First 90 Days With an MSP: What to Expect | North Star
HomeInsightsManaged IT

The First 90 Days of a Managed IT Engagement, Honestly

If you've never used a managed IT provider before, the transition can feel chaotic. You're granting admin access to a company you've just met, your staff are getting prompts they don't recognise, and nothing seems to be "done" yet. That's normal, but it shouldn't stay that way. Here is what the first 90 days of a properly run managed IT engagement actually looks like, and what to watch for if it isn't going well.

Overview

Week 1: Discovery and Access

The first week is about access and inventory. Your MSP needs admin access to everything: Microsoft 365, your firewall, your server, your network switches, your backup platform, and any cloud accounts. Expect a lot of meetings, a lot of password resets, and questions about systems you'd forgotten about.

What should happen:

  • Admin access granted to all systems under management
  • Asset discovery scan run across the network
  • Initial documentation started: device inventory, user list, network topology
  • Kickoff meeting with your team to explain what's coming

What concerns you: an MSP that asks for access but doesn't document what they find, or takes admin access without explaining the scope of what they're accessing.

Overview

Weeks 2 - 3: Tools Deployment

The RMM (remote monitoring and management) agent is installed on every device. This is how your MSP manages, patches, and remotely supports your machines. EDR is deployed on every laptop and server. Backup agents are installed where applicable. The helpdesk portal is stood up for your team to submit tickets.

Your staff will see a few things they don't recognise, a tray icon for the RMM agent, a prompt to enrol in MFA, potentially a browser prompt to set up the Microsoft Authenticator. This is expected. Brief your team in advance so they don't ignore or dismiss these prompts.

Overview

Week 4: First Report

At the end of the first month, you should receive a structured report covering:

  • What was found during discovery (asset inventory, current security posture)
  • What has already been fixed
  • What the risks are, ranked by severity
  • What the proposed focus areas for weeks 5 - 12 are

If you don't receive this report, ask for it. It's the baseline that everything else builds on. Without it, you have no way to measure whether the engagement is delivering value.

Overview

Weeks 5 - 8: Quick Wins

This is the window where you should see tangible security improvement:

  • MFA enforced across all accounts
  • Conditional access policies applied (blocking legacy authentication, restricting sign-ins from unexpected countries)
  • Patch baseline established, OS and third-party patches current
  • Backup verification completed and documented
  • Any critical vulnerabilities from the discovery report remediated

Most businesses feel a real change in this period. Tickets start routing properly. Staff know who to call. The helpdesk portal is in use.

Overview

Weeks 9 - 12: Project Planning

By week 9, your MSP should have presented a remediation roadmap for the bigger items that require proper projects rather than quick fixes: M365 migration, server refresh, firewall replacement, network redesign, or whatever the discovery revealed. This roadmap should be:

  • Sequenced by risk and business impact
  • Costed, at least roughly
  • Approved by you before any work begins

You are the decision-maker on what gets done and when. A good MSP presents options and costs; a bad one starts projects without authorisation.

Overview

Week 12: Quarterly Business Review

The first quarterly business review (QBR) at the 90-day mark should cover:

  • Review of discovery findings vs. current state (what was fixed)
  • Work done in the quarter
  • Outstanding items and proposed schedule
  • Any budget implications
  • Your questions and feedback

This sets the cadence for the relationship. QBRs should happen every quarter from this point. If your MSP doesn't offer them, ask for them.

Overview

What Good Looks Like at 90 Days

  • Complete, documented asset inventory
  • MFA enforced on all accounts
  • EDR on every device, with someone monitoring alerts
  • Backup verified as restorable
  • Patch compliance at or above 95%
  • Your team knows how to reach the helpdesk and gets responses in under 4 hours for normal tickets
  • A clear roadmap for the next 12 months
Overview

What "Late" Looks Like at 90 Days

If at 90 days you don't have a complete asset inventory, MFA isn't fully rolled out, and no one has shown you a restore test result, the engagement is behind. That's a conversation to have directly. Most MSPs will respond to direct feedback. Some won't.

Frequently Asked Questions

How disruptive will the onboarding be for my staff? A well-managed onboarding involves one or two visible changes per week, an MFA prompt, a new helpdesk link, a new printer driver. It should not require significant staff downtime. If your MSP is planning anything more disruptive, ask for a specific schedule and communication plan.

What if we have systems the MSP can't support? Legacy or niche systems may be outside an MSP's standard support scope. Good MSPs document these clearly in the engagement letter and define what "support" means for those systems. Make sure there's a clear answer before you sign.

Talk to a Prince George-based IT team about managed IT services, call 672-983-1174 or book a free assessment at northstarit.ca.

Want this in your inbox?

We send a short monthly note with one cybersecurity or IT topic that BC business owners should know about. No sales pitch.

Get the monthly note Read more Insights