Co-Managed IT Services, Explained
Co-managed IT services split the work of running your technology between your in-house staff and an outside provider, instead of handing all of it to one side. Your team keeps the parts it does well. A managed IT provider covers the rest.
This guide explains the model, shows when it fits better than fully outsourcing, and gives a plain read on price. It is written for a Los Angeles business that already has some IT help and is deciding what to add.
What co-managed IT actually is
In a fully managed setup, one provider owns your whole technology stack. In a co-managed setup, an internal person or team stays in charge, and an outside provider works next to them.
The provider fills specific gaps. The common ones:
- After-hours and weekend coverage your one or two staff can't give
- Security and compliance depth most generalists don't keep in-house
- Tools (monitoring, patching, backup, ticketing) without buying every license yourself
- Project overflow: a migration or rollout your team can't run and still keep the lights on
- Backfill for time off, sick leave, or a resignation
Think of it as adding a bench, not replacing the starter. Your admin still knows your systems. The outside team adds hours, tools, and specialists.
For a primer on the underlying model, read what managed IT and an MSP are.
Who does what in a co-managed split
There is no fixed line between your team and the provider. The point of the shared model is that you draw it deliberately, function by function, and write it into the contract. A common starting split looks like this.
| Function | Usually your in-house team | Usually the co-managed provider |
|---|---|---|
| Day-to-day help desk (Tier 1) | Password resets, quick fixes, floor walk-ups | Overflow tickets and after-hours coverage |
| Monitoring and patching | Not usually | The tools, plus the labor to run and tune them |
| Security (EDR/MDR, email filtering) | Not usually | Deploys and watches the security stack |
| Backup and disaster recovery | Names what must be protected | Configures, runs, and tests the restores |
| Projects and migrations | Scopes and prioritizes | Delivers the build without pulling staff off support |
| Strategy, budgeting, and vCIO | Owns the roadmap and the spend | Advises, benchmarks, and flags risk |
| Compliance evidence (HIPAA, SOC 2, CMMC) | Owns the policies and the business decisions | Supplies the controls, logs, and audit artifacts |
Treat the table as a draft, not a rule. The right split depends on what your admin already does well and where the hours run out. Put the final version in writing, so nobody assumes the other side has a task covered.
When co-managed fits, and when it doesn't
The deciding factor is simple: do you already have real IT capacity inside the company?
| Your situation | Better fit |
|---|---|
| No internal IT staff at all | Fully managed |
| 1–3 internal staff, stretched thin | Co-managed |
| Internal admin leaving, no backfill planned | Fully managed |
| Need 24/7 coverage but can't staff a night shift | Co-managed |
| New compliance rule, no in-house expertise | Co-managed |
| Want to hand IT off entirely | Fully managed |
A business with no technical staff usually starts fully managed. See managed IT for LA small business. A firm with a capable but overloaded admin is the classic case for the shared model. It keeps the knowledge your admin carries while adding the reach one person can't cover.
Two common LA setups
These are illustrative patterns, not specific clients, but they match how the shared model tends to land in Los Angeles.
A post-production house with about 40 staff and one systems admin. The admin knows the editing bays, the media storage, and the render pipeline better than any outside firm could learn quickly, so that stays in-house. What the admin cannot do alone is watch the render farm and backups overnight, keep pace with content-security requirements, and still answer daytime tickets. A co-managed provider takes the after-hours monitoring, the security stack, and backup testing, and the admin keeps the room.
A growing dental or medical group with about 25 staff, where the office manager runs IT part-time. That works until a new HIPAA obligation, an aging server, and 24/7 uptime expectations arrive at once. The office manager keeps the vendor calls and the simple resets; the provider brings the HIPAA controls, endpoint detection, tested backups, and the monitoring a part-timer cannot cover. See HIPAA for LA businesses for what those controls involve.
What it costs
Providers usually price the shared model per user or per device, billed monthly. Because your own team still handles day-to-day tickets, the per-seat rate is often lower than fully managed: you are buying tools and senior backup, not a full help desk.
| Model | Typical basis | Illustrative range |
|---|---|---|
| Fully managed | Per user / month | $125–$220 (illustrative) |
| Co-managed | Per user / month | $60–$140 (illustrative) |
Those figures are illustrative, not quotes. Real Los Angeles pricing depends on user count, security requirements, and how much work your team keeps. For verified ranges, read what managed IT costs in Los Angeles and the LA MSP pricing benchmarks.
Check two things on any quote:
- What's included at that rate versus billed hourly on top
- Whose tools they are (yours or theirs) if you ever leave
How to vet a co-managed partner
The same rule applies as for any provider: check the claim at its source, not on the provider's own website.
Security depth matters most in a shared arrangement, because the provider gets deep access to your systems. Among the LA-area firms we verified, CyberDuo in Glendale and Alcala Consulting in Pasadena lead on security and CMMC compliance. Confirm every credential at the issuer before you weigh it.
One more caution from our research: some firms that rank for local IT searches have no Los Angeles office at all. One is based in Larnaca, Cyprus. Another serves "Pasadena, Texas." Confirm a street address you could drive to.
For the full ranked comparison and how we scored it, read the best managed IT providers in LA and our methodology. Still narrowing the field? Start with how to choose a managed IT provider.
Frequently asked
Is managed IT better than in-house IT?
Neither wins outright. It depends on your size and needs. For most LA small and midsize firms, an outside provider costs less than a full internal team and adds nights-and-weekends coverage that one or two employees can't; a larger firm with steady, specialized demands may justify in-house staff, or blend both through the co-managed model. We work through the math in is managed IT better than in-house.
What are the risks of using an MSP?
The main risks are lock-in from proprietary tools or contracts you can't exit cleanly, slow response when you're one account among hundreds, and exposure if the provider itself is breached. You lower all three by checking the response-time terms, your offboarding rights, and the provider's own security posture before you sign. We go deeper in the risks of using an MSP.