Capability Statement

Quick Facts

Capability Domains

1. Microsoft 365 Tenant Governance and Policy Management

• Microsoft Purview Information Protection: sensitivity label design, auto labeling policy authoring, encryption and rights management at scale
• Purview Data Loss Prevention (DLP): policy authoring across Exchange Online, SharePoint, OneDrive, Teams, and endpoints
• Purview Records Management: retention label policies, file plan administration, disposition review workflows
• Purview Communication Compliance: policy design for sensitive communication monitoring
• Purview eDiscovery: Standard and Premium configuration for legal hold and investigation workflows
• Purview Audit (Standard/Premium): audit log search, evidence collection, investigation
• Microsoft 365 Admin Center: tenant-level policy, license management, Secure Score, Compliance Manager

2. Identity, Access, and Privileged Access Governance

• Microsoft Entra ID (Azure AD): tenant configuration, hybrid identity federation, B2B/B2G external collaboration controls
• Conditional Access: policy authoring for risk based authentication, device compliance enforcement, location based controls, session controls via Defender for Cloud Apps
• Privileged Identity Management (PIM): just in time admin role activation, access reviews, eligible vs. active assignment governance
• Identity Governance: access reviews, entitlement management, lifecycle workflows
• Administrative Units: federated delegation for Major-Command style organizational structures
• Microsoft Authenticator / FIDO2 / WHfB: phishing-resistant MFA deployment, passwordless enrollment
• Active Directory: on premises AD, Group Policy, Kerberos, AD Connect / Entra Connect synchronization

3. Data Classification and Tagging at Enterprise Scale

• Automated classification using Purview's trainable classifiers and exact data match (EDM)
• Sensitive Information Type (SIT) authoring for organization specific data patterns
• Integration with file servers via Microsoft Information Protection scanner for hybrid environments
• Cross workload label policies (Exchange, SharePoint, OneDrive, Teams, Power BI, Power Platform)
• Auto classification + manual exception governance with periodic policy tuning and feedback loops

4. Records Management and Retention

• Retention label policies aligned to DoD Records Management Program requirements (DoDI 5015.02)
• File plan administration with regulatory record categorization
• Disposition workflows with custodian review and audit trails
• Hybrid retention coverage extending cloud retention labels to on premises content via Microsoft Information Protection scanner
• Litigation hold via Purview eDiscovery (Standard / Premium)

5. Security Operations and Threat Protection

• Microsoft Defender for Endpoint: policy tuning, threat hunting, automated investigation and response (AIR), attack surface reduction (ASR) rules
• Microsoft Defender for Cloud Apps: cloud app discovery, session control, conditional access app control
• Defender Advanced Hunting: threat hunting via Defender query language, anomaly investigation, alert tuning
• Tier 3 incident response: root cause analysis, containment, eradication, customer facing incident communications
• Microsoft Secure Score / Compliance Manager: tenant baseline assessment, control attestation, posture improvement roadmaps
• KnowBe4: phishing simulation, security awareness training campaigns, user-risk score tracking

6. Network Security and Perimeter Operations: Multi Vendor

Production hands on operations across the network security platforms that dominate federal civilian, DoD, SLED, and tribal IT environments:

• Palo Alto Networks PAN-OS: base NGFW policy design and configuration. (Palo Alto Networks is widely deployed across DoD networks under enterprise license arrangements.)
• Cisco: ASA firewalls, Firepower Threat Defense (FTD), ISR routers, AnyConnect VPN, Cisco UCS server platform. (Cisco dominates the install base across federal civilian agencies and IHS.)
• Cisco Meraki: MX security appliances, MS switches, MR access points, Systems Manager MDM, cloud managed dashboard. (Cisco Meraki is dominant in federal civilian remote sites, K-12, and county / state agencies; Meraki for Government holds FedRAMP Moderate authorization.)
• Fortinet FortiGate: NGFW policy design, VPN (IPsec / SSL), VDOM administration (multi tenant FortiGate), FortiManager / FortiAnalyzer, Security Fabric. (Fortinet leads SLED firewall renewals; Fortinet Federal Inc. provides DoDIN APL-approved variants for DoD work.)
• FortiClient / FortiSwitch / FortiAP: endpoint compliance, endpoint VPN, Security Fabric integration. (Fortinet ZTNA exposure is familiarity-level; primary ZTNA experience is via Entra ID Conditional Access.)
• SonicWall: TZ / NSa / NSsp series, Capture Security Center, Cloud App Security. (SonicWall is common in K-12, small county government, and small federal subcontractor environments.)
• HPE Aruba: Aruba switching and wireless production deployments, plus Aruba Central cloud managed networking dashboard. (HPE Aruba is heavily deployed across federal civilian agencies and SLED via NASPO + GSA contract vehicles.)
• WatchGuard, Ubiquiti: small business and remote office tier deployments.
• Network segmentation and zoning: defense in depth design across multi tenant regulated MSP environments.
• Switch and routing operations: VLAN, trunking, L3 policy, multi vendor migration projects (e.g., Cisco-to-Fortinet, Fortinet-to-Palo Alto, HPE Aruba-to-Cisco).

