Key takeaways
- MSP and IT managed services businesses trade at 4–8x EBITDA or 2–5x ARR depending on MRR quality, customer contract duration, and margin profile, sellers who understand which framework applies to their business negotiate more effectively.
- Vendor partner agreements (Microsoft, Cisco, ConnectWise, Datto) are often non-transferable or require re-certification under new ownership, losing a Microsoft SPLA or CSP agreement disrupts software licensing for every customer on that platform.
- Technical key-man risk is priced harder in MSP diligence than in almost any other service business: if the founder is the CTO, primary engineer, and main customer contact, buyers will require rollover equity and a 3–5 year stay as a condition of any institutional offer.
- SOC 2 Type II certification and documented security practices are becoming buyer expectations in MSP diligence, particularly when the customer base includes healthcare, financial services, or government accounts.
- Customer contract quality, multi-year agreements with auto-renew, standardized service levels, and documented pricing, is the most directly controllable valuation lever available to MSP founders in the 12–24 months before a sale.
In this article
- How MSP businesses are valued: MRR quality, margins, and the recurring revenue mix
- Vendor partner agreements: the transferability risk most founders miss
- Technical key-man risk: the most aggressively priced diligence variable
- Security posture and SOC 2 certification
- Customer contract preparation: the most controllable value lever
- Common mistakes MSP founders make before a sale
EBITDA multiple range
4–8x EBITDA for established MSPs; higher end for businesses with high MRR mix and multi-year contracts
MRR percentage threshold
Buyers target 60%+ of revenue as managed/recurring; below 50% is project-heavy and valued at a discount
Vendor partner risk
Cited as a material diligence issue in 40%+ of MSP transactions involving Microsoft or Cisco partnerships
The managed service provider (MSP) and IT managed services market has become one of the most active acquisition targets in the lower middle market. PE-backed MSP platforms are aggressively consolidating regional operators, and strategic acquirers (larger national MSPs, technology companies, and IT staffing businesses) are acquiring to expand geographic footprint and technical capabilities. For founders of MSP businesses in the $2M–$15M EBITDA range, demand from institutional buyers is real, but the path to a clean, full-value transaction requires preparation that goes well beyond financial reporting.
MSP and IT managed services businesses have specific M&A dynamics, vendor partner agreements that may not survive a change of ownership, technical key-man risk that buyers price aggressively, customer contract quality that drives multiples, and security posture requirements that are becoming table stakes, that differ significantly from general services or product company transactions. This guide covers what MSP founders need to know to maximize value and minimize diligence surprises.
How MSP businesses are valued: MRR quality, margins, and the recurring revenue mix
MSP buyers evaluate businesses on two frameworks, and which one they use depends on the revenue profile. Businesses with a high percentage of managed recurring revenue, where 60% or more of total revenue comes from multi-year managed service agreements billed monthly, are valued on a recurring revenue multiple (typically 2–5x ARR or an MRR-based equivalent). Businesses with a high project and break/fix revenue mix are valued on EBITDA multiples (typically 4–7x), with the managed revenue percentage applying a premium or discount to that multiple.
Gross margin on managed services agreements is the key operating leverage indicator. Well-run MSPs with standardized technology stacks generate 45–65% gross margins on managed services revenue. Businesses where gross margin is compressed below 35%, typically due to non-standard customer environments, high per-customer engineer time, or outdated PSA/RMM tooling, receive lower valuations because the operational leverage buyers expect from scale is absent.
Best-in-class MSP gross margin
50–65% on managed services revenue
Below this threshold
Below 40% managed services gross margin is a material diligence flag
Revenue per employee
Benchmark: $120K–$180K revenue per employee for a well-run MSP; below $90K suggests staffing inefficiency
Vendor partner agreements: the transferability risk most founders miss
MSP businesses depend on a network of vendor partner relationships, Microsoft CSP/SPLA, Cisco partner certifications, ConnectWise, Datto, SonicWall, VMware, and others, for software licensing, hardware distribution, and technical support. These agreements are negotiated between the vendor and the MSP entity, and most contain provisions that prohibit assignment or require re-certification under new ownership. In an M&A transaction, the risk is that a change of ownership triggers a review period or automatic termination of the vendor agreement.
The Microsoft CSP (Cloud Solution Provider) and SPLA (Service Provider License Agreement) programs are the highest-risk vendor relationships in most MSP transactions. Nearly every MSP bills Microsoft 365, Azure, or Intune licenses to customers through a CSP agreement. The CSP tier structure (Direct vs. Indirect Tier 1 vs. Tier 2) determines how the MSP purchases licenses from Microsoft. A change of ownership, particularly from a founder-owned entity to a PE-backed platform, may require Microsoft to re-evaluate the MSP's CSP status, which can temporarily suspend the ability to provision or modify licenses for customers.
The most dangerous scenario in an MSP transaction: a buyer closes, the Microsoft CSP agreement requires re-registration under the new entity, the re-registration process takes 30–60 days, and during that window the MSP cannot provision new Microsoft 365 tenants or manage existing ones for customers. For an MSP with 100+ customers on M365, this is an operational crisis that affects every relationship simultaneously. Founders and buyers must plan the vendor agreement transition as a specific workstream with a defined timeline and responsible owner.
The practical preparation step: 12–18 months before a sale, request the specific transfer and assignment provisions from each material vendor agreement. Identify which agreements are entity-level transferable, which require the vendor's consent, and which are tied to individual certifications that will survive a change of ownership. Create a vendor transition workplan that becomes part of the deal room documentation, buyers who see a prepared vendor transition plan view it as evidence of operational discipline and reduce the risk premium they apply to the vendor agreement issue.
