What an MSP Actually Does All Day (the unsexy work behind your $99/seat)

A managed IT subscription is a strange product to sell because the best version of it is invisible. When everything works, customers genuinely wonder what they’re paying for. When it doesn’t work, they wonder what they’re paying for in a different tone of voice.

This post is for the business owner who has gotten the subscription quote and is trying to figure out what actually happens for $99 a user per month. The honest tour, no marketing varnish.

Monitoring (the all-night janitor)

Every machine on the plan has a remote monitoring agent. That agent reports up to a console we watch 24/7. The console alerts us about:

• Disk space dropping below thresholds
• Servers failing to check in (early sign of hardware or network failure)
• Backup jobs that errored or skipped
• Endpoint protection definitions falling out of date
• Domain controllers with replication problems
• Failed login spikes (early signal of a brute-force attempt)
• Patch deployment status across the fleet

A typical small office generates 30-60 alerts a month. Maybe two of them are something the customer would ever notice. The other 28-58 we triage, fix, and never mention. That work is the bulk of why your business runs without weekly fires.

Patching (the unglamorous truth)

Microsoft ships security patches the second Tuesday of every month. Apple ships them on a less predictable cadence. Adobe, Chrome, Firefox, Java, every line-of-business application — all on their own schedules.

A managed IT provider runs a patch management tool that catalogs every machine, every installed application, every available update, deploys updates on a documented schedule, and reports back what succeeded and what failed.

For a 10-machine office, this is roughly 1,200 patches a year that someone has to authorize, deploy, monitor, and clean up after. Most of them are non-events. The ones that aren’t (a Windows update that breaks a printer driver, a Chrome update that breaks a browser-based ERP) are why patching is not a fire-and-forget activity.

Backups (you find out at the worst possible moment)

A real backup includes:

• Image-level or file-level backups of every server and workstation that holds something irreplaceable
• A second copy off-site (cloud or another physical location)
• Immutability or air-gapping so ransomware cannot encrypt your backups when it encrypts everything else
• A schedule that matches your recovery point objective (lose at most one hour of work? Hourly snapshots.)
• A documented restore procedure
• Test restores at least quarterly, with the results filed

That last bullet is where almost every untrained backup fails. The first time you find out the backup is corrupt is the day you actually need it. We test restores on a calendar — usually a Friday afternoon, on a test machine, restoring last week’s snapshot and verifying it boots and the data is intact.

Documentation (the file that matters when somebody quits)

A typical small business has accumulated:

• A few admin passwords nobody knows where they live
• A printer that stopped working when a router got replaced two CEOs ago
• A VPN configured by a contractor who’s been gone four years
• Five WiFi networks with three different passwords
• An on-prem server that “you’re not supposed to touch”

A managed provider’s first six weeks of work is usually a documentation pass: building a real inventory of every device, every credential, every vendor, every line of business application, every cable run, every license. That document lives in a password manager and a knowledge base.

When something breaks at 2pm on a Tuesday, the engineer who picks up does not start from scratch. They open the documentation, see who installed what, see how it’s configured, and fix it. That is most of the speed difference between hourly IT and managed IT.

Helpdesk (the part you actually see)

Calls, emails, tickets. “My laptop is slow.” “I can’t print.” “The phone won’t ring.” The visible 5% of an MSP’s work.

The thing about helpdesk work that customers don’t see is that 70% of it is preventable. The user whose laptop is slow has a Windows feature update that’s been pending reboot for three weeks. The user who can’t print has a print spooler issue that gets fixed automatically by a patch we deployed last week. The user whose phone won’t ring is on a VLAN that lost a route after an ISP outage.

Every helpdesk ticket gets logged, categorized, and reviewed in aggregate. The patterns drive what gets fixed proactively. If “my laptop is slow” tickets spike, we look for a common cause and address it once instead of fifty times.

Vendor management (the work nobody bills for)

The thing nobody tells you about IT is that 60% of “fixing your IT” is calling other vendors:

• Internet service provider when the line is down
• Telephone carrier when number porting goes sideways
• Software vendor when the line-of-business app starts erroring
• Hardware manufacturer when a server alerts a fan failure
• License reseller when seat counts need adjusting
• Compliance auditor when they want evidence of your controls

A managed plan absorbs that work. Your office manager doesn’t sit on hold with AT&T for 90 minutes; we do. Our hold time is the same as theirs, but our hold time isn’t billed at $40/hour of staff salary.

Strategic / vCIO (the Carbon-tier work)

At the top tier, on top of all the above, we add strategic work:

• Quarterly business review meetings
• Annual IT budget preparation
• Hardware lifecycle planning so machines get replaced before they fail
• Compliance documentation kept current
• Policy library kept aligned with regulatory changes
• Capacity planning for growth

This is the work that distinguishes “IT vendor” from “IT department.” Most small businesses never think about it because their IT vendor doesn’t do it. The ones that pay for it find it impossible to live without after about a year.

So what does $99 a user actually buy?

For a 10-person office on Steel ($990/month plus $125/month for one server = $1,115), you get:

• 10 endpoints monitored 24/7
• Roughly 1,200 patches deployed and verified per year
• Backups across 11 systems with quarterly restore tests
• A real documentation set
• Unlimited remote support — your team calls, we fix it
• Network and firewall management
• Email backup
• Quarterly executive report
• An annual IT Blueprint Assessment refresh

Hourly equivalent at $200/hr, even at conservative usage, runs $1,800-$2,400/month for the same scope. The math tilts toward the plan once you have more than two or three hours a month of legitimate IT work.

The honest version of the pitch

The reason a Managed IT plan works is not that we’re cheaper than hourly per hour (we’re not). It’s that the plan structure aligns incentives. We make more money when your environment runs cleanly, because cleaner environments take less time to maintain. Hourly engagements quietly reward problems. Subscriptions reward prevention.

Want a real read on where your environment stands and what a plan would actually cover? Free IT Blueprint Assessment. We walk the office, look at every system, and leave you with a written punch list and a flat-rate proposal.