Office 365 GCC High and DoD

WME Article on Office 365 GCC High and DoD

Office 365 GCC High and DoD: What You Need to Know About Government Cloud Security


Microsoft provides Office 365 GCC High and Office 365 DoD environments to cater to the constantly changing and specific demands of the US Department of Defense (DOD) and contractors responsible for handling DoD-controlled unclassified information (CUI) or adhering to International Traffic in Arms Regulations (ITAR).

GCC High is a Replica of Office 365 DoD

 The DoD cloud was purpose-built exclusively for the Department of Defense, with no outside personnel or contractors allowed under any circumstances.


GCC High is built on the same lines but specifically designed to meet the cybersecurity and compliance requirements of NIST 800-171, FedRAMP High, and ITAR, as well as for managing CUI/CDI.

While it shares the same capabilities as the DoD cloud, GCC High exists in a separate independent environment. That means, companies outside of the realm of the Department of Defense (DoD) can also utilize this service if they are eligible for using it.

What’s exclusive about GCC High and DoD?

There’s an added level of security with GCC High & DoD as their data is separated from that of commercial 365. The data of commercial Office365 is stored in a distinct enclave within the Azure Commercial cloud, while the GCC High and DoD offerings are located in a completely separate Azure Government environment known as the “US Sovereign Cloud”.

This environment is situated within the United States and is only supported by screened and background-checked US individuals.

Though GCC High and DoD come with restricted features, there is no question about the level of security they provide.

Difference Between Office 365 GCC and GCC High 

 Both Office 365 GCC and GCC High are cloud environments designed for US government agencies that offer varying levels of security and compliance.

Office 365 GCC meets the security and compliance needs of US government customers and is authorized for use by federal, state, local, tribal governments, and other government entities requiring a higher level of security.

Office 365 GCC High, on the other hand, is a more restrictive environment designed for agencies requiring greater levels of security and compliance, such as the Department of Defense and other government agencies dealing with sensitive information. It offers the same services as Office 365 GCC but with added security features and compliance measures.

One of the key differences between the two environments is the level of access controls. In Office 365 GCC, users have control over the data that is stored in the cloud and can set their own policies for data access and sharing. However, in GCC High, access to data is strictly controlled and monitored, with additional layers of security and compliance to prevent unauthorized access.

Another difference is that customers in Office 365 GCC High are not able to use Microsoft Stream and the video-sharing service, due to its potential impact on security and compliance.

Compliance Criterion for Office 365 GCC High & DoD  

Office 365 GCC High and DoD meet compliance requirements for security controls and control enhancements set by the Federal Risk and Authorization Management Program (FedRAMP) High and the Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) up to Impact Level 5 (L5). 

Only DoD entities can purchase Office 365 DoD licenses, while non-DoD entities meeting eligibility requirements can purchase Office 365 GCC High licenses assessed at FedRAMP High and showing equivalency to IL4 or necessary inheritance for CMMC.

Background Screening

As part of the registration process for Office 365 GCC High, all users must undergo a background screening to ensure they meet the necessary security clearance requirements. 

This includes a criminal history check, a credit check, and a review of any other relevant factors that may impact their ability to access sensitive information.

The screening process is critical to maintaining the security and integrity of the Office 365 GCC High environment. It ensures that only authorized users with the appropriate security clearance are granted access to the sensitive information stored in the cloud.

Features to Support Additional Security by GCC High

 The Office 365 subscriptions in GCC High and DoD environments provide the essential features of Exchange Online, SharePoint, and Skype for Business, but there are some variations in their offerings as compared to the general commercial Office 365 services due to their higher level of certification and accreditation.

  1. File sharing

GCC High includes a uniquely secure and compliant file-sharing service that allows government agencies to safely deal with the flow of sensitive information in the cloud. 

For example, users in GCC-High can only share files with other organizations in the same environment, and email addresses from non-GCC-High profiles are not supported and will not receive alert emails.

  1. Microsoft Teams

To ensure security and compliance, Microsoft Teams in GCC High offers a phone system and audio conferencing via direct routing. This feature offers flexibility, customization, and seamless integration with existing telephony infrastructure, allowing agencies to maintain their current phone numbers and systems. This integration also enables features such as call recording, call queues, and auto-attendants, which can improve overall efficiency and productivity.

  1. Identity

 Identity is a critical component of any security and compliance strategy. Using a federated identity model for multi-factor authentication, GCC High allows the utilization of PIV and CAC cards. These features help government organizations manage access to sensitive information and protect against potential security threats.

Customer support

Customer support is a critical component of any cloud service, especially one that is designed for government agencies. As Microsoft doesn’t provide GCC High/DoD support with the service accreditation boundary and does not provide any data handling compliance assurances including FedRAMP, DOD SRG, or CJIS, you definitely need some strong backing at your end.

We play that part.

Our experts make sure that users of Office 365 GCC High at your agency can effectively use the platform while also maintaining compliance with the necessary security and compliance standards.

Wrapping it Up: 

No doubt, GCC High comes with restricted functionalities of Exchange Online, Yammer, and Skype for Business Online. However, the level of security and compliance it brings to the table is immense.  After all, it’s a tailor-made cloud service designed specifically for government agencies that deal with sensitive information. By choosing GCC High, government agencies can ensure that their sensitive data is well-protected and that they are meeting the necessary regulatory requirements.

They can benefit greatly from its secure file sharing, communications tools, and advanced identity and access management capabilities.

We, at WME, encourage all government agencies who meet the eligibility requirements to consider using GCC High and take advantage of the benefits it offers. 

To learn more about GCC High and how it can meet the specific needs of your agency, please get in touch with us and we will be happy to assist you. Our dedicated support team and online resources are available to help you get started and make the most of your investment in GCC High.


Get Started



Contact Us

On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.