Cloud feature availability for commercial and US Government customers
This article describes feature availability in the Microsoft Azure and Azure Government clouds for the following security services:
- Azure Information Protection
- Microsoft Defender for Cloud
- Microsoft Sentinel
- Microsoft Defender for IoT
- Azure Attestation
Note
Additional security services will be added to this article soon.
Azure Government
Azure Government uses the same underlying technologies as Azure (sometimes referred to as Azure Commercial or Azure Public), which includes the core components of Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Both Azure and Azure Government have comprehensive security controls in place, and the Microsoft commitment on the safeguarding of customer data.
Azure Government is a physically isolated cloud environment dedicated to US federal, state, local, and tribal governments, and their partners. Whereas both cloud environments are assessed and authorized at the FedRAMP High impact level, Azure Government provides an extra layer of protection to customers through contractual commitments regarding storage of customer data in the United States and limiting potential access to systems processing customer data to screened US persons. These commitments may be of interest to customers using the cloud to store or process data subject to US export control regulations such as the EAR, ITAR, and DoE 10 CFR Part 810.
For more information about Azure Government, see What is Azure Government?
Microsoft 365 integration
Integrations between products rely on interoperability between Azure and Office platforms. Offerings hosted in the Azure environment are accessible from the Microsoft 365 Enterprise and Microsoft 365 Government platforms. Office 365 and Office 365 GCC are paired with Azure Active Directory (Azure AD) in Azure. Office 365 GCC High and Office 365 DoD are paired with Azure AD in Azure Government.
The following diagram displays the hierarchy of Microsoft clouds and how they relate to each other.
The Office 365 GCC environment helps customers comply with US government requirements, including FedRAMP High, CJIS, and IRS 1075. The Office 365 GCC High and DoD environments support customers who need compliance with DoD IL4/5, DFARS 7012, NIST 800-171, and ITAR.
For more information about Office 365 US Government environments, see:
The following sections identify when a service has an integration with Microsoft 365 and the feature availability for Office 365 GCC, Office 365 High, and Office 365 DoD.
Azure Information Protection
Azure Information Protection (AIP) is a cloud-based solution that enables organizations to discover, classify, and protect documents and emails by applying labels to content.
AIP is part of the Microsoft Purview Information Protection (MIP) solution, and extends the labeling and classification functionality provided by Microsoft 365.
For more information, see the Azure Information Protection product documentation.
Office 365 GCC is paired with Azure Active Directory (Azure AD) in Azure. Office 365 GCC High and Office 365 DoD are paired with Azure AD in Azure Government. Make sure to pay attention to the Azure environment to understand where interoperability is possible. In the following table, interoperability that is not possible is marked with a dash (-) to indicate that support is not relevant.
Extra configurations are required for GCC-High and DoD customers. For more information, see Azure Information Protection Premium Government Service Description.
Note
More details about support for government customers are listed in footnotes below the table.
Extra steps are required for configuring Azure Information Protection for GCC High and DoD customers. For more information, see the Azure Information Protection Premium Government Service Description.
| Feature/Service | Azure | Azure Government |
|---|---|---|
| Azure Information Protection scanner 1 | ||
| - Office 365 GCC | GA | - |
| - Office 365 GCC High | - | GA |
| - Office 365 DoD | - | GA |
| Administration | ||
| Azure Information Protection portal for scanner administration | ||
| - Office 365 GCC | GA | - |
| - Office 365 GCC High | - | GA |
| - Office 365 DoD | - | GA |
| Classification and labeling 2 | ||
| AIP scanner to apply a default label to all files in an on-premises file server / repository | ||
| - Office 365 GCC | GA | - |
| - Office 365 GCC High | - | GA |
| - Office 365 DoD | - | GA |
| AIP scanner for automated classification, labeling, and protection of supported on-premises files | ||
| - Office 365 GCC | GA | - |
| - Office 365 GCC High | - | GA |
| - Office 365 DoD | - | GA |
1 The scanner can function without Office 365 to scan files only. The scanner cannot apply labels to files without Office 365.
