[Guest Blog] Why We Use Microsoft for Our CMMC Managed Service Customers

by Contributed | Nov 10, 2020 | Technology

This article is contributed. See the original author and article here.

In January of this year, the Department of Defense (DoD) released the Cybersecurity Maturity Model Certification or CMMC. This new maturity model defines five levels of increasing maturity and will require all defense contractors, both Primes and Subs, to comply with one of the five levels and attain independent verification of compliance prior to contract award. In an ongoing effort to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI), CMMC is a significant change for DoD acquisition, cybersecurity, and policy. For small businesses in the defense industrial base, the challenge is potentially insurmountable.  

Having partnered with the DoD as part of the Defense Industrial Base Cybersecurity Initiative since its inception, first as a Chief Information Security Officer with one of the largest DoD contractors and now as CEO of CyberSheath, the foremost Managed CMMC compliance provider, I have seen every side of this compliance problem and understand what works and what doesn’t. Because of this, I am often asked, “How can I meet CMMC requirements?” My answer is always the same, “Hire a great Managed Compliance partner and use Microsoft technologies.” If you only use internal resources, you will inevitably fall short somewhere on the security, technical, or policy expertise required. If you try to use multiple technologies from different vendors, you will have more tools than you can support, possibly achieving compliance and assuredly weakening security. This blog details what Managed Compliance looks like in the context of CMMC. 

So, why Microsoft for CMMC? 

Microsoft has a deep and long history of supporting government customers and their unique mission requirements; in fact, about a year ago, Richard Wakeman  wrote this blog specific to the Microsoft Cloud Service Offerings. Suffice it to say Microsoft uniquely understands the U.S. Government’s mission in a way that only decades of experience working alongside one another will allow. Microsoft understands the required people, processes, and technologies to support the DoD mission from both a compliance and operational perspective so well that it can often be difficult for anyone to lay it all out in one succinct communication. Microsoft has done more for the United States Government than any other cloud provider. Their decades of successful partnership with DoD have enabled them to provide resources that will enable your journey to CMMC compliance.  

Here are three resources to get you started on your journey to CMMC compliance: 

Shared Responsibility Model 

CMMC compliance for many, if not most, companies will undoubtedly rely on the cloud at some point in the journey. When in the cloud, and frankly, on-premise, it is important to understand the concept of shared responsibility. When relying on cloud services, understanding the shared responsibility model is foundational to meeting and maintaining compliance. For an excellent blog on shared responsibility in the cloud start here and as you read think about which CMMC security tasks are handled by your cloud provider and which tasks are handled by you. Now for the many companies that rely on Managed Service Providers, or otherwise defined Third-Party Providers, how are you extending the shared responsibility to those entities?  

Very few MSSPs understand CMMC in the context of the shared responsibility model. To my knowledge, CyberSheath is one of the few to build our entire CMMC management platform around Microsoft Azure technology, which is detailed here along with a breakdown of how CMMC has been 13 years in the making. 

CMMC compliance isn’t a “go it alone” model and requires an understanding of the shared responsibility model, regardless of your CMMC compliance level. Rare is the company that does everything in-house without exception. 

Azure Blueprints 

Azure Blueprints enable customers to easily create, deploy, and update compliant environments and leverage the enormous Microsoft investment in data security and privacy. Microsoft invests more than USD 1 billion annually on cybersecurity research and development, employs more than 3,500 security experts entirely dedicated to your data security and privacy and Azure has more certifications than any other cloud provider. View the comprehensive list. 

Blueprints simplify largescale Azure deployments by packaging key environment artifacts, such as Azure Resource Manager templates, role-based access controls, and policies, in a single blueprint definition. Customers can easily apply the blueprint to new subscriptions and environments and fine-tune control and management through versioning. Specific to CMMC, blueprints present a tremendous advantage for customers who want to quickly address the majority of the CMMC Maturity Level 3 requirements. 

The NIST SP 800-171 R2 blueprint sample provides governance guard-rails using Azure Policy that help you assess specific NIST SP 800-171 R2 requirements or controls. This blueprint helps customers deploy a core set of policies for any Azure-deployed architecture that must implement NIST SP 800-171 R2 requirements or controls. As many readers know, approximately 85% of the CMMC Maturity Level 3 requirements are essentially the NIST SP 800-171 security requirements, so this blueprint can be a force for progress in your CMMC compliance efforts.  

