Resource Guide

The SMB Guide to
Managed IT Services

30 questions every business owner asks when evaluating IT managed services — answered clearly, without the jargon. Covers pricing, security, how to choose an MSP in Los Angeles or Miami, and what to expect.

Jump to: MSP Basics Pricing & Contracts Choosing an MSP Onboarding & Transitions Security & Compliance Cloud & Day-to-Day
MSP Basics

What is a managed service provider (MSP)?

A managed service provider (MSP) is a third-party company that remotely manages and maintains a business's IT infrastructure and end-user systems on a proactive, ongoing basis. Instead of calling for help only when something breaks, you pay a predictable monthly fee and the MSP monitors your systems 24/7, handles updates and patches, provides a help desk for your team, and works to prevent problems before they cause downtime. Think of it as outsourcing your entire IT department to a team of specialists — at a fraction of the cost of hiring in-house.

What's the difference between break-fix IT and managed IT services?

Break-fix IT is reactive: you call a technician when something breaks, pay an hourly rate, and they fix it. There's no ongoing relationship, no monitoring, and no incentive for the technician to prevent future problems — in fact, their business model depends on things breaking. Managed IT services (MSP model) is the opposite: proactive. You pay a flat monthly fee, and the MSP's incentive is to keep everything running smoothly because every ticket they handle is a cost to them. Businesses that switch from break-fix to managed services typically see fewer outages, faster resolution times, and far more predictable IT costs.

What services should an MSP include?

A full-service MSP should include: 24/7 system monitoring and alerting, help desk and end-user support (typically phone, email, and chat), network and infrastructure management, cybersecurity (antivirus/EDR, firewall management, patch management), cloud services and Microsoft 365 management, backup and disaster recovery, and strategic vCIO advisory services. Beware of MSPs that only offer one or two of these — IT is interconnected, and gaps in coverage create risk. Ask for a complete service catalog before signing.

What size businesses typically use MSPs?

MSPs typically serve small to mid-market businesses with 10 to 500 employees — companies large enough to depend heavily on IT but not large enough to justify a full internal IT department. That said, even businesses with 5–10 employees benefit from managed services, especially if they rely on cloud platforms, handle sensitive customer data, or operate in regulated industries like healthcare or finance. Many businesses with 100–250 employees use a hybrid model: one internal IT coordinator supported by an MSP team.

What is a vCIO, and does my business need one?

A vCIO (virtual Chief Information Officer) is a senior IT strategist provided by your MSP who helps align your technology investments with your business goals. Instead of just keeping the lights on, a vCIO conducts technology roadmap reviews, advises on major purchases, helps with budgeting, and ensures your IT strategy supports growth. Most growing SMBs don't need a full-time CIO (compensation: $200K+/year), but they do need that level of strategic thinking. A good MSP includes vCIO services in their engagement — if yours doesn't offer it, that's a gap worth addressing.

Have a specific question about your environment?

Book a free 45-min IT assessment — no sales pressure, just honest answers.

Pricing & Contracts

How much do managed IT services cost per month?

Managed IT services are typically priced per user or per device, per month. Per-user pricing is most common and ranges from $75 to $250 per user per month depending on service scope, company size, and your geographic market. A 25-person business in Los Angeles or Miami might expect to pay $3,000–$6,000/month for comprehensive managed services — which often costs less than a single full-time IT hire when you factor in salary, benefits, and turnover. Some MSPs price by device ($25–$75/device/month), which can be advantageous for device-heavy environments. Always ask what's included versus billed separately (e.g., after-hours support, project work, hardware procurement).

How are MSP contracts typically structured?

Most MSP contracts are 12–36 month agreements with a fixed monthly fee covering the agreed scope of services. A well-structured contract includes: a clear service scope (what's included and excluded), response time SLAs by issue severity, escalation procedures, terms for adding or removing users, out-of-scope billing rates for project work, and termination conditions. Month-to-month contracts exist but typically cost more and offer less commitment from the MSP. We recommend starting with a 12-month agreement to allow time for the MSP to truly understand your environment before evaluating the relationship.

What should be in an MSP service level agreement (SLA)?

A solid SLA should define: response time targets by issue severity (e.g., critical outages: 15-minute response; standard requests: 4 hours), resolution time targets, support hours (business hours vs. 24/7), escalation paths for unresolved issues, uptime guarantees for any hosted services, and remedies if targets are missed. Watch out for SLAs that only define "response" time (when they acknowledge the ticket) but not "resolution" time (when the issue is fixed) — response is easy, resolution is what matters. Ask for historical SLA attainment data before signing.

Are there setup or onboarding fees when signing with an MSP?

