A Practical CMMC Tabletop Template for Microsoft 365 Incidents
A generic tabletop won’t help me in a CMMC assessment or during a real Microsoft 365 incident. It also won’t help when an Entra ID admin starts approving MFA prompts…
CMMC Access Packages in Entra ID for Level 2 Readiness
Access control usually breaks in ordinary moments, new hires, rushed admin requests, outside contractors, and projects that never get cleaned up. When I review CMMC Level 2 gaps, those are…
A Practical Power Apps Governance Checklist for CMMC Level 2 in Microsoft 365
A Power App can go from harmless helper to audit problem in a week. I see it happen when a team builds a quick form, connects it to live business…
CMMC Level 2 Teams External Access Policy Checklist
One open federation setting can weaken an otherwise solid CMMC boundary. I’ve seen Microsoft Teams become an untracked side door because nobody wrote down who could talk to whom, under…
Entra Connect Hardening Checklist for CMMC Level 2
One weak sync server can open a path through an otherwise solid CMMC Level 2 program. When I review hybrid identity in regulated environments, I treat Microsoft Entra Connect as…
Intune Device Cleanup Policy for Stale Endpoints in CMMC Level 2
When I review a Microsoft 365 tenant before a CMMC readiness effort, stale devices jump out fast. They fill reports with ghosts, blur asset counts, and make old access paths…
CMMC Level 2 OAuth Review Checklist for Microsoft 365
When I assess Microsoft 365 for CMMC Level 2 OAuth risk, OAuth apps are one of the first places I look. A tenant can have strong MFA, good mail hygiene,…
CMMC Entra ID Sign-In Risk Policies for Level 2
A bad sign-in can undo months of security work. When I review Microsoft 365 tenants that handle CUI, the weak spot is often not MFA itself. It’s the lack of…
CMMC Level 2 Email Impersonation Defense in Defender for Office 365
A fake CEO email can do more damage than a noisy malware alert. One believable message can trigger wire fraud, credential theft, or a bad file share before anyone slows…
How I Set Up Entra ID Authentication Strengths for CMMC Level 2
If one stolen password can still open SharePoint or Exchange Online, the identity side of your CMMC story is weak. When I help security teams tighten Microsoft 365 access, I…