Understanding Compliance Between Commercial, Government, DoD & Secret Offerings - July 2025 Update
Understanding compliance between Commercial, Government, DoD & Secret Offerings: There remains much confusion as to what service supports what standards best. If you have CMMC, DFARS, ITAR, FedRAMP, CJIS, IRS and other regulatory requirements and you are trying to understand what service is the best fit for your organization then you should read this article.Microsoft Copilot for Security and NIST 800-171: Access Control
The second blog in this series will dive into the very first requirement family - Access Control (3.1) - and how organizations may deploy Microsoft Copilot for Security (Security Copilot) to meet the requirements entailed. This requirement family is arguably one of the most paramount because of the remarkable growth in identity-based attacks and the need for identity architects and teams to work more closely with the Security Operations Center (SOC). Microsoft Entra data noted in the Microsoft Digital Defense Report shows the number of “attempted attacks increased more than tenfold compared to the same period in 2022, from around 3 billion per month to over 30 billion. This translates to an average of 4,000 password attacks per second targeting Microsoft cloud identities [2023]”.Microsoft Security Copilot and NIST 800-171
Microsoft Security Copilot can help commercial businesses in the Defense Industrial Base (DIB) meet the security requirements of NIST 800-171r3 and prepare for CMMC 2.0. Features and benefits of Security Copilot, such as automated threat detection, real-time alerts, advanced analytics, attack path analysis, and natural language explanations can improve the productivity and accuracy of security analysts. Explore how companies in the DIB may use these AI-powered capabilities to meet NIST 800-171r3 security requirements, detect and respond to threats more efficiently, and ultimately defend against threats with finite or limited resources.Microsoft Reference Identity Architectures for the US Defense Industrial Base
The white paper “Microsoft Reference Identity Architectures for the US Defense Industrial Base” is the result of deep collaboration among the National Defense ISAC "MSCloud" Working Group. It provides the group’s consensus on common challenges coupled with guidance on potential ways to overcome those challenges.Microsoft Collaboration Framework for the US Defense Industrial Base
This article focuses on the candidate reference architectures for identity to accommodate Multi-Tenant Organizations (MTO), and specifically those that have a deployment in the US Sovereign Cloud with Microsoft 365 US Government (GCC High) and Azure Government. It also addresses external collaboration in highly regulated environments, inclusive of organizations that are homed in either Commercial or in the US Sovereign Cloud.Support for DFARS in Microsoft 365 Government (GCC High)
Microsoft 365 Government (GCC High) meet the applicable requirements of the DFARS Clause 252.204-7012 (Safeguarding Unclassified Controlled Technical Information). Specifically, the requirements within the Clause that are applicable to the Cloud Service Provider (CSP) and their commitment to fulfill these requirements.Zero Trust and CMMC Compliance with Microsoft Defender for Identity
Large, highly resourced companies are still challenged to perform this level of identity management and monitoring across their digital estate. With over 75% of the Defense Industrial Base (DIB) being small businesses, the challenge to effectively resource and standup a proactive Security Operations Center (SOC) remains a daunting task to meet the compliance requirements for CMMC Level 3 and beyond. Almost two entire CMMC domains – Audit and Accountability (AU) and Incident Response (IR) – could require one FTE for a 200-person company as an example. The only financial mitigation or offset comes through the use of technology or the use of a Managed Security Services Provider (MSSP). Microsoft Defender for Identity (MDI), previously known as Azure Advanced Threat Protection or Azure ATP, is one of those technologies that can help organizations protect and monitor user identities at scale. Organizations deployed on Microsoft 365 GCC or GCC High can take an identity-centric approach and evaluate user sign-in behaviors in real-time, along with device and application risk profiles.Microsoft Product Placemat for CMMC - October 2024 Update
This Microsoft Tech Community Public Sector Blog post is an update of the Microsoft Product Placemat for CMMC assisting the Defense Industrial Base (DIB) for compliance with the Cybersecurity Maturity Model Certification (CMMC) from the U.S. Department of Defense (DOD).Preparing for CMMC 2.0: Build New or Fix Old?
When preparing for CMMC compliance, defense contractors often evaluate two options: build a new environment or try to fix their current one. Both options have pros and cons, and the decision will depend on several factors, such as the current state of the environment, the budget, the timeline, and the desired level of CMMC certification.
