IT Provider Evaluation Guide: 20 Questions Every Organization Should Ask
eTop Technology
Managed IT Provider, Inland Empire
Switching IT providers is a significant decision. The monthly rate matters, but it’s often the least important number. What matters more is what’s included, what’s excluded, and what costs show up later that weren’t in the original quote.
This guide gives you 20 questions to ask any IT provider you’re evaluating. Each question includes context on why it matters, what a strong answer looks like, and what should concern you.
We encourage you to send these questions to every vendor you’re considering and compare the answers side by side.
Section 1: Pricing & Billing Model
The monthly number on a proposal is a starting point, not the finish line. The real question is: what does that number actually cover?
Q1. Is your monthly rate per user, per device, or per asset? What happens to my bill when I add a laptop, a monitor, or a phone?
Why this matters: Per-device billing means every new piece of hardware increases your monthly cost. If your organization grows or refreshes equipment, your bill grows with it, even if no additional support is needed.
What a strong answer sounds like: Per-user or governance-based pricing that doesn’t penalize you for adding devices. Your cost should scale with your team, not your hardware inventory.
Red flag: If the answer is per-device or per-asset, ask for a projection of what your bill looks like at 60 and 70 devices. The difference can be significant.
Q2. What is NOT included in the monthly rate? Specifically: Are there per-incident charges, after-hours fees, onsite visit fees, or project charges for routine tasks like laptop setups or user changes?
Why this matters: Many providers advertise a low monthly rate but bill separately for tasks you assume are included. Laptop swaps, new user setups, and onsite visits are common areas where costs hide.
What a strong answer sounds like: Unlimited remote and onsite support included in the monthly rate. Routine tasks like new hires, offboarding, and laptop swaps (using existing inventory) are part of the service, not billable projects. If a net-new device needs to be purchased, the hardware cost is separate, but the labor to configure and deploy it should be included.
Red flag: If “laptop swap” or “new user setup” appears on a separate project quote with labor charges, you’re paying twice: once for the monthly service, and again every time you need it.
Q3. Is Microsoft 365 licensing included in your monthly rate, or billed separately? At what price per user?
Why this matters: Microsoft 365 is the backbone of most modern IT environments. If licensing isn’t included or standardized, you end up with fragmented access, staff purchasing their own licenses, and no central visibility.
What a strong answer sounds like: Microsoft 365 Business Premium included at a transparent per-user cost. Nonprofit organizations should be paying dramatically less than commercial rates ($5-10/user vs. $22/user).
Red flag: If the provider doesn’t manage licensing centrally, or if staff are buying their own Microsoft or Adobe subscriptions, that’s a visibility and compliance gap.
Q4. Does the monthly rate include both locations, or is multi-site support an add-on?
Why this matters: Organizations with more than one office often discover that the second location is billed as a separate line item, sometimes at a significant premium.
What a strong answer sounds like: All locations are covered under a single monthly rate. Support quality and response time should be consistent regardless of which office calls.
Red flag: If one site is a separate add-on, ask what happens if you open a third. Per-location billing compounds quickly.
Q5. What does your pricing look like on a 3-year effective cost basis? Include all recurring fees, anticipated hardware events, license renewals, and project work.
Why this matters: A 3-year view exposes the true cost of ownership. Providers with low monthly rates often have higher total costs when server replacements, network license renewals, and project fees are included.
What a strong answer sounds like: A transparent 3-year total that includes all monthly fees, project costs, hardware, licensing, and renewals. No surprises at year 2 or 3.
Red flag: If the provider can’t or won’t give you a 3-year number, ask why. The answer usually involves costs they know are coming but don’t want to show you upfront.
Section 2: Infrastructure & Architecture
How your IT environment is designed determines what you’ll pay to maintain it for years to come.
Q6. Does your proposed solution require an on-premises file server? If so, who pays for the replacement when it reaches end of life?
Why this matters: File servers cost $15,000-$30,000 to replace and create VPN dependency for file access. They also require ongoing backup, patching, and monitoring. A server-dependent model guarantees a future capital event.
What a strong answer sounds like: No on-premises file server required. Files live in SharePoint and OneDrive, accessible from anywhere without VPN. Server decommissioning should be part of the transition plan.
Red flag: If the provider’s model still depends on a server, ask who pays for the next one. If the answer is you, ask how that’s reflected in the proposal.
Q7. Does daily work require a VPN connection? What happens if the VPN goes down?
Why this matters: VPN-dependent environments create single points of failure. When the VPN drops, staff can’t access files, and leadership loses productivity. This is especially problematic for organizations with remote or multi-site staff.
What a strong answer sounds like: No VPN required for daily workflows. Files, email, and applications are cloud-hosted and accessible from any device with an internet connection. VPN is retained only for rare edge cases, if at all.
