The complete checklist of what to request, verify, and secure before you give notice to your outgoing IT provider — so you leave with everything that belongs to you.
Most Melbourne businesses discover what their IT provider controls — and what belongs to them — only when they try to leave. Some have an easy exit: the provider cooperates, credentials are transferred promptly, and the transition is clean. Others discover, too late, that their domain is registered in their provider’s account, their Microsoft 365 is billed through the provider’s CSP, and no documentation of their environment exists.
This checklist gives you everything to verify, request, and secure before you give notice — so you leave with everything that is yours.
Before You Give Notice: The Golden Rule
Do not give notice to your current IT provider until you have:
- Verified what you currently have access to
- Identified everything your provider controls on your behalf
- Chosen a replacement provider and agreed a transition plan
- Confirmed your notice period and any contract obligations
Giving notice before you are ready creates unnecessary risk. Once a provider knows you are leaving, some become less cooperative — not all, but enough that it is not worth the risk. Complete your preparation in parallel with your new provider, then give notice from a position of strength.
Part 1: Access Verification — What You Should Already Have
Before you think about exit, verify whether you currently have direct access to your critical systems. If you do not, this is as important to resolve as anything your provider needs to hand over.
Domain Registrar
- You know which registrar holds your domain (e.g. VentraIP, Crazy Domains, GoDaddy, Melbourne IT)
- You can log in to the registrar account directly with your own credentials
- Your business ABN or name — not your IT provider’s business — is the registered domain owner
- You know the domain renewal date and have a calendar reminder set
- You have access to all DNS records and can make changes if required
If your provider owns the registrar account in their name and you are listed as a contact only, you will need to initiate a registrar transfer before or as part of the exit process.
Microsoft 365
- You have a Global Administrator account in your Microsoft 365 tenant that is your own account (not a provider admin account)
- You know the full tenant domain name (yourbusiness.onmicrosoft.com)
- You understand how your Microsoft 365 licences are currently billed — directly to your credit card, or through your provider’s CSP account
- If billed through CSP: you know this needs to be transferred to direct billing or a new CSP relationship as part of the exit
Firewall and Network
- You know who manufactures your firewall (Cisco, Fortinet, SonicWall, Unifi, Meraki, etc.)
- You have — or can obtain — the admin credentials to the firewall management interface
- If your firewall is cloud-managed (Meraki, Ubiquiti), you have access to the management portal
Backups
- You know what backup software is in use (Veeam, Acronis, Datto, Backblaze, etc.)
- You can log in to the backup console directly
- You know where your offsite/cloud backups are stored and in which account
Part 2: What to Request From Your Provider on Exit
Once you have decided to leave — and have your transition plan ready — you are entitled to request a formal handover of the following. Put this request in writing.
Credentials and Access
- All domain registrar login details (or transfer of registrar account to your name)
- All DNS management credentials
- SSL certificate files and private keys for your website
- Microsoft 365 Global Admin credentials (or removal of provider admin accounts on request)
- Firewall admin credentials (username and password for the management interface)
- VPN configuration files and pre-shared keys
- Switch and wireless controller admin credentials
- Server admin credentials (local administrator and domain administrator, if applicable)
- Backup console admin credentials
- All third-party vendor portal access (internet provider, phone system, security platform)
Documentation
- Network diagram showing device layout, IP addressing, and connectivity
- Asset register — list of all devices with make, model, serial number, and warranty status
- Software inventory — list of all installed software and licence keys
- Vendor contact list — names, numbers, and account details for all third-party relationships
- Runbook — documented procedures for common IT tasks (e.g. adding a new staff member, printer setup)
- Password vault export (or credential list) — every managed credential the provider holds
Most providers operating in good faith will have most of this. Some will have less. The request itself serves two purposes: it gives you a clear list of what to chase, and it creates a paper trail if handover is obstructed.
