At some point, most growing businesses face a version of the same problem: technology is increasingly central to operations, but nobody in the company has the time, expertise, or desire to be the IT person. A managed service provider — MSP — is the answer many businesses land on. But MSP quality ranges from excellent to genuinely dangerous, and understanding what you’re buying before you sign is critical.

What an MSP Actually Does

A Managed Service Provider is a company that takes ongoing responsibility for your IT infrastructure under a monthly contract. “Ongoing responsibility” is the key phrase — it distinguishes MSPs from break-fix IT (call someone when something breaks) and from in-house IT (hire your own person).

What a typical MSP manages:

• Endpoints: Laptops, desktops, servers — monitoring, patching, antivirus/EDR management, hardware lifecycle
• Network: Firewall management, WiFi, VPN, switches — configuration, monitoring, updates
• Email and Microsoft 365: User account management, email configuration, license management
• Backup: Ensuring backups run and work — testing restores, managing retention policies
• Help desk: Support tickets for employees — password resets, software issues, device problems
• Security: Patch management, vulnerability scanning, security tool management, sometimes security monitoring
• Vendor management: Coordinating with internet providers, software vendors, hardware suppliers

What MSPs typically don’t do (or charge extra for): major infrastructure projects, cybersecurity incident response at the MDR level, software development, or specialized application support.

MSP vs. In-House IT vs. Break-Fix

Break-Fix IT

Call someone when something breaks, pay them by the hour. No proactive monitoring, no accountability for your environment’s overall health. This model made sense when IT was simple and infrequent. In 2026, when your business runs on cloud applications, remote access, and endpoints that are constant attack targets, break-fix is insufficient. You’re paying nothing until something breaks, then paying a lot when it does — and you had no visibility into the warning signs beforehand.

In-House IT

Hiring your own IT person (or team). This makes sense at some scale — typically 75–100+ employees where the volume of IT work justifies the salary. An in-house IT employee running at full capacity costs $60,000–$120,000/year in salary plus benefits, training, and turnover costs. You also get one person’s expertise, vacation time, sick days, and the challenge of retention. For businesses under ~75 employees, the economics of MSP almost always beat in-house IT unless you have a very specialized or complex environment that requires dedicated presence.

MSP

Fixed monthly cost, proactive management, a team of engineers rather than one person, and accountability for your environment’s health. You’re buying a service-level agreement, not just labor. The model works best when the MSP is genuinely proactive — fixing problems before they affect users, not just responding faster than break-fix when things go wrong.

MSP Pricing Models

Per-User Pricing

A flat rate per employee per month. Typically ranges from $75–$200/user/month for full managed services, depending on what’s included. Simpler to budget, scales directly with headcount. This is the most common model for small businesses.

Per-Device Pricing

A flat rate per managed device (desktops, laptops, servers). Ranges from $25–$100/device/month. Better for businesses with a high device-to-user ratio or where users share devices. Less intuitive to budget than per-user pricing.

Tiered Pricing

Basic, standard, and premium tiers with different service levels. Basic might cover monitoring and help desk. Premium adds security tools, virtual CIO services, and faster response times. Useful for understanding what you’re buying at each level.

All-Inclusive vs. À La Carte

Some MSPs bundle everything — software licenses, security tools, backup — into one monthly fee. Others quote the managed service and bill separately for tooling. All-inclusive is simpler; à la carte can be better value if you already have some tools you want to keep. Clarify which model you’re evaluating.

How to Evaluate an MSP

What’s Actually Included in the SLA?

The service level agreement is the document that defines what you’re buying. Key specifics to understand:

• Response time guarantees — how fast do they acknowledge a ticket? Start working on it?
• Resolution time targets by severity
• After-hours coverage — are they available for critical issues at 2 AM?
• What’s excluded — most MSPs exclude certain types of work from the flat fee

What Tools Do They Use?

Professional MSPs use specific platforms: RMM (Remote Monitoring and Management) software for managing your devices, PSA (Professional Services Automation) software for ticketing and project management, and security tooling from recognized vendors. Ask what RMM and PSA they use. MSPs using professional-grade tools (ConnectWise, Datto, Kaseya, NinjaOne) are more credible than those managing clients with ad-hoc approaches.

How Many Clients Per Technician?

A meaningful ratio question. MSPs with 150+ clients per technician are stretched thin. 50–100 clients per technician is more manageable for quality service. Ask the question and get a number. Evasive answers are a red flag.

What Does Onboarding Look Like?

A professional MSP will do an onboarding audit — documenting your environment, identifying gaps, and establishing a baseline. If they want to start billing immediately with minimal onboarding, that’s a red flag about their process quality.

Who Are Their References?

Ask for 2–3 references from businesses similar in size and industry to yours. Call them. Ask about response times, whether issues get resolved rather than just patched, and whether they’d sign the contract again.

Red Flags When Evaluating MSPs

• Vague SLAs: “We’ll get back to you quickly” is not an SLA. Specific numbers should be in writing.
• No security specialization: If your MSP’s cybersecurity practice amounts to “we install antivirus,” that’s inadequate in 2026. Ask specifically about their security stack and MDR/SOC capabilities.
• Lock-in tactics: Owning your domain, keeping your admin credentials, or hosting your data in ways that make it hard to leave are tactics to watch for. Your data and credentials should be yours.
• No monthly reporting: You should receive regular reports on your environment’s health, open tickets, resolved issues, and any security events. MSPs that don’t report regularly have no accountability.
• Long contracts with no opt-out: 1-year contracts with 30-60 day notice are standard. Longer terms with no exit clauses lock you into a bad relationship if the service quality doesn’t meet expectations.

Questions to Ask During an MSP Evaluation

1. What is your typical response time for a critical outage? A medium-priority ticket?
2. Do you have 24/7 coverage or business-hours-only support?
3. What security tools are included in your standard package?
4. How do you handle cybersecurity incidents that exceed standard IT troubleshooting?
5. What’s your process if a technician on my account leaves your company?
6. How do you handle after-hours emergencies?
7. What does the onboarding process look like and how long does it take?

The Right Time to Hire an MSP

The right time is usually before the crisis, not during it. Businesses that hire MSPs after a major incident — ransomware, data loss, prolonged outage — often end up with emergency pricing and less negotiating power. The best time to evaluate an MSP is when operations are stable and you can make a thoughtful decision about what you need.

For most businesses in the 10–75 employee range, a good MSP is one of the most operationally impactful decisions you can make. The key word is “good.” Vet them thoroughly before you sign.