Azure, Dynamics 365, Microsoft 365, and Power Platform services compliance scope

Microsoft Azure cloud environments meet demanding US government compliance requirements that produce formal authorizations, including:

• Federal Risk and Authorization Management Program (FedRAMP)
• Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) Impact Level (IL) 2, 4, 5, and 6
• Intelligence Community Directive (ICD) 503
• Joint Special Access Program (SAP) Implementation Guide (JSIG)

Azure (also known as Azure Commercial, Azure Public, or Azure Global) maintains the following authorizations that pertain to all Azure public regions in the United States:

• FedRAMP High Provisional Authorization to Operate (P-ATO) issued by the FedRAMP Joint Authorization Board (JAB)
• DoD IL2 Provisional Authorization (PA) issued by the Defense Information Systems Agency (DISA)

Azure Government maintains the following authorizations that pertain to Azure Government regions US Gov Arizona, US Gov Texas, and US Gov Virginia (US Gov regions):

• FedRAMP High P-ATO issued by the JAB
• DoD IL2 PA issued by DISA
• DoD IL4 PA issued by DISA
• DoD IL5 PA issued by DISA

For current Azure Government regions and available services, see Products available by region.

Note

• Some Azure services deployed in Azure Government regions US Gov Arizona, US Gov Texas, and US Gov Virginia (US Gov regions) require extra configuration to meet DoD IL5 compute and storage isolation requirements, as explained in Isolation guidelines for Impact Level 5 workloads.
• For DoD IL5 PA compliance scope in Azure Government regions US DoD Central and US DoD East (US DoD regions), see US DoD regions IL5 audit scope.

Azure Government Secret maintains:

• DoD IL6 PA issued by DISA
• JSIG PL3 ATO (for authorization details, contact your Microsoft account representative)

Azure Government Top Secret maintains:

• ICD 503 ATO with facilities at ICD 705 (for authorization details, contact your Microsoft account representative)
• JSIG PL3 ATO (for authorization details, contact your Microsoft account representative)

This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and Power Platform cloud services in scope for FedRAMP High, DoD IL2, DoD IL4, DoD IL5, and DoD IL6 authorizations across Azure, Azure Government, and Azure Government Secret cloud environments. For other authorization details in Azure Government Secret and Azure Government Top Secret, contact your Microsoft account representative.

Azure public services by audit scope

Last updated: November 2023

Terminology used

• FedRAMP High = FedRAMP High Provisional Authorization to Operate (P-ATO) in Azure
• DoD IL2 = DoD SRG Impact Level 2 Provisional Authorization (PA) in Azure
• ✅ = service is included in audit scope and has been authorized

