CMMC Level 2 OAuth Review Checklist for Microsoft 365
When I assess Microsoft 365 for CMMC Level 2 OAuth risk, OAuth apps are one of the first places I look. A tenant can have strong MFA, good mail hygiene,…
CMMC Entra ID Sign-In Risk Policies for Level 2
A bad sign-in can undo months of security work. When I review Microsoft 365 tenants that handle CUI, the weak spot is often not MFA itself. It’s the lack of…
CMMC Level 2 Email Impersonation Defense in Defender for Office 365
A fake CEO email can do more damage than a noisy malware alert. One believable message can trigger wire fraud, credential theft, or a bad file share before anyone slows…
How I Set Up Entra ID Authentication Strengths for CMMC Level 2
If one stolen password can still open SharePoint or Exchange Online, the identity side of your CMMC story is weak. When I help security teams tighten Microsoft 365 access, I…
CMMC Level 2: Unmanaged Device Access in SharePoint and OneDrive
When I review a Microsoft 365 tenant for Level 2, I start with one hard truth: if CUI can land on a personal laptop, risk rises fast. SharePoint and OneDrive…
Blocking Device Code Flow in Entra ID for Stronger CMMC Level 2 Alignment
A short code on a screen can turn into a full Microsoft 365 session. That is why device code flow gets so much attention now. When I review Entra ID…
Entra ID Privileged Group Review SOP for CMMC Level 2
Stale admin access is one of the fastest ways to fail a CMMC credibility check. If I can’t show who has privileged access in Microsoft Entra ID, why they still…
Entra ID Temporary Access Pass Setup for CMMC Level 2
A weak onboarding process can undo a strong security stack in one afternoon. That is why I treat Entra ID temporary access pass setup as a controlled identity process, not…
How I Use Entra ID Device Filters for CMMC Level 2
One weak laptop can open a path to Controlled Unclassified Information, even when the rest of Microsoft 365 looks locked down. I see that often when teams turn on Conditional…
CMMC Level 2 Dormant Account Reviews in Entra ID
One forgotten account can undo months of security work. In Microsoft Entra ID, stale identities often keep old group memberships, app access, and sometimes admin rights long after a person…