Questions About Our IT Services

Melbits is a Melbourne-based Managed IT Services Provider (MSP) that has been supporting small and medium businesses since 2007. We provide proactive IT support, cybersecurity, Microsoft 365 management, and compliance services — primarily for professional services firms in accounting, legal, medical, real estate, pharmacy, and conveyancing.

We're not a break-fix provider — we work on ongoing managed service agreements where we monitor, maintain, and protect your IT environment proactively, rather than waiting for things to go wrong.

We're Melbourne-based and provide both remote and on-site support across metropolitan Melbourne. Most issues are resolved remotely within our SLA, but for anything that requires a physical presence — hardware replacement, network setup, new office fit-outs — we come to you.

Since 2007 — over 15 years of supporting Melbourne businesses. Many of our clients have been with us for five years or more, which we think says more about the quality of our service than any marketing claim we could make.

We work with businesses from 5 to around 150 staff. Our sweet spot is professional services firms with 10–50 employees — businesses that are too large to ignore IT but don't need (or want to pay for) a full-time internal IT department.

Our managed service covers everything you need to keep your IT environment running securely and reliably:

• 24/7 monitoring and alerting across all servers, workstations, and network devices
• Patch management for operating systems and third-party software
• Helpdesk support for your staff (remote and on-site)
• Antivirus and endpoint protection management
• Backup monitoring and monthly restore testing
• Microsoft 365 administration and licence management
• Monthly IT health reports and quarterly business reviews

Exactly what's included is scoped during the onboarding process based on your environment and needs.

Yes — M365 management is a core part of what we do. This includes initial tenant configuration, ongoing administration (user management, licences, policies), security hardening through Defender and Conditional Access, Intune device management, SharePoint and Teams governance, and backup of mailboxes and SharePoint data.

We're a Microsoft Partner with deep expertise across the full M365 stack — not just the basics.

Yes. We support mixed Windows and macOS environments. We manage macOS devices through Intune and can support most business applications across both platforms. If your team uses a mix, that's no problem.

In most cases, yes. We have specific experience with the software used by our core industries:

• Accounting: MYOB, Xero, HandiSoft, QuickBooks, APS
• Legal: LEAP, Actionstep, FilePro, Smokeball
• Medical: Best Practice, Medical Director, Genie Solutions, Zedmed
• Real estate: PropertyMe, REST Professional, Rex, VaultRE
• Pharmacy: Fred Dispense, Minfos, Z Software
• Conveyancing: PEXA, Sympli, Lextech, InfoTrack

For software outside these verticals we'll always be upfront about our experience level before engaging.

Yes. We're a 3CX reseller and provide hosted VoIP solutions for Melbourne businesses. 3CX is an enterprise-grade phone system that works across desk phones, mobiles, and computers — with no per-call charges and full integration with Microsoft 365.

We price on a per-device or per-user basis depending on the scope of the engagement. Pricing depends on the number of users, devices, the complexity of your environment, and which services are included.

We provide fixed monthly pricing with no surprise invoices — you know exactly what IT costs each month. For an accurate quote, the best starting point is a free consultation where we assess your environment.

No. We don't believe in trapping clients in long-term contracts. Our agreements are typically month-to-month or with a 30-day notice period. We keep clients through quality of service, not contractual obligation.

That said, for large infrastructure projects (migrations, deployments) we do agree on a project scope and timeline upfront — but the ongoing managed service remains flexible.

Our managed service fee covers all the labour for day-to-day support, monitoring, and maintenance. Third-party costs — such as Microsoft 365 licences, hardware, or cloud hosting — are billed at cost or through your own accounts. We're transparent about what's included and what isn't before you sign anything.

Both. We take on project work — migrations, security assessments, infrastructure deployments, Essential Eight implementations — for both existing clients and businesses not on a managed service agreement. However, for ongoing IT needs, a managed service is almost always more cost-effective than ad-hoc project work.

We use the ACSC Essential Eight framework as the baseline for all our cybersecurity work — it's the Australian government's recommended set of mitigation strategies and gives businesses a practical, measurable security posture to work toward.

