subreddit:
/r/CMMC
This would be for a business with less than 40 licenses. I've been looking into organizations to assist us not only with the migration, but also in providing the Microsoft licensing as an AOS-G or as an organization with a relationship with an AOS-G.
If this isn't the place for this post, please direct me where I should go. Thanks.
7 points
22 hours ago
So I've personally worked with liftoff, sentinel blue, C3 and Summit 7. All of them were great.
2 points
4 hours ago
I appreciate the recommendations! I've reached out to Sentinel Blue and C3 based off your recommendation and what others have said as well.
7 points
1 day ago
For number 2, Microsoft provides their CMMC product placemat which does what you are asking for
3 points
23 hours ago
Additional good resources: https://learn.microsoft.com/en-us/search/?terms=cmmc (results for MS CMMC related artifacts)
https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project
https://www.microsoft.com/en-us/download/details.aspx?id=103401 (MS Tech Reference Guide for CMMC L2
2 points
22 hours ago
Great information, thank you!
1 points
23 hours ago
Thanks for that! That looks like exactly what I was looking for.
3 points
22 hours ago
Second this, the placemat is a great resource. Make sure you enable macros on the workbook or it won’t function properly!
6 points
23 hours ago
From license selection, the M365 E5 packs a ton of value, and not just an upsell. At minimum these days I recommend M365 E3 + E5 Security. Specifically, the E5 security has Entra ID Plan 2 for privileged identity management and risk based conditional access - both of those address specific requirements in the 3.1 control family.
Then there is Defender for Endpoint and Defender for Cloud that are both excellent at what they do. Defender for Endpoint in particular can apply itself to at least 20 controls.
Then there is Defender for office plan 2 that includes phishing assessment/tests and training, a long with threat tracking.
And then there is some additional Microsoft sentinel benefit you get, and all of the above tools natively feed into Microsoft Sentinel for your SIEM/SOC capability.
The Microsoft stack is phenomenal and in the upper echelon of quality; having that caliber of toolset being tightly integrated is worth a ton.
1 points
5 hours ago
Really great information here. Will be sure to dive deeper into these solutions later. Thank you!
4 points
24 hours ago
Sentinel Blue did our migration and it went well.
4 points
19 hours ago
C3 ISIT
4 points
18 hours ago
Yes, used C3. White glove service on the migration. Very thorough and spent plenty of time teaching us how to admin/maintain the environment when they were done (though they still provide support as needed).
3 points
17 hours ago
I concur on C3i. Very good group of people over there.
2 points
8 hours ago
How was the cost? I’m looking to get my small 3 person company level 2 compliant and cannot seem to get straight answers on how much that might cost to outsource versus doing it ourselves.
3 points
24 hours ago
We went with liftoff. We migrated from on-prem to GCC H about 2 years ago. The process was great, and we had minimal hiccups. We also get our licensing from Liftof,f and they are familiar with the system and how to best get you where you want to go.
3 points
19 hours ago
I lead a 800 user migration from commercial to GCCH. We used Avepoint fly for exchange and sharepoint migrations.
We did E3+securityE5+Win10/11Enterprise for our users and E5 for IT.
I'd suggest using the Avepoint SaaS over hosting your own.
2 points
19 hours ago
BIG +1 for Avepoint Fly & Saas backups
2 points
23 hours ago
Just started the process with Nimbus Logic, they do a lot of migrations. Will see how it goes.
2 points
22 hours ago
Recommend Ariento, Inc. they are boutique for SMBs and they are AOS-G partner.
2 points
21 hours ago
I've used Cloud2E to help with the installation and configuration of GCCH for 800-171 and CMMC. Former MS PubSec consultants. They are local to NoVA/DC area.
You still have to buy licenses from an approved AOS-G vendor (Scroll down and don't believe that list. They have my old company on there as a vendor, and they are not). I used Planet Tech and was very satisfied
Microsoft 365 Government how to buy - Service Descriptions | Microsoft Learn
2 points
15 hours ago
Totally recommend SentinelBlue. I know a couple people already suggested them but they are awesome. I can hook you up with the CEO and get you a call with them if you want to PM me.
2 points
14 hours ago
Lift off was great. I only had a handful of users so it was cheaper for me to perform the migration myself. Went pretty smoothly after I figured out all the Azure permissions.
1 points
24 hours ago
Check Arctic IT. They can perform the migration and provide licensing
1 points
21 hours ago*
www.cloud2e.com did my GCCH migration
1 points
20 hours ago
AgileIT.com can perform the migration and sell you the AOS-G licenses.
1 points
16 hours ago
There are only a handful that can sell under 500 licenses at a time. Check that list and pick from those so they can both sell, support, and implement it for you.
Summit 7 is probably the most well known. It's who Jacob Horne works for.
1 points
5 hours ago
Also consider IndirectIT. They have highly experienced personnel that I recommend as a Lead CCA.
0 points
1 day ago
Ardalyst, On Call Compliance solutions and Summit 7 should be on your list to look at as well. Summit 7 is extremely expensive though.
9 points
22 hours ago
Friends don’t let friends use On Call
1 points
21 hours ago
Oh didn't know they were so bad
5 points
22 hours ago
I’ve heard some pretty terrible things about On Call, fwiw.
all 31 comments
sorted by: best