7. Virtualization and Datacenter Operations

• VMware vSphere / vCenter / vSAN: production hypervisor administration, HA cluster operations, datastore management, capacity planning, version uplifts
• Microsoft Hyper-V: clustering, live migration, production deployments at lower tier scale
• Post-Broadcom virtualization strategy: license impact analysis (VVF / VCF), Hyper-V migration evaluation, Veeam based DR continuity through migration windows
• Datacenter operations: server lifecycle management, SAN / RAID storage, infrastructure refresh leadership, end of support remediation, full server builds and rack deployments across MSP client environments
• Server hardware: HPE Synergy (composable infrastructure), Cisco UCS (Unified Computing System), HP / HPE rack servers, Dell servers
• Storage: HPE Nimble Storage, HPE 3PAR, NetApp, Synology, VMware vSAN. Fibre Channel, iSCSI, and direct-connect SAS connectivity
• Backup and disaster recovery: Veeam, Datto, Axcient, Dropsuite, Veritas, Microsoft 365 backup tooling, on prem to cloud DR design

8. Email Security and Hybrid Mail

• Exchange Online: mail flow, transport rules, anti-phishing, Safe Links, Safe Attachments
• Hybrid Exchange: on prem to cloud migrations, hybrid mail flow design, coexistence
• Email authentication: SPF, DKIM (multi-selector), DMARC reporting and policy progression, MTA-STS, BIMI considerations
• DNSSEC-signed zones: deployment, DS publication, zone-signing key rotation
• Defender for Office 365: ATP policies, attack simulator, threat explorer

9. Compliance Program Support: Translation to Federal Requirements

These regulatory patterns share evidentiary, control design, audit readiness, and continuous monitoring requirements with NIST 800-53 Moderate, NIST 800-171 / CMMC Level 2, and DoD CUI handling under DoDI 5200.48.

10. Microsoft Cloud Partner and Licensing

• Microsoft 365 / Office 365 licensing: EA, CSP, NCE evaluation; SKU-to-feature mapping for compliance contexts
• Microsoft 365 Business Basic / Business Standard / Business Premium: tenant deployment, custom domain federation, MX / SPF / DKIM / DMARC integration
• Microsoft Cloud Partner Program: evaluating enrollment ahead of CSP eligibility

Differentiators for Prime Subcontracting Teams

1. DoD 8140 IA Level II baseline (Active CompTIA Security+ SY0-701): principal holds the federally recognized cybersecurity workforce qualification (achieved 2026-05-10); satisfies "Sec+ or equivalent" prerequisite common in DoD and civilian federal IT solicitations.
2. ISBEE / SDB certified small business: provides socioeconomic credit on prime evaluation criteria for federal solicitations.
3. Production Microsoft 365 multi tenant administration experience: direct production responsibility across regulated client portfolios, not academic exposure.
4. Lean operational profile: single accountable owner pattern reduces bench management overhead for primes; ideal for smaller named sub roles or specific labor categories.
5. Cross domain compliance experience: HIPAA + PCI + CJIS breadth is uncommon in single practitioners; useful for primes presenting compliance driven proposals.
6. Native American Owned, ISBEE certified: supports federal tribal preference and minority business participation goals.
7. Microsoft Cloud Partner Program: evaluating enrollment ahead of CSP eligibility milestones.
8. Federal procurement cycle literacy: Army DTSPO M365 Records Management RFI submitted May 2026; ongoing Sources Sought / RFI monitoring across primary NAICS. Reads PWS documents and writes federal-grade technical responses.

Engagement Availability

• Labor categories: Senior Microsoft 365 Engineer, Senior Cyber Engineer, Senior Network Security Engineer, Senior Systems Engineer, Compliance Engineer, Microsoft Purview Specialist, Virtualization / VMware Engineer
• Engagement model: 1099 subcontractor at prime's labor rates, FFP task assignments, or Time-and-Materials
• Availability: Immediate
• Facility Clearance (FCL): None held. Personnel Clearance (PCL): US citizen; eligible for clearance sponsorship at applicable levels per investigation findings.