When it comes to Office 365 tenant security, most organizations find that the advanced security and safeguards an Office 365 enterprise offers are sufficient.
However, in some cases, a commercial tenant won’t account for specific privacy and security requirements. These cases typically apply to US government entities and agencies or organizations handling information for and with the US government.
Microsoft 365 offers Office 365 Government GCC, GCC High, and DoD environments to fulfill these needs while complying with required certifications and accreditations.
Each environment requires:
- A validation process
- All data be stored physically segregated from content in Office 365 commercial tenants
- All data be stored within the United States
- Access to all data is restricted to only screened Microsoft employees.
Now that we’ve established the Office 365 Government cloud, let’s break down the distinction between each government cloud.
GCC vs. GCC High vs. DoD
While the GCC, GCC High, and DoD environments meet the parameters discussed above, their main differences come in the accreditations and certifications assigned to each.
- GCC: Federal Risk and Authorization Management Program (FedRAMP) accreditation at a High Impact level.
- GCC High: FedRAMP High, including those security controls and control enhancements as outlined in the National Institute of Standards and Technology (NIST) Special Publication 800-53.
- DoD: FedRAMP High and the security controls and control enhancements for the United States Department of Defense Cloud Computing Security Requirements Guide (SRG) for information up to Impact Level 5 (L5).
GCC High and DoD environments are designed to meet the requirements of the United States Department of Defense and contractors managing DoD-controlled unclassified information (CUI) or subject to International Traffic in Arms Regulations (ITAR).
Functionality in Office 365 Government
Because of the stringent requirements of these environments, there are many features available in commercial and not government Office 365. Let’s look at a few commonly used features not currently available.
Exchange Online
Features NOT available in GCC, GCC High, and DoD
- Voicemail—Integration of on-premises IP-PBX systems with Exchange Online Unified Messaging isn’t supported.
Features NOT available in GCC High and DoD
- Guest Access—No guest access to Microsoft 365 groups.
- Internet calendar sharing—Internet Calendar publishing/sharing works for inbound connection to calendars shared by GCC High users, not for GCC High users connecting outbound to a shared calendar outside GCC High.
- Connectivity with third-party services—Users can’t add/sync accounts (e.g., Google, POP/IMAP).
OneDrive
Features NOT available in GCC, GCC High, and DoD
- File management—file requests are not available for Office 365 government.
Features NOT available in GCC High and DoD
- External sharing—Sharing is only permitted with other organizations in GCC High. NON-GCC High email addresses attached to user profiles aren’t supported and won’t allow sending alert emails.
- SharePoint libraries—Document library access to SharePoint (“Shared libraries” in the navigation pane) isn’t available in the GCC High and DoD environments.
SharePoint
Features NOT available in GCC, GCC High, and DoD
- Migration—GCC environments can’t grant consent to the Azure ShareGate Migration app on their SharePoint Online tenants. The ShareGate Migration Tool can’t utilize Microsoft’s Graph API, the Azure import process, and other features associated with using the Insane mode for Microsoft 365.
- Alerts and notifications—Notifications for file and site activity aren’t available
Features NOT available in GCC High and DoD
- Site settings—Changing a site address isn’t permitted.
- Analytics and Usage—The following cards aren’t available on the home page of the SharePoint admin center for GCC High and DoD customers: SharePoint storage usage, SharePoint site usage, OneDrive usage, SharePoint file activity, and OneDrive file activity. For some government cloud customers, tracked view cards are only available in the SharePoint admin center.
- Automation—Graph functionality within SharePoint Online is currently disabled. Any service that relies on Microsoft Graph may not currently be available.
- Hub News, events, and highlighted content—The news, events, and highlighted content web parts will only pull items from the current site. Content from selected sites or hub rollups from associated sites isn’t available.
Microsoft Teams
Features NOT available in GCC High and DoD
- External sharing—Sharing is only permitted with other organizations in GCC High or DoD. NON-GCC High or DoD email addresses attached to user profiles aren’t supported or allowed to be added to Teams.
- Calling—No call settings for the secondary ringer, voicemail, and enhanced delegation or cell phone number from the search bar.
Microsoft Forms
Features NOT available in GCC, GCC High, and DoD
- Embedding—Embed Forms on other portals (including SharePoint, OneNote, Sway, PowerPoint, and Teams Tab).
- Automation—No integration with Microsoft Power Automate.
Features NOT available in GCC High and DoD
- External sharing—Only people within your organization may complete a form and submit a response, duplicate and share a form as a template, co-author or collaborate on a form and access form results.
- Integrations—No poll in Outlook or Teams or integration with other office products.
Power Platform
Features NOT available in GCC, GCC High, and DoD
- Power Apps—Push notifications; add to Teams from Power Apps Studio; Model driven apps and Canvas App; Dataflows in Power Apps; Power App Analytics.
- Power Automate—Limited support for third-party and first-party (Microsoft) connections. To check if a specified connector is available, view the Power Automate list of connectors.
- Power BI—Power BI US Government isn’t available as a Free license. If you’ve purchased Power BI Premium, you don’t have to assign licenses to users to allow them to consume content published to a Premium capacity. For all other access, including access to the admin portal and the ability to publish content to the Premium capacity, each user must be assigned a Pro or Premium Per User (PPU) license. If a user account is given a Free license, the user is authorized to access only the commercial cloud and will encounter authentication and access issues.
Conclusion
Feature availability is constantly evolving. Although not an exhaustive location for understanding features available to government tenants, the Microsoft 365 roadmap is a good place to keep an eye out.
Looking for more guidance on Office 365 government functionality and possible remediations? Reach out to us for a chat!
