Blog Posts

How to Actually Handle Identification and Authentication for CMMC

Published on: 5/20/2025

Most breaches don’t start with hackers breaking down your firewall. They start with someone logging in using credentials they found on the dark web. This post breaks down the NIST 800-171 control family for Identification and Authentication. No fluff. Just the basics, the problems, and how to fix them. What […]

Read more

How to Create a SharePoint Site for File Sharing

Published on: 5/19/2025

You need to share files with clients or vendors. Maybe links. Maybe request uploads. SharePoint can handle this. You just need to avoid the clutter. Start With the Right Use Case There are only three reasons to build one of these portals. Pick the one that fits: 1. Give Each […]

Read more

Mastering NIST 800-171: Your Ultimate Checklist and Guide

Published on: 5/17/2025

As a small or mid-sized business engaged with defense contracts, the potential to work with the Department of Defense opens doors to numerous business opportunities. However, with these opportunities comes the responsibility of protecting Controlled Unclassified Information against cybersecurity threats. This is where NIST 800-171 comes into play. This guide […]

Read more

Why Microsoft 365 Management Doesn’t End After Initial Configuration

Published on: 3/6/2025

One of the most common misconceptions is the belief that once a Microsoft 365 tenant is configured, the work is done. Many organizations assume they can set up a baseline configuration and leave it untouched indefinitely. Unfortunately, this mindset overlooks the reality of configuration drift and the evolving nature of […]

Read more

Why You Should Never Store Credentials in Plain Text

Published on: 3/6/2025

Storing credentials in plain text-whether in Excel spreadsheets, Word documents, or text files, is one of the riskiest practices a business can adopt. Yet, many organizations do this. I consistently find password files sitting in file shares or SharePoint sites, often labeled something as obvious as “passwords.xlsx.” While this might […]

Read more

Why You Should Disable User Consent and Enable Admin Consent Workflow in Entra

Published on: 3/5/2025

One of the most overlooked security settings in Entra is user consent for enterprise applications. By default, users may be allowed to consent to third-party apps, granting them permissions to access organizational data—often without understanding the implications. This can lead to unauthorized access, data leakage, or even malicious activity within […]

Read more

Why Restricting and Monitoring PowerShell is Essential for Security

Published on: 3/5/2025

Device Code Flow is a convenient authentication method designed for devices with limited input capabilities, like smart TVs and other IoT devices. However, attackers have found ways to exploit it for phishing attacks, making it a serious vulnerability in your Microsoft 365 tenant. Blocking DCF is a simple yet effective […]

Read more

How We Stopped a Potential Breach Before It Happened

Published on: 3/2/2025

Recently, we discovered a security vulnerability for one of our clients that could have escalated into a serious issue. The client had a VPN user portal exposed to the internet, even though it was not actively being used. This oversight created an attack vector that was being exploited by malicious […]

Read more

Administering macOS with Microsoft Intune: Best Practices

Published on: 2/28/2025

Managing macOS devices in a business environment can be challenging, especially for organizations with IT staff who are most familiar with Windows-based systems. However, with Microsoft Intune, you can effectively manage macOS devices while leveraging your existing Microsoft 365 ecosystem. Getting Started: Apple Business Manager The first step to managing […]

Read more

NIST 800-171 Compliance

Published on: 2/28/2025

NIST 800-171 is a set of cybersecurity standards designed to protect sensitive information within non-federal systems and organizations. Whether you’re a contractor, small business, or educational institution, implementing these 110 controls across 14 families strengthens your cybersecurity posture and ensures compliance with federal requirements. Below is a simplified checklist to […]

Read more