Microsoft Defender XDR for US Government customers
- Microsoft Defender XDR
Microsoft Defender XDR for US Government customers, built in the Azure US Government environment, uses the same underlying technologies as Microsoft Defender XDR in Azure Commercial.
This offering is available to GCC, GCC High, and DoD customers and is based on the same prevention, detection, investigation, and remediation as the commercial version. However, there are some differences in the availability of capabilities for this offering.
If you are a GCC customer using Defender for Cloud Apps, Defender for Endpoint, or Defender for Identity in Commercial, you need to transition those services to their GCC versions to be eligible for Microsoft Defender XDR GCC.
Microsoft Defender XDR for US Government customers requires one of the following Microsoft volume licensing offers:
|Microsoft 365 GCC G5||Microsoft 365 E5 for GCC High||Microsoft 365 G5 for DOD|
|Microsoft 365 G5 Security GCC||Microsoft 365 G5 Security for GCC High||Microsoft 365 G5 Security for DOD|
|Enterprise Mobility + Security G5 GCC||Enterprise Mobility + Security E5 for GCC High||Enterprise Mobility + Security E5 for DOD|
|Office 365 G5 GCC||Office 365 E5 for GCC High||Office 365 E5 for DOD|
|Microsoft Defender for Cloud Apps GCC||Microsoft Defender for Cloud Apps for GCC High||Microsoft Defender for Cloud Apps for DOD|
|Microsoft Defender for Endpoint - GCC||Microsoft Defender for Endpoint for GCC High||Microsoft Defender for Endpoint for DOD|
|Microsoft Defender for Identity - GCC||Microsoft Defender for Identity for GCC High||Microsoft Defender for Identity for DOD|
|Microsoft Defender for Office 365 (Plan 2) GCC||Microsoft Defender for Office 365 (Plan 2) for GCC High||Microsoft Defender for Office 365 (Plan 2) for DOD|
|Windows 10 Enterprise E5 GCC||Windows 10 Enterprise E5 for GCC High||Windows 10 Enterprise E5 for DOD|
|Microsoft Defender for Endpoint Server GCC||Microsoft Defender for Endpoint Server for GCC High||Microsoft Defender for Endpoint Server for DOD|
|Microsoft Defender for servers||Microsoft Defender for servers - Government||Microsoft Defender for servers - Government|
The following are the Microsoft Defender portal URLs for US Government customers:
|Customer type||Portal URL|
If you are a GCC customer and in the process of moving from Microsoft Defender for Endpoint commercial to GCC, use https://transition.security.microsoft.com to access your Microsoft Defender for Endpoint commercial data.
Instead of the public URIs listed in our API documentation, you'll need to use the following URIs:
|Endpoint type||GCC||GCC High & DoD|
|Microsoft Defender XDR API||
Feature parity with commercial
Microsoft Defender XDR for US Government customers doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight.
These are the known gaps:
|Feature name||GCC||GCC High||DoD|
|Microsoft Threat Experts||On engineering backlog||On engineering backlog||On engineering backlog|
For detailed list of Event Streaming API tables, see Microsoft Defender XDR streaming event types supported in Event Streaming API.
For more information, see the individual workloads US Gov pages:
- Microsoft Defender for Cloud Apps.
- Microsoft Defender for Identity.
- Microsoft Defender for Endpoint.
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.