Rather than selling expensive point solutions, we focus on implementing the controls that have the highest impact for the cost: MFA, application control, patching, and backup. From there we layer in more advanced controls based on your industry and risk profile.

Call us immediately on 1300 635 248. The most critical steps are:

• Isolate affected devices — disconnect from the network but don't turn them off
• Don't pay any ransom demand before speaking to us
• Don't delete or modify anything on affected systems
• Document what you can see — screenshots of any ransom notes or error messages

We provide emergency incident response for Melbourne businesses and can typically be on-site or remotely connected within hours.

Yes. We help clients prepare for cyber insurance applications and renewals by implementing and documenting the security controls that insurers require — primarily MFA, patching, and tested backup procedures. We also produce the compliance reports and evidence that insurers increasingly ask for at renewal time.

Yes. We run phishing simulations to test staff vigilance, provide targeted training for staff who click, and can deliver broader security awareness training programs for your team. Human error is responsible for the majority of breaches — training is one of the most cost-effective security investments you can make.

The Essential Eight is the ACSC's (Australian Cyber Security Centre) recommended set of eight cybersecurity mitigation strategies. It's structured into three maturity levels (ML1–ML3) that give businesses a clear pathway to improving their security posture.

While it's mandatory for many Australian Government agencies, it's increasingly expected of private sector businesses — particularly those in professional services, healthcare, and finance — by cyber insurers, clients, and regulators. If you hold sensitive client data, you should be working toward at least ML1.

It depends on your starting point and target maturity level. For a business with a reasonably modern IT environment:

• ML1: typically 4–8 weeks
• ML2: typically 8–16 weeks
• ML3: typically 3–6 months

Businesses with legacy systems, custom applications, or complex environments may take longer. We always start with a gap assessment before committing to a timeline.

Yes. Our Essential Eight assessments produce a formal gap analysis report documenting your current maturity level against each of the eight controls, with a prioritised remediation roadmap and evidence package suitable for board reporting, cyber insurance, and regulatory purposes.

Not if you hold sensitive client data. Ransomware and phishing attacks specifically target small professional services firms because they often hold high-value data (financial records, health information, legal files) with weaker security than large enterprises.

ML1 compliance is achievable for most small businesses within a few weeks and doesn't require a large budget — it mainly requires the right configuration of tools you likely already have (Microsoft 365, Windows Defender, Intune).

Our standard helpdesk hours are Monday–Friday, 8am–6pm AEST. Outside these hours, critical incident response is available for managed service clients — if your systems are down or you've been hit by a security incident, you can reach us 24/7 via our emergency line.

Our SLA targets are:

• Critical (system down, security incident): response within 1 hour
• High (staff unable to work): response within 2 hours
• Normal (issue affecting work but workaround available): response within 4 hours
• Low (general queries, non-urgent requests): response within 1 business day

Managed service clients have access to our helpdesk via phone, email, and a ticketing portal. We also deploy a system tray agent on all managed devices so staff can raise a ticket with one click. For urgent issues, calling is always the fastest path.

Yes — we use TeamViewer for remote support sessions, which is end-to-end encrypted and requires your staff to actively accept the connection. We never have unattended access to your machines without your knowledge. For managed services we use an RMM (Remote Monitoring and Management) agent that monitors your systems and allows us to deploy updates and patches — this is always disclosed and configured transparently.

Switching is usually much simpler than people expect. Our onboarding process is designed to be low-disruption:

• We conduct a full infrastructure audit before going live so we understand your environment
• We handle the handover from your previous provider including documentation requests
• We deploy our monitoring and management tools during a scheduled transition window
• Staff are briefed on how to contact us for support

Most clients are fully transitioned within 2–4 weeks with no disruption to daily operations.

This is more common than you'd think. We've helped many businesses recover administrative control of their Microsoft 365 tenants, domain registrars, and network equipment from unresponsive former providers. Contact us and we'll advise on the fastest path to regaining control.

The first step is a free consultation — either a phone call or an on-site visit. We'll discuss your current setup, any pain points, and what you're looking to achieve. From there we'll put together a proposal with fixed pricing. There's no obligation and no hard sell.