How to Choose a Managed IT Provider in Berlin: What to Ask Before You Sign

The managed IT services market in Berlin is crowded. Dozens of providers offer broadly similar-sounding services — remote monitoring, helpdesk support, Microsoft 365 management, and security. The differences between them are not in the marketing materials; they show up in the day-to-day experience of working with them and, critically, during incidents.

Most businesses that switch IT providers do so because something went wrong — a ransomware attack the provider failed to prevent, a prolonged outage with inadequate support, or a billing dispute over scope. This guide is about avoiding that situation by asking the right questions before you sign.

Define what you actually need first

Before evaluating any provider, be specific about what you are buying. Managed IT services is a broad term that can mean anything from “we’ll reset your passwords” to “we run your entire IT stack.” Common service models:

• Break-fix / ad hoc support. You call when something breaks, pay per incident or per hour. No proactive management. Appropriate for very small businesses with minimal IT dependency.
• Managed helpdesk. Users contact a helpdesk for issues. Some remote monitoring but limited proactive management. Usually a flat per-user monthly fee.
• Fully managed IT. The provider monitors your environment, manages updates and patches, responds proactively to alerts, and takes ownership of your IT stability. Higher cost, higher accountability.
• Co-managed IT. You have internal IT staff; the MSP provides specific functions (security operations, backup management, helpdesk overflow). Common as businesses scale.

Know which model you need before you start evaluating. A provider optimised for break-fix will not serve you well if you need proactive management — and vice versa.

Questions to ask about security capabilities

Security is where the difference between providers matters most — and where the largest gaps exist. Ask specifically:

“What does your standard managed endpoint security include?”

The answer should include an EDR (endpoint detection and response) solution — not just traditional antivirus. Microsoft Defender for Business, CrowdStrike Falcon, or equivalent. If the answer is “we use [antivirus product]” without mentioning behavioural detection, this is a signal that their security stack is behind the current threat landscape.

“How do you handle Microsoft 365 security?”

Microsoft 365 security requires active configuration and monitoring — it does not come secure by default. A capable provider should be able to explain Conditional Access policies, Microsoft Secure Score, and their approach to tenant security baselines. If they cannot, they are managing licences rather than managing security.

“What is your incident response procedure if a client gets ransomware?”

This question surfaces the provider’s actual operational capability more effectively than any sales conversation. A good answer includes: isolation procedures, backup restore capability, communication protocol, and a documented post-incident review. A vague answer (“we’d work with you to resolve it”) is a red flag.

“Do you carry cyber liability insurance?”

A professional MSP should carry professional indemnity and cyber liability insurance. If they do not, they are not treating their own risk seriously — which tells you something about how they will treat yours.

Questions to ask about service levels

“What are your response time SLAs, and how are they defined?”

Response time and resolution time are different. A provider might guarantee a 1-hour response (first acknowledgement of a ticket) but have no SLA on resolution time. For business-critical outages, resolution time is what matters. Ask for the full SLA document, not a summary.

“What is your escalation path for a P1 incident outside business hours?”

Out-of-hours coverage is one of the most common points of failure in MSP contracts. If a server goes down at 6pm on a Friday, do you get the same response as during business hours, or do you wait until Monday? Clarify this explicitly.

“What is your staff-to-client ratio?”

Overstretched MSPs are a leading cause of slow response times and missed patches. There is no universal benchmark, but a ratio above 150 clients per engineer is a warning sign for fully managed services.

Questions to ask about pricing and contracts

“What is included in the per-user/per-device monthly fee, and what triggers an out-of-scope charge?”

MSP contracts frequently include general support but exclude major projects, new user setup, hardware procurement, and on-site visits. These exclusions can generate unexpected bills. Get a clear list of what is in scope and what is not before signing.

“What are the contract terms and exit provisions?”

12-month contracts with auto-renewal and 30-day cancellation notice are standard. 36-month contracts with penalties for early exit should be questioned. If a provider is confident in their service quality, they should not need to lock you in for three years.

“How does pricing change if we add or remove users?”

Pricing models that require you to commit to a minimum user count for the contract term can be expensive if your headcount fluctuates. Understand the flexibility (or lack of it) before signing.

Questions to ask about Microsoft 365

“Are you a Microsoft CSP (Cloud Solution Provider)?”

Microsoft CSPs can manage licensing, provide support, and often receive volume pricing. This is not mandatory but indicates a more formal Microsoft relationship than a provider who simply resells licences without managed capabilities.

“How do you manage Microsoft 365 tenant security?”

Expect a specific answer about their onboarding process for new clients: do they review existing Conditional Access policies? What is their baseline configuration? Do they monitor the Microsoft Secure Score? Vague answers here indicate licence management rather than security management.

Red flags to watch for

• No written SLA. If the provider is reluctant to put response times in writing, their service reliability does not justify the commitment.
• No client references. Any provider with a functional business in Berlin should be able to provide references from current clients of similar size and sector.
• Security described in terms of antivirus. Antivirus has been an inadequate primary security control for years. A provider that positions antivirus as their security offering has not kept up.
• Ownership of your IT assets and accounts. Your Microsoft 365 tenant, your domain, your DNS records, and your backup repository should belong to your company — not to the provider. Some MSPs hold these in their own accounts, making transitions difficult and expensive. Clarify this explicitly.
• No documented offboarding process. Ask what happens if you switch providers. The answer should describe a clean handover of credentials, documentation, and assets. Resistance to this question is a significant red flag.

What a realistic evaluation process looks like

1. Define your requirements: user count, locations, existing infrastructure, known pain points
2. Request proposals from 3 providers — ask all of them the same questions
3. Get references from current clients of similar size
4. Review contract terms with legal counsel if the contract value justifies it
5. Start with a limited engagement (project or pilot) if possible before a full contract

The cheapest provider is rarely the best choice. The right provider is one whose capabilities match your actual risk profile — and who treats your infrastructure with the same care they would apply to their own.

If you want an independent view of your current IT environment before approaching providers — so you negotiate from an informed position rather than taking their assessment of your needs at face value — that is exactly what our free IT assessment provides. You get a written report covering your security posture, Microsoft 365 configuration, and operational resilience before any commercial conversation starts.