Most companies don’t shop for a managed IT provider until something goes wrong. By then they’re stressed, time-pressed, and looking for someone — anyone — who can take the problem off their plate. That is exactly when bad MSPs win contracts.
This guide is the opposite of the pitch decks you’ll be sent. It’s a list of the red flags when choosing an MSP that experienced buyers — and current and former MSP owners — wish more people knew to ask about. If you spot two or three of these in a provider you’re evaluating, slow the process down. If you spot five, walk.
Why MSP red flags matter more than the pitch
Every managed IT provider’s sales deck looks roughly the same: 24/7 support, U.S.-based help desk, “proactive” monitoring, “enterprise-grade” cybersecurity, a friendly account manager. The marketing language is so standardized it’s almost useless for telling good from bad.
What separates the providers you’ll be happy with from the ones you’ll regret in 14 months isn’t what’s in the brochure — it’s what’s in the contract, the operations, and the culture. Those things are harder to see, but they leave fingerprints. Below are the fingerprints.
The 12 red flags to watch for
1. They can’t explain their pricing in plain English
If a provider can’t tell you, in two minutes, exactly what is and isn’t included in the per-user price, that vagueness is intentional. The most common pattern: a “flat” monthly fee that excludes anything labeled a “project,” with no clear line between routine support and a project. Ask for a written list of what triggers a project quote. If they won’t put it in writing, that’s the answer.
2. The “24/7 support” is actually a voicemail and an answering service
Many small MSPs market 24/7 coverage but rely on a single on-call engineer with a phone — or worse, a third-party answering service that takes a message and emails the team. Ask: “If we have an outage at 2 a.m. on a Saturday, what is the maximum time before a credentialed engineer is actively troubleshooting?” Get a number, in writing, with a penalty if missed.
3. They white-label other companies’ tools and pretend they built them
A surprising number of MSPs resell a third-party security operations center (SOC), help desk, or backup platform under their own brand. That isn’t bad on its own — but if they’re hiding the relationship, ask why. You should know who actually answers the phone, who actually monitors your network, and who actually holds your backups. When the relationship breaks down later, you’ll need to know.
4. There’s no one technical in the sales conversation
If the only person you talk to until the contract is signed is an account executive who pivots every technical question to “great question, I’ll get back to you” — and never does — you’re being sold a story, not a service. Insist on at least one call with the engineer or vCIO who would actually own your account. The quality of that person is the service.
5. They won’t share an example SLA before the call
A real Service Level Agreement specifies response times by severity, resolution targets, uptime guarantees, and — critically — what happens when they miss. “We’ll do our best” is not an SLA. No teeth, no SLA. If they won’t email you a sample SLA before the discovery call, they’re either embarrassed by it or they don’t have one.
6. The contract auto-renews for the same term
Three-year contracts that auto-renew for another three years on a single missed cancellation window are the single most common contract trap in the industry. Other variations: 90-day cancellation notice on a monthly contract, or a clause that lets them raise prices annually but locks you into the term. Read the renewal and termination clauses out loud before you sign. If they make you uncomfortable, they should.
7. Their own internal security looks sloppy
Watch how the sales team behaves. Do they email you spreadsheets of credentials? Do they ask for your domain admin password in a Word doc? Do their engineers use shared logins on their own ticketing system? The MSP that doesn’t take its own security seriously will not take yours seriously. The cobbler’s children always have shoes — at a real MSP.
8. Onboarding is “we’ll figure it out as we go”
The first 30 days of an MSP relationship sets the tone for the next three years. A real provider walks you through a documented onboarding plan: discovery, documentation, agent deployment, baseline security, knowledge transfer, kickoff. Ask to see the onboarding runbook for a customer your size. If they don’t have one, you’ll be the runbook.
9. They badmouth your current provider unprompted
A confident MSP doesn’t need to put others down to win you. If a sales call is heavy on “your current guys are doing X wrong” before they’ve seen your environment, they’re either guessing or they’re going to do the same thing to the next provider when they replace you. Watch how they describe other companies — that’s how they’ll describe yours.
10. The references are too perfect — or there are none
When you ask for three customer references, a healthy MSP will give them quickly. Red flags: the references are all from the same industry as the salesperson’s friend, the references mention the same talking points your salesperson used, or the MSP can only provide written testimonials with no names. Ask for one reference who left them and would still take your call. That answer is more revealing than any positive reference.
11. They lock down credentials, documentation, and data
You should own your domain registrations, your Microsoft 365 tenant, your firewall, your password vault — even if your MSP manages them. Some MSPs deliberately register domains in their own accounts, hold M365 global admin without granting you a copy, or refuse to hand over documentation when you leave. Before you sign, get a written commitment that you own your tenants, accounts, and documentation outright.
