Our CMMC Driven Switch from Gmail to Outlook.
One of the very first “big” company-wide changes that we needed to implement for CMMC was to switch our email domain from Google’s Gmail to Microsoft’s Outlook. If you arent familiar with CMMC, check out this link from the Department of Defense to read about some of the reasons why security regulations have driven us to change: About CMMC (defense.gov).
I can tell you that after having Gmail as our email domain for over 10 years and being completely versed in Google Suite, I was really, really, really mad that we had to switch. The reason for the switch was that CMMC (and NIST 800 for that matter) requires a certain level of security that Google just doesn’t provide. To me it seems like Microsoft has taken the market when it comes to government level security products. I understand everyone has their niche, and Microsoft has taken the government space. Google: If it’s not too late for you, I’m cheering for you!
Usually, when I am making changes to my company processes, I am very familiar with what I am doing before I need to train people how to do the new thing.
This time I was completely out of my element. I didn’t know Microsoft Outlook or how to use 365 Admin. The short version of my advice for taking on this endeavor is to set a short timeline, communicate, recruit help and JUMP! There is truly no way to spend the time training yourself to be completely familiar with a product before its time to use it. Train by doing, it just needs to be done on this timeline.
The first thing to realize is that the domains are more than just email. If you are actually educated in IT you are probably laughing at me right now. But being the person to just have to figure it out, with no IT person on staff, I was immersed into a new world.
The first actual step was to get our CMMC consultant and our website company in contact. Our website needed the DNS records changed amoung other things I did not quite understand. After all was said and done, There were some issues with our website contact forms when this change happened. So hindsight being 20/20, my advice is to keep an eye on your website contact forms being forwarded to your notifications email. If you are not the one monitoring those contact forms, you may be losing business and not know it.
Next was to re-create all the users in the Microsoft 365 directory. Don’t forget about user’s email aliases! They need to be manually assigned. This will also delay emails or sales getting to the correct contacts, so be thorough when making the new users.
Communicating to my employees, I gave them a 2 week warning for the switch. I wanted to get it done as soon as possible because I knew this was causing stress. We live and breathe by our email, and I needed to rip off the bandaid.
Of course, you should use your own email first as the guinea pig. Messing up your own email is fine, but Karen in Accounting will be really mad if hers is messed up first.
We wanted to keep all of our past Gmail history, so exporting those records out of Gmail was actually pretty easy.
The hard part was getting the past gmails exported from our 20 employees, Microsoft Office installed on 20 computers, emails imported back into outlook, and people comforted. This is where you should recruit even more help. Grab anyone available that will help you get all of your employees situated, I assume you probably have more than my 20 computers to do.
All in all, we are situated with Microsoft Outlook and comfortable with the switch. Just like any change, its extremely uncomfortable. But when it comes to security, I completely agree that this needed to be done. Again Google, Im cheering for you, but as of right now I dont see the security of Microsoft being matched.