Capability Statement
Microsoft 365 Governance, Identity, Threat Protection, Network Security, Virtualization, Records Management, and Compliance Translation for Federal and Regulated Commercial Environments.
Quick Facts
| Legal Name | Soulier Group LLC |
| Unique Entity ID (UEI) | HUJFDP334G53 |
| CAGE Code | Pending DLA assignment |
| Entity Type | Wisconsin LLC (single-member, disregarded entity) |
| Primary NAICS | 541512 — Computer Systems Design Services |
| Additional NAICS | 541519, 541611, 541690, 518210, 541513, 561621 |
| Size Standard | Small Business at all NAICS sizes |
| State of Formation | Wisconsin (organized 2026) |
| Principal Place of Business | Wisconsin |
Socioeconomic Certifications
- ✓ Indian Economic Enterprise (IEE), Buy Indian Act (FAR 52.212-3 self-certified)
- ✓ Small Disadvantaged Business (SDB): FAR 52.212-3 self-certified (Native American social-disadvantage presumption per 13 CFR 124.103; economically disadvantaged per 13 CFR 124.104)
- ✓ Native American Owned (enrolled member, Lac du Flambeau Band of Lake Superior Chippewa Indians of the Lac du Flambeau Reservation of Wisconsin)
- ✓ Minority-Owned Business
- ◤ SBA 8(a) Business Development Program: application planned upon SAM.gov activation
Capability Domains
1. Microsoft 365 Tenant Governance and Policy Management
- Microsoft Purview Information Protection: sensitivity label design, auto-labeling policy authoring, encryption and rights management at scale
- Purview Data Loss Prevention (DLP): policy authoring across Exchange Online, SharePoint, OneDrive, Teams, and endpoints
- Purview Records Management: retention label policies, file plan administration, disposition review workflows
- Purview Communication Compliance: policy design for sensitive communication monitoring
- Purview eDiscovery: Standard and Premium configuration for legal hold and investigation workflows
- Purview Audit (Standard/Premium): audit log search, evidence collection, investigation
- Microsoft 365 Admin Center: tenant-level policy, license management, Secure Score, Compliance Manager
2. Identity, Access, and Privileged Access Governance
- Microsoft Entra ID (Azure AD): tenant configuration, hybrid identity federation, B2B/B2G external collaboration controls
- Conditional Access: policy authoring for risk-based authentication, device compliance enforcement, location-based controls, session controls via Defender for Cloud Apps
- Privileged Identity Management (PIM): just-in-time admin role activation, access reviews, eligible vs. active assignment governance
- Identity Governance: access reviews, entitlement management, lifecycle workflows
- Administrative Units: federated delegation for Major-Command-style organizational structures
- Microsoft Authenticator / FIDO2 / WHfB: phishing-resistant MFA deployment, passwordless enrollment
- Active Directory: on-premises AD, Group Policy, Kerberos, AD Connect / Entra Connect synchronization
3. Data Classification and Tagging at Enterprise Scale
- Automated classification using Purview's trainable classifiers and exact data match (EDM)
- Sensitive Information Type (SIT) authoring for organization-specific data patterns
- Integration with file servers via Microsoft Information Protection scanner for hybrid environments
- Cross-workload label policies (Exchange, SharePoint, OneDrive, Teams, Power BI, Power Platform)
- Auto-classification + manual exception governance with periodic policy tuning and feedback loops
4. Records Management and Retention
- Retention label policies aligned to DoD Records Management Program requirements (DoDI 5015.02)
- File plan administration with regulatory record categorization
- Disposition workflows with custodian review and audit trails
- Hybrid retention coverage extending cloud retention labels to on-premises content via Microsoft Information Protection scanner
- Litigation hold via Purview eDiscovery (Standard / Premium)
5. Security Operations and Threat Protection
- Microsoft Defender for Endpoint: policy tuning, threat hunting, automated investigation and response (AIR), attack surface reduction (ASR) rules
- Microsoft Defender for Cloud Apps: cloud app discovery, session control, conditional access app control
- Microsoft Defender for Identity: Active Directory threat detection, lateral movement detection
- Defender Advanced Hunting: threat hunting via Defender query language, anomaly investigation, alert tuning
- Tier 3 incident response: root cause analysis, containment, eradication, customer-facing incident communications
- Microsoft Secure Score / Compliance Manager: tenant baseline assessment, control attestation, posture improvement roadmaps
6. Network Security and Perimeter Operations
- Fortinet FortiGate: firewall policy design, NGFW operations, VPN (IPsec / SSL), virtual domain (VDOM) administration, FortiManager / FortiAnalyzer
- FortiClient: endpoint compliance, Zero Trust Network Access (ZTNA), endpoint VPN
- FortiSwitch / FortiAP: Security Fabric integration, secure access architecture
- Network segmentation and zoning: defense-in-depth design across multi-tenant MSP environments
- Switch and routing operations: VLAN, trunking, basic L3 policy
7. Virtualization and Datacenter Operations
