Cloud feature availability for commercial and US Government customers

This article describes feature availability in the Microsoft Azure and Azure Government clouds for the following security services:

Note

Additional security services will be added to this article soon.

Azure Government

Azure Government uses the same underlying technologies as Azure (sometimes referred to as Azure Commercial or Azure Public), which includes the core components of Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Both Azure and Azure Government have comprehensive security controls in place, and the Microsoft commitment on the safeguarding of customer data.

Azure Government is a physically isolated cloud environment dedicated to US federal, state, local, and tribal governments, and their partners. Whereas both cloud environments are assessed and authorized at the FedRAMP High impact level, Azure Government provides an extra layer of protection to customers through contractual commitments regarding storage of customer data in the United States and limiting potential access to systems processing customer data to screened US persons. These commitments may be of interest to customers using the cloud to store or process data subject to US export control regulations such as the EAR, ITAR, and DoE 10 CFR Part 810.

For more information about Azure Government, see What is Azure Government?

Microsoft 365 integration

Integrations between products rely on interoperability between Azure and Office platforms. Offerings hosted in the Azure environment are accessible from the Microsoft 365 Enterprise and Microsoft 365 Government platforms. Office 365 and Office 365 GCC are paired with Azure Active Directory (Azure AD) in Azure. Office 365 GCC High and Office 365 DoD are paired with Azure AD in Azure Government.

The following diagram displays the hierarchy of Microsoft clouds and how they relate to each other.

Microsoft 365 cloud integration.

The Office 365 GCC environment helps customers comply with US government requirements, including FedRAMP High, CJIS, and IRS 1075. The Office 365 GCC High and DoD environments support customers who need compliance with DoD IL4/5, DFARS 7012, NIST 800-171, and ITAR.

For more information about Office 365 US Government environments, see:

The following sections identify when a service has an integration with Microsoft 365 and the feature availability for Office 365 GCC, Office 365 High, and Office 365 DoD.

Azure Information Protection

Azure Information Protection (AIP) is a cloud-based solution that enables organizations to discover, classify, and protect documents and emails by applying labels to content.

AIP is part of the Microsoft Purview Information Protection (MIP) solution, and extends the labeling and classification functionality provided by Microsoft 365.

For more information, see the Azure Information Protection product documentation.

  • Office 365 GCC is paired with Azure Active Directory (Azure AD) in Azure. Office 365 GCC High and Office 365 DoD are paired with Azure AD in Azure Government. Make sure to pay attention to the Azure environment to understand where interoperability is possible. In the following table, interoperability that is not possible is marked with a dash (-) to indicate that support is not relevant.

  • Extra configurations are required for GCC-High and DoD customers. For more information, see Azure Information Protection Premium Government Service Description.

Note

More details about support for government customers are listed in footnotes below the table.

Extra steps are required for configuring Azure Information Protection for GCC High and DoD customers. For more information, see the Azure Information Protection Premium Government Service Description.

Feature/Service Azure Azure Government
Azure Information Protection scanner 1
- Office 365 GCC GA -
- Office 365 GCC High - GA
- Office 365 DoD - GA
Administration
Azure Information Protection portal for scanner administration
- Office 365 GCC GA -
- Office 365 GCC High - GA
- Office 365 DoD - GA
Classification and labeling 2
AIP scanner to apply a default label to all files in an on-premises file server / repository
- Office 365 GCC GA -
- Office 365 GCC High - GA
- Office 365 DoD - GA
AIP scanner for automated classification, labeling, and protection of supported on-premises files
- Office 365 GCC GA -
- Office 365 GCC High - GA
- Office 365 DoD - GA

1 The scanner can function without Office 365 to scan files only. The scanner cannot apply labels to files without Office 365.

2 The classification and labeling add-in is only supported for government customers with Microsoft 365 Apps (version 9126.1001 or higher), including Professional Plus (ProPlus) and Click-to-Run (C2R) versions. Office 2010, Office 2013, and other Office 2016 versions are not supported.

