Quick answer: Managed IT support (also called managed IT services) is a subscription where a specialist provider takes ongoing responsibility for your business IT - helpdesk, device monitoring and patching, security, backup - for a fixed monthly fee per user, under contractual response times. In the UK in 2026 that typically costs £30 to £150 per user per month. Check what yours should include in under a minute.
Checked July 2026 against government research, NCSC guidance and the sources at the end of this guide.
In this guide:
- What managed IT support is, how it works and the 12 things a 2026 contract includes.
- The tools behind the monthly fee, named - and what your £ per user genuinely buys.
- Fully managed vs co-managed vs break-fix, what's excluded and how to choose the NCSC way.
Written for UK business owners and directors working out what "managed IT support" on a quote actually means. If you searched "what is IT support" looking for helpdesk career advice, this is the buyer's guide - job profiles live on the careers sites.
"Managed IT support" is one of those phrases that means everything and nothing. Every provider sells it, every definition is a variation of "we look after your IT" and almost nobody tells you what you'd actually get, which tools they'd use or what it should cost.
Having read every page that ranks for this question, the pattern is stark: the big definitional guides are written by American enterprise vendors, and the UK pages are two-minute overviews with no prices, no named tools and a quote form at the bottom. Nobody opens the books.
So this guide does. We run a managed IT service ourselves, with published prices you can check against every claim below - which means we can show you the actual machinery: what the monthly fee pays for, which products do the work and where the money goes.
One phrase note before we start: managed IT support and managed IT services mean the same thing - the industry uses both interchangeably, and so does this guide.
What is managed IT support?
Managed IT support is the ongoing management of your business technology by a specialist provider - a managed service provider, or MSP - for a fixed monthly fee, under a contract that defines exactly what's covered and how fast they respond.
That's not just our wording: the UK government's new cyber legislation defines a managed service as "the provision of ongoing management of information technology systems for the customer". The word doing the heavy lifting is ongoing.
A company that builds you a system and leaves is a consultancy. A company you ring when something breaks is break-fix support.
A managed provider is contractually responsible for keeping your IT working, secure and up to date, all the time - whether or not you ever raise a ticket.
In practice that means your provider becomes your IT department: the helpdesk your team rings, the people patching your laptops on schedule, the team watching security alerts overnight and the contact who orders the new starter's laptop. As one practitioner puts it, an MSP is "the IT department for companies that don't have an IT department" - and, increasingly, the reinforcements for companies that do.
The test that separates managed from merely monitored
Plenty of contracts sold as "managed" are really monitored: software watches your systems, and when something breaks you get a ticket and an hourly rate. The test is accountability - does the provider own the outcome, or just the activity?
In a genuinely managed service you've transferred responsibility, not just tasks: patching happens without you asking, problems get fixed before you notice and the provider's fee depends on things not breaking. If the contract can't name what the provider does unprompted every month, it's monitoring with a retainer attached.
A quick word on the letters you'll meet. MSP stands for managed service provider - our Eaglepedia entry on MSPs covers the term's history if you want the encyclopaedic version. You'll also see MSSP (a security-only provider), and a small alphabet of tooling acronyms we'll translate as they come up - each one is explained in plain words the first time it appears below.
How managed IT support works day to day
From the inside, a managed service is a loop that never stops: monitor, patch, detect, respond, support, review. Most of it is invisible when it's working - which is precisely the point, and precisely why it's worth understanding what you're paying for.
It starts with an agent on every device. When you sign up, the provider installs a small piece of management software - the industry calls the category RMM, remote monitoring and management - on every laptop, desktop and server. Ours is NinjaOne.
That agent is how one engineer can watch hundreds of machines: it reports health, disk space, failed updates and warning signs, and it lets the provider fix most problems remotely without ever visiting your office.
Patching runs on a rhythm. Microsoft releases its security updates on the second Tuesday of every month, and every other vendor has its own drumbeat. A managed provider tests and rolls these out on schedule across your whole fleet.
There's a hard deadline hiding in this routine: Cyber Essentials, the UK government-backed security certification, requires critical and high-risk fixes applied within 14 days of release. And the volume is relentless - roughly 130 new software vulnerabilities were published every day in 2025, 48,185 across the year, up a fifth on 2024. That's why patching is a weekly discipline rather than an annual spring clean.
