Managed IT Onboarding: 30-Day Walkthrough

The setup

The pattern: an SMB owner with a real operational business — somewhere between 15 and 50 employees — has been on break-fix IT for years. Their "IT person" is whoever happens to be tech-friendly: usually the operations manager, sometimes the bookkeeper, occasionally the founder. Things mostly work, until they don't. Backups have not been tested in 18 months. There's a shared password spreadsheet.

They call us because (a) something broke and the break-fix shop took 4 days, or (b) a competitor or peer just got hit with ransomware, or (c) they're growing and the duct-taped stack is starting to creak.

The discovery call is 30 minutes. We agree on per-user pricing, sign a one-page MSA, and pick a start date 7–10 days out.

Day 1–7: Discovery

Week 1

The first week is documentation. Most clients have never had a real IT inventory.

Walk every workstation. Serial number, age, OS, RAM, disk, last patch date.
Inventory every server, every network device, every printer.
Pull every SaaS account: who uses it, who pays for it, who has admin.
Document every vendor: ISP, M365, antivirus, line-of-business apps.
Take over MFA / billing / admin on the most critical accounts (M365, ISP portal, domain registrar).
Run vulnerability scan and a backup verification test.

End of week 1 deliverable: a full IT inventory document. The client has likely never had this. It alone is worth more than the first month's bill.

Day 8–14: Stabilize

Week 2

RMM (remote monitoring and management) goes on every endpoint. This is the foundation.

Deploy RMM agent — runs in the background, almost invisible to users.
Set up monitoring thresholds: disk, memory, CPU, temperature, AV health.
Roll out unified endpoint antivirus / EDR (replaces whatever mismatched mess was there).
Establish patching baseline: Windows updates, third-party app updates, scheduled and tested.
Audit M365 / Workspace tenant: license waste, security gaps, shared mailboxes.
Verify backups actually restore. If they don't, this is the moment we tell the client and fix it.

End of week 2 deliverable: first health report. Includes findings from the vulnerability scan, the patch backlog, and any backup risk. This is where we tell the client what we found, in plain language, no jargon.

Day 15–21: Secure

Week 3

This is the week where most of the long-tail security work happens. Boring, foundational, prevents 80% of bad things.

Roll out MFA on every email account, every admin account, every banking and SaaS portal.
Tighten email security: SPF, DKIM, DMARC. Most SMBs are sending spoofable mail and don't know it.
Deploy advanced email filtering (catches the phishing the default filter doesn't).
Run a phishing simulation. See who clicks. Don't shame anyone, but use it as the basis for short awareness training.
Audit shared drives and SharePoint permissions. Lock down what should be private.
Replace the password spreadsheet with a real password manager (1Password, Bitwarden, Keeper).

End of week 3 deliverable: security posture report. Before/after on each major category. Owner now has something to show their insurance company at renewal — usually saves money.

Day 22–30: Roadmap

Week 4

By now, the environment is stable and documented. Now we point forward.

90-day roadmap: what's coming, what budget it needs, what risks remain.
Quarterly business review schedule set up — every 90 days, IT spend tied to actual outcomes.
Helpdesk fully active. Users know how to submit tickets and what to expect.
Client gets login to a dashboard showing live system health.
If there are obvious project candidates (network refresh, server consolidation, M365 migration), they're scoped as separate fixed-price projects — not snuck into the monthly retainer.

End of week 4 deliverable: the client has a real IT department's worth of artifacts — inventory, security posture, patch cadence, backup verification, roadmap, dashboard. All for the cost of a part-time hire, with none of the management overhead.

What it costs

Pricing is per-user, $99/$149/$199 per user/month depending on tier. A 25-person business at our middle tier ("Secure") is roughly $3,725/month. That replaces:

Break-fix bills that previously averaged $1,500–$3,000/mo with high variance
The 5–10 hours/week the operations manager was burning on IT
Risk exposure from unpatched systems, untested backups, and missing MFA
Whatever the cyber insurance company would have refused to pay after an incident

The math almost always works out. The harder sale is convincing somebody that the system works — that proactive monitoring really does prevent the 11pm ransomware call.

What it does NOT include

So you're not surprised on month two:

Hardware purchases (passed through at our cost or yours)
Major project work (cloud migrations, network refreshes, ERP integrations) — quoted separately
HIPAA / SOC 2 / PCI audits — referred to specialized auditors
Custom software development

Want this for your business?

The first step is the 30-min discovery call. We'll tell you straight whether managed IT makes sense for your situation, and roughly what tier and size you'd land in.

Managed IT onboarding for a 25-person warehouse: 30-day walkthrough