I'm going to open with a number that should make you uncomfortable: the average MSP I audit is failing to bill for somewhere between 8% and 15% of the recurring services they're actively delivering. Not occasionally. Every single month.
That's not a guess. That's what I find when I sit down with an MSP, pull their agreement configurations, cross-reference against actual license counts and deployed agents, and look at what's flowing through to invoices versus what's being delivered. The gap is almost always there, and it's almost always bigger than the owner expected.
The root cause is rarely malicious or even negligent. It's structural. The billing configuration in the PSA wasn't built to automatically capture every variable-count product, every mid-month license change, every newly deployed security agent. So those charges slip through the cracks. And because nobody has time to manually reconcile everything every month, the cracks become permanent.
This is the playbook for closing those gaps.
Start by mapping what you actually deliver
Before you touch a single billing configuration, you need a clear inventory of every service you deliver and how it should be billed. This sounds basic, but I can't tell you how many MSPs can't produce this list without digging through multiple systems.
For each service, you need to know: what product or license is being delivered, how it's billed (per user, per device, flat fee, consumption-based), which vendor or distributor provides it, what the cost to you is, what the client pays, and where the billing trigger should come from (PSA agreement, vendor API, manual reconciliation).
Build this as a simple spreadsheet first. You probably deliver some combination of these:
Microsoft 365 licenses (various SKUs), Microsoft Azure consumption, security tools (SentinelOne, Huntress, ThreatLocker, Bitdefender — whatever's in your stack), backup (Datto, Axcient, Veeam), DNS filtering (DNSFilter, Cisco Umbrella), email security (Avanan, Proofpoint), documentation (ITGlue, Hudu), RMM agents, and whatever else you're bundling into managed agreements.
Each of these has a billing trigger — the event or data point that should cause a line item to appear on an invoice. The goal of billing automation is to capture every single trigger automatically, so nothing depends on a human being remembering to update a spreadsheet.
Microsoft 365: the biggest source of billing leakage
M365 billing is where I find the most money falling through the cracks, because license counts change constantly and most MSPs don't have a reliable automated process to capture those changes.
Here's what typically happens: a client asks you to add three M365 Business Premium licenses for new hires. Your tech provisions the licenses in the Partner Center. But nobody updates the PSA agreement. Or they update it for the initial add but miss the one that happened mid-month when the client onboarded a contractor through their own admin portal.
By the time your billing person catches it — if they catch it — it's been weeks or months, and retroactively billing the client for missed licenses feels awkward and damages trust.
The fix depends on your platform:
In ConnectWise, you configure agreement additions tied to M365 products and use either ConnectWise's native Cloud Billing feature, a tool like Gradient (formerly CloudBilling), or a custom integration with the Partner Center API to automatically sync license counts to agreement additions. When the count changes in the Partner Center, the agreement addition adjusts automatically, and the next invoice reflects the correct count.
In HaloPSA, you set up recurring invoices with license-count billing profiles and connect them to the Microsoft Partner Center through HaloPSA's native M365 integration or via a middleware tool. The concept is the same — automate the count, automate the billing.
The key configuration detail people miss: make sure the sync runs frequently enough to capture mid-month changes, and make sure it handles SKU-level granularity. "M365 Business Premium" and "M365 Business Basic" are different products at different price points. If your billing treats them as a single line item, you're either overcharging or undercharging somebody.
Azure consumption billing
Azure is a different animal because it's consumption-based rather than license-based. You can't just count seats. You need to track actual usage — compute hours, storage, bandwidth, whatever services the client is consuming — and translate that into a billable amount.
Most MSPs handle Azure one of three ways: they estimate a monthly flat fee (which means they're eating overages or overcharging), they manually pull consumption reports and create invoices (which is tedious and error-prone), or they automate it through the Partner Center API.
The third option is obviously what we want. Pull the consumption data programmatically, apply your margin, and push the charges into the PSA as billing entries. ConnectWise can handle this through its Cloud Billing module or through custom API integration. HaloPSA handles it through its billing integration layer.
The gotcha with Azure billing is margin calculation. If you're marking up Azure consumption by a flat percentage, make sure the automation applies the margin correctly and accounts for any credits, reservations, or tier-based pricing your client has negotiated.
