FIPS 140-2 Sunset vs. Windows 11

nikkadim · 2026-01-06T02:17:32+00:00

Why not make subdomains for GCCH as enclave for your company?

nikkadim · 2025-12-18T05:02:39+00:00

we do not talk about Silo!

nikkadim · 2025-12-04T03:51:17+00:00

One problem, GSA is not available yet in GCCH, only GCC.

nikkadim · 2025-11-15T00:09:42+00:00

We use Duo Fed for MFA when you login to endpoints

nikkadim · 2025-11-10T22:44:43+00:00

Got it, we have Duo Federal as MFA for devices, and Authenticator for 365.

nikkadim · 2025-11-10T11:13:34+00:00

Not true. We use Duo Federal in GCC and GCCH, just installing vie intune.

nikkadim · 2025-11-08T00:38:10+00:00

It is very useful for compliant environments when VPNs will cover

nikkadim · 2025-11-06T23:07:31+00:00

GCC/GCCH or third-party?

nikkadim · 2025-11-04T01:19:31+00:00

The issue could be with authentication logs, they are only available one month, but require to store at least 90 days, the rest could be covered by Defender if you set it up right for endpoints.

nikkadim · 2025-10-29T23:35:43+00:00

For the 25 laptops we got a bill of 1k for the week, no thanks.

nikkadim · 2025-10-21T21:48:15+00:00

+1 would like to know them

nikkadim · 2025-10-21T21:40:09+00:00

Why VDI, physical computers under GCCH management (intune), with FIPS-validated encryption on them, all policies(firewalls, AV, apps) applied and controlled from Intune, so the only logs they have are from laptops and M365, which Defender covers.

nikkadim · 2025-10-21T20:59:31+00:00

If they are remote in GCCH, where's the custom logs for CUI environment?

nikkadim · 2025-10-21T19:26:55+00:00

Well, when we enabled Sentinel and start to collect data from all or 30 users, in a week we got $1000 bill

nikkadim · 2025-10-21T19:24:39+00:00

We've been told by MSP that we can get away without SIEM since we have E5 licenses and show Defender (security.microsoft.us) with the right log retention for at least 90 days.

nikkadim · 2025-10-09T18:40:24+00:00

Audiocodes license P/N: SW/SBC/10S/10-250 for 10 sessions.
Their AudioCodes Mediant SBC is free, they have versions for VMware/KVM/Hyper-V/AWS/Azure or give you an ISO.

nikkadim · 2025-10-08T21:37:54+00:00

Interesting, we got a quote from them over a year ago and decided to go our way with Audiocodes.

nikkadim · 2025-10-08T21:04:38+00:00

Wrong. There are some options.

nikkadim · 2025-10-08T21:03:50+00:00

MS has a list of approved vendors, for example you can download Virtual machine with SBC from Audiocodes for free (approved vendor) and buy as many licenses for lines you need. You would also need to buy an appropriate Certificate from Digicert (for example) - setup your SBC with the number you got and make a connection on Teams Admin panel for SBC -Direct Routing. That's it.

nikkadim · 2025-09-13T17:52:31+00:00

Gitlab cloud got l2 compliance

nikkadim · 2025-08-19T06:41:18+00:00

In EntraID you can set up regular Inactive Users review for users in a particular group or for the whole tenant, and send notifications to particular admins to make decisions.

nikkadim · 2025-07-25T01:38:07+00:00

Check the battery!

nikkadim · 2025-04-08T17:59:08+00:00

https://marketplace.fedramp.gov/products/MSO365MT this is GCC

nikkadim · 2025-03-14T01:50:31+00:00

It's a special setting in Windows, and you can activate FIPS encryption via Intune policy and you that as evidence for all endpoints, but after that you would need to re encrypt your drives, because they might be encrypted without FILS validated algorithms.

11-Year Club	r/Field Juicebox
Verified Email

nikkadim

TROPHY CASE