Many MSPs make great IT partners. However, there are far too many who are just trying to pad their next invoice. Have you ever walked away from a conversation with a managed IT service provider wondering, “Is that actually the best solution for us?” If so, you’re certainly not alone. And the truth is, these MSPs are enlarging their profits because you don’t understand what you’re agreeing to. In this article, we explore 7 ways an MSP can fail your business – from common issues to rare but damaging edge cases.
Table of Contents
7 Ways Providers Put Profit Over Partnership
1. They can’t clearly explain why they took an action.
One of the most common MSP issues we hear from businesses is that their current IT partner is pushing solutions that don’t seem tailored to their needs. Instead of their provider explaining how the solution would benefit the business, the MSP hides behind vague reasoning or vendor incentives.
This leaves business leaders questioning whether their MSPs’ recommendations are really about improving their operations.
👉 Pro Tip: If your MSP can’t explain the business impact of a decision in plain terms, press them for answers. Ask how the action supports your strategy.
2. They mismanage IT investments.
Another issue some businesses have with MSPs is that they don’t seem to be actively looking for ways to optimize their clients’ IT budgets. We’ve seen companies stuck paying for extra Microsoft licenses they didn’t need, or being saddled with costly infrastructure decisions that no one can seem to justify.
When your provider avoids audits, ignores vendor bloat, or leaves you chasing multiple contacts for answers, it’s likely a sign that they’re prioritizing their own margin over your business’ long-term efficiency.
👉 Pro Tip: Ask your MSP to provide regular licensing audits and asset reviews. If they can’t show you where you have optimization opportunities, they’re not acting in your best interest.
3. Unnecessary upselling.
Overselling Licenses
Businesses that leverage Microsoft 365 Business Premium have access to Intune, Defender for Business, and Defender for Office 365 Plan 1. However, despite this fact, some MSPs try to upsell third-party tools for EDR, MDM, or email protection. That leads to their clients paying for the same services twice.
Our analysts warn of “license creep,” where poor mapping and upsell pressure push businesses into enterprise tiers without a clear business case. Red flags include no line-by-line comparison of third-party tools against Microsoft entitlements, or vague claims that “E5 is required” without a gap analysis.
Exploitation Behavior Around Security
Security upselling can easily cross into exploitation. Some MSPs recommend premium security products that don’t materially improve the client’s posture, or worse, they fail to configure them properly.
In extreme cases, providers have been caught manufacturing incidents for profit – such as the MSSP owner arrested for installing malware on a hospital’s systems.
If you don’t know what a security solution is, ask your provider to explain exactly what it does and why it’s needed. But what if something feels off, and you’re questioning an MSP’s trustworthiness?
Request a complete list of the security tools they’re recommending. Take some time to verify whether they overlap with the security tools and expertise you already have. This will give you insight into whether they’re upselling duplicate tools, unnecessary solutions, licenses, etc.
👉 Pro Tip: Request a line-by-line mapping of third-party tools against Microsoft 365 entitlements. Verify if the new products fill actual gaps, or if they’re duplicates of what you already own.
4. Credentials are “held hostage” on the way out.
Breakups with MSPs can turn ugly when providers withhold admin credentials or refuse to transfer control of your Microsoft 365 tenant. But you always own your credentials and should receive them on request.
Unfortunately, disputes with an MSP can escalate to the point where clients describe their Microsoft 365 tenant as being held hostage. In cases like these, businesses are often forced to escalate directly to Microsoft just to regain access to their own environment.
👉 Pro tip: Make sure you have all admin credentials early in the relationship and keep them documented. If you decide to leave your MSP, stay professional, keep lines of communication open, and involve legal support if the provider resists. Should you decide to transition to a new MSP, they may help you gain access to your credentials so you don’t have to deal with the stress.
5. Unexpected costs and hidden fees.
Surprise, Per-device Expenses
Per-device pricing models often extend beyond laptops and servers to include printers, thin clients, switches, and more – unless the contract defines them tightly. Without a clear asset inventory and reconciliation process, billable devices can multiply faster than headcount, leaving you facing unexplained cost creep.
Always get clarification on what counts as a device and how billing adjustments are handled for new devices. Red flags include vague device definitions, no audit trail, and monthly swings in billed devices without a change log.
