Skip to content

First-time MSP guide

What does a managed IT provider actually do?

If you've never had a managed IT provider before, start here. We cover what an MSP is, how it differs from what you do now, and how to tell a good one from a polished pitch.

Start here

A managed IT provider runs your IT as a continuous service for a fixed monthly fee per person.

Your provider keeps the boring things working (backups, patching, MFA, accounts, devices), picks up the phone when your team needs help, and owns the outcome when something goes wrong. Most weeks you won't notice they were there.

It isn't

Break-fix support.

A tech you call when something is broken and pay by the hour. Cheap when nothing happens; expensive when everything does. No incentive to prevent the next outage.

It isn't

One internal IT hire.

One person can do helpdesk, or security, or networking, but not all of them well. A managed provider gives you a team's worth of skill at less than the cost of a senior hire.

It isn't

A security product.

Security is part of every plan, but the provider is the relationship that makes the security real. A product alone gives you a logo on a dashboard.

What you actually buy

Four concrete things, every plan.

Strip away the brochure language. This is what shows up day to day when you have a managed IT provider.

A helpdesk that picks up the phone.

Your staff email or call. A ticket gets logged. A real tech in Australia replies inside a defined response time. No queue, no offshore, no scripts.

Devices that set themselves up.

A new starter on Monday: we drop-ship a laptop. They sign in once and the device configures itself against your security policies in under an hour. No two-week wait, no hands-on staging at our office.

A security floor that just runs.

MFA, tested backups, patching, password manager, same-day offboarding. Already on, every plan, every client. You don't pay extra for the basics being done.

A team accountable to your outcome.

Not a support queue with your name in it. A named team that knows your environment, owns the result when something breaks, and stays involved between incidents.

Compared to the alternatives

The right option depends on which row matters most to you.

Break-fix support has its place. Hiring internal IT has its place. Managed IT replaces neither perfectly. Find the row you care about most and the choice usually answers itself.

  • Cost shape

    Break-fix

    Hourly. Cheap when nothing happens, painful when it does.

    Internal IT

    Fixed salary plus tools. Predictable, but one person carries everything.

    Managed IT

    Fixed per seat per month. Knowable, no surprise invoices.

  • Coverage

    Break-fix

    Reactive only. Nothing happens between calls.

    Internal IT

    One person, business hours. Holidays and sick days hurt.

    Managed IT

    A team behind the inbox. Holiday and sick-day cover built in.

  • Depth of skill

    Break-fix

    Whatever this tech is good at. No bench.

    Internal IT

    One person cannot be senior at helpdesk, security, and infrastructure.

    Managed IT

    Specialists for each layer. The hard problems go to the right person.

  • Security floor

    Break-fix

    Whatever you happen to set up yourselves.

    Internal IT

    Depends entirely on the person and how busy they are.

    Managed IT

    Contractual baseline. Already on. Not optional.

  • Accountability when it breaks

    Break-fix

    You own the outcome.

    Internal IT

    Your hire owns it. They also own everything else.

    Managed IT

    Contracted to a defined response and resolution standard.

Security and compliance

Most first-timers need security. Few need compliance.

Security

The things that keep you from being breached.

MFA, tested backups, patching, same-day offboarding, application control, awareness training. Every CCP plan has these on by default. You don't pay extra for the basics being done.

If you want to be more secure, you're already covered.

Compliance

The things that prove your security to a third party.

ASD Essential Eight at a defined maturity level, ISO 27001, AUSTRAC Tranche 2, APRA CPS 234. Compliance involves evidence, audits, mapped controls and reporting. It's its own service and it isn't cheap.

If somebody external is asking, you need it. Until then, you don't.

The four plans

What's in each one, in plain words.

All four sit on the same security floor. What changes between plans is how much of the surrounding stack we take responsibility for.

Plan

Managed IT

The base plan. Helpdesk, devices, identity, patching, tested backups, and the full security baseline. Everything you need to stop running IT yourselves.

Read the terms

Plan

Managed IT + Services

Adds phones, internet, web hosting, password manager and signature management. One bill, one provider, one point of accountability for the whole stack.

Read the terms

Plan

Managed IT + Compliance

Adds the controls and the evidence trail you need to satisfy an insurer, a regulator, or a prime contractor. The compliance plan, not the security plan.

Read the terms

Plan

Managed IT Complete

Everything in the three plans above. The anchor tier and where most CCP clients land. Onboarding included.

Read the terms

Most CCP clients pick Managed IT Complete. The base Managed IT plan exists for businesses that already have their own phone, internet and hosting relationships and want to keep them.

For per-seat pricing on each tier, see the plans page. We don't quote a number here because seat count, plan tier, and special situations change it, and a single figure would mislead.

What changes once you start

Your IT, ninety days into onboarding.

Onboarding is three months of work that we don't charge for. By the end of it, the moving pieces below are in place.

  • Devices via Intune

    Drop-shipped, self-provisioning, centrally enforced. New starters on Monday work from Monday.

