The Five Big Questions About Microsoft 365 GCC High

by | November 03, 2022

As a contractor for the Department of Defense, you’ve probably noticed an increase in chatter about “DFARS 7012” and “NIST 800-171”. And if you’ve done any research into how to implement these requirements, you have probably come across “Microsoft 365 GCC High”.

You may be wondering, “What is it?” and “How is it different from regular Microsoft 365?” Fortunately, you are not alone. In this article, we will discuss what exactly Microsoft GCC 365 High is, why you would migrate to it, and what its capabilities are.

How is Microsoft 365 GCC High Different than general Microsoft 365 Commercial and Microsoft 365 GCC?

The main difference between Microsoft 365 GCC High and Microsoft 365 Commercial and GCC is in how Microsoft stores, protects, and supports the infrastructure. Put simply, with GCC High, Microsoft guarantees that your data remains in U.S. data centers, supported by U.S. persons. In Microsoft 365 Commercial, data can be stored outside of the U.S., and support can be provided by foreign nationals. Microsoft 365 GCC sits somewhere in the middle, where data remains within the U.S., but support continues to “follow the sun,” in which foreign nationals can provide support.

GCC High is intended to protect Controlled Unclassified Information (CUI) and International Traffic in Arms Regulation (ITAR) data. These data types include plans, images, diagrams, documents, and other articles used to build military weaponry, provide wartime capabilities and broadly support the Department of Defense. GCC High conforms to the requirements in DFARS 7012, including requirements to protect media involved in incidents. Microsoft 365 Commercial and GCC are not intended to protect these data types at the same level and may not fully support the DFARS 7012 requirements.

What are the Benefits of Switching to Microsoft 365 GCC High?

The primary benefit of migrating to GCC High is in achieving the “highest watermark” for protecting data in line with DoD/Federal requirements.
What does that mean?
Well, consider the idea of a pole used for marking the rise of water in a flood zone – wouldn’t you want to build your house above the
Highest point on that pole where water has reached?

Building below that line puts you at risk of being caught in the flood. GCC High achieves that – it is rated to handle the most scenarios and protected data types for organizations in the defense industry.

Beyond reaching the high watermark for compliance, you also benefit from being in the same platform as much of the DoD – many agencies and branches of the DoD have, or are currently, migrated into Microsoft 365 DoD, which is tightly aligned to GCC High. As of the time of this writing, it is possible to use the Microsoft 365 suite of tools to do robust collaborations with DoD counterparts, but only for users in GCC High.

Ready to get to work? So are we.

Our cyber adversaries aren’t waiting and neither are we. We want to learn more about your IT and cybersecurity needs so let’s get the conversation started.