CMMC Level 2 Dormant Account Reviews in Entra ID
One forgotten account can undo months of security work. In Microsoft Entra ID, stale identities often keep old group memberships, app access, and sometimes admin rights long after a person…
How I Prepare for a CMMC Level 2 Assessor as a Microsoft 365 Admin
A CMMC interview can expose the gap between what Microsoft 365 can do and what my tenant actually does. That gap is where many admins get into trouble. When I…
CMMC Level 2 Mailbox Auditing in Exchange Online
A mailbox can hold contracts, drawings, pricing, and CUI. If I can’t prove who accessed it, who changed it, and when it happened, I have a gap in my control…
CMMC Legacy Authentication Blocking for Microsoft 365
MFA can be active across Microsoft 365, and an old mail protocol can still slip around it. That gap is why CMMC legacy authentication deserves attention now, not after an…
CMMC Level 2 Defender for Cloud Apps Setup Guide
Most CMMC pain shows up after the tool is installed. I keep seeing teams connect Microsoft 365, leave the defaults alone, and assume the job is done. Defender for Cloud…
Building a CMMC Continuous Monitoring Plan for Microsoft 365
A CMMC assessment can go sideways long before a C3PAO arrives. It usually happens when months of tenant changes, alerts, and fixes leave no clear trail. When I support a…
CMMC Level 2 Power Automate Governance Rules in Microsoft 365
A single flow can move Controlled Unclassified Information faster than most teams realize. That is why Power Automate governance matters so much when Microsoft 365 sits inside a CMMC Level…
CMMC Macro Blocking Policy for Microsoft 365 Apps
One bad macro can turn a routine spreadsheet into a security event. For teams handling CUI, that risk is too high to leave to user choice. When I build a…
CMMC Level 2 Windows Hello for Business Rollout Guide
Passwords are still the weak seam in many CUI environments. When I roll out Windows Hello for Business, I treat it as both a security control and a user adoption…
CMMC Firewall Checklist for Small Contractors Seeking Level 2
One forgotten firewall rule can sit for years, then become the gap that slows your CMMC assessment. When I help small contractors with lean IT teams, I treat firewall reviews…