Service	FedRAMP High	DoD IL2
Advisor	✅	✅
AI Builder	✅	✅
Analysis Services	✅	✅
API Management	✅	✅
App Configuration	✅	✅
App Service	✅	✅
Application Gateway	✅	✅
Automation	✅	✅
Microsoft Entra ID (Free)	✅	✅
Microsoft Entra ID (P1 + P2)	✅	✅
Azure Active Directory B2C	✅	✅
Microsoft Entra Domain Services	✅	✅
Microsoft Entra provisioning service	✅	✅
Microsoft Entra multifactor authentication	✅	✅
Azure API for FHIR	✅	✅
Service	FedRAMP High	DoD IL2
Azure Arc-enabled servers	✅	✅
Azure Arc-enabled Kubernetes	✅	✅
Azure Cache for Redis	✅	✅
Azure Cosmos DB	✅	✅
Azure Container Apps	✅	✅
Azure Database for MariaDB	✅	✅
Azure Database for MySQL	✅	✅
Azure Database for PostgreSQL	✅	✅
Azure Databricks **	✅	✅
Azure for Education	✅	✅
Azure Information Protection	✅	✅
Azure Kubernetes Service (AKS)	✅	✅
Azure Marketplace portal	✅	✅
Azure Maps	✅	✅
Azure Monitor (incl. Application Insights, Log Analytics, and Application Change Analysis)	✅	✅
Azure NetApp Files	✅	✅
Service	FedRAMP High	DoD IL2
Azure OpenAI	✅	✅
Azure Policy	✅	✅
Azure Policy's guest configuration	✅	✅
Azure Red Hat OpenShift	✅	✅
Azure Resource Manager	✅	✅
Azure Service Manager (RDFE)	✅	✅
Azure Sign-up portal	✅	✅
Azure Sphere	✅	✅
Azure Spring Apps	✅	✅
Azure Stack Edge (formerly Data Box Edge) *	✅	✅
Azure Stack HCI	✅	✅
Azure Static WebApps	✅	✅
Azure Video Indexer	✅	✅
Azure Virtual Desktop (formerly Windows Virtual Desktop)	✅	✅
Azure VMware Solution	✅	✅
Azure Web PubSub	✅	✅
Backup	✅	✅
Bastion	✅	✅
Service	FedRAMP High	DoD IL2
Batch	✅	✅
Blueprints	✅	✅
Bot Service	✅	✅
Cloud Services	✅	✅
Cloud Shell	✅	✅
Cognitive Search (formerly Azure Search)	✅	✅
Azure AI services: Anomaly Detector	✅	✅
Azure AI services: Computer Vision	✅	✅
Azure AI services: Content Moderator	✅	✅
Azure AI services: Containers	✅	✅
Azure AI services: Custom Vision	✅	✅
Azure AI services: Face	✅	✅
Azure AI Language Understanding (LUIS) (part of Azure AI Language)	✅	✅
Azure AI services: Personalizer	✅	✅
Azure AI services: QnA Maker (part of Azure AI Language)	✅	✅
Service	FedRAMP High	DoD IL2
Azure AI services: Speech	✅	✅
Azure AI services: Text Analytics (part of Azure AI Language)	✅	✅
Azure AI services: Translator	✅	✅
Container Instances	✅	✅
Container Registry	✅	✅
Content Delivery Network (CDN)	✅	✅
Cost Management and Billing	✅	✅
Customer Lockbox	✅	✅
Data Box *	✅	✅
Data Explorer	✅	✅
Data Factory	✅	✅
Data Share	✅	✅
Database Migration Service	✅	✅
Dataverse (incl. Azure Synapse Link for Dataverse)	✅	✅
DDoS Protection	✅	✅
Service	FedRAMP High	DoD IL2
Dedicated HSM	✅	✅
DevTest Labs	✅	✅
DNS	✅	✅
Dynamics 365 Chat (Omnichannel Engagement Hub)	✅	✅
Dynamics 365 Commerce	✅	✅
Dynamics 365 Customer Service	✅	✅
Dynamics 365 Field Service	✅	✅
Dynamics 365 Finance	✅	✅
Dynamics 365 Fraud Protection	✅	✅
Dynamics 365 Guides	✅	✅
Dynamics 365 Sales	✅	✅
Dynamics 365 Sales Professional	✅	✅
Dynamics 365 Supply Chain Management	✅	✅
Event Grid	✅	✅
Event Hubs	✅	✅
ExpressRoute	✅	✅
Service	FedRAMP High	DoD IL2
File Sync	✅	✅
Firewall	✅	✅
Firewall Manager	✅	✅
Azure AI Document Intelligence	✅	✅
Front Door	✅	✅
Functions	✅	✅
GitHub AE	✅	✅
Health Bot	✅	✅
HDInsight	✅	✅
HPC Cache	✅	✅
Immersive Reader	✅	✅
Import/Export	✅	✅
Internet Analyzer	✅	✅
IoT Hub	✅	✅
Key Vault	✅	✅
Service	FedRAMP High	DoD IL2
Lab Services	✅	✅
Lighthouse	✅	✅
Load Balancer	✅	✅
Logic Apps	✅	✅
Machine Learning	✅	✅
Managed Applications	✅	✅
Media Services	✅	✅
Metrics Advisor	✅	✅
Microsoft 365 Defender (formerly Microsoft Threat Protection)	✅	✅
Microsoft Azure Attestation	✅	✅
Microsoft Azure portal	✅	✅
Microsoft Defender for Cloud (formerly Azure Security Center)	✅	✅
Microsoft Defender for Cloud Apps (formerly Microsoft Cloud App Security)	✅	✅
Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection)	✅	✅
Microsoft Defender for Identity (formerly Azure Advanced Threat Protection)	✅	✅
Service	FedRAMP High	DoD IL2
Microsoft Defender for IoT (formerly Azure Security for IoT)	✅	✅
Microsoft Defender Vulnerability Management	✅	✅
Microsoft Graph	✅	✅
Microsoft Intune	✅	✅
Microsoft Purview (incl. Data Map, Data Estate Insights, and governance portal)	✅	✅
Microsoft Sentinel (formerly Azure Sentinel)	✅	✅
Microsoft Stream	✅	✅
Microsoft Threat Experts	✅	✅
Migrate	✅	✅
Network Watcher (incl. Traffic Analytics)	✅	✅
Notification Hubs	✅	✅
Open Datasets	✅	✅
Peering Service	✅	✅
Planned Maintenance for VMs	✅	✅
Power Apps	✅	✅
Power Apps Portal	✅	✅
Service	FedRAMP High	DoD IL2
Power Automate (formerly Microsoft Flow)	✅	✅
Power BI	✅	✅
Power BI Embedded	✅	✅
Power Data Integrator for Dataverse (formerly Dynamics 365 Integrator App)	✅	✅
Power Virtual Agents	✅	✅
Private Link	✅	✅
Public IP	✅	✅
Resource Graph	✅	✅
Resource Mover	✅	✅
Route Server	✅	✅
Scheduler (replaced by Logic Apps)	✅	✅
Service Bus	✅	✅
Service Fabric	✅	✅
Service Health	✅	✅
SignalR Service	✅	✅
Service	FedRAMP High	DoD IL2
Site Recovery	✅	✅
SQL Database	✅	✅
SQL Managed Instance	✅	✅
SQL Server Registry	✅	✅
SQL Server Stretch Database	✅	✅
Storage: Archive	✅	✅
Storage: Blobs (incl. Azure Data Lake Storage Gen2)	✅	✅
Storage: Disks (incl. managed disks)	✅	✅
Storage: Files	✅	✅
Storage: Queues	✅	✅
Storage: Tables	✅	✅
StorSimple	✅	✅
Stream Analytics	✅	✅
Synapse Analytics	✅	✅
Time Series Insights	✅	✅
Service	FedRAMP High	DoD IL2
Traffic Manager	✅	✅
Virtual Machine Scale Sets	✅	✅
Virtual Machines (incl. Reserved VM Instances)	✅	✅
Virtual Network	✅	✅
Virtual Network NAT	✅	✅
Virtual WAN	✅	✅
VM Image Builder	✅	✅
VPN Gateway	✅	✅
Web Application Firewall	✅	✅
Windows 10 IoT Core Services	✅	✅