Security tools: per-agent billing that drifts
Security tools are sneaky because the agent counts change slowly enough that nobody notices the drift until it's been months.
You deploy SentinelOne to a client's fleet. At deployment, the client has 45 endpoints. You bill for 45 agents. Over the next six months, they add 8 new workstations. Nobody updates the billing. You're now delivering protection to 53 endpoints and billing for 45.
Multiply that across twenty clients and three or four security tools, and the numbers add up fast.
The fix: connect your security tool's management console to your PSA billing. SentinelOne, Huntress, and ThreatLocker all have APIs or export capabilities that can feed agent counts into your billing system. Build the integration so that when the agent count changes, the billing adjusts automatically.
If a vendor doesn't have a direct PSA integration, set up a monthly automated export that pulls current counts and flags discrepancies against what's in your agreements. Even a semi-automated reconciliation is dramatically better than relying on someone to remember.
Distributor billing: Pax8, Ingram, TD SYNNEX
If you're buying products through distribution — and most MSPs are — you've got another reconciliation layer to deal with. The distributor bills you based on what's provisioned. You bill your client based on what's in the PSA agreement. Those two numbers should match. They frequently don't.
Pax8 in particular has a pretty solid integration story with both ConnectWise and HaloPSA. If you're a Pax8 partner and you're not using their billing integration, you're manually doing work the platform already supports.
For Ingram and TD SYNNEX, the integration landscape is less mature. You may need to build a reconciliation process — either through API automation or through a scheduled export/import workflow — that compares your distributor invoice against your PSA agreements and flags discrepancies.
The principle is always the same: don't rely on humans to keep two systems in sync. Automate the comparison, and have the automation tell you when things don't match.
Time and expense billing: the unglamorous essentials
Variable billing — hourly work, project time, out-of-scope charges — is less exciting to automate than recurring product billing, but it's just as important for revenue capture.
The configuration that matters:
Rate structures that reflect your actual pricing. If you charge different rates for L1 vs L2 vs L3 work, or different rates for after-hours vs business hours, those rates need to be configured in the PSA and automatically applied based on the technician's role and the time of entry. Techs should not be manually selecting rate tiers.
Agreement scope boundaries. When a tech logs time against a client with a managed agreement, the PSA needs to know whether that work is covered or billable. This requires clear agreement configurations that define what's in scope and what triggers separate billing. Without this, covered and billable time entries get mixed up, and either the client gets overcharged (creating disputes) or the MSP eats work it should have billed for.
Approval workflows. Any time entry over a certain threshold — say, anything over two hours on a single ticket — should trigger a review before it hits billing. Not because you don't trust your techs, but because anomalous time entries usually indicate either a scope issue or a process issue that needs attention.
The reconciliation safety net
Even with automation, you need a monthly reconciliation process. Automation handles the 95% case. The 5% — edge cases, sync failures, new products that weren't mapped, clients with custom billing arrangements — still needs human review.
Build a simple monthly checklist:
Review any billing sync errors or failures from the past month. Compare total invoiced revenue against expected revenue from the agreement portfolio. Spot-check five random client agreements against actual service delivery. Review any manual billing adjustments for recurring patterns that should be automated. Check for new products or services added in the past month that aren't yet part of the billing automation.
That monthly review takes an hour or two. It catches the things automation misses and continuously improves the automation by identifying new gaps to close.
The math one more time
If you're doing $100K a month in recurring revenue and your billing leakage is even 5%, that's $5,000 a month — $60,000 a year — that you earned, delivered, and never collected. The investment to fix billing automation is typically a fraction of that annual leakage.
This isn't a nice-to-have optimization project. It's the highest-ROI work most MSPs can do on their PSA.
Want to find out what your billing automation is missing? Book a discovery call and I'll walk through your agreement configuration with you.
Cory Neese
Founder & PSA Consultant at PaxRig
Cory helps MSPs get more out of their ConnectWise and HaloPSA platforms through expert configuration, migration, and automation. He founded PaxRig to bring enterprise-level PSA expertise to the MSP channel.