Does managed IT always include cybersecurity?

Not always in the same depth, which is why you should ask exactly what security responsibilities are included. Some providers include only basic controls, while others operate a broader security layer.

Does managed IT include Microsoft 365 administration?

It often does, but not always. Buyers should confirm whether user lifecycle, MFA, Conditional Access, tenant settings, and mail administration are truly included.

EventHorizon Forge

What is included in managed IT services?

Managed IT services should include clearly defined operational responsibilities, not vague promises. That usually means support, administration, monitoring, endpoint management, Microsoft 365 governance, backup oversight, and the security practices needed to keep the environment supportable over time.

Last updated April 10, 2026

Direct answer

Managed IT services commonly include help desk support, Microsoft 365 administration, user and identity management, endpoint management, patching, monitoring, backups, basic security controls, and operational oversight of the covered environment.

The exact scope varies by provider and by client, which is why buyers should always demand that included systems and excluded systems be written down.

What is typically in scope

At EHFC, these capabilities are brought together through VANGUARD, which is the full managed IT program. VANGUARD is not meant to represent only the Microsoft 365 portion of service delivery.

User support and ticket handling for covered systems
Microsoft 365 administration and tenant governance when included
User lifecycle management for joiners, movers, and leavers
Endpoint configuration, patching, and compliance alignment
Monitoring and alerting for managed systems
Backup oversight and recovery planning
Infrastructure operations for hosts and systems the MSP manages
Security baseline enforcement across identity, devices, and administration

What is often scoped separately

Managed IT does not automatically include every technical task a business may want. Major application development, net-new software builds, office relocations, large data migrations, or major hardware refresh projects are often scoped separately.

Those projects can still be connected to the managed environment, but they are usually not unlimited monthly work hiding inside the support agreement.

Why written scope matters

Two providers can both say they offer managed IT while operating very different service models. One may manage Microsoft 365, endpoints, security, and backups. Another may mostly answer tickets and escalate the rest elsewhere.

That is why scope matters more than the label. Buyers should know exactly what is covered before they compare providers.

Common buyer mistakes

Assuming licensing includes governance and administration
Assuming backups are managed just because backup software exists
Assuming support includes security ownership when it may not
Comparing providers without aligning in-scope systems first

What to do next

Create a simple list of the systems your business depends on, then ask whether each one is truly in scope for the provider. That instantly clarifies the real shape of the agreement.

Frequently asked questions

Does managed IT always include cybersecurity?: Not always in the same depth, which is why you should ask exactly what security responsibilities are included. Some providers include only basic controls, while others operate a broader security layer.
Does managed IT include Microsoft 365 administration?: It often does, but not always. Buyers should confirm whether user lifecycle, MFA, Conditional Access, tenant settings, and mail administration are truly included.