2 The classification and labeling add-in is only supported for government customers with Microsoft 365 Apps (version 9126.1001 or higher), including Professional Plus (ProPlus) and Click-to-Run (C2R) versions. Office 2010, Office 2013, and other Office 2016 versions are not supported.
Office 365 features
3 The Mobile Device Extension for AD RMS is currently not available for government customers.
4 Information Rights Management with SharePoint Online (IRM-protected sites and libraries) is currently not available.
5 Information Rights Management (IRM) is supported only for Microsoft 365 Apps (version 9126.1001 or higher), including Professional Plus (ProPlus) and Click-to-Run (C2R) versions. Office 2010, Office 2013, and other Office 2016 versions are not supported.
6 Sharing of protected documents and emails from government clouds to users in the commercial cloud is not currently available. Includes Microsoft 365 Apps users in the commercial cloud, non-Microsoft 365 Apps users in the commercial cloud, and users with an RMS for Individuals license.
7 The number of Sensitive Information Types in your Microsoft Purview compliance portal may vary based on region.
Microsoft Defender for Cloud
Microsoft Defender for Cloud is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.
For more information, see the Microsoft Defender for Cloud product documentation.
The following table displays the current Defender for Cloud feature availability in Azure and Azure Government.
1 Partially GA: The ability to disable specific findings from vulnerability scans is in public preview.
2 Vulnerability scans of container registries on Azure Gov can only be performed with the scan on push feature.
3 Requires Microsoft Defender for container registries.
4 Partially GA: Support for Azure Arc-enabled clusters is in public preview and not available on Azure Government.
5 Requires Microsoft Defender for Kubernetes.
6 Partially GA: Some of the threat protection alerts from Microsoft Defender for Storage are in public preview.
7 These features all require Microsoft Defender for servers.
8 There may be differences in the standards offered per cloud type.
9 Partially GA: Support for Arc-enabled Kubernetes clusters (and therefore AWS EKS too) is in public preview and not available on Azure Government. Run-time visibility of vulnerabilities in container images is also a preview feature.
Microsoft Sentinel
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM), and security orchestration automated response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
For more information, see the Microsoft Sentinel product documentation.
The following tables display the current Microsoft Sentinel feature availability in Azure and Azure Government.
| Feature | Azure | Azure Government |
|---|---|---|
| Incidents | ||
| - Automation rules | Public Preview | Public Preview |
| - Cross-tenant/Cross-workspace incidents view | GA | GA |
| - Entity insights | GA | Public Preview |
| - SOC incident audit metrics | GA | GA |
| - Incident advanced search | GA | GA |
| - Microsoft 365 Defender incident integration | Public Preview | Public Preview |
| - Microsoft Teams integrations | Public Preview | Not Available |
| - Bring Your Own ML (BYO-ML) | Public Preview | Public Preview |
| - Search large datasets | Public Preview | Not Available |
| - Restore historical data | Public Preview | Not Available |
| Notebooks | ||
| - Notebooks | GA | GA |
| - Notebook integration with Azure Synapse | Public Preview | Not Available |
| Watchlists | ||
| - Watchlists | GA | GA |
| - Large watchlists from Azure Storage | Public Preview | Not Available |
| - Watchlist templates | Public Preview | Not Available |
| Hunting | ||
| - Hunting | GA | GA |
| Content and content management | ||
| - Content hub and solutions | Public preview | Public preview |
| - Repositories | Public preview | Not Available |
| Data collection | ||
| - Advanced SIEM Information Model (ASIM) | Public Preview | Not Available |
| Threat intelligence support | ||