Office 365 GCC High and DoD 

As many defense contractors already know, CMMC was, in part, created to address the security of CUI, and Microsoft has long been a partner with DoD working to protect this information. 

To meet the unique and evolving requirements of DoD and contractors holding or processing DoD controlled CUI or subject to International Traffic in Arms Regulations (ITAR), Microsoft offers GCC High and DoD environments. Microsoft GCC High and DoD meet the compliance requirements for the following certifications and accreditations: 

• The Federal Risk and Authorization Management Program at FedRAMP High, including those security controls and control enhancements as outlined in the National Institute of Standards and Technology (NIST) Special Publication 800-53. 


• The security controls and control enhancements for the United States Department of Defense Cloud Computing Security Requirements Guide (SRG) for information up to Impact Level 5 (L5). 

DoD Office 365 subscribers will receive services provided from the DoD exclusive environment that meets DoD SRG L5. Non-DoD subscribers will receive services from the U.S. Government Defense environment, which is assessed at L5, but has L4 equivalency. 

There is much debate and often confusion on whether CMMC requires GCC high, and it is one of many issues that highlight the need for a Managed Compliance Partner, but the point is that Microsoft has long been the partner of choice for the DoD in addressing this challenge. 

CMMC mandates minimum cybersecurity standards for 300,000 plus commercial defense contractors around the globe and makes compliance part of the acquisition process, preventing contract award until an independent third-party has verified compliance. Given the magnitude of this change and the revenue impacting consequences of non-compliance, we choose Microsoft for our CMMC Managed Services Customers. 

Additional information  

For additional information on Microsoft’s CMMC acceleration, join Microsoft’s Richard Wakeman, Senior Director of Aerospace & Defense for Azure Global, on November 18th at CMMC Con 2020.  Mr. Wakeman will host a Technology Spotlight session dedicated to discovering how Microsoft solutions are assisting the DIB in government compliance.   Visit www.cmmccon2020.com to learn more. 

About the Author

Eric is Chief Executive Officer (CEO) for CyberSheath Services International, LLC (CyberSheath) and is a respected cybersecurity expert having testified before the House Armed Services Committee (HASC) Subcommittee on Emerging Threats and Capabilities and served on the Council on Cyber Security expert panel to review and update the Critical Security Controls. Prior to founding CyberSheath, Eric was the Global Chief Information Security Officer for BAE Systems plc, based in London. Concurrently Eric served as Vice President and General Manager of North American IT operations, overseeing engineering, architecture, and IT operations support for approximately 39,000 employees. Eric has an MBA from the University of Maryland and a B.S. with honors in Information Technology Management from Daniel Webster College. He holds numerous technical and professional certifications including Certified Information Systems Security Professional (CISSP) and Project Management Professional (PMP). 

“Teamwork makes the dream work” – harnessing attention in the context of team collaboration

by Contributed | Nov 10, 2020 | Technology

This article is contributed. See the original author and article here.

Co-authored by Claudia van der Velden, Emma Stephen, and Tony Crabbe

The workweek starts, your agenda looks tidy, you feel on top of your to do’s – you feel a sense of control. At the end of the day you look again and see tons of double bookings, meetings without an agenda, and no clarity on what is expected of you in that engagement. Do you find yourself wondering if colleagues make best use of your attention? Do you look at your diary with a sense that you own your time, or the reverse?

Our shift to teamwork, often on multiple teams, has driven some bad organizational habits¹. As our teams face multiple deadlines, working across multiple contexts, it can feel like a scramble for calendar space, focus time, and even a break.

As we often find ourselves in the above situation, instinctively we consider teamwork to be at the expense of our attention. But to become a high performing, innovative, and flourishing team, every team member’s attention is needed. So how can we harness attention at the team level?

It starts with our engagement in reaching a shared goal, learning from a diverse team, and building positive team relationships. To achieve great outcomes, team processes need to build on that engagement with a focus on trust, learning, team confidence, optimism, supportive leadership, and social support². Each section focuses on an aspect of teamwork from the foundation of purpose and connection through to collaboration and meetings. Tips and tricks throughout, following the MOCA framework, then outline how technology can support.