Red flag: If the answer is “yes, VPN is required for file access,” that means every VPN outage is a productivity outage for your entire team.
Q8. What networking hardware are you proposing, and does it require recurring license renewals? What do those renewals cost and when do they expire?
Why this matters: Some enterprise networking vendors require license renewals every 1-5 years. These renewals can cost $5,000-$10,000+ and are easy to miss in a proposal because they don’t show up on month one.
What a strong answer sounds like: Networking hardware with zero recurring license fees. Equipment should be enterprise-grade but shouldn’t come with renewal cliffs that create budget surprises.
Red flag: If the proposal includes hardware with 3- or 5-year license subscriptions, add up what those renewals cost over 10 years and compare.
Q9. What is your approach to endpoint management? If a laptop fails tomorrow, what happens and how long does it take?
Why this matters: In legacy environments, a laptop failure can mean days of downtime while the device is rebuilt and data is restored. Modern endpoint management makes devices replaceable — a user can be back to work in under an hour.
What a strong answer sounds like: Endpoints are Entra ID-joined with automatic data backup (Known Folder Move to OneDrive). A failed device is swapped, the user logs in, and their data and applications restore automatically. The labor to configure and deploy is included. If a replacement device needs to be purchased, that hardware cost is separate, but the turnaround should be measured in hours, not days.
Red flag: If the answer involves “we’d need to image a new machine and restore from backup” or if a laptop swap comes with a project quote for labor, the endpoint management model isn’t modern.
Section 3: Security & Compliance
Q10. What security tools are included in the monthly rate? Is antivirus, email security, malware detection, and endpoint protection included or billed separately?
Why this matters: Security is non-negotiable, but it’s also an area where providers layer on add-on costs. You need to know what’s included so you can compare apples to apples.
What a strong answer sounds like: A full security stack included in the monthly rate: managed antivirus, email security, 24/7 malware detection, endpoint protection (Microsoft Defender for Business), and managed firewall. No surprise add-ons.
Red flag: If security is quoted as a separate line item or “available as an add-on,” your base monthly rate doesn’t actually protect you.
Q11. Do you enforce multi-factor authentication (MFA) for all users? Is this configured as part of onboarding or left to us?
Why this matters: MFA is the single most effective control against account compromise. It should be non-negotiable and enforced from day one, not offered as an optional add-on.
What a strong answer sounds like: MFA is enforced for all users through Entra ID as a baseline security policy. It’s configured during onboarding and not optional.
Red flag: If MFA is described as “available if you want it” or “we can set it up later,” that’s a provider who doesn’t own your security posture.
Q12. How do you handle software license compliance? Can you tell me right now exactly what Microsoft and Adobe licenses are deployed across our environment?
Why this matters: License chaos creates compliance risk and cost leakage. Staff buying their own licenses, unlicensed copies floating around, and no central visibility are all signs of a provider that isn’t managing the full picture.
What a strong answer sounds like: Full software license compliance tracking included. Every license is centrally managed, and we can show you exactly what’s deployed, to whom, and whether it’s compliant — at any time.
Red flag: If the provider says they “don’t manage licensing” or can’t tell you where your Adobe licenses are, you’re carrying compliance risk they’re not addressing.
Section 4: Support & Responsiveness
Q13. What are your response time commitments? Is there a published SLA, and what are the consequences if you miss it?
Why this matters: Response time promises are only meaningful if they’re documented and enforceable. Ask for the actual SLA — not a verbal promise.
What a strong answer sounds like: Published SLAs with defined response and resolution targets by severity level. Regular reporting against those targets so you can see whether they’re being met.
Red flag: If the answer is “we respond as quickly as we can” without a written SLA, there’s no accountability.
Q14. Is onsite support included, or does every onsite visit generate a separate invoice?
Why this matters: Some providers include remote support but charge for every onsite visit. If your organization has multiple locations and regular hands-on needs, per-visit billing adds up fast.
What a strong answer sounds like: Onsite support is included in the monthly rate for all locations within a reasonable use model. No trip charges, no per-visit fees for standard support needs.
Red flag: If onsite visits are billed hourly or per-trip, ask what happens during a week where you need three visits across two locations. Per-visit billing adds up fast for multi-site organizations.
Q15. What does your onboarding process look like for new hires? How quickly is a new employee fully productive?
Why this matters: New hire onboarding is one of the most common IT tasks and one of the most revealing. It shows whether the provider has built systems for efficiency or is still doing everything manually.
What a strong answer sounds like: New hires receive a preconfigured device. They log in, and their applications, email, files, and security policies deploy automatically. Productive on day one. The setup and configuration labor is included in the monthly service. If a new device needs to be purchased, that’s a separate hardware cost, but it shouldn’t come with a labor project quote on top.
