Microsoft Security Copilot and NIST 800-171
Microsoft Security Copilot can help commercial businesses in the Defense Industrial Base (DIB) meet the security requirements of NIST 800-171r3 and prepare for CMMC 2.0. Features and benefits of Security Copilot, such as automated threat detection, real-time alerts, advanced analytics, attack path analysis, and natural language explanations can improve the productivity and accuracy of security analysts. Explore how companies in the DIB may use these AI-powered capabilities to meet NIST 800-171r3 security requirements, detect and respond to threats more efficiently, and ultimately defend against threats with finite or limited resources.Understanding Compliance Between Commercial, Government, DoD & Secret Offerings - July 2025 Update
Understanding compliance between Commercial, Government, DoD & Secret Offerings: There remains much confusion as to what service supports what standards best. If you have CMMC, DFARS, ITAR, FedRAMP, CJIS, IRS and other regulatory requirements and you are trying to understand what service is the best fit for your organization then you should read this article.Microsoft Reference Identity Architectures for the US Defense Industrial Base
The white paper “Microsoft Reference Identity Architectures for the US Defense Industrial Base” is the result of deep collaboration among the National Defense ISAC "MSCloud" Working Group. It provides the group’s consensus on common challenges coupled with guidance on potential ways to overcome those challenges.CISA, OMB, ONCD and Microsoft collaborate on new logging playbook for Federal agencies
As part of our efforts to increase security defaults and follow the principle of secure by design, we are happy to share that a feature change initiated by Microsoft engineering will enable more logging capabilities for Purview Audit (Standard). We have worked closely with the Executive Office of the President (EOP), the Office of the National Cyber Director (ONCD), and the Cybersecurity and Infrastructure Security Agency (CISA) to prioritize this effort for U.S. government customers.DIB Embraces Cloud PCs: Streamlined Compliance, Risk Mitigation, and Cost Savings
Aerospace and Defense Distributor Embraces Cloud PCs: Streamlined Compliance, Risk Mitigation, and Cost Savings Jaco Aerospace holds a pivotal role in the aerospace and defense industry. As a distributor, they serve a remarkably diverse clientele, including the Defense Industrial Base, airlines, Maintenance, Repair, and Overhaul (MRO) operations, general aviation, space exploration, rocketry, satellites, supersonic aircraft, lunar landers, Air-Taxi initiatives, and Defense Technology companies. This diversity brings heightened responsibilities, especially in meeting stringent compliance requirements. Beyond the standard distributor regulations, they have to adhere to rigorous standards such as the Federal Aviation Administration (FAA), the Department of Defense (DoD), AS9120, and the DoD’s Cybersecurity Maturity Model Certification (CMMC). For a detailed breakdown of these requirements, check out their whitepaper here. Early Adoption of Cloud PCs Jaco Aerospace was an early adopter of cloud technology, transitioning their operations to Cloud PCs in February 2022. They recognized the transformative potential of cloud computing for IT infrastructure and firmly believe traditional PCs will soon become a thing of the past. By integrating Cloud PCs, they enhanced their AS9120-certified quality system, prioritizing risk reduction. The decision to migrate to the cloud in a post-COVID-19 world has unlocked numerous benefits, including: Enhanced Compliance Their operating environment meets the requirements of CMMC Level 1 (self-attestation). The straightforward in-house implementation enabled them to achieve and maintain compliance with ease. Robust Cybersecurity Cloud PCs help mitigate cybersecurity risks by enabling granular control over user permissions through conditional access policies. For example, they restrict most users' access to Microsoft apps on mobile devices, ensuring sensitive data remains secure. Consistent User Experience With Cloud PCs, they deliver a uniform user experience across the organization, improving productivity and streamlining workflows for all team members. Cost Savings The reduced need for IT-related user interactions and minimal hardware changes translate to significant cost savings in both the short and long term. Increased Connectivity Employees benefit from breakneck internet speeds when connecting to Cloud PCs, ensuring smooth and uninterrupted workflows. Furthermore, as they use Microsoft Teams for all phone communication, this speed results in high-quality calls not always found in their legacy VOIP solutions. Scalable Resources Cloud PCs allow them to dynamically scale memory and RAM based on individual user requirements, providing flexibility and operational efficiency. Simplified Scalability for Growth As their business grows, onboarding new employees is seamless. In rare employee departures, they can quickly offboard them and repurpose their equipment, ensuring a smooth transition. Risk Mitigation in Action The benefits of risk mitigation are often challenging to quantify, but recent events provided a clear example of its value. Their Valencia headquarters was in an evacuation zone during the Southern California wildfires. Thanks to their cloud infrastructure, employees swiftly transitioned to working from home by taking their thin client devices. Jaco Aerospace was required to maintain uninterrupted operations as a critical part of the Defense Industrial Base during COVID-19. At that time, the absence of a cloud-based system posed significant IT challenges. In contrast, during the wildfire evacuation, their team experienced just a one-hour disruption before resuming full operations—a stark difference that underscores the agility enabled by Cloud PCs. Looking Ahead At Jaco Aerospace, they see Cloud PCs (Windows 365) as a cornerstone of their future, enabling them to stay agile, secure, and ready to tackle any challenges that come their way. Whether it’s meeting stringent compliance requirements or ensuring seamless business continuity during unexpected events, their transition to the cloud has proven to be an invaluable asset. With the upcoming release of Microsoft’s Windows 365 Link, companies shifting to a Cloud PC environment will benefit from its affordability and the streamlined process of embracing this forward-looking technology. As the industry evolves, they remain dedicated to adopting innovative solutions that enhance operational efficiency and deliver unparalleled value to their customers.Microsoft Copilot for Security and NIST 800-171: Access Control
The second blog in this series will dive into the very first requirement family - Access Control (3.1) - and how organizations may deploy Microsoft Copilot for Security (Security Copilot) to meet the requirements entailed. This requirement family is arguably one of the most paramount because of the remarkable growth in identity-based attacks and the need for identity architects and teams to work more closely with the Security Operations Center (SOC). Microsoft Entra data noted in the Microsoft Digital Defense Report shows the number of “attempted attacks increased more than tenfold compared to the same period in 2022, from around 3 billion per month to over 30 billion. This translates to an average of 4,000 password attacks per second targeting Microsoft cloud identities [2023]”.
