A Practical Power Apps Governance Checklist for CMMC Level 2 in Microsoft 365
A Power App can go from harmless helper to audit problem in a week. I see it happen when a team builds a quick form, connects it to live business…
CMMC Level 2 Lost Device Response Plan With Intune
Lose a laptop that handled CUI, and the clock starts before anyone finds the charger. When I build a CMMC lost device response plan, I focus on the first hour,…
CMMC Level 2 Teams External Access Policy Checklist
One open federation setting can weaken an otherwise solid CMMC boundary. I’ve seen Microsoft Teams become an untracked side door because nobody wrote down who could talk to whom, under…
Entra Connect Hardening Checklist for CMMC Level 2
One weak sync server can open a path through an otherwise solid CMMC Level 2 program. When I review hybrid identity in regulated environments, I treat Microsoft Entra Connect as…
Intune Device Cleanup Policy for Stale Endpoints in CMMC Level 2
When I review a Microsoft 365 tenant before a CMMC readiness effort, stale devices jump out fast. They fill reports with ghosts, blur asset counts, and make old access paths…
Entra ID Password Reset for CMMC Level 2
A password reset seems small until it fails at the worst time. For a defense contractor handling CUI, a weak recovery process can open the same door that strong MFA…
A Practical Windows Server Hardening Checklist for CMMC Level 2
When I review a small contractor’s Windows Server, I usually find the same issue: the server is trusted far more than it should be. If that system stores or supports…
CMMC Level 2 OAuth Review Checklist for Microsoft 365
When I assess Microsoft 365 for CMMC Level 2 OAuth risk, OAuth apps are one of the first places I look. A tenant can have strong MFA, good mail hygiene,…
CMMC Entra ID Sign-In Risk Policies for Level 2
A bad sign-in can undo months of security work. When I review Microsoft 365 tenants that handle CUI, the weak spot is often not MFA itself. It’s the lack of…
CMMC Level 2 Email Impersonation Defense in Defender for Office 365
A fake CEO email can do more damage than a noisy malware alert. One believable message can trigger wire fraud, credential theft, or a bad file share before anyone slows…