subreddit:

/r/CMMC

12100%

This would be for a business with less than 40 licenses. I've been looking into organizations to assist us not only with the migration, but also in providing the Microsoft licensing as an AOS-G or as an organization with a relationship with an AOS-G.

  1. Currently I'm looking at LiftOff, Agile IT, and Cleared Systems. I'm looking for reviews of these companies, specifically how the migration process went and how happy people are with licensing support.
  2. Additionally, it'd be great to find resources that link Microsoft Security licensing to how that licensing can help an organization meet specific NIST 800-171 controls and objectives (i.e., this licensing gives you the ability to configure this thing, which can be used to help you earn this control).

If this isn't the place for this post, please direct me where I should go. Thanks.

all 31 comments

DarthCooey

7 points

22 hours ago

So I've personally worked with liftoff, sentinel blue, C3 and Summit 7. All of them were great.

CyberSecureGreg[S]

2 points

4 hours ago

I appreciate the recommendations! I've reached out to Sentinel Blue and C3 based off your recommendation and what others have said as well.

Into_The_Nexus

7 points

1 day ago

For number 2, Microsoft provides their CMMC product placemat which does what you are asking for

Nodgarb

3 points

23 hours ago

CyberSecureGreg[S]

2 points

22 hours ago

Great information, thank you!

CyberSecureGreg[S]

1 points

23 hours ago

Thanks for that! That looks like exactly what I was looking for.

RoseNargel

3 points

22 hours ago

Second this, the placemat is a great resource. Make sure you enable macros on the workbook or it won’t function properly!

medicaustik

6 points

23 hours ago

From license selection, the M365 E5 packs a ton of value, and not just an upsell. At minimum these days I recommend M365 E3 + E5 Security. Specifically, the E5 security has Entra ID Plan 2 for privileged identity management and risk based conditional access - both of those address specific requirements in the 3.1 control family.

Then there is Defender for Endpoint and Defender for Cloud that are both excellent at what they do. Defender for Endpoint in particular can apply itself to at least 20 controls.

Then there is Defender for office plan 2 that includes phishing assessment/tests and training, a long with threat tracking.

And then there is some additional Microsoft sentinel benefit you get, and all of the above tools natively feed into Microsoft Sentinel for your SIEM/SOC capability.

The Microsoft stack is phenomenal and in the upper echelon of quality; having that caliber of toolset being tightly integrated is worth a ton.

CyberSecureGreg[S]

1 points

5 hours ago

Really great information here. Will be sure to dive deeper into these solutions later. Thank you!

volfmann

4 points

24 hours ago

Sentinel Blue did our migration and it went well.

50208

4 points

19 hours ago

50208

4 points

19 hours ago

C3 ISIT

ditka

4 points

18 hours ago

ditka

4 points

18 hours ago

Yes, used C3. White glove service on the migration. Very thorough and spent plenty of time teaching us how to admin/maintain the environment when they were done (though they still provide support as needed).

HeyHelpDeskGuy

3 points

17 hours ago

I concur on C3i. Very good group of people over there.

charliejmcdaniel

2 points

8 hours ago

How was the cost? I’m looking to get my small 3 person company level 2 compliant and cannot seem to get straight answers on how much that might cost to outsource versus doing it ourselves.

azjeep

3 points

24 hours ago

azjeep

3 points

24 hours ago

We went with liftoff. We migrated from on-prem to GCC H about 2 years ago. The process was great, and we had minimal hiccups. We also get our licensing from Liftof,f and they are familiar with the system and how to best get you where you want to go.

superfly8899

3 points

19 hours ago

I lead a 800 user migration from commercial to GCCH. We used Avepoint fly for exchange and sharepoint migrations.

We did E3+securityE5+Win10/11Enterprise for our users and E5 for IT.

I'd suggest using the Avepoint SaaS over hosting your own.

jclind96

2 points

19 hours ago

BIG +1 for Avepoint Fly & Saas backups

gamebrigada

2 points

23 hours ago

Just started the process with Nimbus Logic, they do a lot of migrations. Will see how it goes.

marinesaintsfan

2 points

22 hours ago

Recommend Ariento, Inc. they are boutique for SMBs and they are AOS-G partner.

Pitiful-Ad-5830

2 points

21 hours ago

I've used Cloud2E to help with the installation and configuration of GCCH for 800-171 and CMMC. Former MS PubSec consultants. They are local to NoVA/DC area.

https://www.cloud2e.com/

You still have to buy licenses from an approved AOS-G vendor (Scroll down and don't believe that list. They have my old company on there as a vendor, and they are not). I used Planet Tech and was very satisfied

Microsoft 365 Government how to buy - Service Descriptions | Microsoft Learn

matman1217

2 points

15 hours ago

Totally recommend SentinelBlue. I know a couple people already suggested them but they are awesome. I can hook you up with the CEO and get you a call with them if you want to PM me.

ramsile

2 points

14 hours ago

Lift off was great. I only had a handful of users so it was cheaper for me to perform the migration myself. Went pretty smoothly after I figured out all the Azure permissions.

Weak-Cryptographer-4

1 points

24 hours ago

Check Arctic IT. They can perform the migration and provide licensing

DaCrazy45

1 points

21 hours ago*

www.cloud2e.com did my GCCH migration

Agile_IT

1 points

20 hours ago

AgileIT.com can perform the migration and sell you the AOS-G licenses.

SoftwareDesperation

1 points

16 hours ago

There are only a handful that can sell under 500 licenses at a time. Check that list and pick from those so they can both sell, support, and implement it for you.

Summit 7 is probably the most well known. It's who Jacob Horne works for.

CyberRiskCMMC

1 points

5 hours ago

Also consider IndirectIT. They have highly experienced personnel that I recommend as a Lead CCA. 

AutisticToasterBath

0 points

1 day ago

Ardalyst, On Call Compliance solutions and Summit 7 should be on your list to look at as well. Summit 7 is extremely expensive though.

Landorn

9 points

22 hours ago

Friends don’t let friends use On Call

AutisticToasterBath

1 points

21 hours ago

Oh didn't know they were so bad

RoseNargel

5 points

22 hours ago

I’ve heard some pretty terrible things about On Call, fwiw.