The helpdesk is tiered, deliberately. When your team rings, the first line logs the issue and fixes the routine majority - passwords, email, printers, software quirks. Anything deeper escalates to the second line, experienced engineers who diagnose the awkward problems, and a third line of specialists handles the genuinely hard ones.
The tiers aren't bureaucracy; they're what keeps a two-minute fix from queueing behind a two-day one.
Security runs around the clock. Modern contracts include detection software on every device - EDR, endpoint detection and response, the successor to antivirus - and, in good ones, a 24/7 team watching what it finds. That service is called MDR, managed detection and response; ours is CrowdStrike's Falcon Complete team, who investigate and shut down threats at 3am so nobody has to ring you.
Ransomware doesn't keep office hours, and this layer is the single biggest difference between a 2026 contract and a 2019 one.
And the value is mostly the work you don't see. The commonest objection to a monthly IT fee is "we pay even when nothing breaks". But nothing breaking is the product.
In any given month your provider will have applied hundreds of patches, blocked phishing attempts, verified backups and closed vulnerabilities you never heard about - the same way you only notice cleaning when it stops.
A flat monthly fee also aligns incentives in your favour: a provider paid per user only makes a margin when things don't break, whereas a provider paid by the hour earns most when you're on fire.
What's included in managed IT support: the 2026 baseline
Ask three providers what's included and you'll get three different lists - that, more than anything, is why quotes for "the same thing" range from £30 to £150 per user. Here's the honest version: the 12 items a modern contract should cover, and which are still sold as extras.
| What | What it means in practice | Where it sits in 2026 |
|---|---|---|
| Unlimited helpdesk | Your team can ring or email without a meter running | Standard in managed contracts |
| Monitoring, management & patching | Agents on every device; updates applied on schedule | The defining feature - if it's missing, it isn't managed |
| Published response SLAs | Response times by severity, in the contract | Standard to define; rare to publish openly |
| Out-of-hours emergency route | A defined answer to "who do we ring at 2am?" | Often chargeable (£120-£180/hr callouts are common); included 24/7 cover is premium-tier |
| EDR on every device | Detection and response software, replacing legacy antivirus | The insurer-expected standard - brokers list it among minimum requirements |
| 24/7 threat hunting (MDR) | A human team responding to what the EDR finds, day and night | Fast becoming expected; insurers offer discounts for it |
| Advanced email security | Phishing, impersonation and malicious-attachment filtering | Baseline - phishing hit 88% of the UK businesses that identified an attack (CSBS 2025/26) |
| Security awareness training | Short courses plus simulated phishing; often with dark web monitoring | Normalising fast - yet only 19% of UK businesses trained staff last year |
| Microsoft 365 / SaaS backup | Separate backup of email, OneDrive, SharePoint and Teams | Baseline - Microsoft's own agreement tells you to back up your data |
| Workstation backup & DR | Device backup with tested restores | Baseline resilience (NCSC-recommended; insurers expect tested backups) |
| Password manager | A team vault with breach monitoring | NCSC-recommended; cheap to include, often missing |
| Vulnerability management | Regular scanning and remediation of known weaknesses | Baseline in spirit via Cyber Essentials' 14-day rule; only 18% of UK businesses audited vulnerabilities last year |
What's not included (and what that costs)
Just as important is what a monthly fee almost never covers, because this is where "all-inclusive" quotes grow surprise invoices. Three exclusions are near-universal, and reasonable: software licences (Microsoft 365 and your business applications are billed separately - ours work the same way), new hardware (laptops, screens, networking kit) and project work (migrations, office moves, new systems - scoped and quoted separately, which protects both sides).
The quieter ones deserve a direct question before you sign: out-of-hours callouts when there's no defined route (commonly £120 to £180 an hour), onsite visits beyond an allowance, servers (often a separate line - ours are a quoted add-on) and anything a thin contract can label "out of scope".
None of these is a scandal in itself. The scandal is discovering them on an invoice rather than in the contract - so ask for the exclusions list in writing, and treat a provider who can't produce one as a red flag.