Office 365 features

Feature/Service Office 365 GCC Office 365 GCC High Office 365 DoD
Administration
- PowerShell for RMS service administration GA GA GA
- PowerShell for AIP UL client bulk operations
SDK
- MIP and AIP Software Development Kit (SDK) GA GA GA
Customizations
- Document tracking and revocation GA Not available Not available
Key management
- Bring Your Own Key (BYOK) GA GA GA
- Double Key Encryption (DKE) GA GA GA
Office files 3
- Protection for Microsoft Exchange Online, Microsoft SharePoint Online, and Microsoft OneDrive for Business GA GA 4 GA 4
- Protection for on-premises Exchange and SharePoint content via the Rights Management connector GA 5 Not available Not available
- Office 365 Message Encryption GA GA GA
- Set labels to automatically apply pre-configured M/MIME protection in Outlook GA GA GA
- Control oversharing of information when using Outlook GA GA 6 GA 6
Classification and labeling 2 / 7
- Custom templates, including departmental templates GA GA GA
- Manual, default, and mandatory document classification GA GA GA
- Configure conditions for automatic and recommended classification GA GA GA
- Protection for non-Microsoft Office file formats, including PTXT, PJPG, and PFILE (generic protection) GA GA GA

3 The Mobile Device Extension for AD RMS is currently not available for government customers.

4 Information Rights Management with SharePoint Online (IRM-protected sites and libraries) is currently not available.

5 Information Rights Management (IRM) is supported only for Microsoft 365 Apps (version 9126.1001 or higher), including Professional Plus (ProPlus) and Click-to-Run (C2R) versions. Office 2010, Office 2013, and other Office 2016 versions are not supported.

6 Sharing of protected documents and emails from government clouds to users in the commercial cloud is not currently available. Includes Microsoft 365 Apps users in the commercial cloud, non-Microsoft 365 Apps users in the commercial cloud, and users with an RMS for Individuals license.

7 The number of Sensitive Information Types in your Microsoft Purview compliance portal may vary based on region.

Microsoft Defender for Cloud

Microsoft Defender for Cloud is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.

For more information, see the Microsoft Defender for Cloud product documentation.

The following table displays the current Defender for Cloud feature availability in Azure and Azure Government.

Feature/Service Azure Azure Government
Microsoft Defender for Cloud free features
  • Continuous export
  • GA GA
  • Workflow automation
  • GA GA
  • Recommendation exemption rules
  • Public Preview Not Available
  • Alert suppression rules
  • GA GA
  • Email notifications for security alerts
  • GA GA
  • Auto provisioning for agents and extensions
  • GA GA
  • Asset inventory
  • GA GA
  • Azure Monitor Workbooks reports in Microsoft Defender for Cloud's workbooks gallery
  • GA GA
  • Integration with Microsoft Defender for Cloud Apps
  • GA Not Available
    Microsoft Defender plans and extensions
  • Microsoft Defender for servers
  • GA GA
  • Microsoft Defender for App Service
  • GA Not Available
  • Microsoft Defender for DNS
  • GA GA
  • Microsoft Defender for Containers 9
  • GA GA
  • Microsoft Defender for container registries 1 (deprecated)
  • GA GA 2
  • Microsoft Defender for container registries scanning of images in CI/CD workflows 3
  • Public Preview Not Available
  • Microsoft Defender for Kubernetes 4 (deprecated)
  • GA GA
  • Defender extension for Arc-enabled Kubernetes, Servers, or Data services 5
  • Public Preview Not Available
  • Microsoft Defender for Azure SQL database servers
  • GA GA
  • Microsoft Defender for SQL servers on machines
  • GA GA
  • Microsoft Defender for open-source relational databases
  • GA Not Available
  • Microsoft Defender for Key Vault
  • GA Not Available
  • Microsoft Defender for Resource Manager
  • GA GA
  • Microsoft Defender for Storage 6
  • GA GA
  • Microsoft Defender for Azure Cosmos DB
  • GA Not Available
  • Kubernetes workload protection
  • GA GA
  • Bi-directional alert synchronization with Microsoft Sentinel
  • Public Preview Public Preview
    Microsoft Defender for servers features 7
  • Just-in-time VM access
  • GA GA
  • File integrity monitoring
  • GA GA
  • Adaptive application controls
  • GA GA
  • Adaptive network hardening
  • GA Not Available
  • Docker host hardening
  • GA GA
  • Integrated vulnerability assessment for machines
  • GA Not Available
  • Regulatory compliance dashboard & reports 8
  • GA GA
  • Microsoft Defender for Endpoint deployment and integrated license
  • GA GA
  • Connect AWS account
  • GA Not Available
  • Connect GCP account
  • GA Not Available

