Microsoft offers a variety of clouds meeting the various needs of different organizations. These mission-critical clouds are also a good fit for the defense industrial base (DIB). How do you know which Microsoft cloud offering is right for your company? Let’s review.
Microsoft 365 Commercial versus Microsoft 365 Government
Microsoft 365 Enterprise: This version of Microsoft 365 is specifically for commercial organizations. For these entities, Microsoft offers Office 365, as well as Azure Commercial for enterprise mobility and security. The suite is rounded out with Dynamics 365.
Microsoft 365 Government: There are various Microsoft offerings suited to the needs of a variety of organizations doing business with the federal government. Let’s start with those companies with the least rigorous cybersecurity requirements.
- Companies requiring DISA SRG Impact Level 2 (equivalent): Entities falling into this category can leverage Office 365 GCC and Dynamics 365 Government, both running on the government community cloud (GCC). The GCC is an enclave that has been built for the government to meet some of the compliance obligations. This level also relies on Azure Commercial and all of the authentication and authorization happens with the Azure Active Directory that is in the Azure Commercial world worldwide data centers.
- Companies requiring DISA SRG Impact Level 4 (equivalent): Organizations at this level can take advantage of Office 365 GCC High and Dynamics GCC High, which are both housed on the government cloud and built for the requirements of the defense industrial base. This level also features Azure Government, which has logically and physically separate data centers from the commercial offering. Azure Government is a special cloud offering that requires validation for procurement. At IL4, it meets a lot of the cybersecurity regulations, especially in regard to CMMC and provides you with the highest level of resiliency and reliability.
- DOD entities requiring DISA SRG Impact Level 5: This is the highest-level Microsoft provides coverage for. All components run on the government cloud, and it also leverages the separate Azure Government for enterprise mobility and security.
More on Azure US Government Clouds
Azure Government is a physically separated instance from Azure Commercial. It is the only hyper-scale cloud built specifically for the US government. Not only that, but it also meets the most complex compliance standards and supports the broadest selection of services, tools, and languages. Here’s how it stacks up compared to the commercial version in terms of authorization.
| Authorization | |
| Commercial | FedRAMP High
DOD CC SRG IL2 DFARS 252.204-7012 FCI & CUI Basic (PII) CMMC 2.0 Level 1 |
| Government | FedRAMP High
DOD CC SRG IL2, IL4 & IL5 DFARS 252.204-7012 FCI & CUI Specified (ITAR) CMMC 2.0 Levels 1-3 |
If you are looking to ensure compliance to work with the DOD, consider Microsoft 365 Government GCC High. It can help you strengthen your security posture to better protect DOD data against sophisticated cyberattacks, reduce administration and spend on on-premises data centers and maintenance of old legacy systems, and shift much of the burden to the cloud for meeting compliance obligations and monitoring the changing landscape of US regulations and standards.
If you have any questions about how to get started with leveraging these Microsoft solutions, contact us.