How much of the baseline do you already have?
Tick what your current arrangement includes - whether that's a provider, an internal person or "someone's brother-in-law when things break" - and see how your cover compares with the 2026 baseline, where the gaps are and what closing them costs at our published prices. No ranking page for this question has anything interactive; we checked.
IT support coverage checker
Your cover against the 2026 baseline
Tick what you have to see your score
Most firms we audit have the day-to-day basics and far fewer of the security and resilience items - the national picture agrees (CSBS 2025/26: around three-quarters of businesses have backups, firewalls and password policies, yet only 19% train staff and 18% audit vulnerabilities).
Your gaps, and why they matter:
You're at the 2026 baseline. The next question isn't coverage, it's value: are you paying a fair price for it, and would your current provider show you this list? Our IT support cost guide has the market bands.
The package that closes your gaps
Core
£69/user/month ex VAT, from 3 users
Your IT handled with security included: unlimited UK helpdesk, monitoring and patching, CrowdStrike EDR with 24/7 MDR, email security, Microsoft 365 backup and a password manager.
How we worked this out
The 12 items are the 2026 baseline this guide documents above, aligned to the NCSC's guidance on choosing a managed service provider, Cyber Essentials requirements and insurer expectations (sources at the end of this guide). The coverage bands are editorial thirds of the checklist, not a scored risk model.
The package mapping simply picks the cheapest Red Eagle Tech package whose published inclusions cover your unticked items - VIP packages for 1 to 2 people, business packages for 3 or more.
The package facts are our actual published prices and inclusions (ex VAT), the same ones on our managed IT support page, where you can also buy online.
The baseline behind the checker
| Baseline item | Why it matters | First included in |
|---|---|---|
| Unlimited helpdesk support | No meter running on your team's questions | Core (£69/user/mo) and VIP A (£100/user/mo) |
| Monitoring, management & patching | The defining feature of managed IT | Core and VIP A |
| Response-time SLAs in writing | A promise you can hold someone to | Every package (published on the pricing page) |
| Defined out-of-hours route | Who answers at 2am, agreed in advance | Complete (£160/user/mo) |
| EDR on every device | The insurer-expected successor to antivirus | Core and VIP A |
| 24/7 threat hunting & MDR | Someone responds to the 3am detection | Core and VIP A |
| Advanced email security | Phishing hit 88% of attacked UK businesses (CSBS 2025/26) | Core and VIP A |
| Security awareness training + dark web monitoring | The human layer; only 19% of firms train staff | Advanced (£100/user/mo) and VIP C (£220/user/mo) |
| Microsoft 365 / SaaS backup | Microsoft tells you to back up your own data | Core and VIP B (£160/user/mo) |
| Workstation backup & DR | Restore-tested device backup | Advanced and VIP B |
| Team password manager | NCSC-recommended; kills the password spreadsheet | Core and VIP A |
| Vulnerability management | Find weaknesses before attackers do | Advanced and VIP A |
What your £/user actually buys: the stack, named
Per-user pricing is the industry norm, but almost nobody shows you the anatomy of a seat. Here's ours, product by product - because "proprietary security platform" usually means "we'd rather you didn't ask".
First, what a "user" is: normally a person, not a device - one member of staff, their laptop, their account and their support, with mobiles brought under management through Microsoft 365. Some providers count devices instead, which quietly doubles the bill for anyone with a laptop and a desktop, so always ask which convention a quote uses.
