IT Support for London SMEs: Why Microsoft 365 Is Only Half the Picture

IT Support for London SMEs: Why Microsoft 365 Is Only Half the Picture

Most growing London businesses hit the same crossroads at around twenty staff. Microsoft 365 licences are ticking along, someone in the team has become the unofficial IT person, and on the surface everything looks fine. Then a prospective client asks for a Cyber Essentials certificate. A laptop goes missing on the Tube. The finance team cannot open a file that HR has shared. Suddenly the gaps show.

If that sounds familiar, you are at the stage where IT support stops being a nice-to-have and quietly starts deciding whether you win or lose bigger clients. This article is a straight look at what that means for a growing London SME.

What IT support really covers for a growing SME

IT support is often sold as "we fix your laptops and reset your passwords." For a business under ten people that might be enough. Once you are past twenty, the job is different. You are now running a live Microsoft 365 tenant with dozens of identities, conditional access rules, file-sharing permissions, mobile devices and third-party integrations, all of which need to stay aligned with how your business actually works.

That means the work breaks down into three layers, not one.

• Day-to-day support: laptop issues, printer setup, Teams calls that will not connect, the small stuff that eats an hour here and there.

• Platform management: Microsoft 365 configuration, Intune for device management, OneDrive and SharePoint structure, security baselines, licence optimisation.

• Security and compliance: protecting identities, preventing data loss, meeting GDPR obligations, and preparing for standards like Cyber Essentials or ISO 27001 when clients start asking.

Most London providers are good at the first layer. Some are competent at the second. Very few treat the third as core work. For an agency pitching a FTSE 250 account, or a fintech preparing for its first regulated client, the third layer is the one that matters most.

Windows, Mac, or both? The real picture in a London office

The old assumption that every business runs on Windows has not been true in Central London for years. Most marketing and creative agencies run on Mac. Most fintech and professional services businesses run a mix: Mac for design, product and leadership, Windows for finance and operations. A support partner who only understands Windows will quietly cost you money on every creative hire you make.

Good IT support in a London office has to cover Microsoft 365, Windows and macOS together, under the same identity, policies and security posture. That is harder than it sounds, and it is increasingly the baseline.

Microsoft 365 is a platform, not an email package

Businesses still treat Microsoft 365 as the thing that sends email. In practice it is now a productivity and collaboration platform with Teams, SharePoint, OneDrive, Intune, Defender and Purview all sitting under one tenant. Used properly, it replaces half a dozen other tools. Used badly, it becomes the source of most of your security and compliance headaches.

The common pattern we see in growing SMEs: the basics work, but the tenant has never been configured past the defaults. Multi-factor authentication is on for some users and not others. Sharing is set to "anyone with the link". Ex-employees still have mailbox access from six months ago. Files the CFO thinks are confidential are visible to the whole company. None of this shows up until something goes wrong or until an auditor asks.

Microsoft 365 versus Google Workspace: a quick honest view

Growing London businesses still ask which platform to choose, usually when they are outgrowing a founder's personal Gmail setup. Both platforms do the job. The choice usually comes down to three things.

• Your tech stack. If you run Windows servers, any finance software that integrates with Outlook, or clients who send you complex Excel files, Microsoft 365 is the lower-friction choice.

• Your compliance posture. Microsoft 365's security and compliance tooling (Purview, Defender, Intune) is more comprehensive for businesses preparing for GDPR audits, ISO 27001 or regulated work.

• Your team's habits. Google Workspace is smoother for real-time document editing. Microsoft has largely closed the gap, but some teams simply prefer Google.

If you are already on Microsoft 365 and it is broadly working, there is rarely a good business reason to move. The cost of migration, retraining and reconfiguring your security posture almost always outweighs the perceived benefits. The better question is whether your current platform is actually set up properly.

Why cybersecurity belongs in the same conversation as IT support

The two used to be separate jobs. Not any more. The UK Government's Cyber Security Breaches Survey 2024 found that 50% of UK businesses reported a cyber security breach or attack in the previous twelve months, rising to 70% for medium-sized businesses. Almost all of those incidents involved phishing, which is fundamentally an identity and email problem, which means it is a Microsoft 365 configuration problem.

A proper IT support partnership treats security as part of the baseline. That means multi-factor authentication on every account, conditional access policies that match how your team actually works, device management through Intune, email filtering that catches modern phishing, and a clear recovery plan for when something does go wrong. None of this is exotic. All of it should be in place by the time you are at 25 staff.

Compliance: the reason most London SMEs eventually upgrade their IT

The single most common reason a growing agency or fintech calls us is not a broken laptop. It is a bigger prospect asking a question the current setup cannot answer. Can you share your information security policy? Are you Cyber Essentials certified? Do you hold ISO 27001?

Those questions are becoming standard in enterprise procurement. If you cannot answer them, you do not get to the shortlist. The businesses we work with find that a properly managed Microsoft 365 environment, with documented policies and evidence of security controls, takes them from "cannot answer" to "certified" in a few months rather than a year. That single shift often pays for the entire IT support relationship.

When is it time to bring in a proper IT support partner?

Usually when one of the following is true.

• You are over fifteen people and your "IT person" is someone whose actual job is something else.

• You have had at least one incident, such as a lost device, a suspicious email clicked, or a file shared with the wrong person, that made you realise how exposed you are.

• A client or investor has asked a compliance question you could not answer confidently.

• You are hiring faster than your current setup can handle and onboarding is becoming messy.

• You are running a mix of Mac and Windows and nothing is centrally managed.

If any of those apply, the cost of doing nothing is usually higher than the cost of fixing it. Not because something catastrophic will definitely happen, but because you are quietly losing time, opportunities and negotiating power every month.

A practical next step

Marka IT works with growing Central London SMEs, particularly marketing agencies and fintech companies, to do this kind of work. Unlimited remote support, on-site cover when you need it, Mac and Windows treated as equals, cybersecurity and compliance built in rather than bolted on.

If you want to see where you stand before committing to anything, we offer a free IT and Security Health Check. We review your current setup, identify the risks and gaps, and give you a short written report with practical recommendations. No sales pitch attached. If what you have is already working, we will tell you. If it is not, at least you will know what to fix.

Visit markait.co.uk to book yours.