s what to investigate next.”

How to Build This: The DIY Approach

MSPs building this workflow today typically cobble it together from several components:

Datto API + Scripting

Datto’s API exposes backup status, screenshot verification results, and device health. A scheduled script (Python, PowerShell) polls the API, checks for failures, and initiates basic remediation. This handles the ingest-and-classify steps.

RMM Integration for Remediation

For agent restarts and service repairs, the script calls your RMM’s API (NinjaOne, Datto RMM, ConnectWise Automate) to execute commands on the protected machine. This is where the “auto-restart the agent” step lives.

PSA Integration for Ticketing

When automated remediation fails, the script creates a ticket in your PSA via API. The quality of this integration determines whether the ticket is useful or just noise. A bare “backup failed” ticket isn’t much better than the email alert you already get. A ticket with full context, history, and recommended actions is genuinely valuable.

The Glue Layer

The hardest part isn’t any individual integration — it’s the orchestration. Deciding when to retry vs. escalate. Pulling context from your documentation platform. Tracking remediation attempts across retries. Handling rate limits and API failures gracefully. This is the layer where most DIY implementations either get brittle or stall.

Building all of this is doable. MSPs with strong scripting teams do it. But maintaining it — updating when APIs change, handling new failure types, extending to new clients — is an ongoing commitment. The Reddit thread that inspired this post had several replies from MSPs who started building this and got 70% of the way before other priorities took over.

The Broader Pattern: Alert, Triage, Diagnose, Remediate, Document

Step back from Datto-specific implementation and the workflow is a general pattern that applies to almost every alert-driven process in an MSP:

  1. Alert arrives — Something happened. A backup failed, a security threat was detected, a disk is filling up, a service stopped.
  2. Triage — Is this urgent or routine? What category does it fall into? Who does it affect?
  3. Diagnose — Gather context. What device? What client? What’s the history? What are the requirements?
  4. Remediate — For known issues, attempt the standard fix. Restart the service, clear the temp files, retry the operation.
  5. Document — Whether the fix worked or the issue needs escalation, record what happened and what was tried.

This is the same pattern whether the alert comes from Datto, Sophos, SentinelOne, NinjaOne, or any other monitoring tool. The specifics change — a Sophos malware detection requires different remediation than a Datto backup failure — but the workflow structure is identical.

And that’s the real insight from the Reddit thread. The MSPs who built AI-driven backup monitoring aren’t just solving a Datto problem. They’re building the muscle for AI-driven alert handling across their entire stack.

How Junto Handles Alert-Driven Workflows

Full transparency: Junto doesn’t have a direct Datto BCDR integration today. (Datto RMM integration is on our roadmap.) But the alert-triage-diagnose-remediate-document pattern is exactly what Junto’s platform is built around, and it already runs this workflow for other alert sources.

When a Sophos alert fires, Junto’s processors automatically pull the threat details, correlate the affected device via NinjaOne, identify the user and client in ConnectWise, surface the client’s incident response procedures from ITGlue, and present the technician with a complete incident briefing and recommended actions. The tech reviews and approves — not researches and executes.

When a NinjaOne alert creates a ticket, Junto gathers device context, checks historical tickets for the same device, pulls relevant documentation, and proposes a remediation path. For well-defined issues — disk space alerts, service failures, patch compliance warnings — the runbook handles the standard response with the tech approving each action.

The pattern is the same as the Datto workflow described above:

  • Alert arrives in the PSA as a ticket
  • AI classifies the alert type and severity
  • Context is gathered automatically from every connected tool
  • Remediation is proposed based on the alert type and client-specific procedures
  • Tech approves (or modifies) the proposed action
  • Everything is documented in the ticket and relevant systems

When Datto BCDR integration arrives, it plugs into this same architecture. The alert source changes; the workflow doesn’t. Screenshot verification failures, agent communication issues, backup job errors — they all become tickets that the AI triages, enriches with context, and routes through the appropriate runbook.

Why This Matters Beyond Backup Monitoring

The MSPs who are building AI-driven backup monitoring — whether with custom scripts or a platform — are the same MSPs who end up automating everything else. Because once you see the pattern work for backup alerts, you recognize it in security alerts, in RMM alerts, in M365 service health notifications, in certificate expiration warnings.

Every one of those alert types follows the same workflow. Every one of them currently costs your team time that’s spent on triage and context-gathering rather than on the actual fix. And every one of them benefits from the same approach: AI handles the reading, researching, and routine remediation; your technician handles the judgment calls.

The Datto backup workflow is a great place to see the pattern clearly because the volume is high, the failure modes are well-understood, and the cost of manual monitoring is easy to measure. But the value isn’t in automating one alert source. It’s in building an operation where every alert, from every tool, gets the same structured, AI-assisted treatment.

Junto automates the alert-triage-remediate-document workflow across your MSP stack. Datto BCDR integration is coming — but the pattern works today with Sophos, SentinelOne, NinjaOne, and 20+ other tools. See how it works or book a demo to run it on your real tickets.

See Junto in action

15-minute demo. We'll show you AI triage working on your actual tickets.

Book a Demo