Plan for Microsoft 365 compliance - DoD deployments
This guidance is for IT pros who are driving deployments of Office 365 in US Federal Government entities or other entities that handle data that’s subject to government regulations and requirements, where the use of Microsoft 365 Government – DoD is appropriate to meet these requirements.
If your organization has already met the Microsoft 365 Government – DoD eligibility requirements and applied for and been accepted into the program, you can skip steps 1 and 2 and go directly to step 3.
Step 1. Determine whether your organization needs Microsoft 365 Government - DoD and meets eligibility requirements
The Microsoft 365 Government - DoD environment complies with US Government requirements for cloud services.
In addition to enjoying the features and capabilities of Office 365, organizations benefit from the following features that are unique to Microsoft 365 Government – DoD:
- Your organization’s customer content is logically segregated from customer content in the commercial Office 365 services from Microsoft.
- Your organization’s customer content is stored within the United States.
- Access to your organization’s customer content is restricted to screened Microsoft personnel.
- Microsoft 365 Government - DoD complies with certifications and accreditations that are required for US public sector customers.
You can find more information about the Microsoft 365 Government - DoD offering for US Government customers at Office 365 Government plans, including eligibility requirements.
The Office 365 US Government service description describes the platform’s benefits, which are centered on meeting compliance requirements within the United States.
You might want to transfer the tables of information in the service description into an Excel workbook and add two columns: Relevant for my organization Y/N and Meets the needs of my organization Y/N. Then you can review this list with your colleagues to confirm that this service meets your organization’s needs.
- Decide whether Microsoft 365 Government - DoD is appropriate for your organization.
- Confirm that your organization meets eligibility requirements.
Microsoft 365 Government - DoD is only available in the United States. Non–US Government customers can choose from a number of Office 365 Government plans.
Step 2. Apply for Microsoft 365 Government - DoD
Having decided that this service is right for your organization, start the process of applying for this service.
Step 3. Understand Microsoft 365 Government - DoD default security settings
We recommend that you take time to carefully review your admin and security settings before you modify them and consider the impact on compliance before you make any changes to the default security settings.
Decision point: Decide whether you’ll modify any of the default Microsoft 365 Government - DoD security settings, resolving to first understand the impact of any changes you might make.
Step 4. Understand which capabilities are currently unavailable or disabled by default in Microsoft 365 Government – DoD1
To meet the requirements of our government cloud customers, there are some differences between Microsoft 365 Government - DoD and enterprise plans. Refer to the following table to see which features are available.
|Information protection & governance||Archiving||Available|
|Manual labels and policies2||Available|
|Auto application of labels||On engineering backlog|
|Labels based on sensitive data types||On engineering backlog|
|Labels and associated policies based on queries||On engineering backlog|
|File plan||On engineering backlog|
|Recommended policies||On engineering backlog|
|Smart import filters||On engineering backlog|
|Event-based retention||On engineering backlog|
|Disposition review||On engineering backlog|
|Data loss prevention (DLP) for files and email||Available|
|DLP for Teams chat and channel conversations||On engineering backlog|
|DLP exact data match||On engineering backlog|
|Label Activity Explorer||On engineering backlog|
|Trainable classifiers||On engineering backlog|
|Unified labeling and sensitivity labels||On engineering backlog|
|Insider risk management||Advanced Message Encryption||Available|
|Insider Risk Management||On engineering backlog|
|Communication compliance||On engineering backlog|
|Privileged access management||On engineering backlog|
|Discover & respond||In-place reservation||Available|
|Advanced processing||On engineering backlog|
|Email threading||On engineering backlog|
|Near duplicate identification||On engineering backlog|
|Themes||On engineering backlog|
|Predictive coding||On engineering backlog|
|Processed export with load file||On engineering backlog|
|Tagging||On engineering backlog|
|Viewers||On engineering backlog|
|Redactions||On engineering backlog|
|Filtering||On engineering backlog|
|Custodian to workload mapping||On engineering backlog|
|Custodian communications||On engineering backlog|
|Review sets||On engineering backlog|
|Review and annotate||On engineering backlog|
|Non-Office 365 ingestion||On engineering backlog|
|Search Term report||On engineering backlog|
1 Identified status is subject to change as project plans and priorities are reevaluated.
2 Manual application of labels requires Azure Information Protection (AIP) client version 1.
Decision point: Decide whether the compliance features meet your organization's needs.