Yes — most reputable MSPs charge an onboarding fee to cover the work required to assess, document, and stabilize your environment before taking it under management. This typically ranges from one to three months of the monthly fee. Be skeptical of MSPs that offer "free onboarding" — either they're cutting corners on the discovery process, or they're amortizing that cost into a higher monthly rate. A proper onboarding includes a full asset inventory, security baseline assessment, documentation of your network and systems, and remediation of critical issues found during discovery.

What happens if I want to cancel my MSP contract early?

Early termination clauses vary by MSP. Common structures include: paying out the remaining contract months in full, paying a flat early termination fee (typically 2–3 months), or a graduated penalty that decreases over time. Before signing, negotiate a mutual termination clause that protects you if the MSP fails to meet SLA commitments for a defined period (e.g., 60 days of consistent SLA misses). Also ensure the contract includes a transition assistance clause — the MSP should be required to help migrate your documentation and systems to a new provider rather than holding your data hostage.

Have a specific question about your environment?

Book a free 45-min IT assessment — no sales pressure, just honest answers.

Choosing an MSP

Should I hire an in-house IT person or use an MSP?

For most businesses under 75–100 employees, an MSP delivers better coverage at lower cost than a full-time hire. A single internal IT person costs $70,000–$110,000/year in salary plus benefits — and they have one area of expertise, limited availability (vacations, sick days), and no backup. An MSP gives you a team with expertise across networking, security, cloud, and end-user support, available around the clock. The economics shift at 100–150+ employees, where a hybrid model (1 internal IT coordinator + MSP team for depth) often makes the most sense. If your business handles sensitive data or operates in a regulated industry, the security expertise an MSP provides is especially difficult to replicate with a single hire.

What questions should I ask an MSP before signing?

Key questions to ask: (1) What is your average response time for critical issues, and can you show me SLA attainment data? (2) How many clients do you manage per technician? (3) Do you have experience with my industry and its compliance requirements? (4) What does your onboarding process look like, and how long does it take? (5) Who is my primary point of contact, and will I always work with the same team? (6) How do you handle after-hours emergencies? (7) What tools do you use for monitoring, security, and remote support? (8) Can you provide three client references of similar size? (9) What's your escalation path for issues you can't resolve? (10) What happens to our data and documentation if we end the relationship?

How do I find a reliable MSP in Los Angeles?

Los Angeles has a large and varied MSP market, which makes vetting essential. Start with verified review platforms like Clutch.co and G2 — look for MSPs with 10+ reviews and consistent mention of response times and communication. Ask peer businesses in your industry for referrals. Prioritize MSPs with physical offices in the LA area (not just remote operations) so they can dispatch onsite technicians when needed. Evaluate their expertise in your specific industry — an MSP serving law firms or creative agencies has very different specializations. Facet MSP operates from Los Angeles and serves SMBs across the LA metro area with onsite and remote support.

How do I find a reliable MSP in Miami?

The Miami MSP market is growing rapidly alongside the tech and finance expansion in South Florida. When evaluating Miami-area MSPs, prioritize local physical presence (critical for onsite support), bilingual support capability if your team includes Spanish speakers, and experience with the specific compliance frameworks common in finance, healthcare, and real estate — Miami's dominant industries. Clutch.co reviews, LinkedIn, and local business associations (like the Greater Miami Chamber of Commerce) are good starting points. Facet MSP maintains an office in Miami and provides onsite support throughout the Miami metro area.

What certifications should a qualified MSP have?

Key certifications to look for: Microsoft Partner status (required for proper M365 and Azure support), CompTIA Managed Services Trustmark (MSP-specific quality standard), SOC 2 Type II (demonstrates the MSP's own internal security controls), and if applicable to your industry — HIPAA-ready practices, PCI DSS experience, or CMMC certification for federal contractors. Individual technician certifications to look for include Microsoft Certified: Azure Administrator, CompTIA Security+, and CCNA (Cisco networking). Be cautious of MSPs that lead with awards from vendors (e.g., "Gold Microsoft Partner") — these reflect revenue volume, not service quality.

Have a specific question about your environment?

Book a free 45-min IT assessment — no sales pressure, just honest answers.

Onboarding & Transitions

How long does it take to onboard with a new MSP?

A thorough MSP onboarding takes 30–90 days depending on the size and complexity of your environment. The process typically unfolds in phases: Week 1–2: discovery and assessment (asset inventory, network mapping, security baseline); Week 2–4: documentation and tooling deployment (RMM agent installation, backup verification, security tool rollout); Month 2: stabilization (addressing issues found during discovery, establishing support workflows); Month 3: full managed services begin with SLAs fully active. Avoid MSPs that claim they can onboard in a week — they're skipping the discovery work that protects you, and you'll pay for it later in reactive firefighting.

