CMMC Level 2: Unmanaged Device Access in SharePoint and OneDrive
When I review a Microsoft 365 tenant for Level 2, I start with one hard truth: if CUI can land on a personal laptop, risk rises fast. SharePoint and OneDrive…
Blocking Device Code Flow in Entra ID for Stronger CMMC Level 2 Alignment
A short code on a screen can turn into a full Microsoft 365 session. That is why device code flow gets so much attention now. When I review Entra ID…
Entra ID Privileged Group Review SOP for CMMC Level 2
Stale admin access is one of the fastest ways to fail a CMMC credibility check. If I can’t show who has privileged access in Microsoft Entra ID, why they still…
Entra ID Temporary Access Pass Setup for CMMC Level 2
A weak onboarding process can undo a strong security stack in one afternoon. That is why I treat Entra ID temporary access pass setup as a controlled identity process, not…
How I Use Entra ID Device Filters for CMMC Level 2
One weak laptop can open a path to Controlled Unclassified Information, even when the rest of Microsoft 365 looks locked down. I see that often when teams turn on Conditional…
Defender for Identity for CMMC Level 2 Hybrid Setups
One blind spot on a domain controller can wreck an otherwise strong CMMC story. When I deploy Defender for Identity in a hybrid defense environment, I treat it as an…
My Intune Tamper Protection Checklist for CMMC Level 2
A locked security setting can save an audit, and it can also stop a bad day from getting worse. In a CMMC Level 2 environment, I don’t treat Intune tamper…
CMMC Linux Baseline for Ubuntu and Defender
A Linux endpoint can look clean and still fail a CMMC review. I see that gap when teams install Ubuntu, add Defender, and assume the toolset is the baseline. For…
CMMC Level 2 Dormant Account Reviews in Entra ID
One forgotten account can undo months of security work. In Microsoft Entra ID, stale identities often keep old group memberships, app access, and sometimes admin rights long after a person…
Building a CMMC Level 2 macOS Intune Baseline for Small Contractors
One unmanaged Mac can punch a hole in a CUI boundary. I see that risk often in small contractors that added macOS for leaders, engineers, or field staff, then tried…