| - Threat Intelligence - TAXII data connector | GA | GA |
| - Threat Intelligence Platform data connector | Public Preview | Not Available |
| - Threat Intelligence Research Blade | GA | GA |
| - Add indicators in bulk to threat intelligence by file | Public Preview | Not Available |
| - URL Detonation | Public Preview | Not Available |
| - Threat Intelligence workbook | GA | GA |
| - GeoLocation and WhoIs data enrichment | Public Preview | Not Available |
| - Threat intelligence matching analytics | Public Preview | Not Available |
| Detection support | ||
| - Fusion Advanced multistage attack detections 1 |
GA | GA |
| - Fusion detection for ransomware | Public Preview | Not Available |
| - Fusion for emerging threats | Public Preview | Not Available |
| - Anomalous Windows File Share Access Detection | Public Preview | Not Available |
| - Anomalous RDP Login Detection Built-in ML detection |
Public Preview | Not Available |
| - Anomalous SSH login detection Built-in ML detection |
Public Preview | Not Available |
| Domain solution content | ||
| - Apache Log4j Vulnerability Detection | Public Preview | Public Preview |
| - Cybersecurity Maturity Model Certification (CMMC) | Public Preview | Public Preview |
| - Microsoft Defender for IoT | Public Preview | Public Preview |
| - Maturity Model for Event Log Management M2131 | Public Preview | Public Preview |
| - Microsoft Insider Risk Management (IRM) | Public Preview | Public Preview |
| - Microsoft Sentinel Deception | Public Preview | Public Preview |
| - Zero Trust (TIC3.0) | Public Preview | Public Preview |
| Azure service connectors | ||
| - Azure Activity Logs | GA | GA |
| - Azure Active Directory | GA | GA |
| - Azure ADIP | GA | GA |
| - Azure DDoS Protection | GA | GA |
| - Microsoft Purview | Public Preview | Not Available |
| - Microsoft Defender for Cloud | GA | GA |
| - Microsoft Defender for IoT | GA | GA |
| - Microsoft Insider Risk Management | Public Preview | Not Available |
| - Azure Firewall | GA | GA |
| - Azure Information Protection | Public Preview | Not Available |
| - Azure Key Vault | Public Preview | Not Available |
| - Azure Kubernetes Services (AKS) | Public Preview | Not Available |
| - Azure SQL Databases | GA | GA |
| - Azure WAF | GA | GA |
| - Microsoft Defender for Cloud | GA | GA |
| - Microsoft Insider Risk Management | Public Preview | Not Available |
| Windows connectors | ||
| - Windows Firewall | GA | GA |
| - Windows Security Events | GA | GA |
| External connectors | ||
| - Agari Phishing Defense and Brand Protection | Public Preview | Public Preview |
| - AI Analyst Darktrace | Public Preview | Public Preview |
| - AI Vectra Detect | Public Preview | Public Preview |
| - Akamai Security Events | Public Preview | Public Preview |
| - Alcide kAudit | Public Preview | Not Available |
| - Alsid for Active Directory | Public Preview | Not Available |
| - Apache HTTP Server | Public Preview | Not Available |
| - Arista Networks | Public Preview | Not Available |
| - Armorblox | Public Preview | Not Available |
| - Aruba ClearPass | Public Preview | Public Preview |
| - AWS | GA | GA |
| - Barracuda CloudGen Firewall | GA | GA |
| - Barracuda Web App Firewall | GA | GA |
| - BETTER Mobile Threat Defense MTD | Public Preview | Not Available |
| - Beyond Security beSECURE | Public Preview | Not Available |
| - Blackberry CylancePROTECT | Public Preview | Public Preview |
| - Box | Public Preview | Not Available |
| - Broadcom Symantec DLP | Public Preview | Public Preview |
| - Check Point | GA | GA |
| - Cisco ACI | Public Preview | Not Available |
| - Cisco ASA | GA | GA |
| - Cisco Duo Security | Public Preview | Not Available |
| - Cisco ISE | Public Preview | Not Available |
| - Cisco Meraki | Public Preview | Public Preview |
| - Cisco Secure Email Gateway / ESA | Public Preview | Not Available |
| - Cisco Umbrella | Public Preview | Public Preview |
| - Cisco UCS | Public Preview | Public Preview |
| - Cisco Firepower EStreamer | Public Preview | Public Preview |