Team purpose and connection
Team engagement is the hook for attention in the team context. When the teams we work in have clarity on the team goals and we feel a sense of belonging, it’s easier to engage our attention.
The hybrid workplace has created an extra layer of complexity for creating clarity and belonging and employees report maintaining team cohesion as one of the top issues in the hybrid workplace³. To maintain this sense of purpose and connection, communication, open-mindedness, and clarity on who does what in contribution to which team goal are key. We need new ways of connecting.

Tips & Tricks:

• Create a recurring Microsoft Teams call for three (3) hours which serves as an open ‘virtual co-working space’. This makes space for spontaneous conversations, while you are doing individual work and gives a sense that your work has purpose⁴.


• Schedule virtual coffee breaks, walking meetings, or ‘Happy Hours’ with your team. Check in on each other sometimes, even if nothing is scheduled.


• Increase the internal network in your organization by enabling the Ice-breaker bot to connect random employees to have a virtual coffee together.


• Be clear on intent, use Emoji’s, GIF’s and stickers to convey meaning and avoid misunderstandings⁵ which can lead to unnecessary worry.


• Use Planner to organize team tasks that are meaningful chunks and can be completed by one person. Attach any documents, comments, or ideas to the task.

Collaboration rituals
Microsoft Teams have become the foundation of how most work gets done in today’s organizations with a 50% increase in collaboration in the last decade⁶. What we can know, knowledge itself, is increasing and in organizations this is resulting in specialization. But the world is going in the other direction, becoming more networked and demanding more interconnected products and services. To develop these requires cross-domain expertise, placing the emphasis increasingly on teams and their performance as a crucial differentiator rather than the individual⁷.

81% of us are multi-teaming⁸ – collaborating on more than one project, but how much of that time do we spend on discussing ‘How’ we collaborate? Are there collaboration rituals – clear rules of engagement – that create clarity on where we collaborate, working out loud, and when and about what we meet.

Tips & Tricks:

• Set up a governance model for your Microsoft Teams environment, with a content architecture upfront to discuss which topics are discussed where.


• Discuss where updates are posted, for instance in the General channel, and what the goal is of each channel in Microsoft Teams.


• Use Group chat for quick questions and fun discussions.


• Have a 5-minute learning review at the end of each meeting: What did we do well as a team? What could we do better?


• Discuss people’s work rhythms, no-go times, and respect focus time. Why not try a hybrid work kick-off⁹ to get the discussion going and agree how you will work and connect?


• Collaborate asynchronously using comments in documents and chat so people can contribute when they are at their best and have time. Meet to resolve the comments and discuss ideas.

Meeting effectiveness
We’ve seen an increase in meetings especially now in the hybrid workplace and as we craft this new virtual reality, it creates a great momentum to redefine the meeting culture in your organization.

At Microsoft, we took this the new hybrid reality as a chance to better understand how we meet. Workplace Analytics showed that weekly meetings increased 10%, which most likely replaced the ‘catch up meetings’ in the hallway, however the individual meetings shrank in duration. The 30 minute or less meeting increased with 22 percent and 11 percent fewer meetings of more than one hour.

How do you prepare for your meeting, how do you manage discussions, process ideas and take notes during the meetings and how do you follow up on meetings?

Before the meeting
To organize your team meetings, use the meeting chat window to publish the agenda, co-create the presentation, share the pre-reads, and include everyone to give input and feedback upfront. Appoint the meeting roles, note taker, parking guardian and the host (a role similar to a party host¹⁰), to ensure ideas are heard, learnings are captured, and actions can be followed up.

During the meeting

With a well-prepared agenda and pre-reads, use the white board functionality during the meeting for brainstorming to unlock creativity. Use a team OneNote to take digital notes in a pre-defined structure. Co-author in documents to create content in the Office Apps, which enables asynchronous work scenarios, making the best of use of everyone’s time and respecting everyone’s pace and schedule.

After the meeting
At the end of the meeting the tasks are divided within Planner, so everyone is aware of their follow up actions, and it is easy to track progress for the team activities. The meeting notes + Planner form the basis for the next meeting to make sure all topics are handled, and the decisions have been taken.

