The Vendor Lock-In Playbook: How IT Companies Keep You Trapped

I've seen this playbook run dozens of times. A business owner calls me, frustrated — not because their IT is broken, but because they feel like they can't leave even though it should be. Their provider is slow. Communication is bad. The invoices keep creeping up. But somehow every time they think about switching, it feels impossible.

That feeling isn't an accident. It's the product.

MSP vendor lock-in is one of the most effective — and least talked about — retention strategies in the technology industry. It doesn't require a great product. It doesn't require happy clients. It just requires making the exit painful enough that most people give up before they get started. I built my company by doing the exact opposite of everything I'm about to describe, which is how I know every move in this playbook by heart.

Move One: Own the Credentials

The first thing a lock-in-focused MSP does when they onboard you is take ownership of everything — and I mean everything. Your domain admin passwords. Your Microsoft 365 tenant. Your firewall admin accounts. Your backup portals. Your licensing agreements. All of it gets migrated into their management system, under their accounts, controlled by their team.

This is framed as convenience. "We'll manage all of that for you." And in isolation, centralized credential management isn't inherently bad. The problem is what happens next: they never give you independent access. They become the single point of entry to your own infrastructure.

I've taken over networks from other providers where the departing MSP had locked every admin account on their way out. Not as a security measure — as leverage. The incoming client couldn't access their own systems for days while we worked through password resets and domain recovery. That's not incompetence. That's a calculated exit tax.

How to spot it: Ask your current provider right now for admin credentials to your Microsoft 365 tenant, your firewall, and your backup solution. If they give you anything other than the credentials immediately — if there's a process, a ticket, a conversation about "security policies" — you don't actually own your infrastructure.

Move Two: Build on Proprietary Tools

Here's where MSP vendor lock-in gets really sophisticated. Most providers have preferred tools — remote monitoring platforms, ticketing systems, documentation software, backup solutions. Good providers pick tools because they're the best fit for your environment. Lock-in-focused providers pick tools because they're hard to migrate away from.

Everything gets configured inside their platform. Your device inventory lives in their RMM. Your network documentation lives in their IT Glue account. Your backup policies are configured in their Veeam portal. Your endpoint policies are deployed through their management console. None of it is in your hands, and none of it exports cleanly.

When you try to leave, you don't just lose a service provider. You lose six months of accumulated configuration, documentation, and institutional knowledge — all of it locked inside a system you have no access to. The cost of rebuilding that from scratch with a new provider is enormous. Most businesses look at that cost, sigh, and sign another two-year contract with the provider they already don't like.

This connects to something I've written about before: the knowledge gap is engineered. If you don't understand your own environment, you can't leave it. And if your documentation only lives inside your provider's systems, you'll never understand your own environment.

Move Three: Write the Contract to Make Leaving Expensive

I've reviewed a lot of managed services contracts over the years. The ones designed for lock-in have a few things in common. Multi-year terms with early termination fees that dwarf the actual cost of the remaining months. Auto-renewal clauses buried in the fine print that roll you into another year if you don't cancel exactly 90 days before the anniversary. Vague language around what's included that gives the provider maximum flexibility to charge extra — or withhold service — when you need it most.

The termination clause is where the intent becomes undeniable. A fair contract makes it easy to leave if you're unhappy. A lock-in contract turns the exit into a financial penalty. I've seen clients facing $40,000 early termination fees on agreements they signed because they didn't read the fine print, with providers who've done essentially nothing to earn the next 18 months of payments they're demanding.

If that sounds extreme, consider the math from the provider's side. A client paying $5,000 a month represents $60,000 a year in revenue. If you can write a contract that makes leaving cost $40,000, a large percentage of unhappy clients will stay. That's not customer satisfaction. That's financial engineering applied to retention.

This is one reason the "out of scope" model is so commonly paired with lock-in contracts. They trap you in, then nickel-and-dime you once you're there. You can't leave, and every time you think about the invoices, you're reminded why you resent them.

Move Four: Become the Only One Who Understands Your Environment

This one is subtle, and it's the move that does the most long-term damage. A lock-in-focused MSP assigns you a specific technician or account manager who learns your environment deeply — and then keeps that knowledge entirely to themselves.

No documentation. No runbooks. No written record of how your systems are configured, what quirks they have, or why specific decisions were made. If that technician leaves, you're back to square one. If you try to leave the provider, you're taking on a system that nobody — including you — fully understands.

I've walked into environments where years of institutional knowledge existed only in the heads of two people, both of whom worked for the outgoing provider. The business owner had been paying for managed IT for years and had no idea what they actually had. Servers nobody could explain the purpose of. Software licenses with no paper trail. Security tools configured by someone who left eighteen months ago and never wrote anything down.

That's not just vendor lock-in. That's a business continuity risk. And it was entirely by design.

What Breaks the Lock

None of this is inevitable. The lock works because most business owners don't see it until they're already inside. Here's what changes that.

Before you sign anything, ask for admin credentials to your Microsoft 365 tenant, your firewall, and your backup solution. Not a promise that you can get them — the actual credentials, in writing, on day one. Any hesitation is your answer. Ask what gets documented, where it lives, and whether you can access it from your own login at any time. And read the termination clause in full — not the summary, the actual text. Multi-year commitments with 60- or 90-day cancellation windows and steep exit fees are not standard. They're architecture.

The single most useful thing you can put in a contract is a plain-language transition clause: all credentials, all documentation, and reasonable handoff support delivered within 30 days of termination, at no additional cost. A provider with nothing to hide will sign that without blinking. One who won't sign it has just told you everything you needed to know before you signed the original contract.

I've built my company on the contrarian premise that making it easy to leave is actually better for business. Our clients own their credentials, their documentation, and their infrastructure from day one. They could switch providers tomorrow with minimal friction. Most of them have been with us for a decade — not because they're trapped, but because we've given them no reason to go.

That's the real cost of MSP vendor lock-in: it creates short-term retention and long-term resentment. Every client staying because they feel stuck is a client quietly building the case to leave the moment it becomes possible. If you're a business owner who recognizes your current situation in any of what I've described here — you're not imagining it. The right IT partner makes it easy to come and equally easy to go.

Bottom line: an MSP that makes leaving painful has already answered the only question that matters — whether they're confident enough in their service to earn your business every month. They're not. And they know it.