What’s Actually Included in “Fully Managed IT”: A Saudi Service Catalogue Walkthrough

Three Saudi MSPs each tell you they offer “fully managed IT services” for a different monthly price. The proposals look comparable on the cover page. Read carefully and you’ll find the scope differs dramatically. This piece walks through what the term actually means, what should be included, and how to spot proposals that hide costs in fine print.

Helpdesk and end-user support

What’s included in proper “fully managed”: unlimited tickets, response within SLA, resolution within SLA, support across all common business apps (M365/GW, accounting software, CRM, ERP), Arabic + English bilingual coverage, web and email and phone channels, mobile device support.

What’s typically extra: after-hours support beyond emergencies, training delivery sessions, custom application support beyond basic troubleshooting, on-site visits beyond a defined per-month limit.

Red flags: “fair use” clauses with undefined limits, unlimited tickets but capped engineering hours, English-only helpdesk for an Arabic-Saudi workforce.

Infrastructure management

What’s included: 24/7 monitoring of servers and network devices, automated alerting, proactive patching, configuration management, backup verification, capacity monitoring.

What’s typically extra: hardware refresh procurement (you pay for new equipment; MSP delivers and configures), major architecture changes, datacentre relocations.

Red flags: “monitoring only” language without proactive remediation, no backup test commitments, no capacity review cadence.

Cybersecurity

What’s included: endpoint protection (anti-malware, EDR), email security, MFA enforcement, security awareness training, incident response coverage, basic vulnerability scanning, NCA ECC alignment for in-scope organisations.

What’s typically extra: penetration testing, advanced threat hunting, SOC services (24/7 SOC), compliance audit support, custom security tools.

Red flags: antivirus-only coverage labeled “cybersecurity”, no incident response provision, no security awareness component.

Microsoft 365 / Google Workspace administration

What’s included: user provisioning/deprovisioning, security configuration, license management, basic SharePoint/Teams/Drive admin, MDM/MAM for company devices, email migration support.

What’s typically extra: tenant migrations, complex SharePoint architecture, custom Teams/Power Platform development, third-party tool integrations.

Vendor coordination

What’s included: first-line liaison with major vendors (M365, internet provider, security tools), escalation handling, license renewals coordination, basic procurement.

What’s typically extra: contract negotiation, vendor management for non-IT vendors, accounting software support beyond basic troubleshooting.

Procurement and lifecycle

What’s included: hardware specification recommendations, license optimisation reviews, asset tracking, lifecycle planning.

What’s typically extra: hardware purchase costs (pass-through), software license costs (pass-through), shipping and import duties.

Red flags: “free” procurement that turns out to require minimum margin on hardware purchases.

Strategic IT advice (vCIO)

What’s included: quarterly business reviews, monthly reporting, technology strategy discussions, budget planning support, basic compliance advice.

What’s typically extra: formal compliance audits, deep technology assessments, board-level presentations, formal RFP support.

Compliance support

What’s included: baseline NCA ECC alignment for SMBs, basic SAMA awareness for financial services SMBs, brand-standard documentation for hospitality.

What’s typically extra: formal compliance certifications, audit preparation, gap remediation projects, regulatory liaison.

The proposal-evaluation checklist

When comparing managed IT proposals, ask each MSP to answer these specifically:

1. Are tickets truly unlimited, or is there a fair-use cap?
2. What’s your defined SLA for P1, P2, P3, P4 incidents?
3. How many on-site visits per month are included?
4. Is after-hours emergency support included or extra?
5. Is backup testing included? At what frequency?
6. Is endpoint protection license included or pass-through?
7. Is M365 or GW license included or pass-through?
8. Is vCIO time included? How many hours per quarter?
9. What triggers a change order vs included scope?
10. What’s the price for adding 5 more users mid-contract?

The answers reveal the actual scope. The proposal with the lowest cover-page price often has the most “extras” that show up in invoices later.

Get help comparing managed IT proposals

For a transparent managed IT proposal with no hidden scope, contact our team. Pair with managed IT services, IT support, and IT consulting.