On our packages a user is a person, and each one carries a stack of eight named products:
| Layer | Product we deploy | What it does for you |
|---|---|---|
| Identity & devices | Microsoft 365 & Intune | Your accounts, email and device policy - the foundation everything else secures. Intune enrols and manages the devices; conditional access decides who gets in. |
| Monitoring & patching | NinjaOne | The RMM agent on every machine: health monitoring, scheduled patching for Windows, macOS and hundreds of applications, plus remote fixes without a site visit. |
| Detection & response | CrowdStrike Falcon | EDR on every device with the Falcon Complete team providing 24/7 managed detection and response - plus identity threat protection, and mobile security on the top tiers. |
| Email security | Check Point Harmony | Advanced filtering above Microsoft's defaults: anti-phishing, zero-day protection and content disarm & reconstruction (CDR - files rebuilt clean before they reach you). |
| Network & web | Cloudflare Zero Trust | Malicious website blocking for everyone, and zero-trust networking (application access verified per person, not per office) on the top tiers. |
| Backup & recovery | Axcient | Microsoft 365 and workstation backup with disaster recovery you can actually restore from - because a backup that's never been tested is a rumour. |
| Passwords | 1Password | A business password manager in every package, with breach monitoring built in - one strong secret each, everywhere. |
| The human layer | usecure | Security awareness training courses, simulated phishing and dark web monitoring - because the easiest way into most businesses is a convincing email to a busy human. |
Licensing this stack is a real cost - the tooling alone runs £20 to £25 per user per month at the rates providers pay, before a single human is employed.
That arithmetic is why suspiciously cheap quotes should worry you, and it's covered properly in our guide to IT support costs. The short version: if a quote is much below the tooling floor, something on the list above isn't in it.
What £69 buys, concretely: our Core package is that full baseline row - unlimited UK helpdesk, monitoring and patching, CrowdStrike EDR with the 24/7 Falcon Complete MDR team, advanced email security, Microsoft 365 backup, malicious website blocking and 1Password - at £69 per user per month ex VAT. Every package and price is published, and you can buy online - we couldn't find another UK provider that lets you do that.
Fully managed vs co-managed vs break-fix
"Managed IT support" covers three quite different working arrangements. Knowing which one a provider is quoting - and which one you actually need - explains most of the confusion in comparing offers.
| Fully managed | Co-managed | Break-fix | |
|---|---|---|---|
| Who runs your IT | The provider, end to end | Your internal IT plus the provider, with agreed splits | Nobody, until something breaks |
| How you pay | Fixed monthly fee per user | Fixed monthly fee, narrower scope | Hourly - typically £75-£150/hr in the UK |
| Incentives | Provider profits when things don't break | Shared - provider carries the always-on load | Provider earns most when you're on fire |
| Best for | Businesses without internal IT | Businesses with one IT person or a small team | Genuinely non-dependent businesses (rare now) |
Fully managed is what most of this guide describes - the provider is your IT department, on what practitioners cheerfully call an "all you can eat" agreement. Co-managed keeps your internal person's local knowledge and adds the provider's tooling, security operations and out-of-hours resilience around them; our Eaglepedia entry on co-managed IT covers the model in depth.
Break-fix is the old way: no monthly fee, no monitoring, an hourly rate when something fails - and no one accountable for prevention. The full comparison lives in our break-fix vs managed IT entry, but the one-line version is that break-fix optimises for cheap quiet months and catastrophic bad ones.
Managed IT support vs IT maintenance
"IT maintenance" and "managed IT support" get used as if they're synonyms. They aren't - maintenance is a subset, and the difference is exactly the accountability test from earlier.
IT maintenance is the upkeep work: applying updates, checking backups, replacing ageing kit, keeping systems patched and tidy. Necessary, scheduled, largely invisible. (Confusingly, "IT maintenance" also has a hardware-industry sense - third-party server maintenance contracts - which is a different market entirely and one reason searches for the phrase return such a muddle.)
Managed IT support wraps that maintenance inside something bigger: a helpdesk your team can actually ring, security operations watching for live threats, backup with tested recovery and a contract that makes one provider accountable for the outcome.
Maintenance keeps the machine oiled; a managed service also answers the phone when it rattles, stops people breaking it and takes responsibility when something slips through. If a quote says "maintenance contract", check whether support and security are in it - they usually aren't.
Remote vs onsite support
The great unadvertised truth of modern IT support: nearly all of it happens remotely - and that's a strength.
The RMM agent means an engineer can see your machine's state, fix most problems and deploy software without travelling - which is why response times are measured in minutes rather than "when someone can get to you". Security operations are remote by nature; so is everything cloud.
Onsite visits still matter for the physical layer - hardware failures, cabling and network kit, office moves and the occasional stubborn printer - and good providers schedule them for exactly that. What you should no longer accept is a provider whose answer to a software problem is a van.
