CMMC Level 2 Guest Access Policy for Teams and SharePoint
One guest account can break a clean compliance boundary. When I write a CMMC guest access policy, I start with a blunt rule: if a Team or SharePoint site may…
CMMC Audit Log Retention Setup in Microsoft 365
The worst time to think about retention is when an assessor asks for six-month-old evidence and my log search comes back empty. In Microsoft 365, CMMC audit log retention is…
CMMC BYOD Intune: App Protection Policies for Level 2
Personal phones can open a door to CUI fast. They can also open the wrong door if I let work data spill outside managed apps. When I build a CMMC…
CMMC Intune Compliance for iPhone and Android in 2026
A phone that touches CUI stops being “just a phone.” It becomes an endpoint, an access path, and an audit item. When I build CMMC Intune compliance for defense contractors,…
CMMC Level 2 BYOD Policy for Microsoft 365 That Holds Up
Personal devices can speed work, but they can also punch holes in a CUI boundary. For CMMC Level 2 BYOD in Microsoft 365, my rule is simple: if a personal…
CMMC Level 2 Microsoft Sentinel Setup for Small Contractors
If I’m building a Microsoft Sentinel CMMC monitoring plan for a small federal contractor, I start with one hard truth: Sentinel can support a CMMC Level 2 program, but it…
CMMC Level 2 Microsoft Purview DLP Setup Guide for CUI
Protecting Microsoft Purview DLP for CMMC Level 2 sounds easy until the first policy floods the help desk with noise. I treat DLP like a gate guard. It won’t make…
A Practical CMMC Purview DLP Policy for CUI in Microsoft 365
A DLP policy is like a gate, not the whole fence. When I build CMMC Purview DLP controls for Controlled Unclassified Information in Microsoft 365, I treat them as one…
CMMC Level 2 SPRS Score Guide For Microsoft 365 Shops
If you run Microsoft 365 for a small or mid-size defense contractor, your CMMC SPRS score can feel like a math test you never studied for. The good news is…
CMMC Level 2 CUI Data Flow Diagram Template for Microsoft 365
If a CUI flow diagram feels fuzzy, the whole compliance story feels fuzzy. In Microsoft 365, I want a diagram that shows where Controlled Unclassified Information enters, where it moves,…