What Is Co-Managed IT? How It Works With Your Team
What is co-managed IT? In short, it is an arrangement where a managed service provider works alongside your internal IT staff rather than replacing them. You do not have to choose between hiring an in-house IT person and outsourcing everything to an MSP - co-managed IT lets you have both, with each side owning the work it does best. For a growing business with one or two capable but overstretched IT people, it is often the model that fits best, as long as you structure the split clearly from the start.
This guide explains what co-managed IT actually means, who it is for, exactly how responsibilities get divided, what it costs compared with fully-managed IT, and the signs that tell you whether it is the right fit.
What co-managed IT actually means
Co-managed IT is a shared-responsibility model. Your internal team and an external MSP each take ownership of defined parts of your technology, and they coordinate on the rest. The key word is shared. It is not the MSP taking over, and it is not the MSP doing odd jobs when your person is busy. It is a deliberate division of labor with agreed lines of ownership.
It helps to place co-managed IT next to the two models people usually know.
Co-managed vs fully-managed IT
In a fully-managed arrangement, the MSP owns your entire IT function. You have little or no internal IT staff, and the provider handles everything from the help desk to strategy. Co-managed keeps your internal team in place and has the MSP fill specific gaps. The difference is not the amount of work outsourced, it is whether you retain in-house ownership. If you have no IT staff, fully-managed is usually the better answer. If you have people worth keeping, co-managed lets you keep them. Our MSP vs in-house IT comparison goes deeper on that fork in the road.
Co-managed vs break-fix
Break-fix is the old reactive model: something breaks, you call someone, you pay by the hour to fix it. There is no ongoing relationship, no proactive monitoring, and no shared ownership. Co-managed IT is the opposite - a continuous partnership with defined responsibilities and predictable pricing. If your "co-managed" provider only shows up when you call, you have break-fix with a nicer name.
Who co-managed IT is for
The classic co-managed scenario is the "we have one overloaded IT guy" business. You hired a capable internal person, maybe two, and for a while they covered everything. Then the company grew. Now that same person is the help desk, the security team, the project manager, the backup administrator, and the one who gets called at 9pm when the server is down. They are good, but they are one person, and they cannot be an expert in everything or awake all the time.
Co-managed IT is built for exactly this situation. It is for businesses that:
- Have at least one internal IT person who is stretched too thin, not absent entirely
- Value the institutional knowledge their internal staff hold and do not want to lose it
- Have gaps in specific areas - after-hours coverage, cybersecurity, cloud projects, compliance
- Cannot justify hiring a second or third full-time specialist, but need those skills sometimes
- Want enterprise-grade tools (monitoring, security, ticketing) without buying them outright
If that describes you, co-managed lets you scale your team's capacity and skills without the cost and risk of more headcount. If you have no internal IT at all, co-managed is usually the wrong shape and fully-managed will serve you better.
How responsibilities split between your team and the MSP
The success of co-managed IT lives entirely in the clarity of the split. Ambiguity is where things fall through the cracks - both sides assume the other handled the patch, the backup, the alert. The best engagements write the division down, often in a simple RACI-style grid that names who is responsible and who is accountable for each function. Microsoft frames cloud security around a similar idea in its shared responsibility model, and the same discipline applies to co-managed IT as a whole.
While every split is negotiable, here is a common starting point.
What the MSP typically owns:
- After-hours and overflow help desk coverage
- 24/7 monitoring and alerting across servers, networks, and endpoints
- Patch management and routine maintenance at scale
- Cybersecurity tooling and threat response
- Backup management and tested disaster recovery
- Specialized projects: cloud migrations, network redesigns, compliance work
- Access to enterprise-grade platforms your business would not buy alone
What your internal team usually keeps:
- Day-to-day support and the relationships with your staff
- Business-specific applications and the institutional knowledge around them
- On-site work and hands-on tasks
- Vendor relationships and internal decision-making
- The role of the MSP's primary point of contact
What gets shared:
- Security strategy and incident response, where the MSP brings tools and the team brings context
- Documentation, which both sides contribute to and both can access
- Project planning and budgeting
The exact lines should follow your team's actual strengths and gaps, not a template. The point is that there is a line, it is written down, and both sides know which side of it each task lives on. Recognized frameworks help you avoid blind spots when you draw it: the NIST Cybersecurity Framework and CISA's cybersecurity best practices are useful checklists for making sure no security function falls into the gap between "us" and "them."