    1 Partially GA: The ability to disable specific findings from vulnerability scans is in public preview.

    2 Vulnerability scans of container registries on Azure Gov can only be performed with the scan on push feature.

    3 Requires Microsoft Defender for container registries.

    4 Partially GA: Support for Azure Arc-enabled clusters is in public preview and not available on Azure Government.

    5 Requires Microsoft Defender for Kubernetes.

    6 Partially GA: Some of the threat protection alerts from Microsoft Defender for Storage are in public preview.

    7 These features all require Microsoft Defender for servers.

    8 There may be differences in the standards offered per cloud type.

    9 Partially GA: Support for Arc-enabled Kubernetes clusters (and therefore AWS EKS too) is in public preview and not available on Azure Government. Run-time visibility of vulnerabilities in container images is also a preview feature.

    Microsoft Sentinel

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM), and security orchestration automated response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

    For more information, see the Microsoft Sentinel product documentation.

    The following tables display the current Microsoft Sentinel feature availability in Azure and Azure Government.

    Feature Azure Azure Government
    Incidents
    - Automation rules Public Preview Public Preview
    - Cross-tenant/Cross-workspace incidents view GA GA
    - Entity insights GA Public Preview
    - SOC incident audit metrics GA GA
    - Incident advanced search GA GA
    - Microsoft 365 Defender incident integration Public Preview Public Preview
    - Microsoft Teams integrations Public Preview Not Available
    - Bring Your Own ML (BYO-ML) Public Preview Public Preview
    - Search large datasets Public Preview Not Available
    - Restore historical data Public Preview Not Available
    Notebooks
    - Notebooks GA GA
    - Notebook integration with Azure Synapse Public Preview Not Available
    Watchlists
    - Watchlists GA GA
    - Large watchlists from Azure Storage Public Preview Not Available
    - Watchlist templates Public Preview Not Available
    Hunting
    - Hunting GA GA
    Content and content management
    - Content hub and solutions Public preview Public preview
    - Repositories Public preview Not Available
    Data collection
    - Advanced SIEM Information Model (ASIM) Public Preview Not Available
    Threat intelligence support
    - Threat Intelligence - TAXII data connector GA GA
    - Threat Intelligence Platform data connector Public Preview Not Available
    - Threat Intelligence Research Blade GA GA
    - Add indicators in bulk to threat intelligence by file Public Preview Not Available
    - URL Detonation Public Preview Not Available
    - Threat Intelligence workbook GA GA
    - GeoLocation and WhoIs data enrichment Public Preview Not Available
    - Threat intelligence matching analytics Public Preview Not Available
    Detection support
    - Fusion
    Advanced multistage attack detections 1
    GA GA
    - Fusion detection for ransomware Public Preview Not Available
    - Fusion for emerging threats Public Preview Not Available
    - Anomalous Windows File Share Access Detection Public Preview Not Available
    - Anomalous RDP Login Detection
    Built-in ML detection
    Public Preview Not Available
    - Anomalous SSH login detection
    Built-in ML detection
    Public Preview Not Available
    Domain solution content
    - Apache Log4j Vulnerability Detection Public Preview Public Preview
    - Cybersecurity Maturity Model Certification (CMMC) Public Preview Public Preview
    - Microsoft Defender for IoT Public Preview Public Preview
    - Maturity Model for Event Log Management M2131 Public Preview Public Preview
    - Microsoft Insider Risk Management (IRM) Public Preview Public Preview
    - Microsoft Sentinel Deception Public Preview Public Preview
    - Zero Trust (TIC3.0) Public Preview Public Preview
    Azure service connectors
    - Azure Activity Logs GA GA
    - Azure Active Directory GA GA
    - Azure ADIP GA GA
    - Azure DDoS Protection GA GA
    - Microsoft Purview Public Preview Not Available
    - Microsoft Defender for Cloud GA GA
    - Microsoft Defender for IoT GA GA
    - Microsoft Insider Risk Management Public Preview Not Available
    - Azure Firewall GA GA
    - Azure Information Protection Public Preview Not Available
    - Azure Key Vault Public Preview Not Available
    - Azure Kubernetes Services (AKS) Public Preview Not Available
    - Azure SQL Databases GA GA
    - Azure WAF GA GA
    - Microsoft Defender for Cloud GA GA
    - Microsoft Insider Risk Management Public Preview Not Available
    Windows connectors
    - Windows Firewall GA GA
    - Windows Security Events GA GA
    External connectors
    - Agari Phishing Defense and Brand Protection Public Preview Public Preview
    - AI Analyst Darktrace Public Preview Public Preview
    - AI Vectra Detect Public Preview Public Preview
    - Akamai Security Events Public Preview Public Preview
    - Alcide kAudit Public Preview Not Available
    - Alsid for Active Directory Public Preview Not Available
