CMMC Level 2 Authentication for CUI SharePoint Sites
Most SharePoint sites can live with a baseline sign-in policy. A site that stores CUI can’t. When I protect Controlled Unclassified Information in Microsoft 365, I want one extra checkpoint…
Exchange Online Transport Rules for CUI in CMMC Level 2
One bad auto-complete can send CUI outside your boundary in seconds. That is why I treat email controls as a front-line issue in CMMC Level 2, not a side setting…
Entra Administrative Units for CMMC Level 2
Most CMMC trouble starts with a simple identity mistake, too many admins with tenant-wide reach. In Microsoft 365, that creates more access than the job requires, and it makes audits…
Microsoft 365 DMARC for CMMC Level 2
A spoofed message can undo months of security work in one click. That is why I treat Microsoft 365 DMARC setup as a core security task, not a mail admin…
CMMC Level 2 Quick Assist Remote Support Policy
When I advise defense contractors, I start with a blunt point: casual screen sharing is hard to defend in a CMMC review. If a system can display CUI, every remote…
CMMC Entra ID KQL for Level 2 Evidence
An assessor won’t accept “we monitor Entra ID” on faith. I need records that show who signed in, what changed, when it happened, and whether the control worked. That is…
CMMC Azure Landing Zone Checklist for Small Contractors
A messy Azure tenant can turn a CMMC review into a scavenger hunt. Small contractors rarely have extra staff, spare budget, or time to clean up cloud decisions after the…
How I Remediate Intune Policy Drift for CMMC Level 2
A CMMC gap often starts as a small mismatch. The policy says one thing, the endpoint does another, and the reporting still looks fine until someone checks the real device…
CMMC VPN Logging for Level 2: A Small Contractor Checklist
A missing VPN log can turn a simple assessor question into a long week. For small contractors, CMMC VPN logging is less about fancy dashboards and more about proving remote…
CMMC Tenant Restrictions v2 for Level 2 Admin Workstations
One bad sign-in can punch a hole through an otherwise well-managed admin workstation. In a CMMC Level 2 environment, that matters because privileged devices sit close to your identity plane,…