Microsoft Cloud App Security Government service description

How to use this service description

The Microsoft Cloud App Security US Government service description is designed to serve as an overview of the service offerings in the GCC, GCC High, and Department of Defense (DoD) environments and will cover feature variations from the commercial offering. For more information about Microsoft Cloud App Security for GCC customers, see EMS for US Microsoft 365 GCC customers.

Getting started with Microsoft Cloud App Security for US Government offerings

The Microsoft Cloud App Security offerings for GCC, GCC High, and DoD customers are built on the Microsoft Azure Government Cloud and are designed to inter-operate with Microsoft 365 GCC High and DoD environments. Full details on the services and how to use them can be found in the Microsoft Cloud App Security public documentation. The public documentation should be used as a starting point for deploying and operating the service and the following Service Description details and changes from functionality or features in the GCC, GCC High, or DoD environments.

To get started, use the Basic Setup page for access to the Microsoft Cloud App Security GCC, GCC High or DoD portals, and ensure your Network requirements are configured. In GCC High and DoD, to configure Cloud App Security to use your own key to encrypt the data it collects while it's at rest, see Encrypt Cloud App Security data at rest with your own key (BYOK). Follow the additional steps in the How-to guides for other detailed instructions.

Feature variations in Microsoft Cloud App Security US Government offerings

Unless otherwise specified, new feature releases, including preview features, documented in What's new with Microsoft Cloud App Security, will be available in GCC, GCC High, and DoD environments within three months of release in the Microsoft Cloud App Security commercial environment, unless otherwise noted.

API connector

Commercial API connectors are supported. API connectors for AWS GovCloud and other API connected applications that may also offer separate government cloud instances aren't supported at this time. API connectors for commercial cloud instances of third-party applications are supported.

The Azure connector and Microsoft 365 connector are for the US Government instances of each service.

Notifications and automation

Admin email notifications for alerts, as well as notifications sent to users when a breach is detected, in GCC, GCC-H, and DoD environments, aren't supported at this time.

Azure Security Center integration

The integration between Microsoft Cloud App Security and Azure Security Center in GCC environment isn't supported at this time.

Azure Sentinel integration

The integration between Microsoft Cloud App Security and Azure Sentinel in GCC, GCC-H, and DoD environments isn't supported at this time.

Other integrations

The following integrations aren't available in GCC, GCC-H, and DoD environments:

  • Microsoft Defender for Endpoint (available in GCC)
  • Surfacing Microsoft Cloud App Security controls in Microsoft Secure Score

Next steps

To learn more about Cloud App Security and explore how to get started see, Cloud App Security public documentation.