TLDR: Most MSPs collect credentials and device counts but skip the questions that prevent scope creep, security surprises, and mismatched expectations. This 30+ question questionnaire covers business context, infrastructure, security posture, compliance, vendors, and communication preferences — so you walk into every engagement with full visibility.

You signed the managed services agreement. The client is excited. Your team is ready to deploy. And then someone asks: “So… what do we actually know about their environment?”

The answer is usually “not enough.”

Most MSPs jump straight into credential collection and RMM deployment without first understanding the business they’re about to support. That’s how you end up discovering a rogue NAS three months in, or learning that the client’s “IT guy” still has domain admin access, or finding out they’re subject to HIPAA and nobody mentioned it.

A proper onboarding questionnaire fixes this. Not the credential spreadsheet you send over email — an actual structured set of questions that gives your team the full picture before you touch a single endpoint.

Here are 30+ questions organized by category. Copy them. Customize them. Build them into your onboarding portal and stop starting engagements blind.

Business Context Questions

These questions seem basic but they prevent the most expensive mistakes. Understanding the business tells you what matters, what’s at risk, and where the landmines are.

1. What does your business do, and how many employees do you have?

You need headcount for licensing, but you also need to understand the business. A 30-person law firm has very different needs than a 30-person construction company.

2. How many office locations do you operate, and are any employees remote?

This determines your network architecture, VPN requirements, and how you’ll handle endpoint management for distributed teams.

3. What are your normal business hours?

Defines your SLA windows and when maintenance can happen without disruption.

4. Are there seasonal peaks where IT demand increases?

Tax firms in Q1, retail before holidays, construction in summer. Knowing this prevents capacity surprises.

5. Who is the primary point of contact for IT decisions?

Not who calls the helpdesk — who approves purchases, signs off on changes, and escalates when things go wrong. Get this wrong and you’ll spend months routing requests through the wrong person.

6. Was there a previous IT provider or internal IT staff? Why did you make a change?

This tells you what went wrong before. If they left because of slow response times, you know that’s their hot button. If the last provider was fired for a breach, security is top priority.

Infrastructure and Network Questions

This is where most MSP questionnaires start — and where most stop. But without the business context above, these answers lack meaning.

7. How many desktops, laptops, and servers do you currently operate?

Basic inventory. But follow up: are these company-owned or BYOD? That distinction changes your management approach entirely.

8. What operating systems are in use across endpoints and servers?

You need to know if you’re walking into a Windows 11 shop, a mixed Mac/Windows environment, or something with legacy Windows Server 2012 boxes still running production workloads.

9. Do you have a current network diagram or documentation?

If yes, get it. If no, that’s your first project. Either answer is useful.

10. What is your current internet service provider and connection type?

ISP details, bandwidth, SLA, and whether they have a backup connection. This is critical for planning any cloud migration or VoIP deployment.

11. What firewall and switching equipment are you running?

Brand, model, firmware version, and who currently manages it. Some MSPs discover during onboarding that the client’s firewall hasn’t been updated in three years.

12. Do you use any cloud services (Microsoft 365, Google Workspace, AWS, Azure)?

List every cloud platform. You need to know what’s where, who has admin access, and what’s being billed.

13. Do you have a wireless network? How is it configured?

Guest networks, WPA settings, access points, and whether IoT devices share the same network as workstations. That last one is more common than you’d think.

14. Are there any printers, scanners, or specialty devices on the network?

Printers cause more helpdesk tickets than almost anything else. Know what you’re inheriting.

Security Posture Questions

These are the questions that separate a professional MSP onboarding from a “we’ll figure it out” approach. Collecting this information securely through a portal rather than email is non-negotiable.

15. What antivirus or endpoint protection is currently deployed?

Is it managed? Is it up to date? Is it actually installed on every endpoint? “We have Norton” is a very different answer than “We have SentinelOne managed by our previous MSP.”

16. Do you have multi-factor authentication enabled on email and critical systems?

If the answer is no, this becomes priority one. If yes, find out which MFA method and which systems are covered.

17. How are passwords currently managed?

Sticky notes? A shared spreadsheet? LastPass? A formal password policy? The answer tells you how much security hygiene work lies ahead.

18. When was your last security assessment or penetration test?

“Never” is the most common answer. That’s fine — it tells you where to start.

19. Have you experienced any security incidents or data breaches in the past 3 years?

Clients sometimes downplay this. Ask directly and document the answer.

20. Do you have a backup solution in place? What is it, and when was the last successful restore test?

Having backups and having tested backups are two completely different things. Many MSPs discover during onboarding that the client’s backup hasn’t completed successfully in months.

21. Is there a documented disaster recovery plan?

Usually no. But asking establishes that you take this seriously and positions you to offer DR planning as a service.

Compliance and Regulatory Questions

Skip these at your own risk. Compliance requirements change everything about how you manage an environment.

