Building a CMMC Continuous Monitoring Plan for Microsoft 365
A CMMC assessment can go sideways long before a C3PAO arrives. It usually happens when months of tenant changes, alerts, and fixes leave no clear trail. When I support a…
CMMC Level 2 Power Automate Governance Rules in Microsoft 365
A single flow can move Controlled Unclassified Information faster than most teams realize. That is why Power Automate governance matters so much when Microsoft 365 sits inside a CMMC Level…
CMMC Intune Enrollment Restrictions for Level 2 Readiness
A compliance program can fail at the front door if the wrong device gets in. That is why CMMC Intune enrollment restrictions matter so much for teams handling controlled data.…
CMMC Macro Blocking Policy for Microsoft 365 Apps
One bad macro can turn a routine spreadsheet into a security event. For teams handling CUI, that risk is too high to leave to user choice. When I build a…
Intune Local Admin Removal for CMMC Level 2
Local admin rights can undo months of security work in one bad click. If a standard user can install tools, disable protections, or change system settings, your Windows baseline is…
CMMC Level 2 Windows Hello for Business Rollout Guide
Passwords are still the weak seam in many CUI environments. When I roll out Windows Hello for Business, I treat it as both a security control and a user adoption…
CMMC Firewall Checklist for Small Contractors Seeking Level 2
One forgotten firewall rule can sit for years, then become the gap that slows your CMMC assessment. When I help small contractors with lean IT teams, I treat firewall reviews…
CMMC Level 2 OneDrive Sync for CUI: What I Allow and What I Block
I don’t treat OneDrive sync as allowed or banned. I treat it as a scoping choice that can expand a CUI boundary in a hurry. For teams handling CMMC OneDrive…
CMMC Intune Autopilot Checklist for New Windows Devices
A new laptop can become a weak point in under an hour. If it ships with the wrong rights, missing encryption, or no audit trail, you’ve already lost ground. When…
A Practical CMMC Log Review SOP for Entra ID and Defender
A monthly review fails when it becomes a memory test. For CMMC Level 2, I want a repeatable routine that shows what I checked, what I found, and what I…