Azure, Dynamics 365, Microsoft 365, and Power Platform services compliance scope

Microsoft Azure cloud environments meet demanding US government compliance requirements that produce formal authorizations, including:

Azure (also known as Azure Commercial, Azure Public, or Azure Global) maintains the following authorizations:

  • FedRAMP High Provisional Authorization to Operate (P-ATO) issued by the FedRAMP Joint Authorization Board (JAB)
  • DoD IL2 Provisional Authorization (PA) issued by the Defense Information Systems Agency (DISA)

Azure Government maintains the following authorizations that pertain to Azure Government regions US Gov Arizona, US Gov Texas, and US Gov Virginia:

For current Azure Government regions and available services, see Products available by region.

Note

Azure Government Secret maintains:

  • DoD IL6 PA issued by DISA
  • ICD 503 ATO with facilities at ICD 705 (for authorization details, contact your Microsoft account representative)
  • JSIG PL3 ATO (for authorization details, contact your Microsoft account representative)

Azure Government Top Secret maintains:

  • ICD 503 ATO with facilities at ICD 705 (for authorization details, contact your Microsoft account representative)
  • JSIG PL3 ATO (for authorization details, contact your Microsoft account representative)

This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and Power Platform cloud services in scope for FedRAMP High, DoD IL2, DoD IL4, DoD IL5, and DoD IL6 authorizations across Azure, Azure Government, and Azure Government Secret cloud environments. For other authorization details in Azure Government Secret and Azure Government Top Secret, contact your Microsoft account representative.

Azure public services by audit scope

Last updated: February 2022

Terminology used

  • FedRAMP High = FedRAMP High Provisional Authorization to Operate (P-ATO) in Azure
  • DoD IL2 = DoD SRG Impact Level 2 Provisional Authorization (PA) in Azure
  • ✅ = service is included in audit scope and has been authorized
Service FedRAMP High DoD IL2
Advisor
AI Builder
Analysis Services
API Management
App Configuration
Application Gateway
Automation
Azure Active Directory (Free and Basic)
Azure Active Directory (Premium P1 + P2)
Azure Active Directory B2C
Azure Active Directory Domain Services
Azure Active Directory Provisioning Service
Azure AD Multi-Factor Authentication
Azure API for FHIR
Azure Arc-enabled servers
Service FedRAMP High DoD IL2
Azure Cache for Redis
Azure Cosmos DB
Azure Database for MariaDB
Azure Database for MySQL
Azure Database for PostgreSQL
Azure Databricks **
Azure for Education
Azure Information Protection
Azure Kubernetes Service (AKS)
Azure Marketplace portal
Azure Maps
Azure Monitor (incl. Application Insights, Log Analytics, and Application Change Analysis)
Azure NetApp Files
Azure Policy
Azure Policy's guest configuration
Service FedRAMP High DoD IL2
Azure Red Hat OpenShift
Azure Resource Manager
Azure Service Manager (RDFE)
Azure Sign-up portal
Azure Sphere
Azure Stack Edge (formerly Data Box Edge) *
Azure Virtual Desktop (formerly Windows Virtual Desktop)
Azure VMware Solution
Backup
Bastion
Batch
Blueprints
Bot Service
Cloud Services
Cloud Shell
Service FedRAMP High DoD IL2
Cognitive Search (formerly Azure Search)
Cognitive Services: Computer Vision
Cognitive Services: Content Moderator
Cognitive Services Containers
Cognitive Services: Custom Vision
Cognitive Services: Face
Cognitive Services: Language Understanding (LUIS)
(part of Cognitive Services for Language)
Cognitive Services: Personalizer
Cognitive Services: QnA Maker
(part of Cognitive Services for Language)
Cognitive Services: Speech
Cognitive Services: Text Analytics
(part of Cognitive Services for Language)
Cognitive Services: Translator
Container Instances
Container Registry
Content Delivery Network
Service FedRAMP High DoD IL2
Cost Management and Billing
Customer Lockbox
Data Box *
Data Explorer
Data Factory
Data Share
Database Migration Service
Dataverse (incl. Azure Synapse Link for Dataverse)
DDoS Protection
Dedicated HSM
DevTest Labs
DNS
Dynamics 365 Chat (Omnichannel Engagement Hub)
Dynamics 365 Commerce
Dynamics 365 Customer Service
Service FedRAMP High DoD IL2
Dynamics 365 Field Service
Dynamics 365 Finance
Dynamics 365 Guides
Dynamics 365 Sales
Dynamics 365 Sales Professional
Dynamics 365 Supply Chain Management
Event Grid
Event Hubs
ExpressRoute
File Sync
Firewall
Firewall Manager
Form Recognizer
Front Door
Functions
Service FedRAMP High DoD IL2
GitHub AE
Health Bot
HDInsight
HPC Cache
Immersive Reader
Import/Export
Internet Analyzer
IoT Hub
Key Vault
Lab Services
Lighthouse
Load Balancer
Logic Apps
Machine Learning
Managed Applications
Service FedRAMP High DoD IL2
Media Services
Microsoft 365 Defender (formerly Microsoft Threat Protection)
Microsoft Azure Attestation
Microsoft Azure Marketplace portal
Microsoft Azure portal
Microsoft Defender for Cloud (formerly Azure Security Center)
Microsoft Defender for Cloud Apps (formerly Microsoft Cloud App Security)
Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection)
Microsoft Defender for Identity (formerly Azure Advanced Threat Protection)
Microsoft Defender for IoT (formerly Azure Security for IoT)
Microsoft Graph
Microsoft Intune
Microsoft Sentinel
Microsoft Stream
Microsoft Threat Experts
Service FedRAMP High DoD IL2
Migrate
Network Watcher (incl. Traffic Analytics)
Notification Hubs
Open Datasets
Peering Service
Power Apps
Power Apps Portal
Power Automate (formerly Microsoft Flow)
Power BI
Power BI Embedded
Power Data Integrator for Dataverse (formerly Dynamics 365 Integrator App)
Power Virtual Agents
Private Link
Public IP
Resource Graph
Service FedRAMP High DoD IL2
Scheduler (replaced by Logic Apps)
Service Bus
Service Fabric
Service Health
SignalR Service
Site Recovery
Spring Cloud
SQL Database
SQL Server Registry
SQL Server Stretch Database
Storage: Archive
Storage: Blobs (incl. Azure Data Lake Storage Gen2)
Storage: Data Movement
Storage: Disks (incl. managed disks)
Storage: Files
Service FedRAMP High DoD IL2
Storage: Queues
Storage: Tables
StorSimple
Stream Analytics
Synapse Analytics
Time Series Insights
Traffic Manager
Video Analyzer for Media (formerly Video Indexer)
Virtual Machine Scale Sets
Virtual Machines (incl. Reserved VM Instances)
Virtual Network
Virtual Network NAT
Virtual WAN
VPN Gateway
Web Application Firewall
Web Apps (App Service)
Windows 10 IoT Core Services