Can I keep my existing hardware and software when switching to an MSP?

Generally yes, though with conditions. A good MSP will inventory your existing equipment and software, identify anything that's out of warranty, end-of-life, or a security risk, and work with you on a phased replacement plan. You're rarely forced to replace everything immediately — but you should expect the MSP to flag aging infrastructure and help you budget for upgrades. For software, MSPs typically work with whatever you already use for line-of-business applications, though they may recommend migrating certain tools (e.g., from on-premise email to Microsoft 365 in the cloud) if it improves supportability.

How do I transition from one MSP to another?

Transitioning MSPs is more common than people think, and a good incoming MSP will guide you through it. Key steps: (1) Notify your current MSP of your intent to terminate per contract terms; (2) Invoke the transition assistance clause in your contract — they should provide documentation and credentials; (3) Your new MSP performs discovery in parallel (may require temporary dual access); (4) Cutover day: new MSP tools replace old, credentials are rotated, monitoring switches over; (5) Confirm all access to systems, cloud accounts, and domain registrars has transferred. The most common pain point is MSPs that hold credentials hostage — make sure your contract explicitly states that all access credentials are your property.

What should happen in my first 90 days with an MSP?

Day 1–30: Your new MSP completes a full environment assessment, installs monitoring and security tooling on all devices, documents your network topology and key systems, and identifies any immediate risks. They should share findings in a written report. Day 31–60: Stabilization — addressing the issues found in discovery, onboarding your team to the help desk, establishing your preferred communication workflows. Day 61–90: First strategic review — your vCIO presents a technology roadmap, budget recommendations, and a 12-month plan. You should also receive your first monthly report showing system health, ticket volume, and SLA attainment. If none of this is happening, the engagement is off track.

What information will an MSP need from us at onboarding?

Expect to provide: a list of all employees and their devices; login credentials for your network equipment (routers, switches, firewalls); admin credentials for Microsoft 365 or Google Workspace; access to any cloud platforms (AWS, Azure, etc.); your current backup solution details; contact information for any existing IT vendors or ISPs; copies of existing IT contracts; and any previous network documentation you have. If you're switching from another MSP, you'll also need to recover credentials they hold on your behalf — this is often the trickiest part. A well-prepared new client can cut onboarding time significantly.

Have a specific question about your environment?

Book a free 45-min IT assessment — no sales pressure, just honest answers.

Security & Compliance

How does an MSP handle cybersecurity?

A comprehensive MSP security stack includes: endpoint protection (EDR/antivirus on every device), patch management (keeping OS and software updated — unpatched software is the #1 entry point for attackers), email security (anti-phishing, spam filtering, spoofing protection), multi-factor authentication enforcement across all accounts, DNS filtering to block malicious sites, dark web monitoring for compromised credentials, firewall management, and security awareness training for your employees. Cybersecurity isn't a product — it's a layered practice. Ask any MSP for their security stack and their process for staying current with evolving threats.

What is endpoint detection and response (EDR)?

EDR (Endpoint Detection and Response) is an advanced security technology that goes beyond traditional antivirus. While legacy antivirus matches files against a database of known malware signatures, EDR uses behavioral analysis to detect suspicious activity — catching novel malware, ransomware, and "living off the land" attacks that traditional tools miss. EDR tools continuously monitor device behavior, alert when something looks wrong, and can automatically isolate a compromised device from the network before damage spreads. Leading EDR platforms include CrowdStrike Falcon, SentinelOne, and Microsoft Defender for Endpoint. Any MSP worth working with should be deploying EDR on all managed devices.

What is zero-trust security and can an MSP implement it?

Zero-trust is a security framework built on the principle "never trust, always verify" — rather than assuming anything inside your network is safe, every user and device must continuously prove they're authorized before accessing resources. In practice, zero-trust implementation includes: multi-factor authentication everywhere, device health checks before granting access, least-privilege access controls (users only access what they need), micro-segmentation of your network, and continuous monitoring of user behavior. A capable MSP can implement zero-trust principles progressively — starting with MFA and conditional access policies in Microsoft 365, then expanding to network segmentation and identity governance over time.

Can an MSP help with HIPAA, SOC 2, or PCI compliance?

Yes, but with an important caveat: compliance is a shared responsibility. An MSP can implement and maintain the technical controls required by HIPAA (healthcare), PCI DSS (payment card processing), or SOC 2 (software/SaaS companies) — encryption, access controls, audit logging, backup procedures, security training, etc. However, compliance also involves policies, procedures, and governance that go beyond IT. A good MSP will provide a compliance-ready IT environment and documentation to support your audits, but you'll still need legal counsel and possibly a compliance consultant for the full program. Ask any MSP for their specific experience with your compliance framework before signing.

