Tuesday morning. Email stops working. You call your IT partner. No answer. You submit a ticket. Two hours later: "We're looking into it." Wednesday — still open. Thursday — turns out the only person who knows your environment is on holiday.
If this sounds familiar, you're not alone.
Thousands of SMBs are in a situation where their entire IT environment is in the hands of one external partner. Admin credentials are in the partner's name. There's no documentation. Nobody in-house knows how anything is configured. And when something breaks, the only option is to wait.
This isn't a partnership. It's a dependency.
How you end up in this situation
Usually, it's not a conspiracy. It happens gradually. The company grows, IT needs increase, and at some point someone says: "Let's just give it all to the IT company." Sounds logical. But years later you realise that:
Admin credentials are held by the partner — not you.
Licences go through the partner, and you don't really know what you're paying for.
Documentation lives in the partner's head or their internal systems only.
Configurations are done "their way", not according to standards.
Switching has been made practically impossible without a massive project.
This isn't accidental. It's a business model where leaving is made so difficult that nobody bothers. The partner knows this. You should too.
What a "self-sustaining IT environment" actually means
You don't need to be an IT expert. A self-sustaining IT environment doesn't mean you do everything yourself. It means you're not held hostage by one provider. If the partner disappears tomorrow, your environment still works — and someone else can take over.
In practice, this comes down to five things:
1. Admin credentials and ownership are yours
This is number one. The Microsoft 365 tenant Global Admin, domain registrar, DNS settings, firewall admin panel — all of this needs to be in your name and under your control. The partner gets access, not ownership.
Check this today. If you can't log into your own M365 admin centre without the partner's help, you're already in a dangerous position.
2. Documentation exists and is up to date
Written documentation of your environment should include at least:
Network map — what devices and services are in use and how they connect.
Credential management — who owns which account and where passwords are stored.
Licences — what's been purchased, from where, for whom, and when it renews.
Configurations — Conditional Access rules, Intune profiles, Exchange settings, firewall rules.
Processes — how to add a new employee, how to remove a departing one, how to handle a security incident.
If your partner hasn't delivered this kind of document, ask for it. If they won't provide it, you know why: without documentation, they're irreplaceable. That's part of the lock-in strategy.
3. Licences are directly in your name
M365 licences can be purchased directly from Microsoft or through an authorised CSP reseller. In both cases, the key point is that the tenant is in your name and you know exactly what you're paying for.
I've seen situations where a partner bills for E5 licences but the tenant has E3. Or licences are being paid for people who left the company six months ago. When you can't see what you're paying, you can't know if you're paying for the right thing.
4. The environment follows standards, not the partner's habits
Microsoft has clear best practice recommendations for M365 environments: naming conventions, Conditional Access baselines, Intune management profiles, Exchange protections. This is all public information.
When an environment is built according to standards, any competent professional can pick up where the previous one left off. When it's built "our way", it becomes a black box that only the original builder understands.
Rule of thumb: If a new IT person can't understand your environment within two days using the documentation, the environment isn't well built. It's built inside one person's head.
5. There's at least some internal knowledge
You don't need a full-time IT person. But someone in your organisation should understand the basics: how to add a user, how to reset a password, how to create a Teams group, where documents are stored.
This person isn't an "IT manager" in the old sense. They're a liaison — someone who knows enough to understand what the partner is doing and why. Without this link, the partner can say anything, and nobody can question it.
How to move from your current state to a managed environment
This isn't an overnight project, but it's not impossible either. The order matters:
Phase 1: Assess the current state
Find out what you have, who owns what, and what condition the environment is in. This is the step where you need an independent eye — not the partner evaluating their own work.
Phase 2: Take control of critical credentials
Global Admin in M365, domain management, DNS — these first. If the partner resists, that tells you more than a thousand words.
Phase 3: Demand documentation
All configurations, access models, processes. If they don't exist, they need to be created. This is an investment that pays for itself in the future.
Phase 4: Standardise the environment
Move configurations towards Microsoft and industry standards. Not because the partner's way is necessarily bad, but because standards make the environment portable.
Phase 5: Build internal understanding
Train that one key person. They don't need to know how to configure Conditional Access rules, but they need to understand what they are and why they exist.
"But our partner is good"
Maybe they are. And that's great. But you need to be able to switch even a good partner. It's the only way to ensure the partnership stays healthy.
The best IT partner is one you stay with because you want to — not because you're forced to. And a good partner understands this. They give you the keys. They document their work. They hide nothing.
If your partner does all of this, congratulations — you're in the minority. Hold on to them.
What self-sustainability doesn't mean
It doesn't mean ditching your partner entirely. It means the partner is a choice, not a necessity. You use a partner because they add value — not because everything collapses without them.
At its best, an IT partnership is like a good accountant: you handle the daily tasks yourself, and the expert helps with the complex situations. Nobody gives their accountant their bank credentials and says "handle everything." The same logic applies to IT.
Summary
An IT environment that stands on its own feet isn't a utopia. It's a basic requirement that needs three concrete things: ownership of credentials, written documentation, and an environment built on standards.
Partner-independent IT doesn't mean abandoning partners. It means you have the freedom to choose — and that freedom is the foundation of every healthy partnership.
If your IT environment can't function without one specific person or company, it's not an environment. It's a risk.
Want to find out how dependent your IT environment is on your current partner? An independent IT assessment will tell you — no agenda attached.