When you're comparing offers, ask what's genuinely resolved remotely (it should be the large majority), what triggers a visit and whether visits are included or billed. Distance matters far less than it used to; accountability doesn't.
What managed IT support costs
The UK market in 2026 runs roughly £30 to £150 per user per month, and the spread isn't providers being greedy at the top - it's the inclusion list changing under the same product name.
Why the published bands disagree
You'll see bands that appear to contradict each other - £30 to £70 here, £40 to £150 there - and the disagreement is the lesson: each band describes a different scope. A £35 seat is monitoring, patching and a helpdesk. An £80 seat adds the security stack insurers now ask about. A £150 seat adds 24/7 cover, network security and faster SLAs.
That's why comparing headline prices without the inclusion list is meaningless - and why this guide spent so long on what's included. Our own packages run £69 to £160 per user per month ex VAT with every inclusion published.
For the full market breakdown - cost drivers, hidden extras, the price-floor arithmetic and a calculator for your team size - see our dedicated guide: how much does IT support cost in the UK?
Is managed IT support right for you?
Honest answer: not always. Here's who it fits, who it doesn't and how to think about the money.
It fits businesses where people depend on IT to earn and nobody owns keeping it working - typically from a handful of users up to a couple of hundred. You get a team instead of a hero, mature tooling no small business would licence alone and someone accountable for the boring, vital work.
It also fits businesses with one overloaded IT person, as co-managed cover - monitoring, security operations and holidays stop being a single point of failure.
It doesn't fit - or doesn't fit yet - the genuine sole trader on one laptop who can tolerate a bad week, though even there the security baseline argument is getting harder to ignore (our VIP packages start at one user for exactly that reason).
And at the other end, once you're big enough to keep skilled internal staff busy year-round, in-house IT plus a co-managed backstop often wins on proximity and context.
On the money: the government's 2025/26 survey found 43% of UK businesses identified an attack or breach in the past year. Most incidents cost little - the median cost of the most disruptive breach, where there was any cost, was £200 - but the tail is the point.
The 95th percentile hits £10k, rising to £28.2k for medium and large firms, and Vodafone's SME research puts the average incident at £3.4k for a small business.
What the fee buys down is that tail - plus every quiet hour of productivity that competent IT gives back. We've written before about what IT downtime really costs a business - the monthly figure makes most sense viewed against that.
How to choose a provider (the NCSC-aligned short version)
The National Cyber Security Centre published guidance in late 2025 on choosing a managed service provider - worth reading in full, and easy to summarise. Check these six things:
- Certifications - Cyber Essentials Plus (the UK government's baseline standard, independently verifiable) and ideally ISO 27001.
- Their own security - see below; this is the one buyers skip.
- SLAs in the contract - response times by severity, in writing, with reporting. Ask whether they're working-hours only.
- Transparency - published prices, named tools and a written exclusions list. A provider who won't show you these before you sign won't volunteer them after.
- References - from businesses your size rather than their biggest logo.
- Exit terms - notice period, offboarding help and confirmation your data, licences and documentation come with you. A confident provider makes leaving easy.
Vet your provider's own security - seriously
An MSP holds privileged access to your systems, which makes MSPs themselves prime targets. US authorities warned as far back as 2018 that state-backed attackers were compromising providers to reach their customers, the 2021 Kaseya attack rippled through MSPs to as many as 1,500 downstream businesses and in 2025 the DragonForce ransomware group hit an MSP's remote-management tool and pushed ransomware to its clients.
The NCSC's guidance is blunt: a provider "will have access to your systems and data", so scrutinise their security before you sign. Ask how access to your systems is restricted, whether two-step verification is enforced on every account and what their own incident response plan says about telling you. Any provider offended by those questions has answered them.
What happens when you sign up
Switching feels riskier than it is - onboarding is a well-worn path, and knowing the shape of it removes most of the anxiety.
The typical sequence, and ours: an engineer makes contact within a working day, a welcome call maps your systems and priorities, the management and security agents deploy to your devices in a matter of hours, your Microsoft 365 tenant is connected, a security baseline is applied and everything gets documented and handed over - with your old provider's offboarding handled for you where there is one.
