Azure Bastion Checklist for CMMC Level 2
Admin access is where solid Azure security often breaks down. One public RDP port, one shared admin account, or one weak exception can undo months of hardening. If you handle…
CMMC Level 2 Authentication for CUI SharePoint Sites
Most SharePoint sites can live with a baseline sign-in policy. A site that stores CUI can’t. When I protect Controlled Unclassified Information in Microsoft 365, I want one extra checkpoint…
Exchange Online Transport Rules for CUI in CMMC Level 2
One bad auto-complete can send CUI outside your boundary in seconds. That is why I treat email controls as a front-line issue in CMMC Level 2, not a side setting…
Entra Administrative Units for CMMC Level 2
Most CMMC trouble starts with a simple identity mistake, too many admins with tenant-wide reach. In Microsoft 365, that creates more access than the job requires, and it makes audits…
Microsoft 365 DMARC for CMMC Level 2
A spoofed message can undo months of security work in one click. That is why I treat Microsoft 365 DMARC setup as a core security task, not a mail admin…
CMMC Level 2 Quick Assist Remote Support Policy
When I advise defense contractors, I start with a blunt point: casual screen sharing is hard to defend in a CMMC review. If a system can display CUI, every remote…
CMMC Entra ID KQL for Level 2 Evidence
An assessor won’t accept “we monitor Entra ID” on faith. I need records that show who signed in, what changed, when it happened, and whether the control worked. That is…
CMMC Azure Landing Zone Checklist for Small Contractors
A messy Azure tenant can turn a CMMC review into a scavenger hunt. Small contractors rarely have extra staff, spare budget, or time to clean up cloud decisions after the…
How I Remediate Intune Policy Drift for CMMC Level 2
A CMMC gap often starts as a small mismatch. The policy says one thing, the endpoint does another, and the reporting still looks fine until someone checks the real device…
CMMC VPN Logging for Level 2: A Small Contractor Checklist
A missing VPN log can turn a simple assessor question into a long week. For small contractors, CMMC VPN logging is less about fancy dashboards and more about proving remote…