The Real Cost of Switching IT Providers

Switching IT providers costs more than the new contract price. The transition involves documentation gaps, credential recovery battles, undocumented configurations, and a 30-to-60-day window where your business is genuinely more vulnerable. Most companies don’t find out until they’re already committed to the switch.

This post covers what we’ve seen across hundreds of MSP-to-MSP transitions: what actually goes wrong, what it costs you in time and risk, and how to protect yourself before you give notice.

The Hidden Costs Nobody Mentions

The obvious cost of switching providers is the new monthly contract. The non-obvious costs are the ones that actually hurt.

Documentation that doesn’t exist. Many IT providers keep minimal documentation about client environments. Network diagrams, firewall rules, server configurations, application dependencies, and backup schedules may live entirely in the head of one or two technicians. When those technicians work for your old provider and no longer have a reason to help, that knowledge walks out the door. Your new provider has to reverse-engineer your entire environment from scratch, which takes weeks and costs you billable hours.

Credentials you don’t own. This one catches business owners off guard. Your Microsoft 365 tenant, your domain registrar, your firewall admin portal, your backup console, your antivirus dashboard, your VPN concentrator: if your IT provider set these up under their own accounts, you may not have the admin credentials. Some providers register domains, SSL certificates, and cloud tenants under their own master accounts as a matter of convenience. That convenience becomes a hostage situation when you try to leave.

Undocumented configurations and workarounds. Every IT environment accumulates band-aid fixes over time. A static route that was added to work around a network issue three years ago. A scheduled task on the domain controller that runs a custom script nobody remembers writing. A firewall rule that allows traffic from a specific IP address for a reason nobody documented. Your new provider will find these, but only after something breaks because they didn’t know the workaround existed.

Vendor relationships that need to be re-established. Your IT provider likely manages relationships with your ISP, your phone system vendor, your copier company, your line-of-business software vendor, and possibly your cyber insurance broker. Each of those vendors has your old provider listed as the authorized contact. Updating those relationships takes time, and until they’re updated, your new provider can’t make changes or get support on your behalf.

The 30-to-60-Day Risk Window

The transition period between providers is when your business is most exposed. For roughly 30 to 60 days, neither provider has complete visibility into your environment.

Your old provider is winding down. They may still be monitoring your systems contractually, but their attention has moved to other clients. They’re not proactively patching, not reviewing security alerts with urgency, and not investing time in an account they’re about to lose.

Your new provider is ramping up. They’re inventorying devices, deploying their monitoring agents, learning your network topology, and onboarding your users. But they don’t yet know what “normal” looks like in your environment. They can’t distinguish a legitimate after-hours login from a suspicious one because they haven’t established a baseline.

This gap is real. If a security incident happens during the transition, the response will be slower and less coordinated than it would be under either provider alone. Both teams will need to communicate, share access, and coordinate in real time, and that coordination hasn’t been tested yet.

The mitigation is straightforward: overlap the contracts. Run both providers simultaneously for at least two to four weeks. The old provider maintains monitoring and response capability while the new provider gets fully onboarded. Yes, you’ll pay two providers for a month. That cost is trivial compared to an undetected breach during the handoff.

When Providers Don’t Leave Gracefully

Most IT providers handle transitions professionally. But some don’t, and the stories follow predictable patterns.

Locked accounts. The outgoing provider changes admin passwords on your Microsoft 365 tenant, your firewall, or your server infrastructure on their last day. Sometimes this is accidental, a technician removing their own access and inadvertently locking out the master admin. Sometimes it’s deliberate. Either way, you’re calling Microsoft support or performing a factory reset on your firewall while your team can’t work.

Withheld documentation. Some providers treat their documentation as proprietary intellectual property. They’ll hand over login credentials (eventually) but refuse to share network diagrams, configuration notes, or procedural runbooks they created while managing your environment. This is a gray area contractually, and fighting over it delays the transition.

Agents and tools left behind. Remote monitoring and management (RMM) tools, remote access agents, and backup software installed by your old provider may continue running after the relationship ends. These tools often have full admin access to your systems. If the old provider doesn’t uninstall them, and the new provider doesn’t know to look for them, you have an unmonitored backdoor into your network. This is one of the first things a thorough onboarding process checks for.

Questions to Ask Your Current Provider Before Giving Notice

Before you tell your current provider you’re leaving, get answers to these questions while the relationship is still cooperative.

• Who owns the admin credentials for our Microsoft 365 tenant, domain registrar, and firewall? If the answer is “we manage those for you,” press further. Are they registered under your company’s name and email, or under the provider’s master account?
• Can you provide a full export of our documentation? Network diagrams, IP address assignments, server configurations, backup schedules, firewall rules, and vendor contact lists. Ask for this in writing.
• What is your offboarding process? A professional provider will have a documented transition procedure. If they seem surprised by the question, that’s a signal.
• What tools do you have installed on our systems? Get a complete list of RMM agents, remote access tools, backup agents, and security software. You’ll need this list to verify everything gets removed.
• What is the notice period in our contract? Some MSP contracts require 60 or 90 days’ notice. Some include early termination fees. Read the contract before you have the conversation.

Protect Yourself Before You Switch

The best time to secure your position is before the transition starts. These steps reduce your risk regardless of which provider you’re moving to.

Own your domain. Log in to your domain registrar (GoDaddy, Namecheap, Cloudflare, wherever your domain is registered) and confirm the account is in your name, with your email as the recovery contact. If you can’t log in, your provider owns the account, and you need to fix that immediately. Your domain controls your email, your website, and your online identity. Losing access to it can shut down your business.

Own your licenses. Your Microsoft 365 licenses, cloud subscriptions, and software agreements should be in your company’s name, billed to your company’s payment method. If your IT provider is reselling licenses through their own CSP agreement, you don’t own those licenses, and they can revoke them. Verify this with Microsoft directly through the Microsoft 365 admin center if needed.

Own your data. Confirm that your backups are accessible to you, not just to your provider. If your provider manages your backup solution and stores backups in their own cloud, you need a copy of that data before the transition. Get a full backup exported to storage you control.

Document what you can. Even if your provider holds the detailed documentation, you can record your own inventory: how many servers, what line-of-business applications you run, how many users, what ISP you use, what phone system. This gives your new provider a head start.

A good onboarding process from your new managed IT provider should cover all of these items systematically. If a prospective provider can’t walk you through their onboarding and evaluation process, that tells you how the rest of the relationship will go.

Making the Switch Successfully

Switching IT providers is disruptive, but it doesn’t have to be chaotic. The companies that manage it well do three things: they secure their own assets before giving notice, they overlap contracts to eliminate the visibility gap, and they choose a new provider with a documented, tested onboarding process.

The companies that get burned are the ones who assume the transition will be simple, don’t check who owns their credentials, and discover the hard way that their old provider has no documentation to hand over.

If you’re considering a switch because your current provider isn’t meeting your needs, that instinct is probably right. Just do the prep work first. The cost of a well-planned transition is measured in weeks. The cost of a botched one is measured in outages, security incidents, and lost productivity that can drag on for months.