Building a CMMC Continuous Monitoring Plan for Microsoft 365
A CMMC assessment can go sideways long before a C3PAO arrives. It usually happens when months of tenant changes, alerts, and fixes leave no clear trail. When I support a…
CMMC Level 2 Power Automate Governance Rules in Microsoft 365
A single flow can move Controlled Unclassified Information faster than most teams realize. That is why Power Automate governance matters so much when Microsoft 365 sits inside a CMMC Level…
CMMC Macro Blocking Policy for Microsoft 365 Apps
One bad macro can turn a routine spreadsheet into a security event. For teams handling CUI, that risk is too high to leave to user choice. When I build a…
CMMC Level 2 Windows Hello for Business Rollout Guide
Passwords are still the weak seam in many CUI environments. When I roll out Windows Hello for Business, I treat it as both a security control and a user adoption…
CMMC Firewall Checklist for Small Contractors Seeking Level 2
One forgotten firewall rule can sit for years, then become the gap that slows your CMMC assessment. When I help small contractors with lean IT teams, I treat firewall reviews…
CMMC Level 2 OneDrive Sync for CUI: What I Allow and What I Block
I don’t treat OneDrive sync as allowed or banned. I treat it as a scoping choice that can expand a CUI boundary in a hurry. For teams handling CMMC OneDrive…
A Practical CMMC Log Review SOP for Entra ID and Defender
A monthly review fails when it becomes a memory test. For CMMC Level 2, I want a repeatable routine that shows what I checked, what I found, and what I…
Purview Content Explorer for CMMC Level 2 CUI Discovery
You can’t protect CUI that you haven’t found. When I review Microsoft 365 for CMMC Level 2, the first gap is often simple, data sits in places nobody expected. Mailboxes,…
Implementing and Governing the CMMC Level 2 Admin Consent Workflow in Microsoft Entra ID
One bad app consent can undo months of hardening. In a Level 2 tenant, CMMC admin consent is less about convenience and more about change control. If you support defense…
CMMC GCC High Migration Plan for Microsoft 365 in 2026
The hard part of a CMMC GCC High migration isn’t buying licenses. It’s drawing the right boundary for CUI, then moving identity, devices, mail, files, and evidence without breaking daily…