Many Managed Service Providers (MSPs) operate as "alert factories." They buy a monitoring tool, install it on your network, and then forward you the emails when something breaks. That is not management; that is spam.
If you are evaluating an MSP/MSSP, ask these five questions:
1. "Can you show me your runbooks?"
If they don't have documented procedures for how to handle a server outage or a security incident specific to your environment, they are winging it.
2. "How do you handle patching?"
"We automate it" is a bad answer. Automation breaks things. The right answer creates test groups (Pilot, Canary, Production) and validates patches before global rollout.
3. "What acts of proactive maintenance did you perform last month?"
If their monthly report only lists "Tickets Resolved," they are reactive. Value comes from "Optimized firewall rules," "Cleared disk space before it filled," or "Updated documentation."
4. "Who owns the tools?"
If you leave the MSP, do you lose all your logs and monitoring history? You should own the data.
5. "How do you secure your own environment?"
MSPs are high-value targets for ransomware. Ask about their own MFA, their own segmentation, and their own audits.