What co-managed IT costs, and how the model differs from fully-managed
Co-managed IT is usually priced like managed services - a predictable monthly fee, often per user or per device, for a defined set of responsibilities. The difference from fully-managed is scope. Because your internal team still does a meaningful share of the work, the MSP is covering less, so the per-user fee is typically lower than a full-service arrangement.
That said, the headline rate is the wrong number to compare. The honest comparison is total cost of the IT function under each model:
- Fully internal: the fully loaded salaries of every IT person you would need to cover all functions, including the specialists you cannot keep busy full time.
- Fully managed: the MSP's per-user fee for owning everything, with little or no internal staff.
- Co-managed: your retained internal salaries plus the MSP's fee for the gaps they fill, plus, often, access to tools you would otherwise license yourself.
Co-managed tends to win when you already have valuable internal people and the alternative is hiring one or two more specialists you would only partially utilize. It lets you buy specific capabilities - night coverage, security expertise, project muscle - by the slice instead of by the full-time hire. To pressure-test the math for your situation, run the numbers through an MSP cost calculator and compare all three models side by side rather than reacting to a single monthly quote.
Signs co-managed IT is right for you (and signs it is not)
Co-managed is a strong fit, but it is not universal. Use these signals to tell which way to lean.
Signs co-managed is right:
- You have internal IT staff who are good but overloaded
- You are losing nights and weekends to coverage your team cannot sustain
- You have specific skill gaps - security, cloud, compliance - that do not justify a full-time hire
- You want to keep institutional knowledge in-house while adding capacity
- You need enterprise tools but not the cost of buying and running them yourself
Signs co-managed is not the answer:
- You have no internal IT staff at all - fully-managed is simpler and more complete
- Your internal team is already large and covers every function well - you may not need outside help
- You are not willing to define and document the split - ambiguity will sink the partnership
- You want someone to blame rather than a partner to coordinate with - co-managed requires real collaboration
The deciding factor is almost always your internal capacity. Co-managed amplifies a team that exists; it does not create one from nothing. If you are still weighing whether to build in-house or outsource at all, start with our guide to choosing a managed IT service provider before committing to a model.
If co-managed IT sounds like your situation, the next step is finding providers who genuinely offer it - not fully-managed shops that will quietly try to absorb your whole function. Browse managed IT providers in your state that support co-managed arrangements, or use the MyMSPHub buyer's guide to structure your evaluation from the start.
Frequently asked questions
What is co-managed IT?
Co-managed IT is a partnership where a managed service provider works alongside your internal IT staff instead of replacing them. Your team keeps ownership of the things they know best - business systems, day-to-day support, internal relationships - while the MSP fills specific gaps such as after-hours coverage, security, advanced projects, or tools your business cannot justify buying on its own. The defining feature is shared responsibility with a clear division of who owns what.
What is the difference between co-managed and fully managed IT?
Fully managed IT means the MSP owns your entire technology function and you have little or no internal IT staff. Co-managed IT means you keep an internal team and the MSP augments them, sharing responsibilities along agreed lines. Fully managed suits businesses with no IT staff; co-managed suits businesses that have one or two capable people who are stretched too thin to cover everything.
How much does co-managed IT cost?
Co-managed pricing varies with scope, but the model usually costs less per user than fully-managed because your internal team still does a share of the work. Common structures are per-user or per-device monthly pricing for a defined set of MSP responsibilities, sometimes plus access to the MSP's security and monitoring tools. Because the split is negotiable, the right comparison is total cost - your internal salaries plus the MSP fee - against the alternative of hiring more staff or going fully managed.
Is co-managed IT right for a small business?
It can be, if you already have at least one internal IT person who is overloaded rather than no IT staff at all. Co-managed shines when you have in-house knowledge worth keeping but gaps in coverage, security, or specialized skills. A business with no internal IT is usually better served by fully-managed IT, and a business with a large, complete IT department may not need outside help at all.
Does co-managed IT replace my internal IT staff?
No - that is the point. Co-managed IT is designed to keep your internal staff and make them more effective by removing the work that burns them out: after-hours tickets, routine patching and monitoring, and projects outside their expertise. Done well, it reduces turnover risk and lets your in-house people focus on the business-specific work an outsider could never do as well.
Free Buyer's Guide
The complete guide to finding and hiring the right MSP for your business.
Download Free Guide