* FedRAMP High authorization for edge devices (such as Azure Data Box and Azure Stack Edge) applies only to Azure services that support on-premises, customer-managed devices. For example, FedRAMP High authorization for Azure Data Box covers datacenter infrastructure services and Data Box pod and disk service, which are the online software components supporting your Data Box hardware appliance. You are wholly responsible for the authorization package that covers the physical devices. For assistance with accelerating your onboarding and authorization of devices, contact your Microsoft account representative.

** FedRAMP High authorization for Azure Databricks is applicable to limited regions in Azure. To configure Azure Databricks for FedRAMP High use, contact your Microsoft or Databricks representative.

Azure Government services by audit scope

Last updated: March 2022

Terminology used

  • Azure Government = Azure Government regions US Gov Arizona, US Gov Texas, and US Gov Virginia
  • FedRAMP High = FedRAMP High Provisional Authorization to Operate (P-ATO) in Azure Government
  • DoD IL2 = DoD SRG Impact Level 2 Provisional Authorization (PA) in Azure Government
  • DoD IL4 = DoD SRG Impact Level 4 Provisional Authorization (PA) in Azure Government
  • DoD IL5 = DoD SRG Impact Level 5 Provisional Authorization (PA) in Azure Government
  • DoD IL6 = DoD SRG Impact Level 6 Provisional Authorization (PA) in Azure Government Secret
  • ✅ = service is included in audit scope and has been authorized

