CMMC Level 2 eDiscovery And Legal Hold Setup In Purview
If you’re handling CUI in Microsoft 365, you don’t get to treat retention and holds like a “set it once” task. Under CMMC Level 2, I’ve found auditors and incident…
CMMC Level 2 Email Forwarding Controls In Exchange Online
Email forwarding looks harmless until it isn’t. One inbox rule can copy Controlled Unclassified Information (CUI) to a personal mailbox, a vendor, or a compromised account. In March 2026, I…
CMMC Level 2 Security Awareness Training Plan With Simple Tracker
If you handle CUI, your people can’t be the weak link. They’re also your best defense. A good CMMC Level 2 training plan turns everyday habits (how staff log in,…
CMMC Level 2 Secure Admin Workstations Using Intune And Defender
If you administer Microsoft 365 or servers for a defense contractor, you already know the weak spot: admin credentials. One phish, one token theft, one reused browser session, and an…
CMMC Level 2 O365: Microsoft Defender For Office 365 Baseline Setup
Email is still the easiest door into a contractor’s environment. One good phish can turn into stolen credentials, mailbox rules, and quiet data theft that nobody spots for weeks. When…
CMMC Level 2 Retention Policies In Microsoft Purview Setup Guide
If you handle CUI, retention can’t be a vague “we keep stuff for a while” promise. In a CMMC Level 2 assessment, I want to show what’s kept, for how…
CMMC Level 2 Change Management Process For Small IT Teams
If you support CUI with a small staff, change control can feel like a tax on your day. Patches pile up, users want “just one quick tweak”, and your team…
CMMC Level 2 Secure Email for CUI Using Microsoft Purview
If CUI can move by email, it can leak by email. That’s the hard truth I plan for when I build CMMC Level 2 secure email in Microsoft 365. In…
CMMC Level 2 Entra ID Access Reviews Setup Checklist
Access piles up quietly. A user changes roles, a vendor leaves, a temp account stays, and suddenly your CUI environment has “ghost access” nobody meant to approve. For CMMC Level…
CMMC Level 2 Risk Assessment Template For Microsoft 365 Shops
If you run Microsoft 365 for a defense contractor, risk assessment can’t be a once-a-year box check. In February 2026, CMMC Level 2 is in the enforcement phase for many…