    - Apache HTTP Server Public Preview Not Available
    - Arista Networks Public Preview Not Available
    - Armorblox Public Preview Not Available
    - Aruba ClearPass Public Preview Public Preview
    - AWS GA GA
    - Barracuda CloudGen Firewall GA GA
    - Barracuda Web App Firewall GA GA
    - BETTER Mobile Threat Defense MTD Public Preview Not Available
    - Beyond Security beSECURE Public Preview Not Available
    - Blackberry CylancePROTECT Public Preview Public Preview
    - Box Public Preview Not Available
    - Broadcom Symantec DLP Public Preview Public Preview
    - Check Point GA GA
    - Cisco ACI Public Preview Not Available
    - Cisco ASA GA GA
    - Cisco Duo Security Public Preview Not Available
    - Cisco ISE Public Preview Not Available
    - Cisco Meraki Public Preview Public Preview
    - Cisco Secure Email Gateway / ESA Public Preview Not Available
    - Cisco Umbrella Public Preview Public Preview
    - Cisco UCS Public Preview Public Preview
    - Cisco Firepower EStreamer Public Preview Public Preview
    - Cisco Web Security Appliance (WSA) Public Preview Not Available
    - Citrix Analytics WAF GA GA
    - Cloudflare Public Preview Not Available
    - Common Event Format (CEF) GA GA
    - Contrast Security Public Preview Not Available
    - CrowdStrike Public Preview Not Available
    - CyberArk Enterprise Password Vault (EPV) Events Public Preview Public Preview
    - Digital Guardian Public Preview Not Available
    - ESET Enterprise Inspector Public Preview Not Available
    - Eset Security Management Center Public Preview Not Available
    - ExtraHop Reveal(x) GA GA
    - F5 BIG-IP GA GA
    - F5 Networks GA GA
    - FireEye NX (Network Security) Public Preview Not Available
    - Flare Systems Firework Public Preview Not Available
    - Forcepoint NGFW Public Preview Public Preview
    - Forcepoint CASB Public Preview Public Preview
    - Forcepoint DLP Public Preview Not Available
    - Forescout Public Preview Not Available
    - ForgeRock Common Audit for CEF Public Preview Public Preview
    - Fortinet GA GA
    - Google Cloud Platform DNS Public Preview Not Available
    - Google Cloud Platform Public Preview Not Available
    - Google Workspace (G Suite) Public Preview Not Available
    - Illusive Attack Management System Public Preview Public Preview
    - Imperva WAF Gateway Public Preview Public Preview
    - InfoBlox Cloud Public Preview Not Available
    - Infoblox NIOS Public Preview Public Preview
    - Juniper IDP Public Preview Not Available
    - Juniper SRX Public Preview Public Preview
    - Kaspersky AntiVirus Public Preview Not Available
    - Lookout Mobile Threat Defense Public Preview Not Available
    - McAfee ePolicy Public Preview Not Available
    - McAfee Network Security Platform Public Preview Not Available
    - Morphisec UTPP Public Preview Public Preview
    - Netskope Public Preview Public Preview
    - NXLog Windows DNS Public Preview Not Available
    - NXLog LinuxAudit Public Preview Not Available
    - Okta Single Sign On Public Preview Public Preview
    - Onapsis Platform Public Preview Public Preview
    - One Identity Safeguard GA GA
    - Oracle Cloud Infrastructure Public Preview Not Available
    - Oracle Database Audit Public Preview Not Available
    - Orca Security Alerts Public Preview Not Available
    - Palo Alto Networks GA GA
    - Perimeter 81 Activity Logs GA Not Available
    - Ping Identity Public Preview Not Available
    - Proofpoint On Demand Email Security Public Preview Not Available
    - Proofpoint TAP Public Preview Public Preview
    - Pulse Connect Secure Public Preview Public Preview
    - Qualys Vulnerability Management Public Preview Public Preview
    - Rapid7 Public Preview Not Available
    - RSA SecurID Public Preview Not Available
    - Salesforce Service Cloud Public Preview Not Available
    - SAP (Microsoft Sentinel Solution for SAP) GA GA
    - Semperis Public Preview Not Available
    - Senserva Pro Public Preview Not Available
    - Slack Audit Public Preview Not Available
    - SonicWall Firewall Public Preview Public Preview
    - Sonrai Security Public Preview Not Available
    - Sophos Cloud Optix Public Preview Not Available
    - Sophos XG Firewall Public Preview Public Preview
    - Squadra Technologies secRMM GA GA
    - Squid Proxy Public Preview Not Available
    - Symantec Integrated Cyber Defense Exchange GA GA
    - Symantec ProxySG Public Preview Public Preview
    - Symantec VIP Public Preview Public Preview
    - Syslog GA GA
    - Tenable Public Preview Not Available
    - Thycotic Secret Server Public Preview Public Preview
    - Trend Micro Deep Security GA GA
    - Trend Micro TippingPoint Public Preview Public Preview
    - Trend Micro XDR Public Preview Not Available
    - Ubiquiti Public Preview Not Available
    - vArmour Public Preview Not Available
    - Vectra Public Preview Not Available
    - VMware Carbon Black Endpoint Standard Public Preview Public Preview
    - VMware ESXi Public Preview Public Preview
    - WireX Network Forensics Platform Public Preview Public Preview
    - Zeek Network (Corelight) Public Preview Not Available
    - Zimperium Mobile Threat Defense Public Preview Not Available
    - Zscaler GA GA

