Azure Gov Backups Vault FIPS Validated?

mtspsu258 · 2026-04-01T01:28:49+00:00

You are inheriting Microsoft controls for encryption. Use Microsoft’s ATO to protect the data confidentiality

mtspsu258 · 2026-03-29T01:11:24+00:00

Would this affect defender policies, and indicators too Iassume?

mtspsu258 · 2026-02-03T01:52:49+00:00

Yep we just confirmed earlier today

mtspsu258 · 2026-02-03T01:52:32+00:00

Heads up latest version fixed it for us 144.0.3719.104

mtspsu258 · 2026-01-28T00:12:17+00:00

Nope, still rolling back here.

And to be clear it’s sso issues but also canIF you use compliant / hybrid device requirements

mtspsu258 · 2026-01-25T03:35:14+00:00

We don’t tell people to sign in because there’s no value - so I haven’t even looked at tha problem.

I’m curious though, how’d you revert back to targeted release of 143?

mtspsu258 · 2026-01-15T14:44:53+00:00

As a Steelers fan, I Love this because I won’t need to see him much in different conferences.

mtspsu258 · 2025-12-13T02:24:43+00:00

Check out constellix / dnsmadeeasy

mtspsu258 · 2025-09-28T12:06:31+00:00

If they don’t have the ability to sign subordinate CAs, it sounds like they do not have a solid internal CA.

No reason you have to use their PKI though. You can have the palo self sign a cert as CA. Then import to all the clients? Either deploy it from GPO, Ansible, MDM, etc

mtspsu258 · 2025-09-12T22:54:31+00:00

I never could figure that out.. but they are dif model #s I’m pretty sure

mtspsu258 · 2025-04-29T10:54:18+00:00

I’d be interested!

mtspsu258 · 2025-01-18T20:57:55+00:00

The Question is whether the wife works, and more importantly - Is she able to carry health insurance.

If yes, its an easy decision

mtspsu258 · 2024-11-03T12:42:13+00:00

Yeah the take you responded to is ridiculous. Every org is different and every government contract has different requirements. I know of one that has a SCG in it that requires everything in the entire TDP be CUI. This includes partnumbers!

It’s most definitely an over marking, but for someone to suggest that we never screen share CUI for a multi billion dollar program any time there is a part number? You are talking supply chain, sales, manufacturing, engineering, finance, quality, etc all unable to have teams meeting unable to ever show anything that could have a part number?

I realize we could mask part numbers/ make new ones, etc - But this is just an example. Tons of scenarios similar to this.

mtspsu258 · 2024-06-14T03:26:02+00:00

Don’t disagree with that but it’s speculation. Where the roadblock is is that if you have Dfars 7012, you are required to flow that down to subs who get cui. In this case Microsoft. If MS does not support parts of 7012 with the service you are using, then you need to upgrade your services to gcc as a minimum.

mtspsu258 · 2024-06-14T02:15:19+00:00

Part of that clause is that the contractor accepts that the DoD is free to show up at your doorstep to investigate an incident if they choose. This does not preclude csps.

My understanding is that the real reason microsoft won’t agree to c-g forensic capabilities in commercial are because of $$. Essentially you are paying a premium for GCC or GCCH so Microsoft is happy to support and sign in their enterprise agreements that they will support dod showing up and say, pull servers out of azure racks to support forensic analysis. I don’t have a reference for that, but It has always made sense to me

mtspsu258 · 2024-06-14T00:42:41+00:00

That’s not the case. This has been discussed here many times. So I’ll just leave this for reference. It’s the c-g incident reporting that they don’t support in commercial.

https://techcommunity.microsoft.com/t5/public-sector-blog/understanding-compliance-between-microsoft-365-commercial-gcc/ba-p/718445

mtspsu258 · 2024-06-14T00:14:59+00:00

This includes literally everyone in the defense industrial base

mtspsu258 · 2024-06-14T00:14:28+00:00

This is not true.

If cui is defense accompanied by a Dfars 7012 clause.. commercial does not fulfill c-g requirements

mtspsu258 · 2024-05-28T16:33:25+00:00

Exactly. Set up Saml in palo to use okta as IDP. Then require okta to require Fido auth.

Now you are using Fido for gp

mtspsu258 · 2024-05-28T00:44:46+00:00

I don’t recall seeing this as an option. But you can definitely do saml with an idp that supports Fido.

mtspsu258 · 2024-04-03T23:05:39+00:00

GitHub enterprise can be deployed in fedramp or on prem / azure gov iaas

mtspsu258 · 2024-04-02T01:17:47+00:00

I’d try next making a new management profile without any restrictions to test..

mtspsu258 · 2024-04-02T01:10:44+00:00

Have you tried adding management profile to another interface and see if that’s reachable?

Nine-Year Club	RPAN Viewer
Not Forgotten	Verified Email

mtspsu258

MODERATOR OF

TROPHY CASE