End to end, a small business is usually fully onboarded inside two to four weeks, most of it invisible to your team.
Two pieces of candour worth having. First, done properly this is real work - practitioners talk about a typical onboarding consuming dozens of engineering hours, which is why "free onboarding" either means the provider is investing in the relationship (we do, and price for it) or cutting corners (many do, and you'll find out which during your first incident).
Second, ask about the exit before the entrance: a good provider will tell you the notice period, confirm your data and documentation leave with you and make offboarding free.
Switching without the drama: our packages are monthly rolling with free onboarding and exit, plus a 90-day satisfaction promise - because the easiest way to make leaving easy is to make staying worth it. See how the packages work.
Sources
Market, security and policy figures in this guide are drawn from the sources below, checked in July 2026.
- Department for Science, Innovation and Technology. Research on managed service providers 2025 (Frontier Economics and Glass.AI; figures as of March 2025). gov.uk. Published November 2025.
- Department for Science, Innovation and Technology and Home Office. Cyber Security Breaches Survey 2025/2026. gov.uk. 30 April 2026.
- National Cyber Security Centre. Choosing a managed service provider (MSP). ncsc.gov.uk. Published November 2025, updated June 2026.
- GOV.UK. Cyber Security and Resilience Bill factsheets: relevant managed service providers. gov.uk. November 2025.
- NCSC / IASME. Cyber Essentials: Requirements for IT Infrastructure v3.3. ncsc.gov.uk. April 2026.
- Microsoft. Update release cycle for Windows clients (Patch Tuesday); Microsoft Services Agreement; Microsoft 365 Business Premium and Intune documentation. learn.microsoft.com and microsoft.com. Accessed July 2026.
- Jerry Gamblin. 2025 CVE Data Review. jerrygamblin.com. 1 January 2026. Supporting: NIST NVD programme updates, April 2026.
- Reuters. Up to 1,500 businesses affected by ransomware attack, U.S. firm's CEO says. reuters.com. 5 July 2021.
- CISA / NCCIC. Alert TA18-276B: Advanced Persistent Threat Activity Exploiting Managed Service Providers. cisa.gov. 3 October 2018.
- Sophos. DragonForce actors target SimpleHelp vulnerabilities to attack MSP customers. sophos.com. 27 May 2025.
- Marsh. Cyber resilience: 12 key controls. marsh.com. 2024 edition, accessed July 2026.
- Coalition. Premium discounts for Coalition MDR customers (UK). coalitioninc.com. 5 August 2024.
- Vodafone Business UK / WPI Strategy. Securing Success: The Role of Cybersecurity in SME Growth. vodafone.co.uk. 7 April 2025.
- Vendor documentation, accessed July 2026: NinjaOne (RMM and patch management), CrowdStrike (Falcon Complete MDR, Insight EDR, Identity Protection, Falcon for Mobile), Check Point (Harmony Email & Collaboration), Cloudflare (Zero Trust / Cloudflare One), Axcient (x360Recover, x360Cloud), 1Password (Watchtower and business reports), usecure (uLearn, uPhish, uPolicy, uBreach).
- UK provider published pricing and guides, accessed July 2026: Connection Technologies, HBP Group, Transputec, SOLaaS, Blisstech, Open IT Support, PC Support Group.
- Practitioner discussion threads on r/msp (managed services definitions, onboarding effort, pricing norms), 2022-2025 - attributed in the text as practitioner reports.
Frequently asked questions
A proper 2026 contract covers 12 things: unlimited helpdesk, proactive monitoring and patching, published response SLAs, a defined out-of-hours route, EDR on every device, 24/7 threat detection and response, email security, security awareness training, Microsoft 365 backup, workstation backup, a team password manager and vulnerability management. Cheaper contracts cover fewer - which is exactly why quotes vary so much.
Plain IT support is usually reactive: something breaks, you call, someone fixes it, you pay by the hour. Managed IT support is a subscription where the provider takes ongoing responsibility for the whole estate - monitoring, patching, security and helpdesk - for a fixed monthly fee per user, under defined response times. The test is accountability: a managed provider owns the outcome, not just the ticket.
