Quick Answer
Core support (helpdesk, device management, patching, user admin, M365 management), security basics (MFA, antivirus/EDR, backup, email security), and proactive management (monitoring, reporting, reviews). If these are "extras," question the base price.
Quick answer: Core support (helpdesk, device management, patching, user admin, M365 management), security basics (MFA, antivirus/EDR, backup, email security), and proactive management (monitoring, reporting, reviews). If these are "extras," question the base price.
What Should Be Standard
Support and helpdesk
- Phone, email, portal access - Multiple contact methods
- Reasonable response times - 4 hours for urgent, next business day for routine (minimum)
- Unlimited tickets - No per-incident fees for normal issues
- Remote support - Most issues resolved remotely
- Escalation path - For complex issues
Device management
- Workstation management - All company PCs/Macs
- Patching - OS and application updates
- Monitoring - Health and performance
- Standardised configuration - Consistent security settings
User administration
- Onboarding - New starter setup
- Offboarding - Leaver removal
- Changes - Password resets, access changes
- Licence management - Assign/remove as needed
Microsoft 365 / cloud management
- Account administration - If you use M365
- Basic configuration - Standard settings
- Issue resolution - M365-related problems
Security basics
- MFA enabled - Configured and enforced
- Endpoint protection - Antivirus or EDR
- Backup - At minimum for M365, ideally endpoints too
- Email security - Spam filtering, basic threat protection
Proactive management
- Monitoring - Systems watched, not just break-fix
- Reporting - Regular updates on your environment
- Reviews - Periodic check-ins (quarterly minimum)
- Recommendations - Proactive improvement suggestions
What's Legitimately Extra
Some things reasonably cost more:
Projects
- New system deployment
- Office moves
- Major migrations
- Infrastructure upgrades
Advanced security
- MDR/SOC services - 24/7 human monitoring
- SIEM - Advanced log analysis
- Penetration testing - Annual assessment
Compliance
- Certification support - CE, ISO 27001
- Audit preparation
- Compliance reporting
Hardware
- Equipment purchase
- Warranty support
- Physical repairs
On-site support
- Regular on-site days - Often extra
- Emergency call-outs - May have fees
Red Flags
"Basic" package too basic
If the base package doesn't include patching, monitoring, or basic security—it's not managed IT, it's break-fix with a retainer.Everything is extra
"Support is £30/user but backup is extra, security is extra, M365 management is extra..." Actual cost is 2-3x headline.Per-incident fees
Unlimited support should mean unlimited. Per-ticket fees discourage reporting problems.No security included
In 2026, "we do IT, security is separate" is negligent. Security should be built in.Long lock-in contracts
3-year minimum terms benefit the provider, not you.No proactive element
If they only respond to problems and never proactively improve things, you're paying for reactive break-fix.Questions to Ask
Before signing:
- What's included vs extra?
- What are the response time SLAs?
- What security is included?
- What happens at 6pm on Friday?
- What's the contract term?
- What's not covered?
- Are there any per-incident fees?
- What reporting will I receive?
Our Approach
Our managed services include security as standard because that's what responsible IT management looks like in 2026:
- Full helpdesk (no ticket limits)
- Device management with EDR
- Patching and monitoring
- Microsoft 365 management and backup
- MFA enforced
- Security awareness training
- Quarterly reviews
---
Want a clear quote? Check our pricing or talk to us.
---