IT SERVICES FAQ
The questions clients ask before, during, and after onboarding.
Grouped by topic, with the practical answers up front.
This IT services FAQ is a reference for the questions that come up most often. Skip to whichever section is on your mind. If your question is not here, ask us directly.
- Practical answers, not boilerplate
- Updated as the questions evolve
- Your specific environment may differ
The questions that come up most often, grouped by topic. Use the section links below to jump to the area you care about. If your question is not here, ask us directly through the form at the bottom of the page.
Your IT services FAQ explained.
General
The general questions in this IT services FAQ cover what we do, who we work with, where the team is based, and how we are certified.
What does NetSafe Solutions actually do?
We run managed IT services, cybersecurity, Microsoft 365 management, and project work for Charlotte-area businesses. The full list of services is on the managed IT services page; the pricing breakdown is on the pricing guide. We have been doing this work in the Charlotte market since 2003.
What size businesses do you work with?
Five to one thousand users. Most of our clients are between 25 and 250: small enough that one IT shop covers everything, big enough that having no IT is not an option. We work across professional services, healthcare, manufacturing, construction, financial services, and nonprofits.
Where are your technicians based?
Charlotte. The team works out of our office at McAlpine Park Drive in south Charlotte, with technicians on the road across the metro and into the Carolinas as needed. The helpdesk team that picks up the phone is the same team that visits client sites; we do not outsource the front line to a call center.
Are you certified for the major platforms?
Yes. Microsoft Partner since 2003, with active certifications across Microsoft 365, Azure, Entra ID, and the security stack. Active vendor relationships with Pax8, NinjaOne, SentinelOne, DefensX, Checkpoint, Black Point Cyber, and Ubiquiti among others.
Managed IT services
Cost structure, what is included in the rate, onboarding, and contract questions live in this section of the IT services FAQ.
What is the difference between managed IT services and break-fix?
Break-fix means you pay each time something breaks. Managed IT services keep things from breaking in the first place, for a flat per-device monthly rate. Predictable cost, less downtime, and a team that knows your environment instead of one that has to learn it from scratch every time you call.
How much does it cost per month?
Three layers, all itemized on the invoice. Per-device monthly rate for the management work; security tool licenses billed per device or per mailbox depending on the tool; Microsoft 365 licensing per mailbox at Microsoft retail through Pax8. The full breakdown is on the pricing guide; for an actual number for your environment, talk to us.
What is included in the per-device monthly rate?
Unlimited remote help desk during business hours, ongoing patch management on workstations and servers, asset and warranty tracking, network and endpoint monitoring, security baseline enforcement, and ongoing management of every tool we deploy. On-site work is available as time and materials.
Do you support businesses that already have internal IT?
Yes. We run a co-managed engagement shape where your internal IT keeps day-to-day responsibility for what they want to keep, and we layer in the parts they need help with: 24/7 monitoring, security operations, Microsoft 365 administration depth, after-hours coverage, project capacity, or vacation backfill.
How long does onboarding take?
Most onboardings run two to four weeks from contract signature to fully operational. Asset discovery and access provisioning in week one; tooling rollout in week two; documentation and security baseline in week three; formal handoff and live runbook in week four.
Do I have to sign a long-term contract?
Standard one-year service agreement, which is industry-norm. Most individual tools in the stack are month-to-month, so you are never locked into specific technology that stops working for you.
Do you handle backup and disaster recovery?
Yes, and we test it. Our backup and disaster recovery includes immutable offsite copies that ransomware cannot encrypt, quarterly restore tests against real data, recovery time objectives agreed in writing, and Microsoft 365 backup as part of managed IT services. The point is simple: you find out the backup works before you need it, not after. Full detail on the backup and disaster recovery page.
Do you provide IT strategy or virtual Chief Information Officer (vCIO) guidance?
Yes. Our virtual Chief Information Officer (vCIO) program gives you executive IT strategy without the executive hire. It runs two workstreams: strategic reviews, quarterly by default, covering roadmap, risk, and alignment to your business goals; and IT spend management to optimize license spend and consolidate vendors. Full detail on the virtual CIO services page.
