Open your ticket queue and read the last twenty closures
That's the whole assessment, really. Before you price a Copilot seat or sit through a vendor demo, pull the last twenty closed tickets and read how they were categorized, who touched them, and what "resolved" actually meant. In a 10-person IT services firm, that sample tells you more than any maturity survey. If "printer issue," "print spooler," and "can't print" are three different categories assigned by three different techs, you've found your real problem — and it isn't a lack of AI.
Here's why the headcount matters. A 200-seat MSP can absorb a confused pilot; they've got a process team and someone whose job is to clean up. You have ten people, and probably two of them are senior enough to actually fix the hard stuff. A bad rollout doesn't cost you a line item — it costs you the attention of the two people who keep the lights on. The Kaseya 2025 Global MSP Benchmark Report shows firms your size already reaching for automation and AI as growth levers, but the smaller the team, the less margin there is for a pilot that creates more noise than it removes.
The trap is treating AI as a tool you install. IBM's Institute for Business Value research frames it as an operating-model question instead, and at ten people that distinction is brutally concrete: AI doesn't invent a resolution path, it copies the one already living in your queue. If your service desk can't agree on categories, owners, and known fixes, an assistant won't standardize you — it'll mirror the inconsistency back at customers, faster.
The first use case faces a tech, not a customer
Most readiness failures I see at this size aren't technical — they're a sequencing mistake. Someone points AI at the customer-facing layer first (auto-replies, a chat widget that drafts responses) because that's where the visible pain is. Wrong order. The customer is exactly the audience that punishes you for a hallucinated answer about their firewall config.
Start where a human still signs off: internal retrieval, ticket summarization, or a routing suggestion your tech can override in one click. Say a client emails "VPN's down again" at 8:40am. A good first build doesn't reply to the client — it surfaces the last three times that client hit a VPN issue, the fix that stuck, and which tech owns the account, then drops it in front of a person. Nobody outside the firm sees the AI. That's the point. The NIST AI Risk Management Framework gives you the language for this: map the risk and set controls before the system can touch a customer response, not after.
There's a quieter blocker that bites small firms specifically. Your operational knowledge isn't in a tidy knowledge base — it's scattered across Teams threads, a few shared docs, three years of email, and ticket notes only one person can decode. The moment an assistant can read all of that, it can also surface things to people who shouldn't see them. Microsoft's 365 Copilot data protection architecture walks through why permissions and auditability have to be settled before retrieval goes live. At ten people you've likely never run a permissions audit. Do it before the bot does it for you.
Pick the first workflow from the queue, not the brochure
By now you have evidence sitting in your own data. Score candidate workflows on five things: how thin your documentation is for it, how many low-risk repeat tickets it generates, how often it gets re-routed between techs, how much it interrupts your senior engineers, and how much a wrong answer would actually hurt a customer. The winner is the workflow where volume is high, the source material is decent, and a human can still review the action before it lands. That's usually password resets, onboarding checklists, or first-pass triage on your three noisiest ticket types — not the heroic stuff your best engineer handles.
What you can do Monday: read those twenty tickets, and write down the categories you'd actually keep. If you can't get two techs to agree on the list, fix that this week. It's free, and it's the single highest-leverage thing standing between you and an AI rollout that works. Standardized categories are the training data — there's no shortcut around them.
When you're ready to rank the candidates with a sharper lens, run them through the AI Opportunity Score, then pressure-test the build path with a QuickStart AI Audit before you commit a single seat.
