March 21, 2023

The US Department of Defense (DoD) and other US government organizations have put strict requirements in place for how their vendors and subcontractors must protect sensitive data like Controlled Unclassified Information (CUI). These mandates are driving many SMBs, especially in the defense sector, to migrate data from a commercial Microsoft 365 tenant to one of Microsoft’s two government cloud environments.

 

One of the factors that can increase migration time, cost, and overall “learning curve” is that not all commercial Microsoft 365 features are available in Microsoft 365 Government Community Cloud (GCC) or GCC High. There are also feature differences between the two “gov clouds.”

 

Voice would be nice

One popular feature that commercial Microsoft 365 users won’t find in GCC or GCC High is built-in voice support in Teams. But if you need this capability, you can implement it through a third-party vendor.

 

Another feature set that is not uniformly available on GCC or GCC High is the AI support in Microsoft Syntex, Microsoft Power Platform, and potentially other Microsoft and third-party applications.

Why doesn’t Microsoft just turn these features on? They’re tightly integrated with the platforms and associated infrastructures and need to be recreated almost from scratch in the gov cloud environments. The requirement for complete data separation across the GCC and GCC High cloud boundaries is another hurdle.

 

Cross tenant collaboration

As you might expect when moving to a more secure environment, collaborating across organizations or environments requires more steps and checks by design/default in a government cloud.

 

Conrad Agramont, CEO at Agile IT, explains: “One thing that’s completely different out of the box is normally within your Microsoft 365 commercial tenant it’s super simple to invite guests in to be a part of your team. That’s not there out of the box when you’re starting off in a GCC High environment; it’s a little more secure and locked down. But even when you want to open it up, there are more steps to allow it.”

For example, Internet Free/Busy (IFB) in Microsoft Outlook isn’t available through the standard user interface in GCC High, but can be implemented using PowerShell.

 

Making it more intentional

In Conrad’s view, a successful migration to GCC or GCC High can help make your business more “intentional” in terms of protecting sensitive government data.

 

“There are a number of places where you might need to open up the sharing a little bit more, or create other [ways of doing] things,” notes Conrad. “But I think it’s good because it makes you be more intentional. It lines up more with a Zero Trust kind of approach. Which is, I should open things up gradually as I need them. Not just have it all open and then I have the burden of trying to pull it all back in.”

 

What’s next?

For more guidance on this topic, listen to Episode 113 of The Virtual CISO Podcast  with guest Conrad Agramont from Agile IT.

New CMMC V2 Certification Guide

A Simple Guide to Comply with the DoD's Cybersecurity Maturity Model Certification (CMMC) This NEW CMMC V2 Certification Guide will give you a quick and easily digestible introduction to the CMMC and the process we use to help our clients become CMMC compliant.