12. The pricing is dramatically below market
If three providers quote $135–$165 per user per month and one quotes $79, the cheap one is either subsidizing your contract to win the logo (and will raise prices at renewal) or cutting somewhere that matters — backups, monitoring, after-hours coverage, or the seniority of the people answering tickets. Ask exactly what is different about their offering. The honest answer is usually “the after-hours desk is offshore” or “we don’t do quarterly reviews.” That may be fine — but you should know.
The contract red flags buyers almost always miss
Beyond the operational signals above, three contract clauses regularly cost mid-market companies five and six figures down the road:
- Annual price escalators with no cap. A “CPI plus 3%” clause sounds reasonable until you realize it compounds — and that they get to define which CPI index applies.
- Out-of-scope hourly rates. The flat monthly fee may be reasonable, but if “project work” bills at $295/hr with a four-hour minimum and the line between support and project is vague (see Red Flag #1), your real bill won’t match the quote.
- Termination assistance fees. Some contracts charge thousands of dollars to “support transition” if you leave — i.e., to do what they were already obligated to do. A fair contract gives you 30–90 days of paid offboarding cooperation as part of the original price.
Have your attorney read the entire MSA, not just the SOW. If the MSP balks at redlines, that itself is a red flag.
How to evaluate an IT provider before you sign
A short, repeatable process for testing the providers on your shortlist against the red flags above:
- Ask all three providers the same five questions in writing. Compare answers side by side. Vagueness shows up immediately.
- Request a sample SLA, sample MSA, and a redacted onboarding plan before you take a sales call. Anyone unwilling is filtering themselves out for you.
- Speak to a real engineer, not just sales — and ask the engineer who would actually own your account, not “their best one.”
- Run a 30-minute reference call, not a 5-minute check. Ask the reference what surprised them in year two, not year one.
- Get a clear answer on offboarding — what you keep, what you pay, how long it takes — before you talk about onboarding.
- Read the auto-renewal and price-escalation clauses out loud to a colleague. If you both feel uneasy, push back or move on.
A buyer running this process will eliminate 60–80% of providers before the first technical call, which is exactly the goal.
Three quick wins to filter out weak providers before any sales call:
- Demand a sample SLA in writing — with severity tiers, response targets, and what happens when they miss.
- Get a written list of what counts as "project work." The line between support and project is where the surprise bills live.
- Ask each provider for one reference that left them and would still take your call. Compare those answers against the glowing ones.
What most companies don’t realize
Two things experienced buyers learn the hard way:
First, the salesperson rarely owns the relationship after signing. The friendly account exec who answered your every email during the sales cycle will be replaced by a service manager you’ve never met by month two. Ask who your day-to-day point of contact will be, and meet them before signing.
Second, MSP quality has very little correlation with price and very high correlation with internal process maturity. The provider with thorough documentation, mature ticketing workflows, and a proper change-management process will outperform the bigger, flashier, more expensive shop nine times out of ten. The boring stuff is the differentiator.
Frequently asked questions
What is the biggest red flag when choosing an MSP?
Vague pricing combined with a long contract term. If you can’t tell exactly what’s included, exactly what triggers an extra bill, and exactly how to leave — and the contract is more than 12 months — you should not sign.
How long should an MSP contract be?
For a first engagement, 12 months is standard and reasonable. Three-year contracts can be appropriate when paired with locked-in pricing and clear off-ramps, but they shouldn’t be the default. If a provider insists on three years on a first contract, ask why.
How do I know if my MSP is actually doing the work?
Ask for monthly reports that show ticket volume, mean time to resolution, patch compliance percentage, backup success rates, and any security alerts triaged. A real provider produces these automatically. A weak provider builds them by hand the day before your meeting — and skips months they’re “too busy.”
Are smaller MSPs always worse than larger ones?
No. A 10-person MSP with mature processes will frequently outperform a 200-person MSP with churning staff and inconsistent quality. Process maturity beats headcount. What matters is whether the provider has documented playbooks, defined escalation paths, and a real engineering bench — not how many logos they have on the wall.
Can I cancel an MSP contract early?
It depends on the contract. Most have early termination clauses that require you to pay out the remaining months, plus a transition fee in some cases. Read the termination clause before you have a reason to use it. If the answer scares you, renegotiate before signing — not after.
A neutral second opinion
ITSupportReport.com is an independent, buyer-side resource. We don’t sell leads to MSPs, and we’re not paid to recommend specific providers. If you’ve been sent a proposal and want a second set of eyes on it before you sign, compare providers in our directory — or send the proposal in for review and we’ll flag the clauses worth pushing back on.