| - Cisco Web Security Appliance (WSA) | Public Preview | Not Available |
| - Citrix Analytics WAF | GA | GA |
| - Cloudflare | Public Preview | Not Available |
| - Common Event Format (CEF) | GA | GA |
| - Contrast Security | Public Preview | Not Available |
| - CrowdStrike | Public Preview | Not Available |
| - CyberArk Enterprise Password Vault (EPV) Events | Public Preview | Public Preview |
| - Digital Guardian | Public Preview | Not Available |
| - ESET Enterprise Inspector | Public Preview | Not Available |
| - Eset Security Management Center | Public Preview | Not Available |
| - ExtraHop Reveal(x) | GA | GA |
| - F5 BIG-IP | GA | GA |
| - F5 Networks | GA | GA |
| - FireEye NX (Network Security) | Public Preview | Not Available |
| - Flare Systems Firework | Public Preview | Not Available |
| - Forcepoint NGFW | Public Preview | Public Preview |
| - Forcepoint CASB | Public Preview | Public Preview |
| - Forcepoint DLP | Public Preview | Not Available |
| - Forescout | Public Preview | Not Available |
| - ForgeRock Common Audit for CEF | Public Preview | Public Preview |
| - Fortinet | GA | GA |
| - Google Cloud Platform DNS | Public Preview | Not Available |
| - Google Cloud Platform | Public Preview | Not Available |
| - Google Workspace (G Suite) | Public Preview | Not Available |
| - Illusive Attack Management System | Public Preview | Public Preview |
| - Imperva WAF Gateway | Public Preview | Public Preview |
| - InfoBlox Cloud | Public Preview | Not Available |
| - Infoblox NIOS | Public Preview | Public Preview |
| - Juniper IDP | Public Preview | Not Available |
| - Juniper SRX | Public Preview | Public Preview |
| - Kaspersky AntiVirus | Public Preview | Not Available |
| - Lookout Mobile Threat Defense | Public Preview | Not Available |
| - McAfee ePolicy | Public Preview | Not Available |
| - McAfee Network Security Platform | Public Preview | Not Available |
| - Morphisec UTPP | Public Preview | Public Preview |
| - Netskope | Public Preview | Public Preview |
| - NXLog Windows DNS | Public Preview | Not Available |
| - NXLog LinuxAudit | Public Preview | Not Available |
| - Okta Single Sign On | Public Preview | Public Preview |
| - Onapsis Platform | Public Preview | Public Preview |
| - One Identity Safeguard | GA | GA |
| - Oracle Cloud Infrastructure | Public Preview | Not Available |
| - Oracle Database Audit | Public Preview | Not Available |
| - Orca Security Alerts | Public Preview | Not Available |
| - Palo Alto Networks | GA | GA |
| - Perimeter 81 Activity Logs | GA | Not Available |
| - Ping Identity | Public Preview | Not Available |
| - Proofpoint On Demand Email Security | Public Preview | Not Available |
| - Proofpoint TAP | Public Preview | Public Preview |
| - Pulse Connect Secure | Public Preview | Public Preview |
| - Qualys Vulnerability Management | Public Preview | Public Preview |
| - Rapid7 | Public Preview | Not Available |
| - RSA SecurID | Public Preview | Not Available |
| - Salesforce Service Cloud | Public Preview | Not Available |
| - SAP (Microsoft Sentinel Solution for SAP) | GA | GA |
| - Semperis | Public Preview | Not Available |
| - Senserva Pro | Public Preview | Not Available |
| - Slack Audit | Public Preview | Not Available |
| - SonicWall Firewall | Public Preview | Public Preview |
| - Sonrai Security | Public Preview | Not Available |
| - Sophos Cloud Optix | Public Preview | Not Available |
| - Sophos XG Firewall | Public Preview | Public Preview |
| - Squadra Technologies secRMM | GA | GA |
| - Squid Proxy | Public Preview | Not Available |
| - Symantec Integrated Cyber Defense Exchange | GA | GA |
| - Symantec ProxySG | Public Preview | Public Preview |
| - Symantec VIP | Public Preview | Public Preview |
| - Syslog | GA | GA |
| - Tenable | Public Preview | Not Available |
| - Thycotic Secret Server | Public Preview | Public Preview |
| - Trend Micro Deep Security | GA | GA |
| - Trend Micro TippingPoint | Public Preview | Public Preview |