22. Is your business subject to any regulatory requirements (HIPAA, PCI-DSS, SOC 2, CMMC, GDPR)?

If they say “I don’t know,” follow up with what industry they’re in and whether they handle healthcare data, credit card data, or government contracts.

23. Do you have any compliance audits scheduled in the next 12 months?

If yes, your onboarding priorities just shifted. Audit preparation becomes the critical path.

24. Are there data retention or data handling requirements specific to your industry?

This affects backup policies, email archiving, and how you handle endpoint decommissioning.

25. Do you need to provide compliance documentation or audit logs to a third party?

Knowing this upfront lets you configure logging and reporting from day one rather than scrambling when audit season arrives.

Vendor and Application Questions

Most MSPs underestimate how many third-party vendors and applications they’ll need to interact with.

26. What line-of-business applications does your team use daily?

ERP, CRM, EHR, accounting software, project management — list every application. Some will need on-prem support, some will need SSO integration, and some will cause half your helpdesk tickets.

27. Do you have existing contracts with any IT vendors, ISPs, or software providers?

Get copies of these contracts. You need to know what’s locked in, what’s month-to-month, and what renewals are coming up.

28. Are there any vendor relationships we’ll need to manage or coordinate with?

Phone system vendor, security camera installer, badge access company — you’ll interact with all of them. Knowing who they are upfront prevents delays.

29. Do you have any software licenses that need to be transferred or renewed?

Licensing is where hidden costs live. Catch them during onboarding, not three months later when a vendor sends a cease-and-desist.

Expectations and Communication Questions

These are the questions most MSPs forget entirely. And they’re the ones that determine whether the client is happy six months from now.

30. What does a successful IT partnership look like to you?

Open-ended on purpose. Some clients want invisible IT. Others want a strategic technology advisor. Match your service to their expectations.

31. How do you prefer to communicate — email, phone, chat, or a support portal?

Set this up during onboarding, not after the first missed ticket.

32. What response time do you expect for different severity levels?

Align expectations with your SLA. If they expect 15-minute response on low-priority issues and your SLA says 4 hours, resolve that now.

33. Are there any projects or technology changes planned in the next 6-12 months?

Office move, cloud migration, new ERP, opening a new location — if you learn about these after onboarding, you’re already behind.

34. What frustrated you most about your previous IT support?

The inverse of question 6. This tells you exactly what to avoid.

How to Deliver This Questionnaire

A questionnaire this detailed can feel overwhelming if you dump it all in one email. Here’s how to make it manageable.

Break It Into Sections

Don’t send all 34 questions at once. Group them into sections and assign each section to the right person. The office manager can answer business context questions. The current IT person can handle infrastructure. The CFO can handle compliance.

Use a Portal, Not Email

Emailing a Word document with 34 questions guarantees one of two things: the client fills it out partially and sends it back, or the client never opens it. A client onboarding portal lets you assign sections, track completion, and send automated reminders for incomplete items.

With OnboardMap, you can create a branded portal where each section of this questionnaire is a separate task. The client sees what’s done, what’s pending, and who’s responsible — all through a magic link with no login required. That eliminates the back-and-forth and stops you from chasing clients for information.

Set a Deadline

Give the client one week to complete the questionnaire. Without a deadline, it sits in their inbox indefinitely while your team waits.

Collect Documents Alongside Answers

Some of these questions require supporting documents — network diagrams, vendor contracts, compliance certificates. Your questionnaire should allow document uploads inline, not as a separate step. Using a secure file upload system keeps sensitive credentials out of email.

What to Do With the Answers

A completed questionnaire is useless if it sits in a shared drive. Here’s how to turn answers into action:

1. Build the client profile. Transfer answers into your documentation system (IT Glue, Hudu, etc.) immediately.
2. Identify gaps. No MFA? No backups? No documentation? These become your first 30-day priorities.
3. Create the project plan. Use the infrastructure and vendor answers to build your deployment timeline.
4. Set expectations. Reference the communication and expectations answers in your kickoff meeting.
5. Flag compliance risks. If they’re subject to HIPAA or PCI-DSS, loop in your compliance resources before you start making changes.

The MSP onboarding questionnaire isn’t a formality. It’s the foundation of every decision you’ll make for that client. Use your MSP onboarding checklist alongside this questionnaire to make sure nothing falls through the cracks.

Stop Starting Engagements Blind

Every MSP has a story about a client engagement that went sideways because of something they should have known on day one. A firewall rule nobody documented. A compliance requirement nobody mentioned. A vendor contract that auto-renewed at the worst possible time.

This questionnaire prevents those stories.

Build it into your onboarding process. Deliver it through a portal so you can track completion and collect documents securely. And don’t start deployment until it’s done.

OnboardMap gives MSPs a branded client portal to collect questionnaire answers, documents, and credentials — all in one place, with automated reminders and no client login required. Get early access.