Netsafe Solutions delivers co-managed IT services to Charlotte-area businesses that have an internal IT team but need enterprise-grade security tooling, 24/7 monitoring, and specialized expertise that’s impractical to build in-house. We become the extended team your IT department couldn’t hire: providing SentinelOne endpoint detection and response and Black Point Cyber security operations center monitoring on endpoints (16-minute response) and Microsoft 365 tenant (7-minute response), NinjaOne remote monitoring and management for patch management, Microsoft 365 and Entra ID depth with delegated admin access, and structured escalation paths for incidents, security events, and Microsoft licensing questions. Pricing is per-device monthly, scoped to what you need us to cover. Your internal team keeps ownership; we provide the capabilities they can’t staff.
24/7Security operations center monitoring
16 minEndpoint threat response time
7 minMicrosoft 365 tenant response time
ItemizedTools, no forced bundles
What Is Co-Managed IT?
Co-managed IT is a partnership model between a business’s internal IT team and an external Managed Service Provider. The internal team keeps strategic ownership and day-to-day responsibilities; the managed service provider provides specific capabilities the internal team can’t cost-effectively deliver themselves: typically 24/7 monitoring, enterprise security tooling, Microsoft 365 depth, compliance documentation, and after-hours coverage.
24/7 coverage: your two-person IT team can’t staff a 24/7 security operations center
Enterprise-grade tools: SentinelOne, Black Point Cyber security operations center, Checkpoint Harmony, Purview DLP require licensing budgets that only make sense at managed service provider scale
Specialist knowledge: deep Entra ID, Intune, Conditional Access, or Azure work isn’t worth full-time internal staffing when you need it 10-20 hours a month
Vacation and turnover coverage: what happens when your IT director takes two weeks off?
Cyber insurance requirements: carriers increasingly demand specific tools (multi-factor authentication, endpoint detection and response, immutable backup, security operations center) that cost more to deploy than most internal teams can justify
What it isn’t: Co-managed is not full outsourcing and not IT staff replacement. Your internal team stays. You define which workstreams Netsafe owns (security monitoring, Microsoft 365 admin, patch management) and which stay internal (user support, strategic planning, vendor management, internal applications). The division is flexible and adjusts as your team grows or shifts priorities.
What we cover in co-managed engagements.
Each engagement is scoped to the gaps in your current internal IT setup. These are the four areas most co-managed clients ask us to handle.
Around-the-clock security coverage
Your internal IT team works business hours. Attackers do not. We provide 24/7 security operations center coverage with Black Point Cyber analysts watching for ransomware, account takeovers, and lateral movement across your endpoints and Microsoft 365 tenant. Average response is 16 minutes for endpoint threats and 7 minutes for cloud tenant threats.
Microsoft 365 administration depth
Microsoft 365 is a full-time specialty most internal IT teams cannot go deep on. We provide delegated admin access, Entra ID conditional access policy management, Intune device management, Microsoft Purview data protection, and ongoing tenant administration. Quarterly licensing review catches unused or wrong-tier licenses.
Patch management and security tooling
Keeping a mixed fleet patched is a full-time job. We handle Windows, macOS, and Linux patching plus 200-plus third-party applications through NinjaOne. SentinelOne endpoint detection and response on every device. DefensX content filtering. BitLocker encryption verified via Intune. All deployed, monitored, and reported on.
Compliance, overflow, and advisory
Internal teams often lack bandwidth for compliance documentation, after-hours response, and platform migration projects. We provide quarterly Secure Score reporting, cyber insurance questionnaire support, after-hours emergency response, vacation coverage, and technology advisory scoped to specific topics.
How co-managed pricing works.
Co-managed pricing is not a per-device monthly rate. It is itemized around the specific capabilities your internal team needs us to cover.
Per endpoint
SentinelOne endpoint detection and response, Black Point Cyber security operations center monitoring, NinjaOne remote management, DefensX content filtering. Each priced individually so you only pay for the layers you need.
