How I Prepare for a CMMC Level 2 Assessor as a Microsoft 365 Admin
A CMMC interview can expose the gap between what Microsoft 365 can do and what my tenant actually does. That gap is where many admins get into trouble. When I…
CMMC Inheritance Matrix Template for Level 2
If my evidence is scattered, a Level 2 assessment slows down fast. A strong CMMC inheritance matrix fixes that before an assessor starts asking who owns each control. By April…
CMMC Level 2 Mailbox Auditing in Exchange Online
A mailbox can hold contracts, drawings, pricing, and CUI. If I can’t prove who accessed it, who changed it, and when it happened, I have a gap in my control…
WDAC and Intune for CMMC Level 2 Application Control
A WDAC Intune rollout can lock down CUI endpoints, or block payroll at 8 a.m. The difference is rarely the tool. It is the policy design, the pilot ring, and…
CMMC Level 2 Vulnerability Exceptions With POA&M Examples
CMMC Level 2 Vulnerability Exceptions With POA&M Examples A vulnerability exception can keep operations moving, but it can also weaken a CMMC story fast. As of April 2026, Level 2…
CMMC Legacy Authentication Blocking for Microsoft 365
MFA can be active across Microsoft 365, and an old mail protocol can still slip around it. That gap is why CMMC legacy authentication deserves attention now, not after an…
CMMC Level 2 Defender for Cloud Apps Setup Guide
Most CMMC pain shows up after the tool is installed. I keep seeing teams connect Microsoft 365, leave the defaults alone, and assume the job is done. Defender for Cloud…
Building a CMMC Continuous Monitoring Plan for Microsoft 365
A CMMC assessment can go sideways long before a C3PAO arrives. It usually happens when months of tenant changes, alerts, and fixes leave no clear trail. When I support a…
CMMC Level 2 Power Automate Governance Rules in Microsoft 365
A single flow can move Controlled Unclassified Information faster than most teams realize. That is why Power Automate governance matters so much when Microsoft 365 sits inside a CMMC Level…
CMMC Intune Enrollment Restrictions for Level 2 Readiness
A compliance program can fail at the front door if the wrong device gets in. That is why CMMC Intune enrollment restrictions matter so much for teams handling controlled data.…