The Complete Guide to IT for Remote Teams
Everything you need to know about managing IT for a remote team of 10 to 200 people. Tools, processes, and when to get help.
Most remote companies figure out IT the same way: someone (usually a founder or ops lead) starts handling it because nobody else will. It works fine until it doesn't. Then you're spending Sunday nights resetting passwords and wondering how you ended up here.
This guide covers the full IT lifecycle for remote teams from 10 to 200 people. What you need at each stage, which tools actually matter, and when it's time to stop doing it yourself.
The core IT stack for remote teams
Before we get into the stages, here's what every remote company eventually needs. The question is when, not if.
Identity and access (SSO/MFA). This is your front door. Every employee logs in through a single identity provider, and every login requires a second factor. Google Workspace or Microsoft 365 can serve as your identity provider for small teams. At 50+ people, you might need Okta or Entra ID.
Device management (MDM). You need to know what laptops are out there, enforce encryption, push OS updates, and have a kill switch if one goes missing. Kandji is great for Mac-first teams. Jamf is the enterprise standard. Intune works well for mixed Mac/Windows environments.
Password management. A shared vault for team credentials and individual vaults for every employee. 1Password is my default recommendation. Bitwarden is a strong open-source alternative if budget is tight.
Communication and support. Your team needs a clear channel to get IT help. For remote teams, this is almost always a dedicated Slack or Teams channel. Not a ticket portal. Not an email address. A place where people already are.
SaaS management. Someone needs to know what tools you're paying for, who has access, and when renewals are coming up. At small scale this can be a spreadsheet. At 50+ people you'll want a proper audit.
Stage 1: 10 people
At this size, you're scrappy. That's fine. But there are a few things you absolutely cannot skip.
Set up a company domain. No more personal Gmail accounts for work. Get Google Workspace or Microsoft 365 on your own domain. This costs $6-12 per user per month and it's the foundation everything else builds on.
Enforce MFA everywhere. Turn on two-step verification in your Google or Microsoft admin console. Require authenticator apps, not SMS. This single step prevents the vast majority of account compromises.
Get a password manager. Share credentials through 1Password or Bitwarden, not Slack DMs or Google Docs. Set up a shared vault for company-wide credentials and make sure every employee has their own vault too.
Document your tool list. Just a simple spreadsheet: tool name, what it's used for, who the admin is, and what the monthly cost is. You'll thank yourself later.
At this stage, a founder or ops lead can handle IT in a few hours a week. The key mistake is skipping the basics and creating technical debt you'll pay for at 25 or 50 people.
Stage 2: 25 people
This is where things start to get real. You're hiring regularly, maybe losing people too, and the number of SaaS tools is creeping up.
Set up an onboarding process. Every new hire should get their accounts, device access, and tool permissions on day one. Write it down. A checklist in Notion or a simple runbook works. Don't rely on memory.
Build an offboarding process. This matters more than most founders realize. When someone leaves, you need to revoke access across every tool within minutes, not days. 40% of ex-employees still have access to company apps after leaving. Don't be that company.
Consider MDM. If you have 25 laptops floating around in different cities (or countries), you need visibility. Kandji starts at a reasonable price point for small teams. At minimum, make sure FileVault (Mac) or BitLocker (Windows) encryption is enabled on every device.
Audit your SaaS spend. You probably have tools nobody uses. Check seat counts against active users. The average company wastes 25-30% of its SaaS budget on unused licenses.
The common mistake at this stage is assuming things still work the way they did at 10 people. They don't. Every new hire multiplies the complexity of your IT environment.
Stage 3: 50 people
Fifty people is usually the breaking point. This is where IT stops being a side task and becomes a real function.
Get serious about SSO. At this size, you need a proper identity provider. Google Workspace can act as your IdP for many SaaS apps through SAML. If you're heavy on Microsoft tools, Entra ID is the equivalent. For more complex setups, Okta gives you the most flexibility.
The goal: one login, one kill switch. When someone leaves, you disable their SSO account and they lose access to everything that's connected. Read more about setting up SSO and MFA for the step-by-step.
MDM is mandatory now. No exceptions. Every company-owned device should be enrolled. You need the ability to enforce encryption, push security updates, and remote wipe a lost or stolen device.