Data
- Confirmation that no business data is held on third-party servers that will be decommissioned
- Export or access to any ticketing/support history relevant to your environment (useful for understanding recurring issues)
- Backup archive — if your provider hosted your backups in their infrastructure, you are entitled to a copy or transfer of those archives
- Microsoft 365 data — all data in Exchange, SharePoint, OneDrive, and Teams remains in your tenant; confirm you have admin access to all of it
Part 3: Contract and Notice Obligations
Notice Period
- Confirm the exact notice period required by your agreement (typically 30–90 days)
- Confirm whether notice must be given in writing and to which address
- Note the exact date your notice period ends — this is the date service formally concludes
- Check for any auto-renewal clause that may have already extended your contract term
Handover Obligations
- Confirm your agreement’s data return clause — what format, what timeline, what completeness
- If your agreement does not specify a handover obligation, note this and raise it explicitly in your notice letter
- Set a deadline for every handover item in writing — “please confirm transfer of domain registrar access by [date]”
Billing
- Identify every subscription billed through your provider’s account vs. directly to your business
- Microsoft 365 CSP billing: plan the transfer to direct billing or your new provider’s CSP before the end of the notice period
- Security software: confirm licence transfer or cancellation and re-purchase through new provider
- Internet service or VOIP billing: confirm whether these transfer automatically or need separate arrangements
Exit Fees
- Review your agreement for any exit fee clause
- Note whether exit fees are applicable in your circumstance (e.g. some fee clauses apply only if you exit within a minimum term, not after)
- If an exit fee is disputed, document your grounds and, if necessary, seek independent legal advice before paying
Part 4: How to Handle an Uncooperative Provider
Most Melbourne IT providers handle exits professionally. A minority do not. Here is what to do if your outgoing provider becomes obstructive:
If they delay or stall credential handover: Set a formal written deadline. State clearly that failure to provide credentials by that date will be referred to your legal advisor. Keep every communication in writing. If the deadline passes without action, escalate.
If they claim to own your domain: Domains registered with your business as the registrant belong to your business. Contact the registrar directly with proof of business ownership (ABN, business registration). Most registrars have a formal dispute process for exactly this scenario.
If they claim your Microsoft 365 tenant is theirs: It is not. Your Microsoft 365 tenant is identified by your verified domain. The domain is yours; the tenant follows. Microsoft has a technical process called “administrative takeover” that allows a domain owner to assume control of a tenant where the provider is unresponsive. A new MSP can initiate this.
If they threaten to delete your data: Deleting a client’s data on exit may constitute unlawful interference and destruction of property. Document the threat in writing, contact a lawyer, and contact Microsoft or the relevant vendor to freeze the account while the dispute is resolved.
Document everything: Every call, every email, every promise. If this escalates to a legal dispute, your documentation of what was requested and when will matter significantly.
Part 5: After the Exit — What to Verify
Once your new provider is in place and your old provider is removed, confirm these are complete:
- Old provider admin accounts removed from Microsoft 365
- Old provider remote management tools (RMM agents) uninstalled from all devices
- Old provider VPN access revoked
- Firewall management credentials changed from default handed-over credentials
- DNS updated to reflect new environment where needed
- All vendor relationships updated with new IT contact details
- Cyber insurance notified of provider change (some policies require this)
- Staff briefed on new helpdesk contact details and support process
This is the list most businesses forget in the relief of completing the transition. Do not skip it — your old provider retaining remote access to your environment post-exit is a genuine security risk.
How to Use This Checklist
Work through Parts 1 and 2 before you give notice. Parts 3 and 4 apply during and after notice. Part 5 is your final sign-off once the transition is complete.
The checklist is designed to be used alongside — not instead of — a structured transition process managed by your incoming IT provider. A good MSP will guide you through every item on this list as part of their onboarding.
If you want help working through this for your specific situation — or want a second opinion on whether your current provider’s exit terms are reasonable — book a free 15-minute call. We will give you an honest view, even if the outcome is not switching to us.
Related Resources
- How to Switch IT Providers Without Downtime — the full transition process guide
- Signs Your IT Provider is Letting You Down — how to know if it is time to switch
- What to Do When Your IT Company Goes Under — emergency guide for provider closure
- Full IT Switching Guide — CX IT Services — how we manage your transition