What is a business continuity plan, and should my MSP provide one?

A business continuity plan (BCP) is a documented strategy for how your organization keeps operating during and after a disruptive event — a cyberattack, natural disaster, power outage, or office fire. The IT component (sometimes called a disaster recovery plan) covers: how your data is backed up and how quickly it can be restored, your recovery time objective (RTO — how long you can be down), your recovery point objective (RPO — how much data loss you can tolerate), and procedures for failing over to backup systems. Your MSP should help you define your RTO/RPO, implement a backup solution that meets those targets, test restores regularly, and document the recovery procedure. If your MSP hasn't discussed this with you, bring it up.

Have a specific question about your environment?

Book a free 45-min IT assessment — no sales pressure, just honest answers.

Cloud & Day-to-Day

Can an MSP manage our Microsoft 365 environment?

Yes — Microsoft 365 management is one of the most common MSP services. This includes: licensing management (ensuring you're on the right plans and not over-licensed), user provisioning and offboarding (creating/removing accounts when staff join or leave), security configuration (enabling MFA, configuring conditional access policies, securing email), SharePoint and Teams administration, Exchange Online management, and monitoring for suspicious activity like unusual login locations or mass file deletions. Proper M365 management prevents data breaches, ensures departing employees are properly offboarded (a frequent security gap), and keeps your licensing costs optimized.

What is backup and disaster recovery (BDR)?

Backup and disaster recovery (BDR) covers two related but distinct needs. Backup is the regular copying of your data to a secure location — ideally following the 3-2-1 rule: 3 copies of data, on 2 different media types, with 1 copy offsite (or in the cloud). Disaster recovery is the plan and technology for actually restoring operations after a failure — not just having the backup, but being able to use it quickly. A complete BDR solution from your MSP should include automated daily (or more frequent) backups, encrypted offsite storage, regular restore tests (a backup you've never tested is not a backup), documented recovery procedures, and defined RTO/RPO targets. Cloud-first backup solutions like Veeam, Datto, or Acronis are commonly used by MSPs.

Can an MSP support a fully remote or hybrid team?

Absolutely — in fact, the MSP model is particularly well-suited for distributed and hybrid teams. Because MSPs deliver support remotely by default, your employees can open a ticket and get help regardless of whether they're in the office, at home, or traveling. Device management extends to remote devices through cloud-based MDM (Mobile Device Management) tools. Security controls like VPN, zero-trust access, and endpoint protection apply equally to office and remote workers. The main additional consideration for remote-heavy companies is securing home network environments and ensuring personal devices (BYOD) don't become a security gap — your MSP should have a policy for both.

How quickly should an MSP respond to a support ticket?

Response times vary by issue severity and should be defined in your SLA. Typical benchmarks: Critical (system down, business stopped): 15-minute response, 2-hour resolution target. High (significant impairment, multiple users affected): 1-hour response, 4-hour resolution. Medium (one user affected, workaround available): 4-hour response, next-business-day resolution. Low (general requests, non-urgent): same-day acknowledgment, 3–5 business day resolution. Be clear on whether these are clock hours or business hours — "4 hours" means something very different at 4pm on a Friday. The best MSPs publish monthly SLA attainment reports so you can see how they actually perform against these targets.

What makes Facet MSP different from other IT providers in Los Angeles and Miami?

Facet MSP is a division of Facet Interactive — which means we bring together managed IT, digital strategy, and AI implementation under one roof. For growing businesses, this matters: your IT partner can understand not just your infrastructure, but how technology drives your business forward. We maintain physical offices in Los Angeles, Miami, and Tampa with US-based technicians — no offshore support desks, no third-party escalations. Our team averages 15+ years of experience, and every client engagement includes a dedicated vCIO who participates in quarterly business reviews. We don't lock clients into punitive contracts — we earn the relationship every month. If you're evaluating MSPs in Los Angeles or Miami, we'd welcome a conversation. Book a free 45-minute IT assessment and we'll give you an honest picture of where your environment stands.

Have a specific question about your environment?

Book a free 45-min IT assessment — no sales pressure, just honest answers.

Facet MSP · Los Angeles · Miami · Tampa

Ready to stop reacting
and start preventing?

Book a free 45-minute IT assessment with our team. We'll review your current environment, identify gaps, and give you an honest picture — no pressure, no pitch decks.

No commitment · 45-min · Free

© 2026 Facet MSP, a division of Facet Interactive. All rights reserved.