Note

Service FedRAMP High DoD IL2 DoD IL4 DoD IL5 DoD IL6
Advisor
AI Builder
Analysis Services
API Management
App Configuration
Application Gateway
Automation
Azure Active Directory (Free and Basic)
Azure Active Directory (Premium P1 + P2)
Azure Active Directory Domain Services
Azure AD Multi-Factor Authentication
Azure API for FHIR
Azure Arc-enabled Kubernetes
Service FedRAMP High DoD IL2 DoD IL4 DoD IL5 DoD IL6
Azure Arc-enabled servers
Azure Cache for Redis
Azure Cosmos DB
Azure CXP Nomination Portal
Azure Database for MariaDB
Azure Database for MySQL
Azure Database for PostgreSQL
Azure Databricks
Azure Information Protection **
Azure Kubernetes Service (AKS)
Azure Maps
Azure Monitor
Azure Monitor Application Insights
Azure Monitor Log Analytics
Azure NetApp Files
Service FedRAMP High DoD IL2 DoD IL4 DoD IL5 DoD IL6
Azure Policy
Azure Policy's guest configuration
Azure Resource Manager
Azure Service Manager (RDFE)
Azure Sign-up portal
Azure Stack Bridge
Azure Stack Edge (formerly Data Box Edge) *
Azure Virtual Desktop (formerly Windows Virtual Desktop)
Backup
Bastion
Batch
Blueprints
Bot Service
Cloud Services
Cloud Shell
Service FedRAMP High DoD IL2 DoD IL4 DoD IL5 DoD IL6
Cognitive Search (formerly Azure Search)
Cognitive Services: Computer Vision
Cognitive Services: Content Moderator
Cognitive Services Containers
Cognitive Services: Custom Vision
Cognitive Services: Face
Cognitive Services: LUIS
(part of Cognitive Services for Language)
Cognitive Services: Personalizer
Cognitive Services: QnA Maker
(part of Cognitive Services for Language)
Cognitive Services: Speech
Cognitive Services: Text Analytics
(part of Cognitive Services for Language)
Cognitive Services: Translator
Container Instances
Container Registry
Content Delivery Network
Service FedRAMP High DoD IL2 DoD IL4 DoD IL5 DoD IL6
Cost Management and Billing
Customer Lockbox
Data Box *
Data Explorer
Data Factory
Data Share
Database Migration Service
Dataverse (formerly Common Data Service)
DDoS Protection
Dedicated HSM
DevTest Labs
DNS
Dynamics 365 Chat (Omnichannel Engagement Hub)
Dynamics 365 Customer Insights
Dynamics 365 Customer Service
Service FedRAMP High DoD IL2 DoD IL4 DoD IL5 DoD IL6
Dynamics 365 Customer Voice (formerly Forms Pro)
Dynamics 365 Field Service
Dynamics 365 Finance
Dynamics 365 Project Service Automation
Dynamics 365 Sales
Dynamics 365 Supply Chain Management
Event Grid
Event Hubs
ExpressRoute
File Sync
Firewall
Firewall Manager
Form Recognizer
Front Door
Functions
Service FedRAMP High DoD IL2 DoD IL4 DoD IL5 DoD IL6
GitHub AE
HDInsight
HPC Cache
Import/Export
IoT Hub
Key Vault
Lab Services
Lighthouse
Load Balancer
Logic Apps
Machine Learning
Managed Applications
Media Services
Microsoft 365 Defender (formerly Microsoft Threat Protection)
Microsoft Azure portal
Service FedRAMP High DoD IL2 DoD IL4 DoD IL5 DoD IL6
Microsoft Azure Government portal
Microsoft Defender for Cloud (formerly Azure Security Center)
Microsoft Defender for Cloud Apps (formerly Microsoft Cloud App Security)
Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection)
Microsoft Defender for Identity (formerly Azure Advanced Threat Protection)
Microsoft Defender for IoT (formerly Azure Security for IoT)
Microsoft Graph
Microsoft Intune
Microsoft Sentinel (formerly Azure Sentinel)
Microsoft Stream
Migrate
Network Watcher
Network Watcher Traffic Analytics
Notification Hubs
Peering Service
Service FedRAMP High DoD IL2 DoD IL4 DoD IL5 DoD IL6
Planned Maintenance for VMs
Power Apps
Power Automate (formerly Microsoft Flow)
Power BI
Power BI Embedded
Power Data Integrator for Dataverse (formerly Dynamics 365 Integrator App)
Power Query Online
Power Virtual Agents
Private Link
Public IP
Resource Graph
Resource Mover
Route Server
Scheduler (replaced by Logic Apps)
Service Bus
Service FedRAMP High DoD IL2 DoD IL4 DoD IL5 DoD IL6
Service Fabric
Service Health
SignalR Service
Site Recovery
SQL Database
SQL Server Stretch Database
Storage: Archive
Storage: Blobs (incl. Azure Data Lake Storage Gen2)
Storage: Data Movement
Storage: Disks (incl. managed disks)
Storage: Files
Storage: Queues
Storage: Tables
StorSimple
Stream Analytics
Service FedRAMP High DoD IL2 DoD IL4 DoD IL5 DoD IL6
Synapse Analytics
Synapse Link for Dataverse
Traffic Manager
Virtual Machine Scale Sets
Virtual Machines (incl. Reserved VM Instances)
Virtual Network
Virtual Network NAT
Virtual WAN
VPN Gateway
Web Application Firewall
Web Apps (App Service)

* Authorizations for edge devices (such as Azure Data Box and Azure Stack Edge) apply only to Azure services that support on-premises, customer-managed devices. You are wholly responsible for the authorization package that covers the physical devices. For assistance with accelerating your onboarding and authorization of devices, contact your Microsoft account representative.

** Azure Information Protection (AIP) is part of the Microsoft Information Protection (MIP) solution - it extends the labeling and classification functionality provided by Microsoft 365. Before AIP can be used for DoD workloads at a given impact level (IL), the corresponding Microsoft 365 services must be authorized at the same IL.

Next steps