    1 SSH and RDP detections are not supported for sovereign clouds because the Databricks ML platform is not available.

    Microsoft Purview Data Connectors

    Office 365 GCC is paired with Azure Active Directory (Azure AD) in Azure. Office 365 GCC High and Office 365 DoD are paired with Azure AD in Azure Government.

    Tip

    Make sure to pay attention to the Azure environment to understand where interoperability is possible. In the following table, interoperability that is not possible is marked with a dash (-) to indicate that support is not relevant.

    Connector Azure Azure Government
    Office IRM
    - Office 365 GCC Public Preview -
    - Office 365 GCC High - Not Available
    - Office 365 DoD - Not Available
    Dynamics365
    - Office 365 GCC Public Preview -
    - Office 365 GCC High - Not Available
    - Office 365 DoD - Not Available
    Microsoft 365 Defender
    - Office 365 GCC Public Preview -
    - Office 365 GCC High - Public Preview
    - Office 365 DoD - Public Preview
    Microsoft Defender for Cloud Apps
    - Office 365 GCC GA -
    - Office 365 GCC High - GA
    - Office 365 DoD - GA
    Microsoft Defender for Cloud Apps
    Shadow IT logs
    - Office 365 GCC Public Preview -
    - Office 365 GCC High - Public Preview
    - Office 365 DoD - Public Preview
    Microsoft Defender for Cloud Apps
    Alerts
    - Office 365 GCC Public Preview -
    - Office 365 GCC High - Public Preview
    - Office 365 DoD - Public Preview
    Microsoft Defender for Endpoint
    - Office 365 GCC GA -
    - Office 365 GCC High - GA
    - Office 365 DoD - GA
    Microsoft Defender for Identity
    - Office 365 GCC Public Preview -
    - Office 365 GCC High - Not Available
    - Office 365 DoD - Not Available
    Microsoft Defender for Office 365
    - Office 365 GCC Public Preview -
    - Office 365 GCC High - Not Available
    - Office 365 DoD - Not Available
    - Microsoft Power BI
    - Office 365 GCC Public Preview -
    - Office 365 GCC High - Not Available
    - Office 365 DoD - Not Available
    - Microsoft Project
    - Office 365 GCC Public Preview -
    - Office 365 GCC High - Not Available
    - Office 365 DoD - Not Available
    Office 365
    - Office 365 GCC GA -
    - Office 365 GCC High - GA
    - Office 365 DoD - GA
    Teams
    - Office 365 GCC Public Preview -
    - Office 365 GCC High - Not Available
    - Office 365 DoD - Not Available

