Mastering Microsoft GCC & GCC High E-book
Table of Contents
Chapter 1
Download Sample

In Mastering Microsoft GCC & GCC High, Carl B. Johnson explains how high regulatory organizations and Federal contractors can secure their Microsoft GCC & GCC High environment to withstand the rigorous Federal security requirements. You’ll learn how to plan, configure and maintain information that should be secured in Microsoft’s GCC and GCC High environments with applications such as Azure Information Protection, Azure Blueprint, Azure Sentinel and Office 365 Message Encryption.

Carl guides you through the sometimes complex world of Federal security compliance and how to confidently secure Microsoft GCC and GCC High for sensitive data such as CUI (Controlled Unclassified Information) PII (Personally identifiable information), PHI (Protected Health Information) and ITAR (International Traffic in Arms Regulation) and EAR (Export Administration Regulations).

You’ll learn the best practices in managing Federal security compliance while also understand how and where your information is stored with Microsoft’s GCC and GCC High cloud.

  • Understand Microsoft GCC and GCC High built in security boundaries
  • Setup Microsoft GCC and GCC High for compliance and security controls
  • Create security enclaves within for CUI (Controlled Unclassified Information) within Microsoft GCC and GCC High
  • Plan and deploy Azure Information Protection (AIP) and Unified Labels (UL)
  • Security advantages of Microsoft GCC and GCC High
  • Use Azure security tools to respond to incidents and conduct investigations
  • Migrate from Microsoft Commercial to Microsoft GCC or Microsoft GCC and GCC High
  • Migrate from G-suite to Microsoft GCC or Microsoft GCC and GCC High
  • Plan and discuss Microsoft GCC and GCC High with your business stakeholders
  • Monitor and protect information using Azure Sentinel
  • Plan for CMMC 2.0 compliance within Microsoft GCC and GCC High

Microsoft's Government Community Cloud (GCC) is a comprehensive cloud platform designed for U.S. Federal, State, and Local government agencies and their partners to meet their mission-critical requirements in Europe. It provides them with world-class productivity tools such as Office 365 Government, Azure Government, and Dynamics 365 Government.

GCC High is a separate instance of GCC that offers additional isolation, compliance, and security features to meet the needs of agencies handling more sensitive data. The two clouds are complementary with unique strengths and capabilities, so it's essential to understand their differences before deciding on which is suitable for your agency.

Microsoft GCC: An Overview

Microsoft GCC meets the standards of the United States Department of Defense (DoD) level-two security and compliance requirements. It can be used by organizations to store and process data that contains Federal Risk and Authorization Management Program (FedRAMP), internal National Security Information, or exported controlled technical data for defense purposes.

Microsoft GCC is available to eligible organizations in the United States that are subject to U.S. laws governing national security systems and export control regulations (including International Traffic in Arms Regulations [ITAR] and Export Administration Regulations [EAR]). But, check with your compliance team before moving any regulated or sensitive information into either of these environments.

In addition, Microsoft GCC has the flexibility to run in government, public, or private clouds with the ability to move between clouds. It's designed for organizations that want to maintain and run their apps, data, and services on U.S. government soil — whether in a public cloud or hybrid environment — but don't need GCC High certification levels.

Microsoft GCC High: An Overview

GCC High is an extension of Microsoft GCC and was created specifically for agencies whose mission requires specialized certifications. They include FedRAMP high baseline (with IL-based controls) impact level five (IL-V), DoD Impact Level (IL)-V, Criminal Justice Information Services(CJIS), and Department of Defense Directive 8570 compliance programs.

GCC High is available to eligible organizations in the United States subject to U.S. laws governing national security systems and export control regulations (including ITAR and EAR).

GCC High provides more than a dozen additional security controls, including:

Integrated privileged access management (PAM) capabilities for single sign-on with Active Directory Federation Services (AD FS)-managed identities for applications running on virtual machines using Azure AD credentials

Strict encryption at rest standards – FIPS 140-compliant encryption keys used by Virtual Machines, Storage Accounts and Key Vaults, and Advanced Threat Protection(ATP) services such as ATP and Advanced Threat Analytics (ATA). And additional monitoring to restrict privileged access for both humans and applications.

Differences Between GCC and GCC High

There are several differences between GCC and GCC High regarding the compliance requirements. You first have to know that GCC High has a much more detailed and specific set of controls than what Microsoft provides for its regular GCC customers. This means that if your business falls within this category, then you will need to comply with all of these additional controls, or else face suspension or even termination from the program altogether.

The second difference between these two programs is in how each one handles data storage. GCC stores data on a single server that has to be heavily secured, while GCC High takes advantage of the cloud storage capabilities provided by Microsoft Azure. Since there is no longer any physical location where you must store your information, this means that it can potentially be much more secure than what you would find with other providers.

Another difference is that GCC High supports the ITAR (International Traffic in Arms Regulations) control regime. This is a set of regulations designed to prevent the export of sensitive military technology and information, while GCC does not currently support this control regime.

GCC High handles CUI (Controlled Unclassified Information) and CDI (Critical Defense Information) more stringently than GCC. This means that if your company deals with any classified data, you will need to make sure that it is appropriately handled and securely within the confines of GCC High.

Mastering Microsoft GCC & GCC High eBook will help you understand the differences between GCC and GCC High plans and help you make the best decision for your organization. The eBook is an essential resource for anyone looking to get the most out of Microsoft GCC or GCC High with its in-depth coverage and practical advice. Find out more by downloading the eBook today.