My CMMC Internal Audit Checklist for Microsoft 365 Controls
A weak internal audit shows up late, usually when a contract is on the line and the evidence binder is thin. When I build a CMMC internal audit checklist for…
How I Test Conditional Access for CMMC Level 2 in Report-Only Mode
A bad Conditional Access policy never fails at a convenient time. It breaks sign-ins during payroll, blocks a sales laptop before a customer call, or leaves access to CUI exposed…
Purview Auto-Labeling for CUI in a CMMC Level 2 Program
Miss one CUI file, and your boundary story can fall apart fast. That is why so many defense contractors and subcontractors look at Purview auto-labeling for CUI before they face…
CMMC Level 2 Guide to Entra PIM for Groups
Standing admin access is the habit I find most often in CMMC gap reviews. It feels convenient, but it creates a wide attack path and weak evidence for assessors. When…
Microsoft Defender Setup for CMMC Level 2 Vulnerability Management
A clean vulnerability dashboard can still leave you exposed during a CMMC review. CMMC Level 2 vulnerability management is not only about finding flaws. It’s about proving that I scan…
How I Design CMMC Intune RBAC for Small Teams
Too many small defense contractors fail CMMC prep before an assessor ever looks at a control. They over-grant admin rights, blur ownership, and hope good people won’t make bad changes.…
Purview Insider Risk Setup for CMMC Level 2
A single employee can move Controlled Unclassified Information faster than most teams can detect it. That is why a solid Purview insider risk setup matters for any contractor or subcontractor…
CMMC Level 2 Safe Links and Safe Attachments Baseline
A single email click can undo months of compliance work. When I review Microsoft 365 tenants for CMMC Level 2, I often find email protection half-set, poorly scoped, or hard…
CMMC Level 2 Workload Identity Security in Entra ID
Most CMMC identity work still centers on people, yet many real exposures start with an app, script, or pipeline. When I review Entra ID for Level 2 readiness, I often…
A Practical CMMC Secure Score Roadmap for Microsoft 365
Secure Score can pull a team into point chasing when what it needs is proof. I’ve seen Microsoft 365 admins raise the number, feel better for a week, and still…