CMMC Level 2 Teams External Access Policy Checklist
One open federation setting can weaken an otherwise solid CMMC boundary. I’ve seen Microsoft Teams become an untracked side door because nobody wrote down who could talk to whom, under…
Entra Connect Hardening Checklist for CMMC Level 2
One weak sync server can open a path through an otherwise solid CMMC Level 2 program. When I review hybrid identity in regulated environments, I treat Microsoft Entra Connect as…
Intune Device Cleanup Policy for Stale Endpoints in CMMC Level 2
When I review a Microsoft 365 tenant before a CMMC readiness effort, stale devices jump out fast. They fill reports with ghosts, blur asset counts, and make old access paths…
Entra ID Password Reset for CMMC Level 2
A password reset seems small until it fails at the worst time. For a defense contractor handling CUI, a weak recovery process can open the same door that strong MFA…
A Practical Windows Server Hardening Checklist for CMMC Level 2
When I review a small contractor’s Windows Server, I usually find the same issue: the server is trusted far more than it should be. If that system stores or supports…
CMMC Level 2 OAuth Review Checklist for Microsoft 365
When I assess Microsoft 365 for CMMC Level 2 OAuth risk, OAuth apps are one of the first places I look. A tenant can have strong MFA, good mail hygiene,…
CMMC Entra ID Sign-In Risk Policies for Level 2
A bad sign-in can undo months of security work. When I review Microsoft 365 tenants that handle CUI, the weak spot is often not MFA itself. It’s the lack of…
CMMC Level 2 Email Impersonation Defense in Defender for Office 365
A fake CEO email can do more damage than a noisy malware alert. One believable message can trigger wire fraud, credential theft, or a bad file share before anyone slows…
How I Set Up Entra ID Authentication Strengths for CMMC Level 2
If one stolen password can still open SharePoint or Exchange Online, the identity side of your CMMC story is weak. When I help security teams tighten Microsoft 365 access, I…
How I Build a CMMC Named Locations Policy in Entra ID
A trusted office IP can lower risk, but it can also create false comfort. When I build a CMMC named locations policy in Entra ID, I treat location as one…