| - Trend Micro XDR | Public Preview | Not Available |
| - Ubiquiti | Public Preview | Not Available |
| - vArmour | Public Preview | Not Available |
| - Vectra | Public Preview | Not Available |
| - VMware Carbon Black Endpoint Standard | Public Preview | Public Preview |
| - VMware ESXi | Public Preview | Public Preview |
| - WireX Network Forensics Platform | Public Preview | Public Preview |
| - Zeek Network (Corelight) | Public Preview | Not Available |
| - Zimperium Mobile Threat Defense | Public Preview | Not Available |
| - Zscaler | GA | GA |
1 SSH and RDP detections are not supported for sovereign clouds because the Databricks ML platform is not available.
Microsoft Purview Data Connectors
Office 365 GCC is paired with Azure Active Directory (Azure AD) in Azure. Office 365 GCC High and Office 365 DoD are paired with Azure AD in Azure Government.
Tip
Make sure to pay attention to the Azure environment to understand where interoperability is possible. In the following table, interoperability that is not possible is marked with a dash (-) to indicate that support is not relevant.
| Connector | Azure | Azure Government |
|---|---|---|
| Office IRM | ||
| - Office 365 GCC | Public Preview | - |
| - Office 365 GCC High | - | Not Available |
| - Office 365 DoD | - | Not Available |
| Dynamics365 | ||
| - Office 365 GCC | Public Preview | - |
| - Office 365 GCC High | - | Not Available |
| - Office 365 DoD | - | Not Available |
| Microsoft 365 Defender | ||
| - Office 365 GCC | Public Preview | - |
| - Office 365 GCC High | - | Public Preview |
| - Office 365 DoD | - | Public Preview |
| Microsoft Defender for Cloud Apps | ||
| - Office 365 GCC | GA | - |
| - Office 365 GCC High | - | GA |
| - Office 365 DoD | - | GA |
| Microsoft Defender for Cloud Apps Shadow IT logs |
||
| - Office 365 GCC | Public Preview | - |
| - Office 365 GCC High | - | Public Preview |
| - Office 365 DoD | - | Public Preview |
| Microsoft Defender for Cloud Apps Alerts |
||
| - Office 365 GCC | Public Preview | - |
| - Office 365 GCC High | - | Public Preview |
| - Office 365 DoD | - | Public Preview |
| Microsoft Defender for Endpoint | ||
| - Office 365 GCC | GA | - |
| - Office 365 GCC High | - | GA |
| - Office 365 DoD | - | GA |
| Microsoft Defender for Identity | ||
| - Office 365 GCC | Public Preview | - |
| - Office 365 GCC High | - | Not Available |
| - Office 365 DoD | - | Not Available |
| Microsoft Defender for Office 365 | ||
| - Office 365 GCC | Public Preview | - |
| - Office 365 GCC High | - | Not Available |
| - Office 365 DoD | - | Not Available |
| - Microsoft Power BI | ||
| - Office 365 GCC | Public Preview | - |
| - Office 365 GCC High | - | Not Available |
| - Office 365 DoD | - | Not Available |
| - Microsoft Project | ||
| - Office 365 GCC | Public Preview | - |
| - Office 365 GCC High | - | Not Available |
| - Office 365 DoD | - | Not Available |
| Office 365 | ||
| - Office 365 GCC | GA | - |
| - Office 365 GCC High | - | GA |
| - Office 365 DoD | - | GA |
| Teams | ||
| - Office 365 GCC | Public Preview | - |
| - Office 365 GCC High | - | Not Available |
| - Office 365 DoD | - | Not Available |
Microsoft Defender for IoT
Microsoft Defender for IoT lets you accelerate IoT/OT innovation with comprehensive security across all your IoT/OT devices. For end-user organizations, Microsoft Defender for IoT offers agentless, network-layer security that is rapidly deployed, works with diverse industrial equipment, and interoperates with Microsoft Sentinel and other SOC tools. Deploy on-premises or in Azure-connected environments. For IoT device builders, the Microsoft Defender for IoT security agents allow you to build security directly into your new IoT devices and Azure IoT projects. The micro agent has flexible deployment options, including the ability to deploy as a binary package or modify source code. And the micro agent is available for standard IoT operating systems like Linux and Azure RTOS. For more information, see the Microsoft Defender for IoT product documentation.
