Forum Widgets
Latest Discussions
What to expect from a CMMC reference architecture?
For those in the community who are actively developing configuration resources, documentation, and automation for aligning GCC High / Azure Gov tenants to CMMC practices, could you help focus our efforts by describing what kind of materials and resources are being developed by Microsoft by way of a CMMC reference architecture? For example, Intune policy sets that align to DISA STIGs? Configuration guides and out-of-the-box policy statements that align to CMMC practices? A configuration-as-code easy button for tenant configuration?
Multi-Factor CMMC with Azure AD
Does Microsoft have documentation on CMMC requirements for MFA using a hardware key? We have looked into YubiKey FIPS but it is v4; appears Azure AD requries v5 and above to work. What is the best path to achieve MFA with Azure AD using a hardware key - also allowing for MFA without an internet connection at times when device is isolated.Extending the Shared Responsibility Model into CMMC
A quick review of Compliance Manager (or the Office 365 MT FedRAMP system security plan) shows that Microsoft has documented the areas where customer orgs need to implement their own controls (policies, procedures, tenant configurations) in order to fully satisfy a FedRAMP control requirement. I know that CMMC is different. We aren't focusing on just the cloud system, but rather the entire organization, its people, information, technology and facilities. That distinction aside: how much do we think Microsoft's security capabilities can be "inherited" by subscriber organizations for use in a CMMC assessment? How much still needs to be documented, performed, and managed by the organization itself? More than FedRAMP? Less? 42?
Documentation Templates and Snippets
Can Microsoft provide templates, snippets, and/or examples of documentation for each of the CMMC controls that the GCC High environment helps meet? For example, AU 3.048 - Collect audit info into 1 or more central repos. The recommendation is to use Azure Sentinel, which we are implementing, but having documentation examples that we can copy/paste/modify into our documentation for certification purposes would be very helpful. Obviously, this could be very different for each customer, which is where a template of sorts with a full example would be very helpful.Early access now open: Microsoft CMMC AMA - August 25
Early access for tomorrow's one-hour "Ask Microsoft Anything" (AMA) is now open. Time to get answers to any questions you may have on achieving CMMC compliance with our Microsoft products, including Microsoft Azure and Microsoft 365. Simply visit the Government AMA space and click "Start a New Conversation" to post your question. This event is open to all Tech Community members and we'll have the our panel of experts providing answers when the AMA opens tomorrow. Want to join us live on August 25th at 9:00 a.m. Pacific Time? Save the date In the meantime, if you'd like to read an in depth review on accelerating CMMC compliance for Microsoft cloud, go here. We look forward to answering your questions!Announcing a Government CMMC AMA on August 25, 2020
We want to hear from you and answer your questions around how we can help you, our customers, achieve CMMC compliance with your Microsoft Azure and Microsoft 365 subscriptions. We will be hosting an "Ask Microsoft Anything" (AMA) session on Tuesday, August 25th from 9:00 AM - 10:00 AM PST here, on the Tech Community. Save the date! To join, simply, visit the Government AMA space on Tuesday, August 25th from 9:00 AM - 10:00 AM PST and click "Start a New Conversation" to post your question. This event is open to all Tech Community members and we'll have members of the Microsoft product, engineering, legal and licensing teams standing by to provide answers. ***Please note : This AMA is only to answer questions in regards to achieving CMMC compliance with our Microsoft products, including Microsoft Azure and Microsoft 365.Microsoft Teams Government AMA : Early Access
While the Microsoft Teams Government AMA doesn't officially start until tomorrow (Thursday, March 19, 2020) at 9:30 a.m. Pacific Time, we are opening up this AMA space now so that--if you can't attend at that time--you can still submit your questions. To submit a question, click "Start a new conversation" in the Government AMA space--and do this for each new question. This will enable us to easily identify and answer your questions. Make sure you are signed in to be able to do this. ***Please note : This AMA is only to answer questions regarding our Microsoft Teams product in US Government GCC, GCC High & DOD tenants. Our engineers and product managers are excited to hear your questions!That's a wrap: Microsoft Teams Government AMA
Thank you for joining us and voicing your questions and feedback during this fun and action-packed hour. Please note that you won't be able to ask new questions in this space until our next live event. We will be disabling posting and further comments in this AMA space but encourage you to post any new questions or follow up in our Public Sector, Local/State Government Space. We will put together a summary document of what was covered during and share it in this group. See you next time!Thank you!
Thanks to everyone who participated from Metalogix MVPs to AvePoint MVPs and the whole Microsoft Tech Commmunity! I just want to leave you with one final resource from the Microsoft compliance team: https://www.linkedin.com/pulse/30-guides-you-secure-compliant-microsoft-cloud-azure-office-om-vaiti
