When to in-source vs outsource Microsoft 365 administration: the AU SMB and mid-market view

The decision to outsource Microsoft 365 administration is rarely made cleanly. It usually happens incrementally: the IT manager leaves, the MSP contract expands to fill the gap, and nobody formally revisits whether that's still the right model. Or the reverse, a cost review finds a large managed services bill and someone asks whether a new hire would be cheaper. The answer to both questions depends on a framework most AU businesses have never written down.

What you're actually deciding about

M365 administration isn't one job. It's at least three, and the boundary between them should drive the insource/outsource split differently at each tier.

• Tier 1 (user support): password resets, MFA issues, device enrolment, Teams configuration, mailbox access. High volume, low complexity. Easily documented. Scales well with an L1 helpdesk.
• Tier 2 (tenant health): Exchange routing, SharePoint governance, Intune policy, licence management, identity configuration. Medium volume, medium complexity. Needs someone who knows the platform deeply.
• Tier 3 (strategic/platform): Purview, Copilot readiness, Conditional Access design, zero trust posture, backup strategy, architecture decisions. Low volume, high consequence. This is the work that actually compounds.

Most businesses make a binary in-source/outsource call for all three tiers at once. That's usually wrong.

The cost reality for AU businesses

An experienced Microsoft 365 administrator (someone who genuinely owns Tier 2 and can execute on Tier 3) costs between $95,000 and $130,000 AUD in most Australian capital cities. Add 25–30% on top for super, leave, tools and management overhead, and the true cost is $120,000–$170,000. A comparable managed services contract that genuinely covers all three tiers, not just Tier 1 with Tier 3 escalation on an hourly basis, typically runs $4,000–$12,000 per month depending on tenant size and scope. For a 100-seat business, that range is approximately $50,000–$80,000 per year.

The cost comparison looks straightforward until you factor in depth. A senior in-house administrator's expertise is bounded. A managed services firm with multiple MVPs covers the breadth of the platform at a level no single hire can match. The internal hire wins on availability and institutional knowledge. The MSP wins on specialised depth and breadth of coverage.

Where in-house works well

In-house M365 administration makes most sense when the organisation is large enough to justify the headcount (typically 250 seats and above), has a stable M365 environment with a low rate of strategic change, and needs someone embedded in the business to drive adoption and training. It also suits regulated industries where data sovereignty and audit requirements make third-party access complicated. A QLD mining client of Frontrow's, for instance, shifted Tier 1 and Tier 2 in-house at 300 seats because internal audit requirements made the access-logging overhead of an external provider impractical.

Where outsourcing works well

Outsourcing M365 administration delivers the strongest return for businesses under 200 seats, businesses whose M365 environment is actively evolving (Copilot deployments, Purview rollouts, security posture improvements), and businesses that have recently lost a key internal administrator. It also suits organisations that don't want to carry the risk of a single point of failure in their IT team.

The common mistake is outsourcing Tier 1 and Tier 2 to an MSP that doesn't genuinely staff Tier 3, and then discovering that every strategic initiative requires a separate statement of work at day-rate pricing. Read the contract carefully. Ask what's included at Tier 3, and ask for examples of strategic work delivered in the past 12 months for a similar-sized client.

The hybrid model most businesses end up at

The majority of Australian mid-market businesses settle on a hybrid: one or two in-house IT generalists who own day-to-day Tier 1 and relationship management, backed by a managed services partner for Tier 2 depth and all Tier 3 work. This model gives you institutional knowledge and user-facing responsiveness internally, and specialist depth externally. The failure mode is when the internal IT manager becomes the MSP's primary contact and acts as a filter for Tier 3 conversations, which slows strategic work and often means the business is paying for Tier 3 coverage it isn't actually consuming.