Who Should Own Licenses and Admin Accounts (What the Business Must Control)

June 2, 2026

Who Should Own Licenses and Admin Accounts (What the Business Must Control)

Who Should Own Licenses and Admin Accounts (What the Business MustControl)

Last updated

May 13, 2026

Reviewed by

Reviewed by: IT Service Delivery Lead

Speakable Summary

The business must own its licenses and top-leveladmin accounts. Book a Fit Check to confirm you control billing, recovery, andevery critical admin login.

Opening

Most lock-in is not about contracts. It is aboutwho controls the tenant, billing, and admin access.

If the business does not own licenses and adminaccounts, switching providers becomes slow and risky. Renewals get messy,outages take longer, and you can end up paying just to regain access.

This page explains what the business mustcontrol, what an IT provider can manage, and how to set it up so support staysfast without surrendering ownership.

Direct Answer

The business should own licenses and top-leveladmin accounts for all critical systems. Providers can administer those systemsthrough delegated or role-based access, but the business must control billingand recovery.

LINK: IT Support page
LINK: Managed IT Services
LINK: Managed IT Pricing

Clear definitions

Ownership definition
Ownership means the business controls billing, admin access, and accountrecovery.

Administration definition
Administration means a provider performs work using access the business grants.

What the business must control

The business must control

A provider can manage

Billing account and payment method

Day-to-day license assignments

Tenant ownership for Microsoft 365 or Google Workspace

User onboarding and license allocation

Domain registrar and DNS ownership

DNS changes with change control

Primary global admin ownership

Role-based admin work inside the tenant

Account recovery methods and backup codes

Operational support and monitoring tasks

Password vault ownership

Shared vault folders you control

Vendor portals that affect operations

Vendor coordination and case handling

The key rule is simple. The provider can workinside your systems, but they cannot be the only key-holder.

Admin accounts the business must own

Microsoft 365 or Google Workspace top-level admin

Your business must own the top-level adminaccount. The account should be in the business name, controlled by thebusiness, and recoverable by the business.

Providers can have delegated access or their ownrole-based admin accounts. The business still retains the master ownership.

Domain registrar and DNS

If you do not control the domain, you do notcontrol email. Registrar access is one of the highest priority ownership items.

Backup platform admin and restore authority

Backups are useless if you cannot access themduring a dispute or incident. The business must be able to log in and requestrestores.

Network equipment admin access

Firewall, router, switch, and Wi-Fi admincredentials should be stored in a business-owned vault. You should never have“we can’t find the firewall password” during an outage.

Vendor portals that can stop the business

ISP, VoIP, payroll, accounting, andline-of-business portals should be accessible to the business. Vendors oftencontrol timelines during outages and renewals.

LINK: Help Desk
LINK: FAQ

Who should own licenses

The business should own the licenses

Licenses should be purchased and billed to thebusiness. That keeps renewals clean and avoids dependency on a provider forbilling changes.

If a provider resells licenses, the businessstill needs transparency. You should be able to see quantities, costs, renewaldates, and cancellation terms.

Providers can manage licensing operations

Providers can handle assigning licenses tousers, adjusting counts, and making sure new hires get the right entitlements.

The business still controls the billingrelationship. That is what prevents lock-in.

The policy that prevents lock-in

The business owns billing and master access

Billing accounts and top-level admin credentialsbelong to the business. Recovery methods belong to the business.

A provider can be granted access. A providershould not be the only access.

Use delegated access whenever possible

Delegated access reduces password sharing. Italso makes it easier to remove access cleanly during transitions.

Role-based access reduces risk and improvesaccountability. It also reduces the blast radius of a compromised account.

Use a business-owned password vault

Store critical credentials and recovery methodsin a vault owned by the business. Keep at least two internal owners forcontinuity.

The provider can have access to shared folders.Ownership stays with the business.

Document recovery and break-glass access

Recovery methods are part of ownership. Backupcodes, trusted contacts, and recovery steps should be documented and storedsecurely.

If you cannot recover an admin account, you donot truly control it.

‍

We are Optitech provide the best quality It solution neque porro quisquam est qui dolorem ipsum quia golor sit amet, conse ctetur, adipisci velit, sed eligendi optio cumque nihil impedit quo minus id quod maxime plac eat take a trivial example, which of us ever undertakes laborious physical exercise, except to obtain some an advantage take a trivial example, which of us ever undertakes laborious physical exercise, except to obtain some advantage from more than a great system of the maintainance several way done

Optitech is the same is the same of the maintain the majororro quisquam est qui dolorem ipsum quia golor sit amet, conse ctetur, adipisci velit, sed eligendi optio cumque nihil impedit quo minus id quod maxime plac eat take a trivial example, which of us ever undertakes laborious physical exercise, except to obtain

IT Management provide the most service neque porro quisquam est qui dolorem ipsum quia golor sit amet, conse ctetur, adipisci velit is the more than effective way to solve the quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, velit, sed quia non numquam
IT Management provide the most service neque porro quisquam est qui dolorem ipsum quia golor sit amet, conse ctetur, adipisci velit is the more than effective way to solve the quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, velit, sed quia non numquam
IT Management provide the most service neque porro quisquam est qui dolorem ipsum quia golor sit amet, conse ctetur, adipisci velit is the more than effective way to solve the quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, velit, sed quia non numquam

We are Optitech provide the best quality It solution neque porro quisquam est qui dolore ipsum quia golor sit amet, conse ctetur, adipisci velit, sed eligendi optio cumque nihil take a trivial example, which of us ever undertakes laborious physical exercise except

‍

Blog Details