    Microsoft Defender for IoT

    Microsoft Defender for IoT lets you accelerate IoT/OT innovation with comprehensive security across all your IoT/OT devices. For end-user organizations, Microsoft Defender for IoT offers agentless, network-layer security that is rapidly deployed, works with diverse industrial equipment, and interoperates with Microsoft Sentinel and other SOC tools. Deploy on-premises or in Azure-connected environments. For IoT device builders, the Microsoft Defender for IoT security agents allow you to build security directly into your new IoT devices and Azure IoT projects. The micro agent has flexible deployment options, including the ability to deploy as a binary package or modify source code. And the micro agent is available for standard IoT operating systems like Linux and Azure RTOS. For more information, see the Microsoft Defender for IoT product documentation.

    The following table displays the current Microsoft Defender for IoT feature availability in Azure, and Azure Government.

    For organizations

    Feature Azure Azure Government
    On-premises device discovery and inventory GA GA
    Vulnerability management GA GA
    Threat detection with IoT, and OT behavioral analytics GA GA
    Manual and automatic threat intelligence updates GA GA
    Unify IT, and OT security with SIEM, SOAR and XDR
    Active Directory GA GA
    ArcSight GA GA
    ClearPass (Alerts & Inventory) GA GA
    CyberArk PSM GA GA
    Email GA GA
    FortiGate GA GA
    FortiSIEM GA GA
    Microsoft Sentinel GA GA
    NetWitness GA GA
    Palo Alto NGFW GA GA
    Palo Alto Panorama GA GA
    ServiceNow (Alerts & Inventory) GA GA
    SNMP MIB Monitoring GA GA
    Splunk GA GA
    SYSLOG Server (CEF format) GA GA
    SYSLOG Server (LEEF format) GA GA
    SYSLOG Server (Object) GA GA
    SYSLOG Server (Text Message) GA GA
    Web callback (Webhook) GA GA

    For device builders

    Feature Azure Azure Government
    Micro agent for Azure RTOS GA GA
    Configure Sentinel with Microsoft Defender for IoT GA GA
    Standalone micro agent for Linux
    Standalone agent binary installation Public Preview Public Preview

    Azure Attestation

    Microsoft Azure Attestation is a unified solution for remotely verifying the trustworthiness of a platform and integrity of the binaries running inside it. The service receives evidence from the platform, validates it with security standards, evaluates it against configurable policies, and produces an attestation token for claims-based applications (e.g., relying parties, auditing authorities).

    Azure Attestation is currently available in multiple regions across Azure public and Government clouds. In Azure Government, the service is available in preview status across US Gov Virginia and US Gov Arizona.

    For more information, see Azure Attestation public documentation.

    Feature Azure Azure Government
    Portal experience to perform control-plane and data-plane operations GA -
    PowerShell experience to perform control-plane and data-plane operations GA GA
    TLS 1.2 enforcement GA GA
    BCDR support GA -
    Service tag integration GA GA
    Immutable log storage GA GA
    Network isolation using private link Public Preview -
    FedRAMP High certification GA -
    Customer lockbox GA -

    Next steps

    • Understand the shared responsibility model and which security tasks are handled by the cloud provider and which tasks are handled by you.
    • Understand the Azure Government Cloud capabilities and the trustworthy design and security used to support compliance applicable to federal, state, and local government organizations and their partners.
    • Understand the Office 365 Government plan.
    • Understand compliance in Azure for legal and regulatory standards.