When nothing’s broken, it’s easy to wonder what you’re paying for. Here’s what goes on behind the scenes to keep it that way.
If your IT is working well, you probably don’t think about it much. Email works. Files are where they should be. You can log in. The internet is fast enough. Everything just… works.
It’s easy, in that situation, to wonder what your IT provider is actually doing. You’re paying a monthly fee, but nothing seems to be happening. No engineers on site, no big projects, no visible activity.
That’s the point. The whole purpose of managed IT is that you don’t have to think about it. But “nothing happening” on your end means a lot happening on ours. Here’s what a typical month actually looks like.
Every Morning, Before You’ve Finished Your Coffee
Our day starts with checks. Every morning, before most of our clients have arrived at their desks, we’re reviewing what happened overnight.
Backup reports. All client’s backups run overnight. Every morning, we check that they completed successfully. Did the backup finish? Did it back up the right amount of data? Were there any errors or warnings? A backup that fails silently is worse than no backup at all—you only discover the problem when you need to restore, and by then it’s too late.
Monitoring alerts. Our systems watch your systems around the clock. Servers, workstations, network equipment—if something goes wrong at 3am, we get an alert. Every morning, we review what came in overnight. Most alerts are minor but buried in the noise might be something critical that nobody else would notice until it was too late: a disk filling up, a drive in a RAID array that’s failed, a certificate about to expire, a failed login from an unusual location. By the time you’d notice these things yourself, it would already be an outage or a crisis.
RMM tickets. Our remote monitoring and management platform generates tickets automatically when it detects issues. These need triaging: what’s urgent, what can wait, what’s a false positive? This isn’t glamorous work, but it’s how we catch problems before they become outages.
All Day, Every Day
Beyond the morning checks, there’s a constant flow of monitoring and maintenance throughout the day.
SIEM and firewall logs. Security Information and Event Management systems collect logs from across your infrastructure and look for patterns that might indicate a threat. Firewall reports show what traffic has been blocked—and occasionally, what suspicious traffic got through. Someone has to actually read these reports and investigate anything unusual. That someone is us.
Responding to tickets. The obvious part of the job—when something breaks or someone needs help, we fix it. But even this is more complex than it appears. A single “Outlook isn’t working” ticket might involve checking server health, reviewing recent changes, examining mail flow logs, and testing from multiple angles before identifying the cause.
Microsoft 365 administration. New starters need accounts. Leavers need disabling—and we’re not always told when someone leaves, so we’re checking for inactive accounts too. Shared mailboxes need creating. Permissions need adjusting. Distribution lists need updating. Licences need assigning and reclaiming. Multi-factor authentication needs enforcing—every account, no exceptions, because one account without MFA is the one that gets compromised.
Patch management. Software updates get deployed every weekend, with systems restarting in the early hours of Sunday morning. Then we check everything on Sunday—before you arrive on Monday—so the biggest issues can be resolved before they affect your working week. The most common problem? Microsoft Windows and Office updates breaking something that worked fine on Friday. On Remote Desktop servers, we take particular care: signing into each one with different setup combinations, opening Word for five minutes, making sure nothing crashes or throws errors.
Monthly Routines
Some tasks happen on a regular cycle, often without you ever being aware of them.
Backup restore tests. A backup isn’t a backup until you’ve proven you can restore from it. Every month, we test restores—picking files, folders, or entire systems and confirming we can actually get them back. This is how we discover problems with backup configurations before you need to recover from a real disaster.
Microsoft 365 reports. We send our clients monthly reports showing their licence usage, storage consumption, and service health. This isn’t just about transparency—it’s about making sure you’re not paying for licences you don’t need, and spotting trends before they become problems. It also means when we recommend changes, you can see the evidence behind our advice.
Licence management. Keeping the right number of licences available—enough for new starters, not so many that you’re wasting money. We use monthly Microsoft contracts rather than annual commitments, which gives flexibility but means every licence is a separate contract with potentially a different renewal date. We get weekly reports internally so we don’t miss any renewal dates and send you monthly summaries so you can see exactly what you’re paying for.
Security reviews. Are MFA policies still being enforced? Are conditional access rules still appropriate? Have any new vulnerabilities been published that affect your systems? Security isn’t a one-time setup; it’s an ongoing process of review and adjustment.
