The question we hear most often during pricing reviews is some version of "are we paying the right amount for what we are getting?" The honest answer is that the number on the invoice matters less than what sits behind it. A $120 per-user fee that covers a real scope is cheaper than a $90 fee that quietly grows to $140 once project work, license pass-throughs, and after-hours charges arrive. The goal of this piece is to give you a working baseline for what managed IT should cost, what should be included, and where the friction usually surfaces.
The three pricing models you will see
Almost every managed IT proposal sits in one of three pricing structures. Each one is appropriate for a different kind of environment, and most of the confusion in the market comes from providers pitching a model that does not fit the buyer. We will walk through each, including who the model works for and who should walk away from it.
Per-user pricing
Typical range is $100 to $250 per user per month. This is the dominant model for a reason. Most knowledge-work small businesses have a roughly consistent ratio of devices, applications, and identity work per employee, so headcount is a reasonable proxy for support load. When your team grows or contracts, your IT cost moves with it. Per-user pricing tends to fit professional services firms, accounting and finance practices, healthcare offices, and most companies in the 10 to 100 employee range.
Per-device pricing
Typical range is $75 to $200 per device per month. This model fits environments where the device count is high relative to user count: shared workstations, kiosks, point-of-sale terminals, light manufacturing, or any business where one person touches several machines. Per-device pricing can also produce a lower number for businesses with heavy contractor or seasonal headcount that never logs in long enough to justify a per-user license stack.
Break-fix and hourly
Typical range is $150 to $300 per hour. Break-fix is pay-as-you-go: the provider bills you when something goes wrong and walks away when it does not. It looks cheaper on a quiet month, and it is genuinely cheaper for a very small business with simple needs and a high tolerance for downtime. The structural problem is that the provider's incentive runs the wrong direction. Their revenue depends on issues occurring, not on issues being prevented. We do not recommend break-fix for any business that depends on its systems to operate, but we want to name the tradeoff plainly rather than dismiss it.
What should actually be inside the monthly fee
A managed services agreement should cover the work that keeps your environment healthy without a separate purchase order each time. If your provider treats any of the following as extra, that is a scope problem rather than a pricing problem. The recurring fee should cover help desk support during business hours, endpoint and server monitoring, patch management, endpoint protection, baseline email security, network monitoring, identity and access management for the platforms you already use, regular backup operation and verification, and routine account housekeeping when employees join or leave.
Some categories are reasonably billed as projects or pass-throughs. Hardware purchases, major infrastructure rebuilds, third-party software licensing, after-hours emergency response outside the contracted SLA, and specialized work like a Microsoft 365 tenant migration or a compliance attestation are normal project line items. The test is whether they are quoted in writing and approved before the work starts. Project work that surfaces on a monthly invoice without prior approval is the single most common billing complaint we see during independent reviews.
What drives your price up or down
Two businesses with the same headcount can land on very different monthly numbers, and the reasons are usually predictable. Industry and compliance exposure is the largest single factor. Healthcare, financial services, and legal practices typically pay 20 to 40 percent more because the security baseline, documentation overhead, and audit support are heavier. The current state of your environment is the next factor. If your systems have been under-managed for years, the first six to twelve months of a new engagement will be more expensive because the provider is paying down technical debt before they can deliver steady-state support efficiently.
Response-time guarantees move the number meaningfully. Business-hours support with next-business-day response on standard tickets is cheaper than around-the-clock coverage with a one-hour response target on critical issues. Most small businesses do not need 24/7 coverage, and paying for it when you do not use it is a common over-spend. The level of strategic involvement also matters. A provider running quarterly business reviews, owning your technology roadmap, and sitting in on vendor selection costs more than one running a help desk in the background, and that gap is usually worth paying for once you are past about twenty-five employees.
Signs you are paying too much for what you are getting
Price alone is a weak signal. The stronger signal is the relationship between price and predictability. The patterns we see most often when a business is genuinely overpaying include monthly invoices that vary by more than ten or fifteen percent without a clear reason, support requests that get reclassified as projects after the work is done, a recurring fee that has climbed year over year without a corresponding change in scope, and a contract document that is vague enough about inclusions that the provider can argue either way when something is disputed. Several of those patterns overlap with the broader warning signs that a provider relationship has stopped working.
The inverse pattern is also worth naming. A very low headline rate, paired with frequent extra charges, often costs more in total than a higher rate that covers everything. We have reviewed engagements where moving from a $95 per-user provider to a $140 per-user provider lowered the all-in monthly cost because the second contract genuinely included what the first one nickel-and-dimed. If you are evaluating quotes, the only useful comparison is total cost over twelve months, including projects, after-hours work, and license pass-throughs. The headline rate is marketing.
A realistic monthly picture
For a fifteen-person professional services firm with standard security needs and no heavy compliance requirement, the budget usually lands somewhere around $2,500 to $3,200 per month for fully managed services. That figure typically covers the per-user fee, an enhanced security and email protection package, cloud backup with verified restore testing, and routine identity management. Annualized, that is roughly $30,000 to $38,000, with occasional project costs layered on top for hardware refreshes, software rollouts, or environment changes.
Smaller teams, in the five to ten employee range, often land between $900 and $1,800 per month for the same scope, because some of the baseline security tooling has a floor cost regardless of headcount. Above thirty employees, the per-user number tends to compress as the provider gains efficiency in your environment. If your number is materially outside these ranges in either direction, the question is whether the scope and the price are aligned, not whether the number itself is right or wrong.
What real value looks like
The conversations that actually move pricing are specific. Ask your provider to produce a written scope document that lists what is included in the monthly fee and what triggers an additional charge. Ask what "unlimited support" means in practice, including which channels are covered, which response times apply, and what gets reclassified as a project. Ask how license cost increases are passed through, and whether you see the underlying vendor invoice. Vague contract language protects the provider, and we have not yet reviewed an engagement where tightening that language did not improve the relationship. How to negotiate better terms with your current MSP covers the specific asks that tend to land.
Not sure whether your number is fair?
The MSP Performance Scorecard gives you a structured read across responsiveness, security, communication, and cost transparency. It takes about ten minutes and produces a score you can take into your next provider conversation.
Take the ScorecardIf you cannot get to that level of clarity with your current provider, a structured outside review is often the fastest way to surface what is actually inside the number. The Technology Confidence Assessment is built for that conversation.