Cybersecurity
Endpoint protection, security operations center coverage, and cyber-insurance questions are answered in this part of the IT services FAQ.
What does the security operations center actually do?
Black Point Cyber analysts watch alerts from your endpoints and Microsoft 365 tenant around the clock. When something real happens, they isolate the affected device, contain the threat, and escalate to our team. Sixteen-minute average response on endpoint threats, seven-minute response on tenant threats. The full coverage detail is on the managed detection and response page.
What is the difference between antivirus and endpoint detection and response?
Antivirus matches files against a list of known threats. Endpoint detection and response watches what software is doing on a device in real time and flags or stops behavior that looks malicious even when it has never been seen before.
Why dual coverage on endpoints AND Microsoft 365?
The attack patterns we see most often start with an account takeover in the cloud tenant, not a workstation infection. A user clicks a phishing link, the attacker gets into the mailbox, sets a forwarding rule, and works from there. Endpoint-only coverage misses the whole sequence; tenant monitoring is what catches it.
Can we keep our existing endpoint detection tool?
Yes. The security operations center adds the human analyst layer on top of whatever endpoint detection and response is already in place. We will validate that the tool surfaces the signals the analysts need, and recommend changes only if there is a real gap.
How does this support our cyber insurance application?
Most cyber insurance applications now ask whether continuous monitoring is in place. An active managed detection and response engagement is the documented control. We can provide the carrier the engagement letter, scope of monitoring, response time service levels, and incident reports needed for the application or renewal questionnaire.
Do you provide security awareness training and phishing simulations?
Yes. Most breaches now start with a person rather than a server, so we run continuous security awareness training: monthly phishing simulations and short three to five minute modules, with completion records your auditor or cyber insurance carrier can use. It runs every month, not as an annual click-through. Full detail on the security awareness training page.
Microsoft 365 and email
Licensing, migrations from Exchange or Google Workspace, tenant security, and Teams Phone questions in this part of the IT services FAQ.
Will you handle our Microsoft 365 licensing?
Yes, through Pax8 at Microsoft retail. We do not mark up the licensing; we provide the management on top. Most clients run their entire business on Microsoft 365.
What if we are still on on-premises Exchange or Google Workspace?
Migration projects are scoped as fixed-fee engagements. From-Exchange or from-Google migrations typically run two to five weeks depending on mailbox count and complexity. Mail flow stays intact through the cutover; we do not require an outage for the migration.
How do you secure the Microsoft 365 tenant?
Multi-factor authentication, conditional access, audit logging, and sender policy framework alignment by default. Add-on tools (Checkpoint Harmony for advanced email security, Defender for Business for endpoint, Microsoft Purview for data protection) layered as the environment warrants. Target Microsoft Secure Score of 70% or higher across managed tenants.
What about Teams Phone?
Teams Phone is the only phone system we deploy for new installs. Number porting, call-flow design, calling plan or direct routing decision, and end-user training all part of the implementation engagement. The full breakdown is on the business phone systems page.
Compliance and audits
Compliance frameworks (HIPAA, payment card, Service Organization Controls 2, CMMC), Business Associate Agreements, and audit-prep questions in the IT services FAQ.
Do you sign Business Associate Agreements?
Yes, on every healthcare engagement, before any access provisioning. The Business Associate Agreement is the contractual instrument that allows us to handle systems that touch protected health information.
What compliance frameworks do you handle?
HIPAA and payment card requirements we run end-to-end (we implement controls, write policies, own the documentation). Service Organization Controls 2 and CMMC we coordinate on (an outside audit firm runs the assessment; we do the IT-side management and remediation that earns the report). Full breakdown on the compliance services page.
How do you keep documentation current for audits?
The records auditors ask for run on a documented cadence: workforce training, access reviews, audit log retention, and incident response runbooks. Not assembled in a sprint at audit time. The records exist before the request.