The Never-Ending Admin
Then there’s the relentless administrative overhead that keeps everything running.
Certificate renewals. TLS certificates expire. Someone must track when, purchase renewals, complete validation, install the new certificates, and test that everything works. Miss one, and your website shows scary security warnings to customers.
Domain renewals. Domain names expire too. Lose your domain and you lose your email, your website, your identity. We track these and renew them before they lapse.
Warranty and support contract tracking. Hardware warranties expire. Support contracts come up for renewal. Software subscriptions need renewing. Someone must track all of this across multiple vendors, multiple products, and multiple clients.
Vendor management. Dealing with your software vendors, your hardware suppliers, your internet provider when something goes wrong. Sitting on hold so you don’t have to. Chasing up tickets. Escalating when necessary. This takes more time than anyone likes to admit.
Documentation. Keeping records of your systems, passwords, configurations, procedures. When something needs fixing at 11pm, we need to know how your systems are set up without having to guess. Good documentation is invisible until you need it—and then it’s invaluable.
BitLocker key management. We automatically refresh BitLocker recovery keys using our remote management tools. This sounds obscure until you’re the person whose laptop is demanding a 48-digit recovery key before it will boot—and nobody knows what it is. We make sure we always have current keys stored securely, so that occasional Monday morning panic call can be resolved in minutes.
Why This Matters
All this work exists for one reason: so that when something does go wrong, we can fix it quickly.
One day, you will need to restore from backup. If we haven’t been testing restores every month, that’s the day we discover the backup was corrupted, or the wrong files were being backed up, or the encryption key is missing.
One day, a firewall report will show a genuine intrusion attempt. If nobody’s been reading those reports, the attack succeeds instead of being caught early.
One day, an employee will click on a phishing link. MFA helps, but it’s not bulletproof—we’ve seen attacks where people enter their credentials and one-time password on a fake site, and the attacker captures their OAuth token so they can keep authenticating as that person even after the session should have expired. This is why we monitor for suspicious sign-in activity and unusual behaviour, not just whether MFA is enabled.
One day, a critical server will fail. If we don’t know how it’s configured, if the documentation is out of date, if we haven’t been monitoring its health, the recovery takes hours instead of minutes.
The work you don’t see is the work that prevents disasters—or at least makes them recoverable. It’s not exciting. It’s not innovative. It’s not the kind of thing that makes headlines. But it’s the foundation that everything else depends on.
The Alternative
Some IT providers operate on a break-fix model. They wait for something to go wrong, then charge you to fix it. This sounds cheaper until you do the maths.
Without proactive monitoring, problems get worse before they’re detected. A disk that’s filling up becomes a server that’s crashed. A backup that’s been failing for months becomes a disaster with no recovery. A security vulnerability that’s been sitting unpatched becomes a breach.
Break-fix providers also have a perverse incentive: the more things break, the more they earn. A managed service provider has the opposite incentive. We get paid the same whether your month is quiet or chaotic—so we have every reason to make it quiet.
What You’re Actually Paying For
When you pay a managed service provider, you’re not paying for visible activity. You’re paying for vigilance.
You’re paying for someone to check the backups every morning. To read the security logs. To track the expiring certificates. To test the restores. To enforce the MFA. To keep the documentation current. To stay on top of the thousand small tasks that, collectively, keep your business running.
You’re paying for the peace of mind that comes from knowing someone is paying attention—even when you’re not.
And you’re paying for the ability to call someone who already knows your systems when something does go wrong. Not someone who has to start from scratch, but someone who’s been watching, maintaining, and documenting all along.
That’s what “managed” means. Not waiting for things to break. Making sure they don’t—and being ready if they do.
How Trichromic Can Help
At Trichromic, we’ve been managing IT for UK businesses since 2006. We know what it takes to keep systems running, because we’ve been doing it for nearly twenty years—through every change in technology, every new threat, every vendor decision that made our jobs harder.
If you’re wondering whether your current IT provider is doing all this work, or if you’re trying to manage it yourself and struggling to keep up, we should talk. Give us a call on 020 3327 0310 or visit www.trichromic.com.
We’ll tell you what we see, what we’d do differently, and what it would cost. No pressure, no jargon—just an honest conversation about what your IT actually needs.