The first 90 days with a new managed service provider determine the next three years of the relationship. Get the onboarding right and everything flows — your team trusts the new provider, inherited issues get resolved, and your technology posture improves measurably. Get it wrong and you spend the next year cleaning up a botched transition while your staff quietly lose confidence.
We have onboarded hundreds of Perth businesses over 20 years. Many of them came to us after a previous provider fumbled the handover. This article describes what a proper onboarding looks like — not the marketing version, but the actual week-by-week reality of what happens, what gets found, and what gets fixed.
The first two weeks are about learning everything about your current environment before changing anything. This is the most important phase and the one most providers rush through or skip entirely.
A proper discovery involves a full audit of your infrastructure: every server, workstation, network device, cloud service, backup system, and software licence. Your new provider should be documenting everything in their IT management platform so that every engineer on the team has visibility from day one.
This is also when the uncomfortable truths surface. In almost every onboarding we conduct, the discovery phase reveals issues that the previous provider either missed, ignored, or never told you about. Common findings include devices running without endpoint protection, MFA not enforced on all accounts (often the owner or managing director’s account is the exception), backups that have been failing silently for weeks, dormant user accounts with administrative privileges belonging to staff who left the company months ago, and operating systems that are past end of life and no longer receiving security patches.
These findings are not a reflection on you — they are a reflection on the previous provider’s monitoring and communication. A good MSP surfaces these issues immediately, triages them by risk, and addresses the critical ones within the first two weeks.
Simultaneously with discovery, your new provider is working to gain administrative access to all your systems. This includes your Microsoft 365 tenant, domain registrations, firewalls and network equipment, backup platforms, and line-of-business applications.
If your previous provider is cooperative, this is straightforward — they hand over credentials, remove their access, and step back cleanly. If they are not cooperative (and this happens more often than you might expect), your new provider should have established processes for working directly with Microsoft, domain registrars, and hardware vendors to recover access without the outgoing provider’s assistance.
A critical step during this phase is confirming that you — the business owner — actually own your own systems. We occasionally encounter situations where the previous provider registered your domain in their name, holds the global admin on your Microsoft 365 tenant, or owns the licensing on your security tools. Untangling this takes time but is essential.
Before taking full management responsibility, your new provider should establish a security baseline. This means verifying every critical security control and remediating the gaps identified during discovery.
The priority items are always the same: confirm MFA is enforced on every account (especially admin accounts), verify backup integrity with actual test restores (not just checking that the backup job says “success”), deploy endpoint detection and response (EDR) on every device that does not already have it, review firewall rules and remove any legacy exceptions that create unnecessary exposure, and disable dormant accounts and revoke unnecessary administrative privileges.
This phase typically produces the single biggest improvement in your security posture. Not because the new provider is doing anything revolutionary — but because they are actually checking. Many of the issues found during onboarding existed for months or years under the previous provider.
At go-live, your staff are introduced to the new provider’s support channels. They get a phone number (that someone actually answers), an email address for tickets, and access to a client portal. A brief orientation session ensures everyone knows how to get help and what to expect.
The first month of live support is always the busiest. Your new provider is learning the specific workflows, preferences, and quirks of your team. Your staff are adjusting to a new helpdesk. And inherited issues from the previous environment continue to surface as people use different systems in different ways.
A good provider runs at elevated staffing during this period — more engineers assigned to your account, faster escalation paths, and proactive check-ins with key staff members. The goal is to resolve the backlog of inherited issues quickly so that the new relationship starts from a clean baseline rather than spending months cleaning up the old one.
Once the urgent issues are resolved and the team is stabilised, the focus shifts to optimisation. This is where your new provider starts making improvements rather than just fixing problems.
Typical optimisation activities include streamlining Microsoft 365 licensing (most businesses are either over-licensed on some users or under-licensed on others), configuring automation for routine tasks that were previously manual, implementing monitoring and alerting that did not exist before, cleaning up Active Directory and Entra ID (removing stale groups, fixing naming conventions, rationalising permissions), and deploying management tools that improve visibility across the environment.
Optimisation is also when your provider should be identifying quick wins — improvements that deliver visible value to your staff with minimal effort. Things like fixing a printer that has been unreliable for six months, resolving a VPN issue that everyone had learned to work around, or configuring a shared mailbox that has been requested but never delivered.
