Managed IT / MSP2 July 2026·7 min read

Questions to Ask Before Renewing Your MSP Agreement

Review scope, total cost, service levels, security, backup evidence, reporting and exit terms before signing another managed IT agreement.

Business leaders reviewing MSP agreement renewal questions

An MSP renewal should be a business review, not an administrative signature. The provider already understands your systems, the pricing looks familiar and changing suppliers feels disruptive, so it is easy to accept another term without testing whether the agreement still fits.

Use the months before renewal to review service, cost, security, recovery and future requirements. Starting early protects your negotiating position and gives both parties time to correct gaps. The following questions turn an MSP agreement renewal into a structured decision rather than a reaction to a deadline.

1. What exactly is included in the monthly fee?

Ask for a plain-language schedule covering users, devices, sites, servers, Microsoft 365, networks, helpdesk, onsite support, after-hours work, security tools, backup monitoring and vendor coordination. Broad labels such as “managed services” are not enough.

Match the schedule to twelve months of invoices. If routine activities regularly appear as extras, clarify whether they should be included or budgeted separately. Our article on hidden MSP agreement costs explains the warning signs in more detail.

2. What was billed outside the agreement?

Separate genuine projects from recurring operational work. A major office move is different from repeated charges for onboarding, standard device setup or routine Microsoft 365 administration. Calculate the total annual cost, including internal time spent coordinating issues.

Ask the provider to explain which extra charges are likely next year. Planned upgrades are easier to budget than surprise work. Compare the result with published managed IT pricing and ensure competing proposals use the same assumptions.

3. What improved during the current term?

A managed service should create progress, not only close tickets. Ask for evidence of reduced recurring incidents, better patch coverage, improved account hygiene, tested restores, updated documentation, retired legacy systems and completed roadmap work.

Where recommendations were not completed, establish why. The cause might be budget, business acceptance, provider capacity or unclear ownership. Renewal is the right time to convert unresolved recommendations into an agreed plan.

4. How are response and resolution measured?

Response time measures acknowledgement; resolution time measures restoration or completion. A provider can meet a fast response target while issues remain unresolved. Review actual performance by priority and confirm how priority is assigned.

Clarify the service-level detail

  • Business hours, support channels and after-hours escalation.
  • Response, update and resolution expectations by severity.
  • How widespread outages differ from individual requests.
  • Which delays are paused while waiting for a client or vendor.
  • How repeated breaches are reviewed and corrected.

5. Who owns Microsoft 365 and cybersecurity?

Ask who is accountable for MFA, privileged roles, Conditional Access, email protection, endpoint security, patching, external sharing, alert review and incident response. Product names are not a substitute for ownership.

The provider should explain which controls are included, which depend on licensing and which remain your responsibility. If the answer is unclear, compare it with a dedicated cybersecurity service and the responsibilities expected from a modern managed IT provider.

Request evidence, not reassurance

Useful evidence includes MFA coverage, privileged-role inventory, patch reports, unresolved recommendations and examples of incident escalation. Sensitive details should be handled securely, but the business needs enough visibility to govern its risk.

6. Are backups tested or only monitored?

A successful backup notification does not prove recoverability. Ask which systems and Microsoft 365 workloads are protected, the retention period, backup isolation, last restore-test date and actual recovery time.

Confirm who approves restores and how recovery priorities are agreed. A provider offering backup and disaster recovery should connect job monitoring to tested business recovery, not present them as the same thing.

7. What reporting and planning will we receive?

Agree a reporting rhythm that suits the organisation. Reports should cover recurring incidents, service-level performance, patch and backup status, security risks, licence changes, ageing equipment, completed improvements and upcoming decisions.

Account meetings should end with named actions and dates. Without that discipline, reports become a collection of technical charts rather than a tool for governance and budgeting.

8. What is excluded and what will it cost?

List projects, procurement, cabling, specialist applications, major upgrades, after-hours work, onsite travel, compliance activity and incident response. Record applicable rates and approval requirements. An exclusion is manageable when it is visible; it becomes a problem when discovered during an urgent event.

9. What happens if we leave?

A professional agreement should support an orderly transition. Confirm notice periods, termination fees, documentation ownership, administrator access, credential transfer, licence arrangements, data export and reasonable handover assistance.

The ACCC provides guidance on contracts and unfair terms affecting small businesses. Obtain legal advice for contractual interpretation; an IT review should identify operational dependencies but should not replace a lawyer.

10. Does the agreement match the next two years?

Discuss planned hiring, new sites, cloud projects, acquisitions, compliance requirements, application changes and hardware replacement. The service model and pricing should support the business you are becoming, not only the environment that existed at the previous renewal.

If headcount and device patterns have changed, revisit per-user versus per-device MSP pricing. The correct model should remain understandable under realistic growth.

MSP renewal evidence checklist

Review areaEvidence to requestDecision
Scope and costAgreement, inventory, licences and twelve months of invoicesAre inclusions and total cost acceptable?
Service qualityResponse, resolution, recurrence and escalation dataIs performance improving?
SecurityControl coverage, recommendations and incident processIs risk ownership clear?
RecoveryCoverage matrix and restore-test resultsCan critical services recover?
RoadmapCompleted work, open actions and two-year prioritiesDoes the plan support the business?
ExitNotice, handover, access and documentation termsCan the business change safely?

Use the review to improve the agreement

A review does not assume the provider has failed. It creates an opportunity to update scope, correct inventories, assign risks and agree priorities. Strong providers should welcome clear expectations and evidence-based discussions.

Begin 90 to 120 days before the notice deadline. Gather the evidence, document unanswered questions and give the provider a reasonable opportunity to respond. If an independent view would help, an obligation-free MSP Switch Review can assess the agreement, environment and transition risk without obliging you to move.

Score the responses consistently

Use a simple scorecard so familiarity or a polished presentation does not outweigh evidence. Rate scope clarity, total cost, service performance, security ownership, recovery evidence, roadmap quality and exit readiness. Record the evidence behind each score and identify any condition that must be resolved before signing.

Apply the same scorecard to the incumbent and any alternative provider. This produces a defensible decision and helps the successful provider understand the outcomes that will be reviewed at the next renewal.

Frequently asked questions

When should a business start reviewing an MSP renewal?

Start at least 90 to 120 days before the renewal or notice deadline. That provides time to review invoices, service performance, security and backup evidence, clarify contract terms and obtain alternatives without allowing the expiry date to force a rushed decision.

What documents should an MSP provide before renewal?

Request the current agreement and schedules, covered user and device inventory, licence list, service-level reports, project and extra-charge history, network and system documentation, security recommendations, backup and restore-test evidence, risk register and a clear transition or handover process.

Do we need to change providers if the review finds gaps?

Not necessarily. A review can support a better renewal with clearer inclusions, updated pricing, assigned responsibilities and an improvement plan. Changing provider is appropriate only when material gaps cannot be resolved, trust has broken down or the service no longer matches the business.

Final perspective

The best MSP agreement renewal decision is based on clear scope, total cost, measurable service, security ownership, tested recovery and future fit. Ask these questions while you still have time to negotiate, improve the current relationship or compare alternatives carefully. Keep the completed scorecard with the signed agreement so next year’s review begins with evidence rather than memory.