  • Identity moves to the cloud

    The dusty server in the back room that authenticates everyone goes away. Identity lives in Microsoft Entra. Access removed in seconds.

  • MFA on for everyone

    Every account, every login. Phish-resistant where the platform supports it. No exceptions for executives.

  • Backups get tested

    Not 'we set up a backup tool'. Restores run on a schedule. If we can't get a file back, we know before you ask.

  • Patching runs on a schedule

    Known vulnerabilities remediated inside thirty days. You stop seeing emails about updates because we've done them.

  • Same-day offboarding

    We cut someone's access the day they leave. If their device doesn't come back, we wipe it remotely. No more 'still has access a week later'.

If your situation is unusual

Does any of this sound like you?

  • Do non-profits get cheaper Microsoft 365 licensing?

    Yes. Eligible Australian not-for-profits get the first chunk of Microsoft 365 licences free and the rest at heavily discounted rates. The application process is admin-heavy, which is why most providers don't sort it out for you. Most NFPs we onboard arrive paying full retail; sorting out the NFP licensing is one of the first things we do, and it usually reduces what you were already paying rather than adding to your bill.

  • Can a managed IT provider handle multiple trading entities?

    Yes. A managed IT provider should be able to run each entity as a separate operational unit (separate Microsoft 365 tenants if needed, separate documentation, separate security policies) and consolidate billing across them for volume pricing. They should also be able to set up cross-organisation trusts so staff in one entity can access files or systems in another without two accounts. People who work across multiple entities should be billed once, not once per entity.

  • Do field workers count as seats with a managed IT provider?

    Only if they have a company account that touches your data. Field staff who interact with you as guests on their personal accounts (a common pattern for support workers and contractors) are not seats. A reputable MSP will walk through your actual staff structure during scoping rather than charging you for every body on a payroll.

  • What happens to my on-premise server when I move to a managed IT provider?

    Usually it gets retired during onboarding. Most of what an on-premise server is still doing (authentication, file shares, line-of-business app hosting) can move to Microsoft 365 and Microsoft Entra and stop being a single point of failure in your back room. A good provider will inspect what's running on the server before deciding; sometimes there's a genuine reason to keep something on-prem, and a good provider will say so.

  • Can a managed IT provider support Google Workspace instead of Microsoft 365?

    Yes, in most cases. The catch is that Microsoft 365 is the platform most Australian MSPs default to, because it integrates identity, devices, email, files and voice into one stack they can manage end to end. Fewer providers run Google Workspace fluently. At CCP, we support Google clients; if you're open to it, moving to Microsoft 365 during onboarding consolidates the vendors you juggle and reduces both cost and surface area.

Other things you might be wondering

The questions we get on nearly every intro call.

  • Should a managed IT provider push back when an executive wants to disable a security control?

    Yes. A provider that always does what you ask isn't protecting you. Your insurer, regulator and lawyer won't care that 'the customer requested it'. A good MSP will tell you why they don't recommend the change, what the actual risk is, and what the alternative is. If you still want to proceed, they document the exception in writing and move on. That is how it should work.

  • Do Australian managed IT providers use offshore helpdesks?

    Many do. The phrase 'Australian helpdesk' is often used to mean a chat bot answers in Australia and your ticket gets routed to a contractor in another timezone overnight. By the time the answer lands, your staff have stopped trying. At CCP: every tech is employed by us and works from our Welshpool office or remotely within Australia.

  • Do managed IT providers offer after-hours support?

    Most do, though the shape varies. Severity is usually the dividing line: a genuine business-down incident or suspected breach should go to an on-call tech immediately; lower-severity items queue for next business day. Out-of-hours arrangements that go beyond that are typically negotiated per-client. Ask for the SLA in writing.

  • How hard is it to switch managed IT providers?

    Less hard than you'd think, if your current provider has documented things properly. A clean handover involves admin credentials, network diagrams, application inventories, vendor relationships and tenant ownership transferred to the new provider. A reputable MSP will document things on the way in and on the way out, so a replacement provider gets the keys, not a shrug.

  • What happens to my IT if my managed IT provider goes out of business?

    If documentation is current and tenant ownership sits with you (not the provider), the impact is short-term inconvenience rather than catastrophic. Microsoft 365 tenants, domain names and Azure subscriptions should always be owned by your business, not your MSP. Ask any provider you're evaluating whether your tenant is registered to your business or theirs; the answer matters.

  • Do managed IT providers assign a dedicated technician?

    Usually they assign a named account team rather than a single technician. The same handful of people will be the ones replying most of the time, which is what you want for continuity. Specialist work (security, compliance, M365 architecture, networking) is routed to the specialist, so you'll see other names occasionally. Ask for the team structure during scoping.

  • Do managed IT providers charge for hardware?

    Reputable providers don't bundle hardware sales into the engagement at a markup. The common pattern: laptops drop-shipped at supplier price and the management of them baked into your monthly plan. Existing equipment that is healthy stays in place; replacement happens when it makes sense, not on a schedule designed to invoice you.

