ITAR and DFARS 7012 Compliance: A Microsoft Office 365 GCC High Migration Success Story

An SMB has been providing low-level services such as administrative support and data entry for a DoD prime contractor. It uses Microsoft GCC for email, collaboration, and data storage. However, the SMB wanted to expand its business by bidding for a contract to offer technical support, testing, inspection, and repair of defense articles. The small business realized that it had entered the realm of ITAR and needed to comply with the strict data handling and export control requirements. It also had to be CMMC 2.0 Level 2 and DFARS 7012 compliant. The SMB immediately realized that Microsoft GCC didn’t contractually agree to meet DFARS 7012 and didn’t meet the sovereignty and U.S. citizenship requirements. Considering some operational requirements required a lot of remote access, they also wanted a solution that would ensure this in a compliant way. They contracted Cleared Systems, an MSP, to help them migrate to Microsoft GCC High and deploy Azure Virtual Desktop (AVD).

Objectives

  • To develop a comprehensive migration plan and strategy tailored to the SMB’s needs, guaranteeing a smooth transition.
  • To efficiently migrate user accounts, permissions, and groups from Microsoft Office 365 GCC to GCC High, ensuring a seamless transition for end-users.
  • To ensure a Compliant remote access by removing their existing Remote Desktop Services (RDS) and deploying Azure Virtual Desktop (AVD).
  • To seamlessly migrate data from Microsoft Office 365 GCC and other systems to Microsoft Office 365 GCC High, including email, files, and collaboration platforms, with integration to ensure continuity of operations.
  • To provide ongoing support, troubleshooting, and training for users to maximize their productivity in the Microsoft Office 365 GCC High environment, ensuring a successful migration experience.

Challenges

  • Migrating data and applications from Microsoft Office 365 GCC to Microsoft Office 365 GCC High required adjustments, updates, and redevelopment of the SMB’s systems to ensure compatibility with the heightened security measures and restrictions of Microsoft Office 365 GCC High. This was time-consuming and needed modifications to SMB’s existing software and infrastructure.
  • The SMB’s existing policies, procedures, and training were not aligned with the new cloud environment. The policies and procedures had to be updated before migration to comply with the new cloud environment. The SMB also lacked the expertise and resources to plan, execute, and validate the migration from Microsoft Office 365 GCC to Microsoft Office 365 GCC High. 
  • Ensuring that all applications required by the SMB are compatible with AVD can was a significant challenge. Some applications required modifications or updates to function properly in a virtualized environment. This necessitated a lot of compatibility testing and remediation efforts. 
  • The SMB’s business operations were not to be disrupted during the migration process. Careful planning was critical to minimize disruptions and ensure a smooth migration. 
  • The SMB relied on some third-party applications, tools, and services that it needed to integrate with Microsoft Office 365 GCC High. Ensuring these solutions were compliant, compatible, and met the stringent U.S. citizenship requirement was challenging.

Solutions

  • Migration Planning and Strategy: We developed a comprehensive migration plan and strategy tailored to the SMB’s specific needs, ensuring a smooth transition to Office 365 GCC High and deploy AVD.
  • User and Group Migration: Our team efficiently migrated user accounts, permissions, and groups to Office 365 GCC High, ensuring a seamless transition for end-users.
  • Data Migration and Integration: Cleared Systems seamlessly migrated data from existing systems to Office 365 GCC High, including email, files, and collaboration platforms, with integration to ensure continuity of operations. Our team also ensured most all the required applications were installed on Azure Virtual Desktop (AVD).
  • Azure Information Protection and Data Loss Prevention: Our Team implemented Azure Information Protection (AIP) and data loss prevention (DLP) measures for enhanced data protection. AIP allows the SMB to classify, label, and protect data based on its sensitivity level. DLP prevents unauthorized sharing or leakage of sensitive data.
  • Post-Migration Support and Training: Cleared Systems provided ongoing support, troubleshooting, and training for users to maximize their productivity in the Office 365 GCC High environment, ensuring a successful migration experience.
  • Compliance with Regulatory Requirements: By effectively completing the SMB’s migration from Microsoft Office 365 GCC to Microsoft Office 365 GCC, we helped the SMB comply with the regulatory requirements related to the handling and storage of sensitive data, such as ITAR, DFARS 7012, and CMMC 2.0.

Result

  • Increased productivity and collaboration: The SMB used cloud-based services of Office 365 GCC High, such as Teams, SharePoint, OneDrive, and Power Platform. The tools helped it improve efficiency, communication, and data sharing.
  • Improved cybersecurity posture: The SMB used advanced security features of Office 365 GCC High, including Azure Information Protection, Data Loss Prevention, Multi-Factor Authentication, and Advanced Threat Protection. They reduced the risk of data breaches and cyberattacks.
  • Achieved compliance with regulatory requirements: They leveraged Microsoft Office 365 GCC High’s capability to ensure U.S. data sovereignty and strict requirements for access by U.S. citizens Only to achieve ITAR compliance. Unlike Microsoft Office 365 GCC, the new orchestration met the contractual obligations of DFARS 7012.
  • Gained a competitive edge in the defense market: The SMB demonstrated its readiness for CMMC 2.0 certification and its commitment to protecting sensitive data. It helped the SMB maintain and secure valuable contracts with the DoD.
  • Compliant Remote Access: by succesfully deploying AVD and integrating the required applications, the SMB was able to communicate with remote assets in an ITAR compliant manner.

Share in Social Media

case studies

See More Case Studies

microsoft 365 GCC High

What is GCC High? For ITAR & CMMC 2.0

Microsoft 365 Government Community Cloud (GCC) High is a specialized cloud solution tailored for U.S. federal, state, local, tribal, and territorial government organizations, as well as for contractors who hold or process data subject to specific security regulations. In this article, we will explore the features, benefits, and differences between Microsoft 365 GCC High and other Office 365 offerings.

Learn more
Contact us

Partner with Us for Compliance & Protection

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?
1

Schedule an initial meeting

2

Arrange a discovery and assessment call

3

Tailor a proposal and solution

How can we help you?