The Office 365 Cloud Tiers

Microsoft Office 365 has become a core part of the international business landscape. From Fortune 500 companies to the small mom and pop shops, everyone is using Office 365 for email, collaboration, modern workplace, and added security.  

What you may not know about Office 365 is that there are actually several difference O365 cloud environments, and the environment you are in is actually very important.  

Commercial Cloud  

The Commercial Cloud houses almost all types of organizations. Not for Profits, Manufacturers, Professional Services, Retail, etc. All these types of companies use the commercial cloud. Some, like NFPs and Academic organizations, are eligible for discounted licenses but are still in the same cloud as everyone else.  

Government Community Cloud 

The Government Community Cloud (GCC) is a separate cloud environment for Government Organization. These organizations house sensitive data and have certain compliance needs. Organizations you may see in this cloud are municipalities, housing authorities, and social services organizations. This environment is considered FedRAMP moderate, but interestingly the back end is still the Azure Public/Commercial cloud. The environment is separate from the rest of the commercial companies.  

Due to compliance issues, there are features of Office 365 that are not available in GCC.  

Government Community Cloud- High 

There is another facet of the GCC High Cloud that is called “High”. This cloud environment is specifically for organizations with a DFARS, ITAR, EAR, or NIST 800-171. If you don’t understand any of those acronyms than this cloud does not apply to you. If you do have the compliance requirements because you are a government contractor working with the Department of Defense (DoD) then this is the environment, you need to be in.  

Becoming DFARS or ITAR compliant is extremely complex and encompasses much more than just moving your email to the GCC-H cloud. Microsoft actually deems that you need to have Active Directory, Active Directory Federation Services, and third-party multifactor authentication solution (like Duo Okta, Gemalto) to be compliant.  

Taking that a step further, not any old license will do in GCC High? Business Licenses (like Business Essentials and Business Premium) are not available in GCC-H, only enterprise Skus. While Office 365 licenses are available, the official recommendation is Microsoft 365 with the add-on of EMS E2 and Windows E3. Why is this? Well, Microsoft states that Windows 10 enterprise is needed for additional security. Microsoft 365 E5 is not available in GCC-H due to the Audio Conferencing and Meeting Recording components. Those pieces of functionality are not in compliance and are not road mapped to be, at this point in time

Share this post

Related Posts

Checking Your CMMC Progress

Written by Alec Toloczko With Cybersecurity Maturity Model Certification (CMMC) requirements on the horizon, it’s crucial for organizations handling Controlled Unclassified Information (CUI) to adhere

Read More »