Blog/July 9, 2026
Co-managed IT: how to add expertise without adding headcount
What co-managed IT actually means, when it fits, how to divide responsibilities with an internal IT team, and what to watch out for in a proposal.
By William Galvin
Founder, Green Desert IT
If you have one or two in-house IT people, you’ve probably felt the squeeze: they can’t cover 24/7, they can’t be expert in every technology, and they can’t ship a big project without dropping everything else. Adding another headcount is a six-month commitment and $80–$130k/year of salary before benefits.
Co-managed IT is the alternative most people don’t know exists. Here’s how it actually works.
The idea, in one sentence
Your internal IT team keeps running the day-to-day. An external MSP provides bench depth — after-hours coverage, tier-3 escalation, specialist expertise, security tooling — without replacing your team or taking over the roadmap.
The key difference from full managed IT: you keep control. Your internal person still owns the ticket queue, the roadmap, and the vendor relationships. The MSP is a resource they can pull from, not a boss.
When it fits
Co-managed is a strong fit if any of these are true:
- You have 1–3 internal IT staff. One person can’t cover 24/7 and go on vacation; two can’t be experts in every stack; three can’t tackle a big migration alone.
- Your team needs bench depth without new headcount. Adding a full-timer is a big commitment; co-managed retainers scale up and down.
- You have growing security requirements. Cyber insurance renewals now require MFA, EDR, and documented IR. Your internal team may not want to become security specialists.
- You have a major project on the horizon. Office move, M365 migration, server refresh — someone has to keep the phones ringing while the project happens.
It’s not a fit if:
- You have zero internal IT and want a full-service partner (you want managed IT, not co-managed).
- Your internal IT person actively resents the idea. Co-managed only works if the internal team wants the help.
How responsibility usually divides
There’s no single right answer, but here’s a common split we see work well:
| Responsibility | Internal IT | Co-managed MSP |
|---|---|---|
| Ticket queue & user support | ✓ | escalation only |
| Business apps & vendor management | ✓ | consult |
| Strategic roadmap | ✓ | input |
| After-hours P1 response | ✓ | |
| EDR/MDR security stack | ✓ | |
| Backup & restore testing | ✓ | |
| Patching cadence | shared | shared |
| Big projects (migrations, refreshes) | overview | delivery |
| Compliance evidence & audit prep | ✓ |
The exact split gets negotiated during the onboarding call. What matters is that it’s documented in a runbook — not tribal knowledge in two peoples’ heads.
What to ask in a co-managed proposal
- “What’s the retainer, and what’s out-of-scope hourly work?” Look for a small retainer that covers the tooling and defined coverage windows, plus hourly for projects and escalations. Some providers try to sell “unlimited” co-managed at 90% of managed IT pricing — that’s just managed IT wearing a costume.
- “How do escalations flow?” Should be a defined ticket handoff process, not “call this number and see who answers.”
- “Who owns admin credentials?” You do. Get it in writing.
- “Can we borrow your security stack without full managed?” This is often the highest-value part of co-managed — you get access to enterprise-grade EDR/MDR/backup tools without paying full managed IT pricing.
- “What happens if our IT person quits?” Answer should be “we can bridge coverage while you hire, then hand back to the new person with documentation.” Not “we take over permanently.”
What to watch out for
- The scope creep pattern. A retainer that starts at $2k/month and creeps to $5k over six months because “we needed to handle a few things.” Get scope in writing; renegotiate scope, not just budget.
- Tools you can’t use without them. Some MSPs sell you their PSA or RMM under the co-managed deal — and if you leave, you lose access. Prefer arrangements where the security tools you’re paying for stay yours or can be re-licensed.
- The “we don’t touch that” answer. A good co-managed partner has opinions on your stack, even where it’s not their contractual responsibility. If everything gets a “not our scope” answer, you’re just paying for silence.
The honest sales pitch
We do co-managed IT for teams that already have someone in the seat. If you don’t have internal IT at all, our managed IT service is a better fit. If you have internal IT and want to keep it that way while adding bench depth, book a co-managed discovery call and we’ll scope specifically for your team.