Five-day bootcamp on planning and executing a Microsoft 365 GCC High migration for defense contractors. Covers tenant procurement, identity migration, mailbox cutover, SharePoint/OneDrive content moves, Teams configuration, AIP labeling, and CMMC-aligned configuration baselines. Includes lessons from recent CDI tenant migrations.
Defense contractors facing CMMC Level 2 certification must operate Controlled Unclassified Information (CUI) within an environment that meets the isolation and compliance requirements of Microsoft 365 GCC High. Moving from a commercial Microsoft 365 tenant — or building a net-new GCC High environment — is a multi-week, multi-workload project that breaks when teams underestimate identity dependencies, labeling gaps, or SharePoint permission inheritance. This five-day bootcamp walks practitioners through every phase of that migration with the precision the accreditation timeline demands.
The bootcamp opens with GCC High tenant procurement: eligibility verification, government community cloud enrollment, and establishing the configuration baselines required to support a CMMC-aligned environment. Participants build Conditional Access policies, set authentication strength requirements, and lock down tenant-level security defaults before a single mailbox or file moves.
A failed identity migration is the most common reason GCC High projects stall. Sessions cover Azure AD connect topology decisions for hybrid environments, directory synchronization scoping, UPN alignment, and the licensing assignment sequencing that prevents access gaps during cutover. Participants work through real-world scenarios drawn from recent CDI tenant migrations, including the edge cases that vendor documentation rarely surfaces.
Participants learn migration batch planning, MX record strategy, mail coexistence windows, and post-cutover validation. Emphasis is placed on preserving mail flow for government contract communications and ensuring that CUI-bearing messages are routed exclusively within the GCC High boundary from day one of cutover.
Content migration from commercial SharePoint and OneDrive to GCC High requires deliberate permission mapping and library restructuring. The bootcamp covers the SharePoint Migration Tool, pre-migration inventory, permission inheritance decisions, and the post-migration access audits that confirm CUI is landing in correctly scoped document libraries.
Teams in GCC High is not a lift-and-shift from commercial Teams. Sessions address channel structure, guest access policy under CMMC constraints, meeting recording retention, and the Phone System and calling plan differences that affect contractor communication workflows.
Participants configure sensitivity labels and AIP labeling policies aligned to CUI category markings. The curriculum covers label taxonomy design, auto-labeling conditions, client-side versus service-side labeling, and the integration of AIP labels with SharePoint, OneDrive, and Exchange Online to enforce access and encryption controls on CUI at rest and in transit.
The final segment ties every workload back to CMMC Level 2 practice requirements. Participants review the configuration baselines for each Microsoft 365 service, map settings to the CUI protection and access control domains, and document the evidence artifacts an assessor will expect to see. Lessons learned from recent CDI tenant migrations are woven throughout to illustrate where real environments deviate from textbook configurations.
This bootcamp is built for the practitioners doing the work and the managers accountable for the outcome. Your team belongs in this session if it includes any of the following:
If your organization is preparing for a CMMC Level 2 assessment and your CUI environment still lives in a commercial Microsoft 365 tenant, the window to complete a compliant migration is shorter than most teams expect. Managers approving this training are investing in the practitioners who will prevent a failed assessment — and the rework cost that follows one. For organizations that need broader support on their CMMC, CUI, and DFARS compliance program, Cleared Systems offers dedicated advisory services that complement this technical curriculum.
A successful GCC High migration is one pillar of a defensible CMMC compliance posture, but the configuration work done here must be supported by documented policies, access control procedures, and ongoing monitoring. Practitioners who complete this bootcamp and need structured support for the broader program should explore Cleared Systems' IT compliance services or speak with an advisor through our Regulatory vCISO services to maintain the posture they build here.
Ask about group rates, private delivery of this curriculum for your team, or whether this session fits your compliance roadmap.
Contact Us