Formalize support. A dedicated Slack channel with clear expectations. Who responds? Within what timeframe? What counts as urgent? Even lightweight SLAs make a huge difference in employee satisfaction.
Run quarterly access reviews. Go through every tool and check who has access. Remove people who shouldn't be there. Check that admin permissions make sense. This catches the gaps that offboarding misses.
This is typically when companies either hire a full-time IT person or bring on a fractional IT contractor. The founder doing IT at 50 people is a recipe for burnout and security gaps.
Stage 4: 100 people
At a hundred people, you need real processes. The things that were "fine" at 50 will start breaking.
Automate onboarding and offboarding. Your runbooks should be detailed enough that anyone can follow them. Better yet, connect your HR system (Rippling, BambooHR, Gusto) to trigger IT workflows when someone is hired or terminated.
Compliance becomes real. Customers will start sending security questionnaires. You'll need to answer questions about your encryption policies, access controls, incident response plans, and vendor management. If you're in healthcare (HIPAA) or handle financial data (SOC 2), the requirements are even more specific.
Device lifecycle management. You're not just enrolling devices anymore. You're tracking warranties, coordinating repairs, managing inventory, planning refresh cycles, and handling disposal. Devices need to be wiped and documented when they're retired.
Endpoint security. Consider adding an endpoint detection tool like Kolide or CrowdStrike Falcon Go. MDM handles configuration. Endpoint security handles threats.
SaaS management needs a real process. At 100 people you might have 50-80 different SaaS tools. Someone needs to own the renewal calendar, track spend, and evaluate whether you're getting value from each tool.
Stage 5: 200 people
At 200, IT is a proper department. If you don't have dedicated IT staff by now, you're running on borrowed time.
Dedicated IT leadership. Whether that's a full-time IT manager, a fractional IT contractor with expanded scope, or a small internal team, someone needs to own the entire IT function strategically, not just reactively.
Vendor management. You're dealing with dozens of vendors. Contracts, renewals, SLAs, escalation paths. This is a significant time commitment that only grows.
Incident response planning. You need a documented plan for what happens when things go wrong. A laptop gets stolen. An employee clicks a phishing link. A vendor has a breach. Who does what, in what order, and who gets notified?
Training. Regular security awareness for employees. Not just an annual compliance checkbox, but practical training on phishing, password hygiene, and safe remote work practices.
When to DIY, outsource, or hire
DIY (10-25 people). A founder or ops lead can handle the basics if they're willing to learn and stay disciplined. The key is actually doing it, not just planning to.
Fractional IT (25-200 people). A dedicated IT professional on a flat monthly retainer who knows your environment inside out. This is the sweet spot for most remote teams. You get senior expertise without the overhead of a full-time salary. Check out what a fractional IT contractor actually does for more detail.
Full-time hire (100+ people). Once the volume of daily IT work justifies a full salary and benefits package, it's time to hire internally. This is usually somewhere between 100 and 200 people, depending on your industry and complexity.
MSP (office-based teams). Managed service providers are built for companies with physical offices, servers, and local networks. If that's your setup, an MSP might be the right fit. For remote-first teams running on cloud tools, the model usually isn't a great match.
The mistakes that cost the most
Across every stage, I see the same patterns:
Waiting too long to start. The best time to set up proper IT is before you need it. The second best time is now.
No offboarding process. This is the single biggest security risk for remote teams. Period.
Treating IT as a cost center instead of infrastructure. Good IT makes your team faster, safer, and less frustrated. Bad IT (or no IT) does the opposite.
Over-buying tools. You don't need 80% of what vendors try to sell you. Start simple, add complexity only when you have a clear need.
Under-investing in identity. SSO and MFA are the foundation. Everything else is secondary.
Where to start
If you're reading this and thinking "we're behind," you're in good company. Most remote teams are.
Pick the stage that matches your current headcount and focus on the items you're missing. Don't try to do everything at once. Start with identity (SSO/MFA), add device management, build your onboarding and offboarding processes, and go from there.
If you'd rather not figure this out alone, that's what I do. I help remote teams get their IT into a managed state and keep it there. Book a free call and we can talk through where you are and what makes sense.