The following table displays the current Microsoft Defender for IoT feature availability in Azure, and Azure Government.
For organizations
| Feature | Azure | Azure Government |
|---|---|---|
| On-premises device discovery and inventory | GA | GA |
| Vulnerability management | GA | GA |
| Threat detection with IoT, and OT behavioral analytics | GA | GA |
| Manual and automatic threat intelligence updates | GA | GA |
| Unify IT, and OT security with SIEM, SOAR and XDR | ||
| Active Directory | GA | GA |
| ArcSight | GA | GA |
| ClearPass (Alerts & Inventory) | GA | GA |
| CyberArk PSM | GA | GA |
| GA | GA | |
| FortiGate | GA | GA |
| FortiSIEM | GA | GA |
| Microsoft Sentinel | GA | GA |
| NetWitness | GA | GA |
| Palo Alto NGFW | GA | GA |
| Palo Alto Panorama | GA | GA |
| ServiceNow (Alerts & Inventory) | GA | GA |
| SNMP MIB Monitoring | GA | GA |
| Splunk | GA | GA |
| SYSLOG Server (CEF format) | GA | GA |
| SYSLOG Server (LEEF format) | GA | GA |
| SYSLOG Server (Object) | GA | GA |
| SYSLOG Server (Text Message) | GA | GA |
| Web callback (Webhook) | GA | GA |
For device builders
| Feature | Azure | Azure Government |
|---|---|---|
| Micro agent for Azure RTOS | GA | GA |
| Configure Sentinel with Microsoft Defender for IoT | GA | GA |
| Standalone micro agent for Linux | ||
| Standalone agent binary installation | Public Preview | Public Preview |
Azure Attestation
Microsoft Azure Attestation is a unified solution for remotely verifying the trustworthiness of a platform and integrity of the binaries running inside it. The service receives evidence from the platform, validates it with security standards, evaluates it against configurable policies, and produces an attestation token for claims-based applications (e.g., relying parties, auditing authorities).
Azure Attestation is currently available in multiple regions across Azure public and Government clouds. In Azure Government, the service is available in preview status across US Gov Virginia and US Gov Arizona.
For more information, see Azure Attestation public documentation.
| Feature | Azure | Azure Government |
|---|---|---|
| Portal experience to perform control-plane and data-plane operations | GA | - |
| PowerShell experience to perform control-plane and data-plane operations | GA | GA |
| TLS 1.2 enforcement | GA | GA |
| BCDR support | GA | - |
| Service tag integration | GA | GA |
| Immutable log storage | GA | GA |
| Network isolation using private link | Public Preview | - |
| FedRAMP High certification | GA | - |
| Customer lockbox | GA | - |
Next steps
- Understand the shared responsibility model and which security tasks are handled by the cloud provider and which tasks are handled by you.
- Understand the Azure Government Cloud capabilities and the trustworthy design and security used to support compliance applicable to federal, state, and local government organizations and their partners.
- Understand the Office 365 Government plan.
- Understand compliance in Azure for legal and regulatory standards.
Feedback
Submit and view feedback for