Can you support cyber insurance applications and renewals?
Yes. The controls cyber insurance carriers ask about (multi-factor authentication, audit logging, monitoring, training, encryption) are deployed and documented as a default. We can fill out the carrier questionnaire directly using the engagement records when asked.
Help desk and support
How fast we respond, where tickets go, after-hours coverage, and on-site escalation are answered in this stretch of the IT services FAQ.
How fast do you respond to tickets?
Critical issues get an immediate response during business hours. Standard tickets are usually resolved the same day. About 98% of tickets get fixed without leaving the office, so response times stay short.
Where do tickets go?
Email, phone, or our portal. They land in the same queue regardless of how they are submitted. The technician handling the ticket has access to the documented runbook for your environment, so the resolution is informed by what is actually deployed rather than guessed at.
Do you handle after-hours emergencies?
After-hours coverage is part of the engagement when the business operates outside business hours. For active managed clients, critical incidents (active security event, total network outage) get worked in real time regardless of clock. Standard non-critical tickets opened after hours go to the queue for next-business-day response unless the engagement covers them.
What if you cannot fix it remotely?
On-site dispatch happens when remote troubleshooting cannot resolve the issue. About 2% of tickets require an on-site visit; the rest get fixed without anyone leaving the office. On-site work is billed time and materials, always approved before we drive out.
Network, project work, and assessments
Cabling, wireless installs, security cameras, network assessments, and project quoting questions in this section of the IT services FAQ.
Do you actually pull cable?
No. We manage the project, design the cable plant, coordinate the install, run quality assurance, certify the result, and produce the documentation. The physical pulls are done by long-standing licensed low-voltage partner contractors. Full detail on the structured cabling page.
What kind of wireless do you install?
Ubiquiti UniFi for new deployments. We will support Cisco Meraki, Aruba, Ruckus, and other professional platforms when the existing fleet calls for it; for new installs the answer is Ubiquiti. Full detail on the wireless networking page.
What about security cameras?
Ubiquiti UniFi Protect only. The integration with the rest of the UniFi network stack and the absence of per-camera monthly fees are the reasons. Full detail on the security cameras page.
Can you do a network assessment?
Yes, as a project-shaped engagement open to anyone. Six-area review (audit, wireless, security, performance, cabling, capacity), one to two weeks elapsed time, written report with severity-tagged findings. The security gap analysis is a deeper companion engagement, available to active managed clients only because the data sources need to be already connected.
How do project quotes work?
Fixed-fee per project, scoped against the deliverable, quoted in writing before any work begins. Hardware sourced and itemized separately. 30-day post-project warranty included on every engagement. Active managed clients get 10 to 15 percent off standalone project rates.
Do you support printers and print fleets?
Yes, with a clear split. The day-to-day lives with our IT help desk: drivers, print queues, network connectivity, scan workflows, and printer security. Hardware sales, leases, warranty service, mechanical repair, and toner live with our trusted print-fleet partner, with no markup on either side. Full detail on the printer support page.
AI, automation, and custom development
This section of the IT services FAQ covers the artificial intelligence (AI), automation, and custom development work we take on. It is the part of the business behind most of our case studies.
Do you build custom software, or only manage off-the-shelf tools?
Both. Alongside managed IT services we have an in-house Charlotte development team that builds custom internal tools, integrations, and automation. A lot of our case study work is software we wrote: an asset-tracking platform across 120 sites, a tool that migrated a client off a retiring file-sync product, and the helpdesk our own team runs on. The team that scopes the build is the team that ships it, with no offshore subcontractor behind us. More on the AI services page.
What kind of artificial intelligence (AI) work do you take on?
Four kinds. Strategy and education sessions for your leadership on where AI fits and where it does not. Custom development using the Claude application programming interface (API) and other models, with agents tailored to a specific workflow. Model Context Protocol (MCP) servers that connect an AI assistant to your real business systems. And software as a service (SaaS) replacement, where a custom build removes a recurring subscription. We run AI in our own production systems every day, so the advice comes from doing the work, not reselling a platform.