These quick wins matter more than they should from a technical perspective, because they build trust. Your staff need to believe that the new provider is better than the old one, and visible improvements in the first two months set that tone.
The 90-day mark is the most important milestone in the onboarding process. This is when your assigned virtual CIO (or account manager, depending on the provider’s model) conducts a comprehensive strategic review.
A proper 90-day review should cover a full report on every issue identified and resolved since onboarding (including the security findings from discovery), your current security posture with specific scores or metrics (not vague assurances), a technology roadmap with budgeted recommendations for the next 12 to 36 months, a discussion about your business goals and how technology can support them, and an honest assessment of any remaining gaps or risks.
This review is where the relationship transitions from onboarding to ongoing management. It sets the strategic direction for the next year and establishes the cadence of regular reviews (typically quarterly) that keep your technology aligned with your business.
It is also the point where you should evaluate whether the provider has delivered on what they promised during the sales process. If they committed to a specific response time, has it been met? If they promised proactive security management, have they found and fixed issues you did not know about? If they said they would provide strategic guidance, have they demonstrated that capability?
For comparison, here is what we see when businesses come to us after a failed onboarding with another provider.
No discovery audit. The new provider took over access, installed their remote monitoring tool, and called it done. No documentation of the environment, no security assessment, no identification of inherited issues.
No security baseline. MFA gaps, dormant accounts, and failed backups from the previous provider carried over untouched. The new provider inherited the risk without even identifying it.
No proactive communication. The business owner had to chase the new provider for updates during the transition. Tickets went unanswered for days. Staff lost confidence within the first month.
No strategic review. At the 90-day mark, there was no review meeting, no report, and no roadmap. The provider was still in reactive mode, fixing tickets as they came in without any strategic direction.
This pattern results in a business that has technically switched providers but has not actually improved its IT posture. It is a change in billing, not a change in capability.
Onboarding is a two-way process. While your new provider does the heavy lifting, there are things you can do to make the transition smoother.
Gather your credentials before the transition starts. If you have login details, licence keys, or account information — even partial or outdated — share it with your new provider. It saves time and reduces dependency on the outgoing provider.
Designate an internal point of contact. One person in your business who the new provider can go to with questions, access requests, and decisions. This avoids the bottleneck of every question going through the business owner.
Communicate to your staff. Let your team know the switch is happening, when it happens, and how to contact the new provider. A brief email or team meeting prevents confusion on go-live day.
Be honest about your pain points. The more your new provider understands about what was not working before, the faster they can prioritise the issues that matter most to your team.
Give it 90 days. The first month will be bumpy — any honest provider will tell you that. New engineers learning your environment, inherited issues surfacing, and staff adjusting to new processes all create short-term friction. Judge the relationship at 90 days, not 9 days.
At Epic IT, we back our onboarding with a guarantee that puts our money where our mouth is. If you are not satisfied with our service during the first 90 days, we refund your entire onboarding fee and pay you $5,000.
We introduced this guarantee because we know the first 90 days are where the relationship is won or lost. If we cannot demonstrate measurable improvement in your IT posture, clear communication throughout the transition, and strategic value by day 90, we do not deserve your business — and we will pay you for the inconvenience.
If you are considering switching IT providers and want to understand what a proper onboarding looks like for your business, contact us on 1300 EPIC IT or request a free IT assessment through our website.
We have onboarded hundreds of Perth businesses and back every transition with our 90-day guarantee. Talk to us about what a proper onboarding looks like for your business.
Or call us on 1300 EPIC IT (1300 374 248)
At Epic IT, our specialists focus on long-term solutions for your business.
Our 90-day guarantee is simple: if you’re not satisfied, we’ll refund your onboarding fee and give you $5K. Contact us today!
Call Us
1300 EPIC IT
Email Us
info@epicit.com.au
Perth HQ
HQ – Unit 2, 62 Angove Street North Perth WA
Queensland Office
12 The Cct, Brisbane Airport QLD
Sydney Office
Unit 3, 104 Anglesea Street, Bondi NSW
Want to know more? Find our Privacy Policy and Terms of Use.