GO DO’s

1. Analyze your meeting rhythm in your team and in your project teams, evaluate which meetings are necessary and check if they have a clear agenda and expectation. If not, be the one to start the change!


2. Apply the “Before, During & After” process to improve your meetings and to make them more effective and more structured.


3. Look at your Microsoft Teams environment and see how you can make this richer by integrating Whiteboard, OneNote, Planner, Power apps, and all the great apps available to really create that one-stop shop workplace


4. Explore roadmap items for Microsoft Teams that can make your virtual meetings more inclusive to increase engagement in the meeting.

1. The Overcommitted Organisation, Mark Mortensen and Heidi K. Gardner, HBR Sept-Oct 2017


2. Dream Teams: A Positive Psychology of Team Working, Joanne Richardson and Michael A. West. Chapter 19, The Oxford Handbook of Positive Psychology at Work, Oxford University Press 2013


3. The journey to the new normal – Driving innovation and productivity in a hybrid world


4. We Work Harder When We Know Someone is Watching, Janina Steinmetz and Ayelet Fishbach, HBR May 2020


5. Avoiding Miscommunication in a Digital World, Nick Morgan for HBR IdeaCast, Episode 655


6. Harvard Business Review Analytic Services Report (2019) Meeting the challenges of developing collaborative teams for future success.


7. Stefan Wuchty, Benjamin Jones and Brian Uzzi (2007) The increasing dominance of teams in production of knowledge. Science, Vol. 316, Issue 5827, pp. 1036-1039


8. The Overcommitted Organisation, Mark Mortensen and Heidi K. Gardner, HBR Sept-Oct 2017


9. Adjusting to Remote Work During the Coronavirus Crisis,


10. Why Meetings Go Wrong (And How to Fix Them), Steven Rogelberg for HBR IdeaCast, Episode 708

This blog post is a part of our series on the Modern Collaboration Architecture, developed by @Rishi Nicolai, a Microsoft Digital Strategist with over 25 years of experience in leading organizations through change and improving employee productivity. Blogs one, two, and three can be found under these links.

About the authors:

Claudia van der Velden
Claudia a Customer Success Manager at Microsoft and enjoys exploring organizational cultures from an eco-system perspective. In a complex puzzle where all is interconnected, small changes can have a large impact. She believes in the importance of considering all elements for the eco-system to thrive, stay well balanced, and perhaps most importantly, letting go of control and trusting the natural course to find its way. Claudia is based in the Netherlands and studies for her Masters in Applied Psychology, Leadership Development.

Emma Stephen
Emma is a Customer Success Manager at Microsoft and is passionate about bringing the human element into the workplace. She believes technology both enables change and can catalyze wider change efforts if introduced in the right way. Emma is based in Zurich and currently studying for her Masters in Applied Positive Psychology and Coaching Psychology with a hope to leverage this in the organizational context.

Tony Crabbe
Tony Crabbe is a Business Psychologist who supports Microsoft on global projects as well as a number of other multinationals. As a psychologist he focuses on how people think, feel and behave at work. Whether working with leaders, teams or organizations, at its core his work is all about harnessing attention to create behavioral change.

His first book, the international best-seller ’Busy’ was published around the world and translated to thirteen languages. In 2016 it was listed as being in the top 3 leadership books, globally. His new book, ‘Busy@Home’ explores how to thrive through the uncertainties and challenges of Covid; and move positively into the hybrid world.

Tony is a regular media commentator around the world, as well as appearances on RTL, the BBC and the Oprah Winfrey Network.

New Sentry Connector for Microsoft Teams

by Contributed | Nov 10, 2020 | Technology

This article is contributed. See the original author and article here.

Millions of people use Microsoft Teams to be productive across different workstreams, and the latest Sentry app in Microsoft Teams is here to keep you up to speed on emerging alerts and issues in your DevOps environment.

Sentry Connector in Microsoft Teams
Using rule-based configurations, the Sentry app in Microsoft Teams will automatically notify pre-defined channels of code errors, performance issues, or other events. Rule-based configurations allow customers flexibility in customizing which alerts generate notifications in Teams. Users can respond to the alert by ignoring, assigning, or resolving directly from Teams; they can also use channel messages and mentions to collaborate with others on response and next steps.