Can custom development really replace software as a service (SaaS) subscriptions we already pay for?
Sometimes, and that is where the strongest return tends to be. Many subscriptions exist because building the same thing in-house used to take months. With AI assisting development, work that took weeks now takes days, so a build can pay for itself inside a year. We did exactly this with our own helpdesk, replacing a subscription platform and cutting about $57,000 a year. We only recommend it when the math is clear. When your current tool is well priced and fits how you work, we tell you to keep it.
What is a Model Context Protocol (MCP) server, and would we need one?
Model Context Protocol (MCP) is the open standard that lets an AI assistant connect to outside tools and data. An MCP server links an assistant such as Claude to your specific systems, your customer records, your ticketing, your databases, so it can answer questions and take action against real data instead of guessing from a prompt. Most businesses do not need one yet. The ones that do can replace several point tools with a single conversational interface.
Can you connect systems that do not talk to each other?
Yes. A lot of day-to-day friction comes from data living in separate tools: sales in one, operations in another, finance in a third. We build the application programming interface (API) integrations that move records between them and the small custom layers that pull live data across systems. One of our case studies connects every system in a client environment through its API to drive a single gap analysis. Full detail on the business process automation page.
Is our data safe if we use AI?
Security comes first in this work, the same as everywhere else we operate. We are vendor neutral on AI tools, with no resell incentive, so the recommendation matches what your business needs and what your data governance allows. We design these builds so business data is handled under the controls you already require, and we will tell you when a use case is not appropriate for AI rather than force it.
Can you run a major migration or data center exit?
Yes. This is core project work and the source of several case studies. We have moved a nonprofit out of its data center into Microsoft 365, migrated a manufacturer from Box to SharePoint, moved clients off GoDaddy Microsoft 365 into a directly owned tenant, and planned a path off VMware after the Broadcom acquisition. Each one was scoped and quoted in writing before any work began. See the cloud migration page and our case studies.
Choosing a managed services provider
Use this part of the IT services FAQ when you are comparing NetSafe against other managed services providers and want to see how we line up against your shortlist.
What questions should I ask before signing with any managed services provider?
Ask about the per-device monthly rate, what is and is not bundled, how on-site work is priced, contract length, what tools are deployed and whether you keep them if you leave, and how the provider handles security incidents. The honest providers will answer all of those directly without a sales runaround. We will.
How is NetSafe different from larger national providers?
Charlotte-based since 2003, smaller team that knows individual client environments, no offshore helpdesk, real partnerships with the vendors in our stack rather than a checkbox certification. The trade-off is we are not the right fit for environments that need 24/7 dedicated on-site staffing or thousand-plus-user enterprise scale.
What if we want to leave?
The standard one-year agreement has documented exit terms. Documentation is yours; the tools are mostly month-to-month so they continue with whoever you take the work to next. We will not hold your environment hostage to a contract.
Can we run a trial or pilot?
Most engagements start with a free scoping conversation, then a written proposal, then a signed agreement. We do not run formal “trials” because the work happens at the level of monitoring and security baseline, neither of which is a useful one-month pilot. We do start small (project work, gap analysis) for prospects who want to work together before committing to full managed services.
Have a different question?
If your question is not in this IT services FAQ, send it our way. The first conversation is free; we will give you a straight answer rather than a sales pitch. The questions we get most often eventually end up on this page.
Or call us:
(704) 333-0404
Serving 27 cities across the Carolinas
North Carolina
- Albemarle
- Charlotte
- Concord
- Cornelius
- Gastonia
- Greensboro
- Hickory
- Huntersville
- Kannapolis
- Lexington
- Matthews
- Monroe
- Mooresville
- Newton
- Salisbury
- Shelby
- Statesville
- Waxhaw
- Winston-Salem
South Carolina
- Chester
- Columbia
- Fort Mill
- Gaffney
- Lancaster
- Rock Hill
- Spartanburg
- York