Red flag: If new hire setup takes days, requires billable project hours for configuration, or involves manual imaging, the provider hasn’t invested in automation.
Section 5: Strategic Partnership
Q16. Do you provide regular business reviews (quarterly or biannually)? What do those include?
Why this matters: A provider who only talks to you when something breaks is a vendor, not a partner. Regular business reviews demonstrate a commitment to proactive planning and strategic alignment.
What a strong answer sounds like: Quarterly or biannual strategic reviews that cover system health, security posture, budget planning, hardware lifecycle, and recommendations. These are included in the service, not billed as consulting hours.
Red flag: If the provider doesn’t offer regular reviews, or if they’re only available as a paid add-on, your IT strategy is on autopilot.
Q17. Do you provide hardware lifecycle planning? How do you handle equipment that needs replacement — is that a capital expense we budget for, or is it managed within the service?
Why this matters: Aging hardware is one of the biggest sources of unplanned IT cost. A provider who tracks hardware age and plans replacements proactively prevents budget surprises.
What a strong answer sounds like: Hardware lifecycle planning and tracking included. The provider monitors the age and condition of all managed devices, provides advance notice when replacements are needed, and helps you budget for them. Hardware procurement is typically a separate cost, but the planning, coordination, and deployment labor should be part of the service.
Red flag: If the provider doesn’t track hardware age, can’t tell you which devices are approaching end of life, or if every replacement is a surprise quote with no advance warning, you’ll be reacting instead of planning.
Q18. Who is our primary point of contact? Do we have a dedicated account manager, or are we calling a general helpdesk?
Why this matters: Knowing who to call and having someone who understands your environment makes a material difference in support quality. A dedicated relationship means less time re-explaining your setup on every call.
What a strong answer sounds like: A named account manager who knows your environment, your staff, and your priorities. Escalation paths are clear and documented.
Red flag: If the answer is “you call the helpdesk and whoever is available takes it,” there’s no continuity and no one owns your experience.
Section 6: Transition & Risk
Q19. What does your transition/onboarding project include? Is it a phased approach or a single cutover? What’s the timeline?
Why this matters: Transitions that try to do everything at once create unnecessary risk. A phased approach with clear milestones reduces disruption and gives staff time to adapt.
What a strong answer sounds like: A phased project plan with defined scopes, timelines, and outcomes for each phase. Typically includes licensing, cloud migration, endpoint standardization, network modernization, and stabilization — each as a distinct phase.
Red flag: If the answer is “we install our agents and you’re good to go,” there’s no migration strategy. That means the underlying problems don’t get solved — they just get a new name on the invoice.
Q20. If we decide to leave your service in the future, what happens? Do you own our data, our domain, our licenses?
Why this matters: Some providers hold customer domains, Microsoft tenants, or licensing agreements in their own accounts. This creates lock-in and makes transitions painful and expensive.
What a strong answer sounds like: You own everything: your domain, your Microsoft tenant, your data. If you leave, we provide a complete handoff with documentation. No hostage situations.
Red flag: If the provider registers your domain in their name, holds your Microsoft licenses in their CSP account without transfer provisions, or doesn’t mention exit terms at all — that’s a lock-in risk.
Evaluation Scoring Matrix
Use this matrix to compare providers side by side. Score each area from 1 (weak/missing) to 5 (strong/fully addressed).
| Evaluation Category | Provider A | Provider B | Provider C |
|---|---|---|---|
| All-inclusive pricing (no per-device/per-incident) | |||
| Microsoft 365 licensing included & standardized | |||
| Multi-site support included in base rate | |||
| 3-year total cost transparency | |||
| No on-premises server dependency | |||
| No VPN required for daily work | |||
| Network hardware with zero renewal licensing | |||
| Modern endpoint management (auto-recovery) | |||
| Full security stack included | |||
| MFA enforced for all users | |||
| License compliance tracking | |||
| Published SLA with accountability | |||
| Onsite support included | |||
| Same-day new hire productivity | |||
| Regular strategic business reviews | |||
| Hardware lifecycle planning | |||
| Dedicated account manager | |||
| Phased transition plan | |||
| Data & domain ownership guaranteed | |||
| Clean exit provisions documented | |||
| TOTAL SCORE | /100 | /100 | /100 |
The best IT partner isn’t the one with the lowest invoice. It’s the one whose invoice is the only invoice.
We welcome the opportunity to answer every one of these questions — in writing, in person, or both. Contact us to start the conversation.
eTop Technology
Managed IT Provider, Inland Empire
eTop Technology has spent over 15 years in IT and over 12 years serving the Inland Empire as a trusted managed IT provider. We host the Business Tech Playbook podcast and are passionate about helping business leaders make smarter technology decisions.