Per mailbox
Microsoft 365 tenant administration, Black Point Cyber tenant monitoring, Checkpoint Harmony email security. Sourced through Pax8 at Microsoft MSRP, no markup on licensing itself.
Per engagement
Compliance documentation, after-hours response tier, advisory hours, project capacity. Scoped per agreement based on what your internal team handles versus what we cover.
No forced bundles. Most co-managed engagements come in well under what hiring a single additional in-house IT specialist would cost.
Frequently Asked Questions
How is co-managed different from hiring a consultant?
A consultant delivers a specific engagement and leaves. Co-managed is an ongoing partnership with persistent access, continuous monitoring, and quarterly business rhythm. When your firewall alerts fire at 2 AM, a consultant isn’t picking up. Co-managed means you have a team that is.
Will Netsafe replace or work around our internal IT team?
Neither. Co-managed is structured to augment, not replace. Our work division is documented at engagement start: specific workstreams we own, specific workstreams your team owns, and how joint work is coordinated. For internal IT leaders, co-managed typically relieves the highest-friction work (security operations center, patching, compliance documentation, off-hours) so your team can focus on user-facing support, internal applications, and strategy.
Does your team have access to everything in our environment?
No: we have delegated admin access-scoped delegated admin to your Microsoft 365 tenant with read and write scopes only for the services we manage. We don’t have global admin. We don’t see every user’s inbox, every file, or every document. Access is audit-logged, role-scoped, and time-limited. Your internal team keeps full global admin access; Netsafe admin access is what HIPAA, security operations center 2, and cyber insurance questionnaires call “least-privilege” access.
What if we already have endpoint detection and response or a different security stack?
We scope to your actual state. If you’re running CrowdStrike, we work alongside it rather than forcing a change: though in some cases replacement makes sense and we’ll say so in the scoping conversation. The goal is to close capability gaps, not to force your team onto our preferred tools when what you have already works.
How do we divide responsibility for user-facing support?
Typical model: your team handles Tier 1 user support (password resets, printer problems, basic troubleshooting, software requests). Netsafe handles Tier 2/3 escalations that require dee. For businesses that want us to also cover user support, we can: but most co-managed engagements keep user support internal since your team is already the face to users.
What happens if our IT director leaves?
Co-managed continuity is a real benefit. If your IT leadership turns over, Netsafe provides documentation, runbooks, and stack continuity: the new IT director inherits an already-functional environment, not chaos. Some co-managed clients bring us deeper temporarily during IT leadership transitions, then scale back when the new leader is settled.
Can we start co-managed and convert to fully managed later?
Yes. Some clients start co-managed, find the model works well, and gradually expand scope until Netsafe is effectively running IT: others stay co-managed indefinitely. The reverse also happens: fully managed clients occasionally build internal IT capability and shift to co-managed. The engagement model adapts.
What’s the minimum engagement size for co-managed?
Typically 25+ devices (workstations + servers + laptops combined). Below that scale, fully managed services are usually more economical because the overhead of maintaining a division-of-work conversation isn’t justified. We’re happy to have that conversation if you’re close to the threshold.
Do you work with internal IT teams that have a specific PSA or ticketing system?
Yes. We can integrate with your internal team’s PSA (HubSpot, Zendesk, ConnectWise Manage, Autotask, Freshservice, ServiceNow) for ticket handoff and communication. If you don’t have one, we’ll use HubSpot Service Hub as our side. The specifics get documented in the engagement kickoff.
Let’s complement your IT team.
Tell us what your internal IT lead handles and where the gaps are. We will scope a co-managed engagement that augments your team without stepping on toes.
Always quick to respond and solve any problem, which is crucial in the business world!
CJ A.Sep 2025 · Google
★★★★★
Netsafe Solutions has provided fast and courteous help on a regular basis. I have been pleased with the promptness of their service.
Michael T.Jun 2025 · Google
★★★★★
Netsafe has been extremely helpful and we rely on them for answers to all of our IT issues. They are always there with great advice and cost effective solutions. I have worked closely with Jonathan now for many years and I really appreciate all of the hard work he puts in and is knowledgeable about many things!