The nine-point check

Nine questions that separate a good managed IT provider from a polished pitch.

Bring these to any MSP conversation, including ours. The good ones answer clearly. The polished ones reach for talking points.

  1. 01

    What's actually included in the monthly fee, and what triggers an extra charge?

    Why it matters to you

    Vague inclusions become surprise invoices. The line between 'managed' and 'extra' is where MSP margins live; if you can't see the line on day one, you'll discover it on month three.

    What a good answer sounds like

    A written list of what's included, a written list of what triggers an extra (new offices, major projects, third-party software you've chosen), and a clear commitment that nothing gets billed without a heads-up first.

  2. 02

    Who picks up the phone, and from where?

    Why it matters to you

    'Australian helpdesk' can mean a chat bot answers in Australia and your ticket gets routed offshore overnight. By the time the answer lands, your staff have stopped trying and gone around the system.

    What a good answer sounds like

    The techs answering tickets are employed by the provider, in Australia, and you can name the office. Bonus signal: they can name the senior tech who'd handle a serious incident.

  3. 03

    What's already in the base plan as a default?

    Why it matters to you

    If MFA, tested backups, patching, password management and same-day offboarding aren't on by default in the base plan, they're an upsell. Insurers, regulators and breach investigators don't care that your provider offers it for an extra fee. They care whether it's actually running.

    What a good answer sounds like

    All of the above on by default in the base plan. The provider can describe the test process for backups (beyond 'we set up the tool'), the patching cadence (a defined window, not 'when we can'), and the offboarding process (same day, with proof).

  4. 04

    How do you handle a new starter on Monday?

    Why it matters to you

    Some MSPs stage every new laptop at their office before sending it out. That's a two-week lead time and a courier in each direction for every hire. You'll feel it the first time you make four hires at once.

    What a good answer sounds like

    'We drop-ship from the supplier. The new starter signs in once and the device sets itself up in under an hour.' Microsoft Intune (or equivalent) handles the policy enforcement. If they say 'send us the device first', that's a clock and a cost.

  5. 05

    Do you have any independent security certification?

    Why it matters to you

    ISO 27001 is the international standard for organisational data security. The certificate is a credential; the discipline behind earning it is what you're actually buying. A provider who can't pass independent scrutiny probably shouldn't be doing yours.

    What a good answer sounds like

    They name the certification (ISO 27001, SOC 2 Type II, or similar), the cert body, and the renewal date. If they say 'we follow best practices' without a cert, they're describing intent, not evidence.

  6. 06

    What happens when an executive asks you to turn a security control off?

    Why it matters to you

    A provider that always does what the loudest person in the room asks isn't protecting your business. Your insurer, your lawyer and your auditor won't care that 'the customer requested it'. If you can't push back internally, your MSP has to be able to do it for you.

    What a good answer sounds like

    'We document the exception, escalate it formally, and only proceed when the decision is in writing and the risk is acknowledged.' Bonus: they have a recent story about saying no to a request like this.

  7. 07

    Are there per-seat price breaks at higher volumes?

    Why it matters to you

    If you're growing, an MSP that charges every new seat at full price doesn't share the upside of scale with you. You'll quietly pay more per person at 100 seats than at 30, which is the wrong direction.

    What a good answer sounds like

    Written volume tiers (e.g. 10 to 25 seats at one rate, 26 to 50 at another, 50+ at another), and a willingness to quote you against the tier you're growing into rather than the one you're starting at.

  8. 08

    Can you handle group billing if we have several trading entities?

    Why it matters to you

    Most providers' billing systems can't combine related entities cleanly. You end up with eight invoices, eight contracts and eight separate account managers across one group, which prevents you from negotiating as one buyer.

    What a good answer sounds like

    They can run each entity as a separate operational unit (tenants, documentation, security policies) and consolidate billing across the group for volume pricing. Staff who work across multiple entities are billed once, not once per entity.

  9. 09

    If we're a non-profit, do you sort the Microsoft NFP licensing for us?

    Why it matters to you

    Microsoft offers significant discounts and free licences to eligible non-profits, but the application process is admin-heavy and most providers won't do it for you. You'll quietly overpay for years if no one sorts it.

    What a good answer sounds like

    They know the NFP licensing tiers, they can tell you what your organisation is eligible for, and they handle the Microsoft NFP application as part of onboarding. Bonus: they have other NFP clients on the books.

Use it as a scoring sheet. If a provider can't answer most of these clearly in conversation, move on. We hold ourselves to all nine; if you experience us falling short of any of them, tell us.

When you're ready

Two ways in. Both end with a tech, not a sales call.

Call us for a fast directional conversation with a tech. Run the seven-question qualifier for a structured first pass; it lands in our team's queue rather than a sales inbox.

Call (08) 9467 2269 See if we're a fit

Welshpool, Western Australia. Australian-owned, Australian-operated. Twenty plus years.

See if we're a fit