We went through something similar.
What I came to realize after being hired on, is that we had a 3rd party IT firm monitoring our entire network, clients, servers, infrastructure, and security appliances. Problem was nobody in-house had 'peer' level access; said more accurately, only owners had access, but no idea what to do with it.
Worse, nobody understood why that was a problem.
Once I took the time to explain some of the be fits for having someone in-house, I had their support, without which there is no point; just let it go, or move on.
3rd party IT required the owner formally request my being granted access (expected, and perfectly reasonable), but owner not knowing much about IT generally, simply asked for me to be granted 'admin access', which was misinterpreted/misstated to mean Domain admin.
What they needed to request, is Enterprise Admin access, which is a completely different scope within your Domain/Forest. Up to you, but might be worthwhile to request a second (elevated) Active Directory account rather than being granted access using your primary user account.
Don't forget to have them provide complete, and accurate documentation of your entire physical and virtual network - ISP, firewall/security appliance, switch, servers (P/V), backup battery (mine's equipped for email notifications, etc), external & virtual server backups, client images, workstation setup checklists for each employee role, wireless access points, as well as printers, group policy, etc. Visio is most commonly used in my experience.
Be sure to check for documentation on any/all instances of SNMP agents, CIM agents, RDSH, Direct Access, SSL, CALs, DNS Scope for IPv4/IPv6, web-based spam filters, on-premise/online Edchange Servers, hybrid on-premise & online Exchange Servers, Autodesk/Transoft, etc.
If you use Office 365, then you also need Admin access to that, unless you're setup for Active Directory Sync.
While you're at it, have them setup Remote Adminitration Tools on your workstation, and install Client Hyper-V if you have any Virtual servers.
Don't forget passwords; you need a document store for each-and-every account and password - procurement accounts, remote monitoring (agents), security appliance, client security software (Trend?) which offen has a client password to 'disable' and an admin password to 'manage'.
Along with SNMP/CIM agents, you should see what (custom?) firewall services they've implemented, and ports they've opened.
I'll leave myriad other topics alone, such as IIS/Web/FTP, PowerShell ISE, VDI, etc.
The point of all of this, is that if, or when the time comes where you're going to pull the lever on terminating 3rd party IT, you need to know what is in place to remove access for them, and change passwords. #KillSwith
HTH