- VMware vSphere / vCenter: production hypervisor administration, HA cluster operations, datastore management, capacity planning, version uplifts
- Microsoft Hyper-V / System Center: production deployments, native integration with Microsoft EA stacks
- Nutanix AHV: hyperconverged infrastructure familiarity from MSP engagements
- Post-Broadcom virtualization strategy: license-impact analysis (VVF / VCF), candidate replacement evaluation (Hyper-V, Nutanix AHV)
- Datacenter operations: server lifecycle management, SAN / RAID storage, infrastructure refresh leadership, end-of-support remediation
- Backup and disaster recovery: Veeam, M365 backup tooling, on-prem to cloud DR design
8. Email Security and Hybrid Mail
- Exchange Online: mail flow, transport rules, anti-phishing, Safe Links, Safe Attachments
- Hybrid Exchange: on-prem to cloud migrations, hybrid mail flow design, coexistence
- Email authentication: SPF, DKIM (multi-selector), DMARC reporting and policy progression, MTA-STS, BIMI considerations
- DNSSEC-signed zones: deployment, DS publication, zone-signing key rotation
- Defender for Office 365: ATP policies, attack simulator, threat explorer
9. Compliance Program Support: Translation to Federal Requirements
| Framework Experience | Translation to Federal / DoD Requirements |
|---|---|
| HIPAA Security Rule | Risk analysis (164.308(a)(1)), access control (164.312(a)), audit controls (164.312(b)), evidence collection. Crosswalks to NIST SP 800-66r2 and NIST 800-53 (Moderate baseline). Audit-evidence patterns translate to DoD CUI handling under NIST 800-171. |
| PCI DSS v4 | Network segmentation (Req 1), access control (Req 7-8), vulnerability management (Req 5-6, 11), audit logging (Req 10). Crosswalks to NIST SP 800-171 / CMMC Level 2 control families AC, AU, CM, SC, SI. |
| CJIS Security Policy v6 (SEPP) | Multi-state law enforcement client support. CJIS Security Policy Appendix G provides direct crosswalk to NIST SP 800-53 controls. Advanced Authentication, audit logging, and physically secure location requirements translate to NIST 800-171 control families. |
| FFIEC / GLBA (banking) | In active pursuit. FFIEC Cybersecurity Assessment Tool (CAT) and Information Security IT Examination Handbook align with NIST CSF and NIST 800-53. |
| NIST CSF / 800-53 | General familiarity for cyber program design across Identify / Protect / Detect / Respond / Recover function categories. |
These regulatory patterns share evidentiary, control design, audit-readiness, and continuous-monitoring requirements with NIST 800-53 Moderate, NIST 800-171 / CMMC Level 2, and DoD CUI handling under DoDI 5200.48.
10. Microsoft Cloud Partner and Licensing
- Microsoft 365 / Office 365 licensing: EA, CSP, NCE evaluation; SKU-to-feature mapping for compliance contexts
- Microsoft 365 Business Basic / Business Standard / Business Premium: tenant deployment, custom domain federation, MX / SPF / DKIM / DMARC integration
- Microsoft Cloud Partner Program: enrollment in progress; CSP eligibility on track
Live Security Posture (Walk-the-Walk)
Soulier Group LLC operates this website with the same defense-in-depth posture we recommend to clients. HTTP controls: HSTS preload, strict Content Security Policy, X-Frame-Options DENY, Referrer-Policy strict-origin-when-cross-origin, Permissions-Policy lockdown. DNS: DNSSEC signed (DS at .com TLD, ECDSA P-256 / SHA-256). Mail: SPF hard-fail, DKIM 2-selector, DMARC published. Federal alignment: approach mirrors OMB M-21-07 IPv6-readiness expectations and CISA BOD 18-01 mail authentication requirements. Independent verification welcome via the security.txt at /.well-known/security.txt.
Differentiators for Prime Subcontracting Teams
- ISBEE / SDB-certified small business: provides socioeconomic credit on prime evaluation criteria for federal solicitations.
- Production M365 multi-tenant administration experience: direct production responsibility across regulated client portfolios, not academic exposure.
- Lean operational profile: single accountable owner pattern reduces bench-management overhead for primes; ideal for smaller named-sub roles or specific labor categories.
- Cross-domain compliance experience: HIPAA + PCI + CJIS breadth is uncommon in single practitioners; useful for primes presenting compliance-driven proposals.
- Native American Owned, ISBEE-certified: supports federal tribal preference and minority-business participation goals.
- Microsoft Cloud Partner Program enrollment in progress: will transition to formal Microsoft partnership upon reaching CSP eligibility.
- Federal procurement-cycle literacy: active RFI submissions to Army DTSPO and DISA in May 2026; reads PWS documents and writes federal-grade technical responses.
Engagement Availability
- Labor categories: Senior M365 Engineer, Senior Cyber Engineer, Senior Network Security Engineer, Senior Systems Engineer, Compliance Engineer, Microsoft Purview Specialist, Virtualization / VMware Engineer
- Engagement model: 1099 subcontractor at prime's labor rates, FFP task assignments, or Time-and-Materials
- Availability: Immediate
- Facility Clearance (FCL): None held. Personnel Clearance (PCL) eligibility: Clearable to Top Secret — US citizen, clean financial and criminal record, no foreign preference or foreign-influence disqualifiers, eligible for sponsored investigation.