CMMC Level 2 Dormant Account Reviews in Entra ID
One forgotten account can undo months of security work. In Microsoft Entra ID, stale identities often keep old group memberships, app access, and sometimes admin rights long after a person…
Building a CMMC Level 2 macOS Intune Baseline for Small Contractors
One unmanaged Mac can punch a hole in a CUI boundary. I see that risk often in small contractors that added macOS for leaders, engineers, or field staff, then tried…
How I Prepare for a CMMC Level 2 Assessor as a Microsoft 365 Admin
A CMMC interview can expose the gap between what Microsoft 365 can do and what my tenant actually does. That gap is where many admins get into trouble. When I…
CMMC Inheritance Matrix Template for Level 2
If my evidence is scattered, a Level 2 assessment slows down fast. A strong CMMC inheritance matrix fixes that before an assessor starts asking who owns each control. By April…
CMMC Level 2 Mailbox Auditing in Exchange Online
A mailbox can hold contracts, drawings, pricing, and CUI. If I can’t prove who accessed it, who changed it, and when it happened, I have a gap in my control…
WDAC and Intune for CMMC Level 2 Application Control
A WDAC Intune rollout can lock down CUI endpoints, or block payroll at 8 a.m. The difference is rarely the tool. It is the policy design, the pilot ring, and…
CMMC Level 2 Vulnerability Exceptions With POA&M Examples
CMMC Level 2 Vulnerability Exceptions With POA&M Examples A vulnerability exception can keep operations moving, but it can also weaken a CMMC story fast. As of April 2026, Level 2…
CMMC Legacy Authentication Blocking for Microsoft 365
MFA can be active across Microsoft 365, and an old mail protocol can still slip around it. That gap is why CMMC legacy authentication deserves attention now, not after an…
CMMC Level 2 Defender for Cloud Apps Setup Guide
Most CMMC pain shows up after the tool is installed. I keep seeing teams connect Microsoft 365, leave the defaults alone, and assume the job is done. Defender for Cloud…
Building a CMMC Continuous Monitoring Plan for Microsoft 365
A CMMC assessment can go sideways long before a C3PAO arrives. It usually happens when months of tenant changes, alerts, and fixes leave no clear trail. When I support a…