“All-inclusive Support…” But with Caveats
MSPs often advertise unlimited support, but the fine print might tell a different story. Premium charges for after-hours incidents, holiday coverage, or incident response often surface only when you need help the most.
If your contract doesn’t clearly spell out what’s included, you risk paying emergency rates for services you assumed were covered.
👉 Pro Tip: Ask for written documentation of their rates and their asset reconciliation process before signing. Surprise fees and unexplained device counts are preventable with proper oversight.
6. Neglectfully charging for security without the fundamentals.
U.S. cyber authorities stress that MSPs must enforce security fundamentals, including multi-factor authentication for privileged accounts, applying least privilege, and maintaining monitoring and logging. Yet some providers market “24×7 security” while skipping these basics – which leaves their clients with false assurance and increased risk.
Tool vulnerabilities, such as the ConnectWise ScreenConnect CVE-2024-1709, underscore why hardened remote access and clear patch service-level agreements must be non-negotiable.
If your MSP cannot demonstrate MFA, provide you access to automated security reports, or define patch timelines for its tools, they may be selling security by name only.
👉 Pro Tip: Ensure your MSP enforces MFA, shares security reports, and documents patch timelines.
7. Shadow IT and snooping on client data.
Few practices erode trust faster than an MSP misusing privileged access. In one reported case, an MSP searched through a client’s private emails – without consent – after the client sought outside advice on overbilling concerns. The MSP then filed those emails in court to protect its own interests. A move the client understandably considered a breach of trust and potentially criminal.
This kind of “snooping,” where providers exploit elevated access to monitor client communications or systems for self-interest, crosses a very serious line from service partner to liability.
👉 Pro Tip: Request written access policies, audit rights, and contractual boundaries around data use. Your MSP should always be protecting your information…not exploiting it.
Summary of How MSPs Can Profit at Your Expense
| Pattern | How they profit | Harm to your business |
|---|---|---|
|
Decisions made without explanation |
Pushes vendor incentives instead of business-aligned solutions |
You’re left questioning value and direction |
|
Mismanaged IT investments |
Margin from unnecessary licenses and poor infrastructure decisions |
You pay for unused tools and unjustified costs |
|
Upselling at your expense |
Revenue from duplicate security or productivity tools |
You pay twice for capabilities you already own |
|
Credentials held hostage |
Leverage during disputes or breakups |
Loss of account access, downtime, costly escalations |
|
Hidden fees that erode trust |
Billable device inflation, after-hours surcharges, and caveats |
Costs creep beyond budget, crisis-time price spikes |
|
Security in name only |
Charges for 24×7 “security” without enforcing fundamentals |
Elevated breach risk, false assurance |
|
Snooping on client data |
Exploiting privileged access for self-interest |
Breach of trust, potential legal and compliance exposure |
The Bottom Line
Your MSP should make your life easier, your team more productive, and your business more secure. They should be guiding you through the best actions to take for your business. They shouldn’t, on the other hand, leave you questioning whether they’re upselling, overstepping ethical boundaries, or taking advantage of you.
If you recognize even one of these warning signs, take some time to seriously evaluate whether your provider is acting as your business partner or simply prioritizing their own profit. Because an operationally mature MSP will ensure your IT strategy serves your business goals, not the other way around.
Thinking about switching MSPs?
Download our procurement checklist and MSP comparison card to evaluate strategic managed IT providers side-by-side, before you sign a contract.
Use this checklist to make choosing the right managed service provider for your organization easy and stress-free.
FAQ
What are the most common MSP issues executives should watch for?
Executives often encounter issues with an MSP such as poor cost management, unnecessary upselling, hidden fees, or even withheld credentials during offboarding. These issues with MSPs can erode trust and create financial and operational risks if left unchecked.
How can I tell if my MSP is prioritizing profit over my business’s success?
One sign of MSP problems is vague or unclear recommendations that don’t connect to your business goals. Other red flags include billing surprises or security services sold without enforcing basic protections.
What should I do if my MSP creates more issues than it solves?
If you’re facing ongoing MSP issues (such as overbilling, lack of transparency, or questionable practices) start by documenting concerns and requesting clarity from your provider. If problems persist, consider switching to an operationally mature MSP that aligns IT strategy with business outcomes.
