The first 90 days with a managed IT provider set the tone for every month after. A strong onboarding period should deliver asset visibility, risk baselines, user communication, and a clear support rhythm early. What should you expect week by week so there are no surprises after signing?
Why the First 90 Days Matter
The first 90 days of a managed IT relationship establish the baseline for everything that follows. Your provider needs to understand your environment — every device, every system, every application — before they can manage it effectively. Onboarding that is rushed, incomplete, or poorly documented leaves gaps that show up later as unexpected incidents, slow troubleshooting, and frustrating support experiences.
A managed IT provider who cannot tell you what is in your environment two weeks after onboarding is not managing it — they are reacting to it. The first 90 days should transform a reactive relationship into a proactive one.
Days 1-14: Discovery and Documentation
The foundation of managed IT is knowing exactly what you have. In the first two weeks, your provider should be deploying monitoring agents to all managed devices, building a complete asset register (every workstation, server, network device, and printer on your network), documenting your critical systems and applications, mapping user accounts and access permissions, and reviewing your current backup and recovery setup.
You should receive — or at minimum have access to — a clear record of what has been onboarded. If your provider cannot show you a device list within two weeks, ask why.
During this phase, remote management tools and security software are deployed. For a Milnsbridge managed plan, this means SentinelOne EDR installed and enrolled on every managed endpoint, remote monitoring and management (RMM) agents deployed, and 24/7 monitoring configured across all managed devices. If there are security gaps identified during discovery — devices without EDR, systems with outstanding critical patches, accounts without MFA — these are documented and prioritised.
Days 15-30: Security Baseline and Quick Wins
Once the environment is documented, the next phase is establishing a security baseline. This means deploying and configuring the full security stack (EDR, email security, DNS filtering, password management), enforcing MFA on Microsoft 365 and other critical systems, running the first patch management cycle to bring all managed devices current on security updates, and reviewing and correcting any obvious security misconfigurations.
There are usually quick wins in this phase. Missing patches applied. Legacy admin accounts removed. Shared passwords replaced with managed credentials in Keeper. Auto-forwarding rules on email accounts audited and removed. These are low-cost, high-impact changes that reduce your attack surface immediately.
You should also receive your first monthly report in this phase — or at least a preliminary status update documenting what was found, what has been fixed, and what is outstanding.
Days 31-60: Stabilisation
The stabilisation phase is where the managed relationship starts feeling normal. Your team is using the new support channels. The service desk is responding to day-to-day requests. Monitoring is catching issues before your staff notice them. The patch cadence is running on schedule.
This is also where the volume of incidents typically peaks and then drops. In any environment that has been under-managed, there is a backlog of deferred problems — hardware showing early failure signs, applications needing updates, network issues that were worked around rather than fixed. A good managed IT provider surfaces and addresses these systematically during stabilisation rather than waiting for them to become crises.
By the end of day 60, your support ticket volume for repeat issues should be declining. If you are fielding the same problems repeatedly, the underlying causes are not being addressed — which is worth raising with your provider directly.
Days 61-90: Optimisation and Strategic Planning
By day 90, the environment should be stable, documented, and monitored. The third phase shifts from reactive stabilisation to proactive planning. What hardware is approaching end of life and should be budgeted for replacement? Are there application upgrades or migrations that should be planned? Are there security gaps that require additional controls — Essential Eight uplift, application control deployment, or MFA coverage on systems not yet enrolled?
A good managed IT provider at day 90 brings you a forward-looking view: here is what we found, here is what we fixed, here is what we recommend over the next 12 months and why. This is the shift from keeping the lights on to actively improving the environment.
You should also receive your first full monthly report and review at this point — documenting support case volume and resolution, monitoring alerts and actions taken, patch compliance across all managed devices, and backup status.
What to Expect from Your Service Desk
From day one, your team should have a clear way to contact the service desk: a direct phone number, an email address or ticketing portal, and knowledge of what response times to expect. At Milnsbridge, the average response time across the previous 12 months is 13 minutes, with 99% of issues responded to within one hour and 98% resolved within one hour. These numbers are reported to clients monthly.
Unlimited remote and onsite support during business hours is included in the Growth plan at $99 per seat per month — no per-incident billing, no call-out fees. Your team should feel comfortable raising issues promptly, knowing that contacting the service desk does not come with a bill attached.
Warning Signs in the First 90 Days
Not every managed IT onboarding goes well. These are signs worth acting on early:
No asset register or documentation. If your provider cannot show you a complete list of what they are managing after two weeks, the onboarding has not been completed properly. You are paying for management of an environment that has not been fully inventoried.
No proactive communication. Good managed IT is proactive. If your only communication with the provider in the first 90 days is reactive — you contact them when something breaks — the monitoring and proactive management model is not functioning as it should.
Same issues recurring. If the same users or the same systems are generating repeated support tickets for the same problems, the underlying causes are not being addressed. Repeat incidents are a signal, not just a volume metric.
No reporting. A managed IT provider who cannot produce a monthly report covering support activity, monitoring alerts, patch compliance, and backup status is not tracking the metrics that define their service quality. If you cannot see the data, you cannot hold them accountable.
Poor response to the unexpected. The first 90 days will almost always surface something unexpected — hardware older than disclosed, a legacy application with unusual dependencies, a security gap more significant than anticipated. How your provider handles the unexpected tells you a great deal about how they will handle the normal.
Questions to Ask at Your 90-Day Review
- What is in our asset register and is it complete?
- What security gaps were found and have they been addressed?
- What does patch compliance look like across all managed devices?
- What were the top five support issues in the first 90 days?
- What hardware replacements or upgrades should we be planning for?
- Are there any outstanding risks we should be aware of?
A managed IT provider who cannot answer these questions clearly at 90 days has not completed a proper onboarding. These are basic expectations — not exceptional service.
Milnsbridge holds a 4.9-star Google rating across 99 reviews and has onboarded Sydney businesses onto managed IT since 2002. We operate on straightforward 12-month agreements with a 10-seat minimum. Adrian Weir founded Milnsbridge after three decades in senior IT roles at Telstra, Citibank, and Unilever.
If you are considering managed IT for your Sydney business, contact Milnsbridge for a no-obligation conversation. Review our transparent per-seat pricing, explore our managed IT services, or see how our cyber security services are deployed from day one of onboarding.
