Securing Defense Industrial Base workloads with the Microsoft Sentinel: CMMC 2.0 Solution

Lili Davoudian

TJ Banasik

Since its first release in 2020, the Microsoft Sentinel Cybersecurity Maturity Model Certification workbook has remained one of the most popular content packages for Defense Industrial Base (DIB) customers in Microsoft Sentinel. Today, we’re announcing the next evolution of this content in the Microsoft Sentinel: Cybersecurity Maturity Model Certification (CMMC) 2.0 Solution. This empowers governance and compliance teams to design, build, monitor, and respond to CMMC 2.0 requirements across Microsoft, third party, hybrid, on-premises, and multi-cloud workloads.

This content features a redesigned user interface, new control card layouts, dozens of new visualizations, better-together integrations with Microsoft Defender for Cloud, and alerting rules to actively monitor/alert on compliance posture deviations across each CMMC 2.0 control family.

Watch our demo to learn more.

The CMMC 2.0 model consists of processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references, as well as inputs from DIB and Department of Defense (DoD) stakeholders. The CMMC 2.0 model specifies three levels: Level 1 (Foundational) to Level 3 (Advanced). See the CMMC model for more information.

The solution includes: (1) The new CMMC Workbook, (2) Analytics Rules, and (3) Playbooks. While only Microsoft Sentinel and Microsoft Defender for Cloud are required to get started, the solution is enhanced with numerous Microsoft offerings, including Microsoft 365 Defender, Microsoft Information Protection, Azure Active Directory, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Microsoft Defender for Office 365.

Image MicrosoftTeams image


  • Build/design workloads within CMMC 2.0 requirements
  • Customizable reporting for subscription, workspace, time, control family, and level requirements
  • Fully customizable panels for third-party product integration
  • Deep links integration for seamless pivots between security products
  • Document assessments via implementation, implementation dates, and notes
  • Redesigned control cards, coverage across 16 control families, and level 1-2 requirements
  • Direct alignment to the Microsoft Technical Reference Guide for CMMC 2.0
  • Query/alert generation with two new analytics rules
  • Automated SOAR playbook response for notification and ticketing

Get started today

To get started, go to your Azure or Azure Government portal to access the workbook:

  • Microsoft Sentinel > Content Hub > Search “CMMC 2.0” > Install
    • Review Workbooks (“Cybersecurity Maturity Model Certification (CMMC) 2.0”), Analytics (“CMMC 2.0 Level 1 (Foundational) Readiness Posture”, “CMMC 2.0 Level 2 (Advanced) Readiness Posture”), and Playbooks (“Notify-GovernanceComplianceTeam”, “CreateJIRAIssue”, “Open_DevOpsTask”)

Learn more about CMMC with Microsoft Security





Discussion is closed.

Feedback usabilla icon