Business owner at desk urgently working through IT emergency after provider closure
Managed IT

What to Do When Your IT Company Goes Under

PN
Peter Nelson
· · 10 min read

Your IT provider has closed without warning. Here is exactly what to do in the first 24 hours, what to protect, and how to get your business back on solid ground fast.

It does not happen often — but it does happen. An IT provider announces they are closing. Or more commonly: you try to call your IT company and no one answers. Emails go unanswered. You discover through a Google search, a LinkedIn post, or an out-of-office message that the business has ceased to operate.

This is a genuinely stressful situation. But it is recoverable — and the businesses that come through it without serious damage are the ones who move quickly and in the right order.

Here is exactly what to do.

How IT Company Closures Actually Happen

They rarely happen with advance warning. The most common scenarios:

The “silent close”: The company simply stops answering. Staff leave. Tickets go unresolved. You discover the truth gradually over days or weeks.

The sudden announcement: An email or phone call announcing the business is closing, often with a 30-day notice or less. If you are lucky, there is a handover plan. Usually there is not.

The acquisition that goes wrong: Your provider is acquired by another company. The support team changes, the service model changes, and what you bought no longer exists — even though the contract technically continues.

The key person departure: The provider was essentially one or two people. They leave, get sick, or have a personal crisis. The business functionally collapses even if it remains nominally open.

In all of these scenarios, your immediate risks are the same.

The Immediate Risks — and the Order to Address Them

1. Loss of access to your own systems (Critical — first 24 hours)

If your provider held admin credentials to your systems and they are now unreachable, you may be locked out of your own infrastructure. This is the most urgent risk because everything else depends on access.

What to check immediately:

  • Can you log in to your domain registrar account?
  • Do you have Global Admin access to your Microsoft 365 tenant?
  • Do you know your firewall admin credentials?
  • Can you access your backup console?
  • Do you have admin credentials to your server (if you have one)?

If you do not have these, this is your first call to make — to Microsoft, to your domain registrar, and to any other service where your provider was the administrator. Start with Microsoft 365, because email is usually the most critical dependency.

Microsoft 365 admin recovery: If your provider was a CSP (Cloud Solution Provider) partner and held admin rights, Microsoft has a formal process for administrative takeover if you are the registered domain owner. A new IT provider can initiate this process on your behalf. It typically takes 24–48 hours.

Domain recovery: Contact your domain registrar directly. If the domain is registered in your business name and your business is the registered contact, you can initiate a change of account credentials. Most major registrars (Crazy Domains, GoDaddy, VentraIP, Melbourne IT) have recovery processes for exactly this scenario.

2. Unmonitored security tools (Urgent — within 48 hours)

Your current security tools — endpoint protection, firewall monitoring, email security — were likely managed through your provider’s console. When they close, those tools may continue running but with no one watching them. Or they may have already lapsed.

What to verify:

  • Is your EDR (endpoint protection) still active and reporting?
  • Is your email security filtering still functioning? (Test by checking if emails are being delivered and filtered normally)
  • Is your firewall still operating with its last known configuration?
  • Are your backup jobs still running?

The critical point about security: a gap in managed security coverage does not immediately cause a breach. But it creates a window of elevated risk that needs to be closed as quickly as possible. Prioritise getting a new provider to assume management of your security tools, or temporarily reverting to a known-safe configuration you control.

3. Unverified backups (Urgent — within 48 hours)

If your provider was managing your backups, you may have no visibility into whether they are still running and whether they are valid. The worst-case scenario: you have been operating without working backups without knowing it.

What to verify:

  • Log in to your backup software console directly (if you have credentials)
  • Check the date of the most recent successful backup
  • If you cannot access the backup console, contact the backup vendor directly (Veeam, Acronis, Datto, Backblaze — whoever your provider used)
  • If you cannot determine backup status, treat your data as unprotected until verified

4. Expiring licences and vendor relationships (Important — within 7 days)

Your provider may have been billing you for software licences and paying vendors on your behalf — including Microsoft 365, security software, backup storage, or internet services. When they close, these billing relationships may lapse.

What to audit:

  • Microsoft 365 billing — is it being billed to your credit card directly, or through your provider’s account? If through the provider, you need to transfer the subscription to direct billing or a new CSP.
  • Backup storage subscriptions
  • Security software licences (EDR, email security)
  • Any internet service or phone system that your provider managed billing for

Most of these services have a grace period before they are cancelled, but you need to identify and address them before that window closes.

What Belongs to You — and How to Recover It

The most important thing to understand in this situation: your IT assets belong to your business, not your provider.

