Office 365 GCC
To meet the unique and evolving requirements of the United States Federal, State, Local, and Tribal governments, as well as contractors holding or processing data on behalf of the US Government, Microsoft offers Office 365 US Government Community (GCC) services. Available through multiple channels including Volume Licensing, interested organizations go through a validation process to ensure eligibility before an environment is established. Trials are available to only US Government entities at this time.
Please engage your account team or preferred partner to learn more, or initiate the validation process. Additional information can be found on the Compare Office 365 Government Plans page.
How to use this service description section
The Office 365 US Government service description is designed to serve as an overlay to the general Office 365 service description. It defines the unique commitments and differences compared to Office 365 Enterprise offerings.
US Government Community compliance
Office 365 US Government supports the Federal Risk and Authorization Management Program (FedRAMP) accreditation at a Moderate Impact level. FedRAMP artifacts are available for review by federal customers who are required to comply with FedRAMP. Federal agencies can review these artifacts in support of their review to grant an Authority to Operate (ATO).
Office 365 US Government also supports US Department of Defense Cloud Computing Security Requirements Guide for Level 2 (Non-Controlled Unclassified Information) systems.
Exchange Online, SharePoint Online, Exchange Online Archiving, Skype for Business, and Office for the web have features that can support customers' CJIS requirements for law enforcement agencies, and IRS-1075 requirements for customers who handle FTI.
Office 365 US Government Community screened personnel
Office 365 staff do not have standing access to customer content hosted in Office 365 US Government Community. Any staff who requests temporary permission elevation which would grant access to customer content must first have passed the following background checks.
|Microsoft personnel screening and background checks 1
||Verification of U.S. citizenship
|Employment history check
||Verification of seven (7) year employment history
||Verification of highest degree attained
|Social Security Number (SSN) search
||Verification that the provided SSN is valid
|Criminal history check
||A seven (7) year criminal record check for felony and misdemeanor offenses at the state, county, and local level and at the federal level
|Office of Foreign Assets Control List (OFAC)
||Validation against the Department of Treasury list of groups with whom U.S. persons are not allowed to engage in trade or financial transactions
|Bureau of Industry and Security List (BIS)
||Validation against the Department of Commerce list of individuals and entities barred from engaging in export activities
|Office of Defense Trade Controls Debarred Persons List (DDTC)
||Validation against the Department of State list of individuals and entities barred from engaging in export activities related to the defense industry
||Fingerprint background check against FBI databases
|CJIS background screening
||State-adjudicated review of federal and state criminal history by state CSA appointed authority within each state that has signed up for the Microsoft CJIS IA program
1 applies only to personnel with temporary or standing access to customer content hosted in Office 365 US Government Community Cloud (GCC).
Office 365 US Government Community and Yammer
Yammer Enterprise is not a component of Office 365 US Government, but may be acquired at no cost as a standalone offer for each user licensed for Office 365 US Government Plan E1 and E3. This offer is currently limited to customers who purchase Office 365 US Government under Enterprise Agreement and Enterprise Subscription Agreements.
Currently, Yammer provides logical separation of customer data at the application layer. However, Yammer does not provide the same data location and data access features as Office 365 US Government, does not support FedRAMP accreditation, and is subject to different contract terms from Office 365 services. It is recommended that you review the Yammer service description and privacy terms when assessing the appropriate use of Yammer for your organization. To learn which Office 365 Government plans include Yammer, see Office 365 US Government.
If you decide that the use of Yammer is appropriate for your organization as part of your Office 365 US Government subscription and you have purchased one of the above-mentioned plans that includes Yammer, under your Enterprise Enrollment, you can request an amendment to enable your Yammer Enterprise subscription.
Office 365 US Government Community and MyAnalytics
MyAnalytics is designed and operated in accordance with the FedRAMP control implementation for Office 365 services, but has not yet been reviewed by a 3PAO as part of the Office 365 annual FedRAMP audit. If necessary, please consult with your compliance office before enabling MyAnalytics services for users in your organization.
Office 365 US Government Community Cloud (GCC) customer support
Office 365 GCC customer support is provided under the same terms and conditions offered to Worldwide versions of Office 365, including no support agent physical location or citizenship assurances. Office 365 GCC operates in conjunction with Azure Public Cloud, which is supported under the following terms and conditions.
Microsoft reminds you not to share any controlled, sensitive or confidential information with Support Personnel as part of your Office 365 GCC-related support incident, until you confirm their authorization to view or access such data. Microsoft is committed to protecting your privacy. Office 365 GCC Customer Support is not included in the service accreditation boundary and does not provide FedRAMP, SRG, ITAR, IRS 1075 or CJIS data handling and/or compliance assurances.