What’s Included in Managed IT Services? The Eight-Category Framework

WHAT’S INCLUDED IN MANAGED IT SERVICES

What “managed IT” should actually mean.

“Managed IT services” is one of the most loosely defined phrases in business technology. Two providers quoting very different prices can both claim to offer a comprehensive service, while delivering materially different outcomes.

This page explains, in plain terms, what a serious UK managed IT engagement in 2026 should include so you can compare proposals like‑for‑like.

Skip to our scope and quote form ↓

UKAS ISO/IEC 27001:2022 Certified · Microsoft Solutions Partner · Cyber Essentials · Full scope, no hidden add‑ons

The eight categories a serious managed IT engagement covers

A complete UK managed IT service covers eight capability areas. Where a quote omits one, or treats it as an optional extra, that should be clear before you sign.

The difference between a £55 quote and an £85 quote is rarely quality — it is what’s bundled versus what gets billed separately later.

The reality of comparing managed IT quotes

1. User helpdesk and support

Unlimited access to UK‑based engineers during contracted hours, clear SLAs, named account ownership and defined escalation. This should not be capped, rationed or priced per incident.

Watch for: capped tickets, undefined “fair use”, and overseas first‑line teams that escalate everything at premium rates.

2. Proactive monitoring and maintenance

24/7 monitoring of servers, endpoints, networks and cloud services with active engineer response, scheduled patching and documented monthly reporting.

Watch for: dashboards nobody watches and “proactive” services that only react once users complain.

3. Microsoft 365 administration

Identity‑led security, lifecycle management, licence optimisation and ongoing review across Exchange, SharePoint, OneDrive, Teams and Intune.

Watch for: “Microsoft 365 included” meaning Exchange only, or tenants left on default security baselines.

4. Endpoint security

Modern EDR, full‑disk encryption, MDM where appropriate and patching of operating systems and third‑party applications.

Watch for: legacy antivirus sold as EDR and encryption treated as optional.

5. Email security and anti‑phishing

Layered email defence including anti‑impersonation, DMARC at enforcement level and meaningful user reporting processes.

Watch for: DMARC left at p=none indefinitely and one‑off phishing training.

6. Backup and continuity

Third‑party Microsoft 365 backup, tested restores, documented RTO/RPO and alignment to the 3‑2‑1‑1‑0 rule.

Watch for: untested backups and no immutable or offline copy.

7. Cyber security and compliance

Cyber Essentials support, sector‑appropriate compliance evidence, vulnerability management and tested incident response.

Watch for: policy templates with no real implementation or testing.

8. Strategic IT advice (vCIO)

Regular roadmap reviews, budget planning and independent advice that aligns to your business — not the provider’s resale catalogue.

Watch for: QBRs that are really upsell meetings.

What’s typically not included — and why that’s reasonable

Even comprehensive managed IT has legitimate boundaries. The key is that anything charged separately is quoted transparently and agreed before work starts.

Hardware and software procurement — plus a reasonable handling margin.
Major projects — office moves, migrations, M&A integration.
Specialist consultancy — formal ISO lead implementer or regulator‑led investigations.
24/7 coverage extensions — typically £15–£30 per user per month.

The rule of thumb: if it’s part of running the IT day‑to‑day, it belongs in the monthly fee; if it’s a discrete project, it should be quoted separately.

How System Force IT structures managed IT

All eight capability areas are included in our standard managed IT engagement. We do not unbundle them, sell them as bolt‑ons or surprise clients with premium rates for core services.

Our pricing typically sits between £65 and £120 per user per month, delivered by UK‑based engineers within our ISO 27001 certified ISMS.

Frequently Asked Questions — What’s Included in Managed IT Services

Should helpdesk support be unlimited?

Yes. Capped helpdesk creates an incentive to ration support requests, which leads to users not reporting issues and problems compounding over time. Reputable UK managed IT services in 2026 offer unlimited helpdesk during contracted hours as standard. If a quote caps tickets or hours, ask why.

Is Microsoft 365 backup really separate from Microsoft’s own backup?

Yes. Microsoft’s service availability commitments do not include granular, long‑term, point‑in‑time recovery of customer data. Customers remain responsible for their data. Third‑party Microsoft 365 backup is a non‑negotiable component of a serious managed IT service.

What’s the difference between EDR and antivirus?

Antivirus relies on known signatures. EDR monitors behaviour, detects anomalies, can isolate compromised devices automatically and provides forensic information after incidents. Modern attacks routinely bypass signature‑based antivirus; EDR is now the baseline for business endpoint security.

Should on‑site visits be included?

A reasonable allowance of on‑site visits should be included as standard, typically several per year. Visits beyond that are reasonably charged at a defined rate. What is not reasonable is per‑visit fees for routine work that should be part of the service.

What is a vCIO and do we need one?

A virtual CIO provides strategic IT input without the cost of a full‑time CIO. For SMEs, this usually means quarterly reviews, roadmap planning and independent advice. The depth required depends on size and complexity, but some strategic function should be present in any serious managed IT engagement.

How should I compare managed IT quotes?

Map each proposal against the eight categories on this page and identify what is missing or treated as an add‑on. Then calculate the realistic total annual cost including likely extras. The cheapest headline quote is often the most expensive once everything is included.

Is cyber insurance included in managed IT services?

No. Cyber insurance is a separate product, but managed IT should make you insurable by delivering the controls, evidence and incident response capability underwriters expect. We support clients through cyber insurance questionnaires and renewal processes as part of the service.

Can we customise what’s included?

Yes, within reason. The core eight categories are interdependent and should not be removed, but the depth of each is scoped to your environment. A small consultancy and a regulated manufacturing business require different levels of control, and pricing should reflect that reality.

Get a fully scoped managed IT proposal

We’ll map each of the eight categories to your environment and produce a fixed‑price proposal explaining exactly what’s included and why.

Or call us directly: 01452 701355
No obligation · Business enquiries only · We respond within one business day.

This framework underpins our managed IT, pricing, cyber security and Cyber Essentials services and is the structure we recommend buyers use when evaluating any provider.