Your domain name — If your business is the registered owner (not your provider), the domain is yours. Even if your provider registered it on your behalf, you are entitled to full control of the registration. Contact the registrar with your ABN and business details if the provider is unreachable.

Your Microsoft 365 tenant — The tenant belongs to the business that owns the verified domain. Microsoft has clear policies about administrative takeover. A new provider can assist with this process.

Your email history and data — Everything in your Microsoft 365 environment is your data. It does not disappear when your provider closes. Your access to it depends on having admin credentials to the tenant — see the access recovery steps above.

Your backups — Even if stored in your provider’s cloud account, your backup data is yours. Contact the backup vendor directly to have the account transferred to your control.

Your firewall and network equipment — Any hardware purchased and installed in your premises is your property. Configuration data is your intellectual property. Some providers hold firewall admin passwords — you are entitled to these, and most firewall vendors have recovery processes if you cannot get them.

The 48-Hour Action Plan

If you discover your IT provider has closed — or is about to close — move through this sequence:

Hour 1–4:

  1. Attempt to contact your provider by phone, email, and any emergency number
  2. Document everything — screenshots of unanswered calls, bounced emails, any communication received
  3. Check your domain registrar access — can you log in?
  4. Check your Microsoft 365 admin access — can you get in?
  5. If you cannot access either: call a new IT provider immediately — this is an emergency

Hour 4–24: 6. If you have a working relationship with a new provider, grant them access to begin assessment 7. Verify your backups are running and recent 8. Confirm your security tools (EDR, email security) are still active 9. Check your Microsoft 365 billing status 10. Begin documenting every system in your environment that you know about

Day 2–7: 11. Transfer Microsoft 365 CSP billing if needed 12. Recover domain admin access 13. Identify and transfer any licences at risk of lapsing 14. Review firewall configuration and ensure you have admin access 15. Commission a full environment audit from your new provider

Choosing a New Provider Under Pressure

The worst thing you can do in this situation is choose a new IT provider in a panic and get it wrong twice. A few principles for choosing quickly but well:

Prioritise local and experienced with transitions. You need someone who can be on-site quickly and who has managed emergency onboardings before. A provider who takes weeks to mobilise is not suitable for this situation.

Ask specifically: “Have you managed emergency onboardings from provider closures?” A provider who has done this before has processes for exactly these scenarios. One who has not will be learning on your time.

Be wary of anyone who discourages an audit first. A reputable provider will want to assess your environment before committing — because they do not want to inherit an unknown environment any more than you want to hand one over. If someone is willing to take you on without any assessment, that is a concern, not a reassurance.

Use a trial period where possible. Given the circumstances, a reasonable provider will agree to a short-term or month-to-month arrangement to start, to allow you to verify the service before committing long-term.

Preventing This From Happening Again

Once you have stabilised, there are structural protections worth putting in place to ensure you are never in this position again:

Own your credentials directly. Every system your business depends on should have admin credentials registered to your business, in a password manager your business controls. Not stored in your provider’s brain.

Know your registrars and vendors. Keep a record of who every subscription is billed through, with account numbers and login details. This should be reviewed annually.

Have a documented IT environment. A simple asset register — list of devices, software, domains, subscriptions, and their owner credentials — is the most valuable document your business can have when something goes wrong.

Understand your contract exit terms. Your managed IT agreement should specify clear timelines for data and credential return on exit. If it does not, that is a negotiation point before you sign.

Consider a business continuity plan that includes IT provider failure. Most continuity plans cover server failures and ransomware. Very few cover IT provider collapse — even though it is a genuine, if infrequent, risk.

If You Are in This Situation Right Now

If you are reading this because your IT provider has just closed and you need help, the first thing to do is call us. We have managed emergency onboardings and provider transitions many times.

We will start with access recovery — getting you back into your own systems — and work through the assessment from there. Contact us now or book a same-day call.

If you are reading this as a precaution, it is worth reviewing the pre-switch checklist on our switching page and ensuring you have direct access to all your critical systems. The best time to verify this is before it becomes urgent.

Written by Peter Nelson Founder & Managing Director

26 years IT experience. ASD Cyber Security Partner. Essential Eight and SMB1001 specialist. Deep expertise in accounting and legal practice management software.

Last updated: Reviewed by: CX IT Services Editorial Team

Related Articles

Free Clarity Call

Want to Talk Through What This Means for Your Business?

Book a free 15-minute Right Fit Call. No obligation - just a straight conversation about your IT situation.

  • No lock-in contracts - ever
  • Valued at $250 - completely free
  • 4.5-star Google rated
  • Answer in 60 seconds or less

See If You Qualify

Takes 2 minutes · No obligation · Free

Apply Now
4.5 Google Rated No Lock-In Contracts