How to use Sentry in Teams
Integrating Sentry into Teams for your DevOps practices takes two steps: install and configure. See Sentry’s step-by-step documentation for full details and instructions.

If you’re currently using the legacy Sentry integration, consider moving your notification configurations to use the latest integration.

“IT for the SMB” ? – The Intrazone podcast

by Contributed | Nov 10, 2020 | Technology

This article is contributed. See the original author and article here.

It’s not easy to manage and maintain technology. And many small and medium business make do with a patchwork of services or defer investments altogether. Well, hold the Teams call? Microsoft 365 Business is the IT for SMB, built to deliver the tools and security businesses need in a single, simple-to-manage product. The outcome, a means to run and grow business.

In this episode, Chris and I talk with Jon Orton, Director of Microsoft 365 marketing focused on our small and medium business outreach. Throughout the discussion, we talk with Jon about the strains of COVID-19, offers from Microsoft to help ease change, and recent innovation for small and medium-sized businesses with up to 300 employees.

Listen to podcast inline below…

https://html5-player.libsyn.com/embed/episode/id/16742972/height/90/theme/custom/thumbnail/yes/direction/backward/render-playlist/no/custom-color/247bc1/

Subscribe to The Intrazone podcast! And listen to episode 58 now + show links and more below.

Intrazone guest – Jon Orton (Director of Microsoft 365 marketing focused on our small and medium business outreach).

Links to important on-demand recordings and articles mentioned in this episode:  

• Articles and sites
  
  
  
  • Small business solution guide
  
  
  • Microsoft 365 YouTube channel
  
  
  • Microsoft Docs – The home for Microsoft documentation for end users, developers, and IT professionals. 
  
  
  • Microsoft Tech Community Home
  
  
  • Stay on top of Office 365 changes
  
  
  • Listen to other Microsoft podcasts
  
  
  
  


• Events

• Microsoft 365 – Chicago (Nov.13.2020)


• Document Strategy Forum (Nov.9-10.2020)


• KMWorld 2020 (Nov.16-19.2020)


• Quest TEC 2020 (Nov.17-18.2020)


• GlobalCon4 (Dec.1-4.2020)


• CollabDays – Munich-Vienna (Dec.4.2020)


• Microsoft 365 Collaboration Conference – Virtual (Dec.9-11.2020)


• SharePoint Fest – Virtual Workshops (Nov.2020 – Jan.2021)

• Hosts and guests
  
  
  
  • Jon Orton | LinkedIn | Twitter | Small and medium business community [guest]
  
  
  • Mark Kashman |@mkashman [co-host]
  
  
  • Chris McNulty |@cmcnulty2000 [co-host] 
  
  
  
  

Subscribe today!

Listen to the show! If you like what you hear, we’d love for you to Subscribe, Rate and Review it on iTunes or wherever you get your podcasts.

Be sure to visit our show page to hear all the episodes, access the show notes, and get bonus content. And stay connected to the SharePoint community blog where we’ll share more information per episode, guest insights, and take any questions from our listeners and SharePoint users (TheIntrazone@microsoft.com). We, too, welcome your ideas for future episodes topics and segments. Keep the discussion going in comments below; we’re hear to listen and grow.

Subscribe to The Intrazone podcast! And listen to episode 58 now.

Thanks for listening!

The SharePoint and Power Platform teams wants you to unleash your magic, creativity, and productivity. And we will do this, together, in small and medium steps at a time.

The Intrazone links

• Show page


• Apple Podcasts


• Google Play Music


• Spotify


• Pandora


• Stitcher


• Overcast


• TuneIn


• RadioPublic


• iHeart


• RSS

+ Listen to other Microsoft podcasts at aka.ms/microsoft/podcasts.

Left to right [The Intrazone co-hosts]: Chris McNulty, director (SharePoint, #ProjectCortex – Microsoft) and Mark Kashman, senior product manager (SharePoint – Microsoft).

The Intrazone, a show about the Microsoft 365 intelligent intranet (aka.ms/TheIntrazone)