Working through this yourself?
Kolton works directly with founders on M&A readiness, deal structure, and AI implementation — one advisor, not a team of generalists.
Schedule a conversation →Technical key-man risk: the most aggressively priced diligence variable
In the lower middle market MSP space, it is extremely common for the founder to simultaneously hold the roles of CEO, lead engineer, primary account manager for major customers, and technology architect. This concentration of technical and relationship capability in a single person is the most common and most aggressively priced risk in MSP diligence. Buyers who identify high technical key-man risk respond with one or more of: a required rollover equity stake for the founder (typically 20–30%), a longer post-close employment period (3–5 years rather than the 12–18 months more common in non-technical businesses), an earnout tied to customer retention, or a direct reduction in the acquisition multiple.
The technical key-man problem is distinct from the general owner-dependency problem in that it involves two overlapping dependencies: the founder as the relationship holder for key customers, and the founder as the technical authority on systems design, vendor relationships, and escalation management. Each dimension requires a different remediation approach.
A founder who exits an MSP business completely at close is a significantly higher-risk transaction for an institutional buyer than one who commits to a 2–3 year operating role. In technical service businesses, the most common post-close failure mode is customer attrition driven by relationship disruption, not operational failure. Buyers who see a credible transition plan, with named account owners and documented escalation paths for every major customer, apply a meaningfully lower risk premium than those who observe an undifferentiated operating team dependent on the founder for both technical and commercial decisions.
Security posture and SOC 2 certification
MSPs are a high-value target for cybercriminals because they have privileged access to the IT environments of dozens or hundreds of customers. A successful attack on an MSP can simultaneously compromise every customer network the MSP manages. This dynamic has elevated security posture from a nice-to-have to a table-stakes diligence item in institutional MSP transactions, particularly when the customer base includes healthcare (HIPAA), financial services, or any government accounts.
SOC 2 Type II certification is the most commonly requested evidence of security controls in MSP diligence. A SOC 2 Type II audit, conducted by an independent CPA firm, assesses whether the MSP's security controls around availability, confidentiality, and data integrity have been operating effectively over a defined period (typically 6–12 months). It does not guarantee the MSP will never be breached, but it demonstrates that systematic controls are documented, tested, and maintained.
MSPs that enter a sale process without SOC 2 certification and without documented security policies face two practical consequences: (1) enterprise customers with compliance requirements are likely to ask about SOC 2 status as part of their change-of-control review, and (2) buyers apply a risk premium to the valuation to reflect potential remediation costs and the liability exposure of a security breach during the transition period. Beginning the SOC 2 Type II process 18 months before a planned sale, while simultaneously tightening MFA, PAM, and vendor access controls, is one of the highest-return preparation investments available to MSP founders.
Customer contract preparation: the most controllable value lever
The quality of customer contracts, their duration, termination provisions, price escalation mechanics, and scope definitions, is the most directly controllable variable affecting MSP valuation in the 12–24 months before a sale. A buyer valuing a recurring revenue business is underwriting the predictability and durability of that revenue. Customer contracts that are multi-year, auto-renewing, and priced with annual escalators are fundamentally more valuable than month-to-month agreements at the same revenue level.
MSP Contract Optimization Checklist (12–24 Months Pre-Sale)
Audit all active customer agreements
Identify which are month-to-month, which are annual, which are multi-year; calculate the percentage of MRR on each contract type
Convert month-to-month customers to annual or multi-year agreements
Offer a modest price discount in exchange for a 24–36 month commitment; even 10% of MRR moving to multi-year improves the valuation picture meaningfully
Add annual price escalators to new and renewing agreements
3–5% annual escalators are standard in the market; most customers accept them without negotiation if included at renewal rather than mid-term
Standardize the service scope in every agreement
Buyers discount contracts where scope is ambiguous or negotiated ad hoc per customer; standardized scope signals operational maturity
Review assignment and change-of-control provisions
Identify customers with assignment-requires-consent or termination-for-convenience on COC; plan outreach to preserve those relationships before a process launches
Ensure all agreements are countersigned and filed
Buyers request a copy of every customer agreement; missing or unsigned agreements create diligence exceptions
An MSP founder with $3.4M of annual MRR had 65% of revenue on month-to-month agreements, 25% on annual contracts, and 10% on multi-year agreements. Over 18 months before engaging a banker, the founder offered existing month-to-month customers a 5% rate lock in exchange for a 24-month commitment. Approximately 45% of the month-to-month base accepted. At the time of the sale process, the revenue mix was 40% month-to-month, 35% annual, and 25% multi-year. The banker positioned the business using the recurring revenue framework. The final LOI came in at 4.8x ARR, 0.7x above the initial valuation range, with the buyer's internal diligence noting the improved contract quality relative to comparable MSP transactions.
Common mistakes MSP founders make before a sale
Work with Glacier Lake Partners
Discuss an MSP or IT Services Business Sale
MSP transactions require advisors who understand the vendor ecosystem, customer contract dynamics, and technical diligence that institutional buyers apply to managed services businesses.
Resources for Founders →Research sources
Disclaimer: Financial figures and case studies in this article are illustrative, based on representative middle market assumptions, and are not guarantees of outcome. Statistical references are drawn from cited third-party research; individual transaction and operational results vary based on business characteristics, market conditions, and deal structure. This content is for informational purposes only and does not constitute legal, financial, or investment advice. Consult qualified advisors for guidance specific to your situation.
Explore adjacent topics