Fully managed means the provider runs the whole IT function: every device, user, update, backup and security layer, end to end. It's the arrangement most smaller businesses without in-house IT actually want. The alternatives are co-managed, where the provider works alongside your internal IT person or team, and break-fix, where nobody is responsible until something fails.
Almost universally: software licences (including Microsoft 365), new hardware and project work such as office moves, migrations or new systems - these are quoted separately. Watch for quieter exclusions too: out-of-hours callouts at £120 to £180 an hour, onsite visits, servers and "out of scope" labour. A good provider lists its exclusions in the contract; a poor one lets you discover them on an invoice.
Usually, once you have a handful of staff who depend on IT to earn. You're buying an outcome - systems that stay up, patched and defended - for a predictable monthly fee that costs a fraction of an IT hire. The maths tightens below about five users (our VIP packages exist for exactly that reason) and flips once you're big enough to justify internal IT plus a co-managed backstop.
No - it's the other way round. Large companies mostly run their own IT departments; managed services exist chiefly for the businesses in between, from a few users to a few hundred, that need enterprise-grade tooling without enterprise headcount. Government research counted 12,867 managed service providers in the UK, and the bulk of their clients are small and mid-sized firms.
It depends on scale. For most businesses under a few dozen users, a managed provider is cheaper than one IT salary and gives you a team, 24/7 security cover and mature tooling no single hire can match. Once you're large enough to keep skilled staff busy, in-house wins on proximity and context - and a co-managed arrangement, where a provider backs up your internal team, is often the honest middle answer.
A managed service provider (MSP) runs your IT on an ongoing subscription: monitoring, maintenance, security and support, month in, month out. An IT consultant advises or delivers a defined project - a strategy, a migration, a system build - then leaves. The UK's new cyber legislation draws the same line: ongoing management of systems is what makes a provider an MSP, not one-off work.
Normally a person, not a device: one member of staff with a login, covering their laptop, account and day-to-day support, with mobiles handled through device management. Some providers count devices instead, which can double the bill for laptop-plus-desktop staff - so always ask which it is, whether directors, part-timers and shared mailboxes count and how joiners and leavers are handled mid-month.
A service level agreement is the contractual promise of how fast the provider responds when things go wrong, usually banded by severity - a P1 outage gets minutes, a password reset gets hours. It matters because it's the difference between a promise and marketing. Insist on response times in writing, and check whether they're working-hours only. Few UK providers publish theirs; we do.
Usually nothing bad - the common arrangement is co-managed IT, where your internal person keeps the local knowledge and the strategic work while the provider takes the always-on load: monitoring, patching, security operations and holiday cover. It stops one person being on call all year. Fully replacing an internal team is a decision businesses make at contract renewal, not something an MSP imposes.
Ask them - it's the question the NCSC now explicitly tells businesses to put to any prospective provider, because an MSP holds privileged access to your systems. Good answers include least-privilege access, two-step verification on every account, recognised certifications such as Cyber Essentials Plus, a tested incident response plan and honest disclosure of their own supply chain. Attackers target MSPs precisely because one compromise reaches many businesses.
Faster than most people expect: agent software deploys to devices in hours, and a typical onboarding - accounts, security baseline, documentation, handover - completes inside two to four weeks. Doing it properly is real work: practitioners reckon on dozens of hours of engineering for a typical small business. Be wary of providers who charge nothing for onboarding and promise it's instant; one of those claims is usually false.
The everyday ones: a helpdesk your team can ring, remote monitoring and patch management on every device, endpoint detection and response (EDR), a 24/7 managed detection team, email security filtering, Microsoft 365 administration and backup, workstation backup and disaster recovery, password management, security awareness training and vulnerability scanning. Larger contracts add network management, servers and strategic reviews.
Want to see exactly what you'd get - and what it costs?
Managed IT support with enterprise security as standard, from a UK software consultancy - every package, price and inclusion published.
Six packages from £69 per user per month (ex VAT). 24/7 CrowdStrike MDR in every one, monthly rolling, free onboarding and exit, plus a 90-day satisfaction promise. Buy online in minutes - no sales calls.
See our managed IT support plans