CMMC Level 2 Service Account Policy for Small Contractors
The quietest account in your network can create the loudest audit finding. When I review small DIB environments, service accounts are often old, shared, or far too powerful. That matters…
CMMC BYOD Intune: App Protection Policies for Level 2
Personal phones can open a door to CUI fast. They can also open the wrong door if I let work data spill outside managed apps. When I build a CMMC…
CMMC Intune Compliance for iPhone and Android in 2026
A phone that touches CUI stops being “just a phone.” It becomes an endpoint, an access path, and an audit item. When I build CMMC Intune compliance for defense contractors,…
CMMC Level 2 Attack Surface Reduction Rules in Defender
Defender attack surface reduction is one of the fastest ways I reduce attacker options on Windows endpoints. For defense contractors working toward CMMC Level 2, that matters because phishing, macros,…
CMMC Level 2 BYOD Policy for Microsoft 365 That Holds Up
Personal devices can speed work, but they can also punch holes in a CUI boundary. For CMMC Level 2 BYOD in Microsoft 365, my rule is simple: if a personal…
CMMC Level 2 Microsoft Sentinel Setup for Small Contractors
If I’m building a Microsoft Sentinel CMMC monitoring plan for a small federal contractor, I start with one hard truth: Sentinel can support a CMMC Level 2 program, but it…
CMMC Level 2 Microsoft Purview DLP Setup Guide for CUI
Protecting Microsoft Purview DLP for CMMC Level 2 sounds easy until the first policy floods the help desk with noise. I treat DLP like a gate guard. It won’t make…
A Practical CMMC Purview DLP Policy for CUI in Microsoft 365
A DLP policy is like a gate, not the whole fence. When I build CMMC Purview DLP controls for Controlled Unclassified Information in Microsoft 365, I treat them as one…
CMMC Level 2 SPRS Score Guide For Microsoft 365 Shops
If you run Microsoft 365 for a small or mid-size defense contractor, your CMMC SPRS score can feel like a math test you never studied for. The good news is…
CMMC USB Controls With Intune And Defender For Endpoint
USB drives are tiny, cheap, and easy to ignore. They’re also one of the fastest ways to move Controlled Unclassified Information off a managed endpoint. When I build CMMC USB…