Managed IT buyer's guide for Canadian businesses.

What managed IT actually covers

A comprehensive managed IT engagement typically includes the following services. Not every MSP includes all of them in a base plan — scope varies significantly, and reading what is actually in the agreement is not optional.

Help desk and end-user support

Day-to-day support for your team: password resets, software issues, device problems, connectivity questions. Most managed IT agreements specify a response time (often categorized by severity — P1 for critical outages, P2 for significant disruption, P3 for minor issues) and a support channel (phone, email, portal). The quality variation between MSPs shows most clearly here: a fifteen-minute response to a P1 and a four-hour response are both “included help desk,” but they are not the same thing.

Remote monitoring and management

RMM software sits on your devices and servers, sending telemetry to your MSP so they can see hardware health, software inventory, patch status, and performance metrics. A good MSP uses this to spot problems before they cause outages — a server running hot, a disk approaching capacity, a service that has stopped responding. This is the core of the proactive model that distinguishes managed IT from break-fix.

Patch management

Keeping operating systems and applications patched is a security and stability function. In a managed IT arrangement, the MSP owns the patching cadence — testing patches in a staging environment where practical, deploying on a defined schedule, and handling exceptions for software that cannot be auto-patched. Ask how quickly critical security patches are deployed; the answer reveals their operational discipline.

Backup management

Most managed IT agreements include monitoring that backup jobs are completing and alerting on failures. What they may not include: actual restore testing, management of backup strategy changes, or recovery in the event of a major data loss incident (which may fall under a separate disaster recovery engagement). Clarify exactly what backup management means in the agreement you are reviewing.

Security tooling

Base plans often include endpoint protection (antivirus or EDR) and email filtering as part of the stack. Whether active monitoring of security alerts is included — or whether it requires a separate MDR engagement — depends on the provider. If your insurer or compliance posture requires active security monitoring, confirm explicitly what the MSP provides versus what they recommend you add separately.

What managed IT does not cover

Understanding exclusions is as important as understanding inclusions. Common items that are typically out-of-scope in a base managed IT agreement:

Major projects. Infrastructure upgrades, cloud migrations, new office deployments, and significant software implementations are typically project work billed separately from the managed service fee. Some MSPs include a defined number of project hours; most do not. If you have a major project on the horizon, clarify whether it is in scope before you sign.

Procurement. Managed IT does not mean your MSP buys equipment on your behalf at no markup. Most MSPs can procure hardware and software and will do so as an additional service, but it is not part of the base fee.

On-site visits above a threshold. Remote support is included; extended on-site visits may have a defined allotment per month or be billed separately above a threshold. Confirm this for any site that requires regular physical presence.

Incident response for major events. A ransomware incident that requires forensic investigation, clean-up, and recovery from backup typically involves significant project hours beyond what is included in a monthly managed service fee. Some MSPs include a cyber incident response retainer; most handle it as a separate engagement.

Co-managed IT vs. fully managed

Fully managed IT means the MSP is your entire IT function. You do not have an internal IT person; they are your IT department.

Co-managed IT means you have internal IT staff — one person, a small team — and the MSP supplements them. The MSP might handle help desk volume that exceeds your internal capacity, provide specialist expertise (security, networking, cloud architecture) your internal team does not have, or take over specific functions like patch management and backup while your team handles everything else.

Co-managed works well when you have a capable IT person who is spread too thin, or when you have internal IT but need specialist depth you cannot justify hiring for. The key is defining clearly who owns what — ambiguity in a co-managed arrangement creates accountability gaps that surface during incidents.

How pricing actually works

Managed IT is typically priced in one of three ways.

Per-user pricing is the most common model today. A flat monthly fee per user covers a defined scope of services regardless of how many devices that user has. It aligns cost with headcount, which makes it easy to budget and easy to scale. The range for Canadian SMBs is wide: basic plans start around $75–$100 per user per month; comprehensive plans with EDR, backup management, and 24/7 support run $150–$200+.

Per-device pricing charges based on the number of managed endpoints — desktops, laptops, servers, network devices. It suits environments where the device-to-user ratio is high (manufacturing, retail, environments with shared devices). Workstation management typically runs $20–$40 per device per month; server management is higher, $50–$150 depending on scope.

All-in or flat-rate pricing is a negotiated monthly fee that covers everything for your environment at a fixed price. It is less common and typically reserved for stable environments where the MSP can confidently predict support volume. The risk to the MSP of an unusually high-volume client is priced into these agreements.

Contract red flags

Transition planning

Switching MSPs is operationally disruptive if it is not planned well. The transition period — from outgoing provider to incoming provider — is when critical knowledge about your environment needs to transfer, and when operational gaps are most likely to appear. A structured transition plan reduces that risk.

1. 01Document your current environment thoroughly before transition — asset lists, software licenses, credentials, network diagrams, warranty status.
2. 02Negotiate a parallel overlap period with your outgoing provider if possible, so knowledge transfer can happen without a gap in coverage.
3. 03Confirm that all documentation your current MSP holds about your environment is transferred to you before the relationship ends.
4. 04Change all passwords and administrative credentials as part of the offboarding process from your previous provider.
5. 05Confirm your new MSP has completed an onboarding assessment and has your environment documented before you go fully live.
6. 06Test the help desk and support process before you are fully dependent on it — submit a non-urgent ticket and observe the response.
7. 07Clarify what happens to any monitoring agents or tools deployed by the outgoing MSP that need to be replaced.
8. 08Review the new agreement for auto-renewal clauses and confirm notice period requirements.

When to bring in a procurement desk

The managed IT market is difficult to compare because service agreements are structured differently across providers, scope is inconsistently defined, and pricing models vary in ways that make apples-to-apples comparison genuinely hard. Our desk works with a curated network of Canadian MSPs and can help you structure the evaluation — mapping your requirements, shortlisting providers with the right fit for your industry and size, and reviewing service agreements before you sign.

We also give honest recommendations when your current provider is adequate and switching would not be worth the disruption. If that kind of independent assessment would be useful, the form below is the place to start.

Reviewed by the SwitchU procurement desk — last reviewed June 2026.