Skip to content

Blog/July 9, 2026

The complete guide to managed IT services for small businesses

What managed IT services actually include, how pricing works, when you outgrow break-fix, and what to look for in a provider — with real numbers.

By William Galvin

Founder, Green Desert IT

If you’ve ever Googled “managed IT services” and come away more confused than when you started, you’re not alone. The category has three problems: every provider defines it differently, pricing is opaque on purpose, and the marketing sounds identical across firms that are wildly different in practice.

This guide fixes that. Here’s what managed IT actually is, what it should include, how it’s priced, and how to tell whether a provider is any good — from the perspective of a small business making the buying decision.

What “managed IT” actually means

Managed IT is a flat-fee arrangement where an outside firm runs your technology infrastructure — help desk, monitoring, patching, security, backup, and vendor management — for a predictable monthly cost. The key word is flat: you’re not paying per ticket, per hour, or per incident. You’re paying to have someone accountable for your IT working, full stop.

Compare that to two other models most small businesses have tried:

  • Break-fix: you call when something’s broken, they bill by the hour to fix it. Predictable per-incident, but incentivizes tickets over prevention.
  • Internal IT hire: one full-time person on your payroll. Works up to about 100 employees, then falls apart because no one person covers helpdesk + strategy + security + vendors + on-call.

Managed IT sits between the two: bench depth of a firm, predictability of a salary line, and the important part — the incentive is to prevent tickets, not create them.

What should be included

If a provider calls themselves “managed IT” and doesn’t include all of these baseline items, they’re selling break-fix with a subscription wrapper. The 2026 baseline is:

  1. Help desk with a real SLA. Human tech responding within 15–30 minutes during business hours. Not a queue that says “we’ll get to you within one business day.”
  2. 24/7 monitoring of servers, endpoints, and network gear with alerting to on-call humans (not just email).
  3. Automatic patching for operating systems, third-party apps, and firmware.
  4. Endpoint Detection and Response (EDR) on every device — bare minimum modern security.
  5. Managed Detection and Response (MDR) — humans in a 24/7 SOC watching those EDR alerts and responding. Tool without humans is a dashboard nobody reads.
  6. Managed backup with monthly restore tests. If they don’t test-restore, they don’t have backups — they have hope.
  7. Phishing awareness training with measurement, not just annual videos.
  8. Vendor management — they own the phone call to Microsoft, your ISP, your line-of-business software vendor.
  9. Documented onboarding — a real playbook for how they take over your environment, not “we’ll figure it out.”
  10. Quarterly business reviews — a leadership meeting to look at ticket trends, security posture, and upcoming projects.

If any of items 1–8 are labeled “optional” or “add-on” in the proposal, that’s a red flag. Modern managed IT is bundled by default.

What it should cost

Pricing for a properly-stocked managed IT plan in 2026 runs roughly $110–$180 per user per month, depending on the security stack tier, compliance requirements, and how much of your environment lives on-prem vs. SaaS. Per-server pricing is typically $150–$400 per server per month depending on complexity.

Providers charging significantly less usually cut corners on the security stack (no MDR, no phishing training, no restore testing). Providers charging significantly more should be able to justify it with vertical specialization or a much richer stack.

Anyone quoting you without a discovery call is guessing. Real quotes require a look at your environment.

When you’ve outgrown break-fix

Break-fix works fine for teams under ~10 employees with SaaS-only tooling and no compliance obligations. You’ve outgrown it if any of these are true:

  • Your team is losing more than 4 hours per month waiting for IT help.
  • You’ve had a security scare, an audit finding, or a cyber insurance renewal that surfaced gaps.
  • You can’t answer basic questions like “when was our last backup restored?” or “which endpoints don’t have EDR?”
  • Onboarding a new hire’s laptop takes more than a few hours.
  • Your break-fix invoices are getting large enough that you can’t predict monthly IT costs.

The crossover point is usually 12–20 employees, sometimes earlier if you’re in a regulated vertical.

How to evaluate a provider

Beyond the checklist above, here are the questions that separate mediocre MSPs from good ones:

  • “How do you measure your response times, and can I see last quarter’s data?” A provider that can’t produce this is guessing. A good one has dashboards.
  • “What happens if we get hit with ransomware on a Saturday at 3 AM?” They should describe a specific runbook: who you call, containment timeline, forensics partner, insurance carrier notification. Vague answers = no runbook.
  • “Show me your restore test log for a real client.” They can redact the name, but they should be able to show that they actually test restores.
  • “What’s the minimum contract length and cancellation policy?” Look for 12-month initial, month-to-month after, with 30-day notice. Anything worse than that is a lock-in play.
  • “Who owns the tenant, admin credentials, and documentation if we leave?” Answer must be “you do.” Get it in writing.

The tradeoff, honestly

Managed IT costs more per month than break-fix in the months when nothing goes wrong. That’s the deal. In exchange, you get predictable spending, a real security posture, faster incident recovery, and — critically — a partner incentivized to prevent tickets rather than bill them.

For most businesses over 15 people, it’s not close. Managed wins.

If you want to run the specific numbers for your business, book a 20-minute call. We’ll walk through your environment and tell you honestly whether we’re a fit — including the cases where we’re not.

#managed-it#small-business#msp#buyer-guide

Ready to make IT boring again?

Book a 20-minute intro call. We'll tell you within that call whether we're a fit.