AgileAscend: Microsoft 365 GCC High Implementation for CMMC Compliance

Agile IT

Agile IT has created a specialized set of services required to meet CMMC 2.0 Leveraging Microsoft 365 services in GCC High.

This project component is a suite of services that provides limited capabilities for securing access via identity services to Microsoft 365 within the GCC High environment. The delivery of this project component does not provide the final audit-ready environment for NIST 800-171 due to the level of documentation and customer configuration decisions that fall outside the scope of this one deliverable.

Agile IT can provide additional licensing and technical onboarding to meet the greater requirements for meeting NIST 800-171 compliance via additional plans for Microsoft 365 for GCC High which include the following Microsoft 365 services:

  • Intune for Mobile Devices
  • Azure Information Protection
  • Government Compliance and Data Governance Essentials
  • Windows 10 for Microsoft 365

The following key areas of delivery for this project component are:

  • Deployment and licensing for a Microsoft 365 GCC High tenant 
  • Onboarding Azure Active Directory for Microsoft 365 
  • Onboarding for Conditional Access & Multi-Factor Authentication 

License Requirements

This service is tailored for customers that have the following Microsoft subscriptions in GCC High
  • Minimum
    • Azure Active Directory Premium P1 (included within EM+S E3 and Microsoft 365 E3)
    • Azure Government subscription
  • Recommended
    • Microsoft 365 E3
Onboarding Azure Active Directory for Microsoft 365

For organizations that are in the process of migrating to Microsoft 365 (or are already there), there is a desire to reduce IT support overhead by providing end users with self-service capabilities as well as provide greater security for sensitive corporate information. AgileSecurity: Onboarding Azure Active Directory for Microsoft 365 empowers your organization's administrators with delegated administration, audit capabilities, and enhanced security features only available in Azure Active Directory.

Agile IT will deliver the following:
  • Overview of identity management using Azure Active Directory for Microsoft 365
  • Configure Azure Active Directory logging with Azure Monitor
  • Configure company branding on Office 365 services home pages
  • Configure Microsoft Access Panel (aka MyApps) portal for centralized application access for users
  • Configure Self Service Password Reset (SSPR) and portal configuration
  • Configure password policy to be in compliance with NIST 800-171
  • Workshop on managing Azure Active Directory for IT Administrators (workshop assumes attendees have 3+ years in managing a Windows server environment)
License Requirements:
  • Azure Active Directory Premium P1 (also included in Enterprise Mobility + Security E3 or E5, and Microsoft 365 E3, E5, and F3)
  • Azure AD logging requires an Azure subscription and will incur a monthly usage cost
Onboarding for Conditional Access & Multi-Factor Authentication

Conditional access will ensure user productivity continues while keeping your corporate data secure by allowing you to restrict access to your organization's Microsoft 365 services and beyond. By enabling Conditional Access within Azure Active Directory, organizations can control when and how users access services.  By defining a series of declarative if/then logic statements, you can enforce MFA challenges for risky sign-on or block access entirely.

Agile IT will work with your team to complete the following: 
  • Demo and overview of baseline policies; discussion of possible customizations (one-hour IT workshop)
  • Configure baseline policies within the production environment
  • Enforce MFA for current global admins
  • Review of configured environment, end-user communications, and deployment plan (one-hour IT workshop)

Trumpa apžvalga