Government Cloud

The Office 365 Cloud Tiers

Microsoft Office 365 has become a core part of the international business landscape. From Fortune 500 companies to the small mom and pop shops, everyone is using Office 365 for email, collaboration, modern workplace, and added security.  

What you may not know about Office 365 is that there are actually several difference O365 cloud environments, and the environment you are in is actually very important.  

Commercial Cloud  

The Commercial Cloud houses almost all types of organizations. Not for Profits, Manufacturers, Professional Services, Retail, etc. All these types of companies use the commercial cloud. Some, like NFPs and Academic organizations, are eligible for discounted licenses but are still in the same cloud as everyone else.  

Government Community Cloud 

The Government Community Cloud (GCC) is a separate cloud environment for Government Organization. These organizations house sensitive data and have certain compliance needs. Organizations you may see in this cloud are municipalities, housing authorities, and social services organizations. This environment is considered FedRAMP moderate, but interestingly the back end is still the Azure Public/Commercial cloud. The environment is separate from the rest of the commercial companies.  

Due to compliance issues, there are features of Office 365 that are not available in GCC.  

Government Community Cloud- High 

There is another facet of the GCC High Cloud that is called “High”. This cloud environment is specifically for organizations with a DFARS, ITAR, EAR, or NIST 800-171. If you don’t understand any of those acronyms than this cloud does not apply to you. If you do have the compliance requirements because you are a government contractor working with the Department of Defense (DoD) then this is the environment, you need to be in.  

Becoming DFARS or ITAR compliant is extremely complex and encompasses much more than just moving your email to the GCC-H cloud. Microsoft actually deems that you need to have Active Directory, Active Directory Federation Services, and third-party multifactor authentication solution (like Duo Okta, Gemalto) to be compliant.  

Taking that a step further, not any old license will do in GCC High? Business Licenses (like Business Essentials and Business Premium) are not available in GCC-H, only enterprise Skus. While Office 365 licenses are available, the official recommendation is Microsoft 365 with the add-on of EMS E2 and Windows E3. Why is this? Well, Microsoft states that Windows 10 enterprise is needed for additional security. Microsoft 365 E5 is not available in GCC-H due to the Audio Conferencing and Meeting Recording components. Those pieces of functionality are not in compliance and are not road mapped to be, at this point in time

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Related Posts

Webinar Recap: CMMC News for the DIB

The DoD announcement on Nov 4 “Strategic Direction for the CMMC Program” provided new guidelines for CMMC 2.0. Our KTL webinar on Nov 10 helped to clarify these changes and answer questions for those in the DIB.

Read More »
Calm before the storm

CMMC: The Calm Before The Storm

Here we sit amidst a calm before the storm with many contractors in the Defense Industry Base (DIB) becoming complacent, resting idly rather than taking proactive steps towards CMMC compliance.

Read More »