* FedRAMP High authorization for edge devices (such as Azure Data Box and Azure Stack Edge) applies only to Azure services that support on-premises, customer-managed devices. For example, FedRAMP High authorization for Azure Data Box covers datacenter infrastructure services and Data Box pod and disk service, which are the online software components supporting your Data Box hardware appliance. You are wholly responsible for the authorization package that covers the physical devices. For assistance with accelerating your onboarding and authorization of devices, contact your Microsoft account representative.

** FedRAMP High authorization for Azure Databricks is applicable to limited regions in Azure. To configure Azure Databricks for FedRAMP High use, contact your Microsoft or Databricks representative.

Azure Government services by audit scope

Last updated: November 2023

Terminology used

• Azure Government = Azure Government regions US Gov Arizona, US Gov Texas, and US Gov Virginia (US Gov regions)
• FedRAMP High = FedRAMP High Provisional Authorization to Operate (P-ATO) in Azure Government
• DoD IL2 = DoD SRG Impact Level 2 Provisional Authorization (PA) in Azure Government
• DoD IL4 = DoD SRG Impact Level 4 Provisional Authorization (PA) in Azure Government
• DoD IL5 = DoD SRG Impact Level 5 Provisional Authorization (PA) in Azure Government
• DoD IL6 = DoD SRG Impact Level 6 Provisional Authorization (PA) in Azure Government Secret
• ✅ = service is included in audit scope and has been authorized

Note

• Some services deployed in Azure Government regions US Gov Arizona, US Gov Texas, and US Gov Virginia (US Gov regions) require extra configuration to meet DoD IL5 compute and storage isolation requirements, as explained in Isolation guidelines for Impact Level 5 workloads.
• For DoD IL5 PA compliance scope in Azure Government regions US DoD Central and US DoD East (US DoD regions), see US DoD regions IL5 audit scope.

Service	FedRAMP High	DoD IL2	DoD IL4	DoD IL5	DoD IL6
Advisor	✅	✅	✅	✅	✅
AI Builder	✅	✅	✅
Analysis Services	✅	✅	✅	✅
API Management	✅	✅	✅	✅	✅
App Configuration	✅	✅	✅	✅	✅
App Service	✅	✅	✅	✅	✅
Application Gateway	✅	✅	✅	✅	✅
Automation	✅	✅	✅	✅	✅
Microsoft Entra ID (Free)	✅	✅	✅	✅	✅
Microsoft Entra ID (P1 + P2)	✅	✅	✅	✅
Microsoft Entra Domain Services	✅	✅	✅	✅
Microsoft Entra multifactor authentication	✅	✅	✅	✅	✅
Azure API for FHIR	✅	✅	✅	✅
Azure Arc-enabled Kubernetes	✅	✅	✅	✅
Azure Arc-enabled servers	✅	✅	✅	✅
Service	FedRAMP High	DoD IL2	DoD IL4	DoD IL5	DoD IL6
Azure Cache for Redis	✅	✅	✅	✅	✅
Azure Cosmos DB	✅	✅	✅	✅	✅
Azure CXP Nomination Portal	✅	✅	✅	✅
Azure Database for MariaDB	✅	✅	✅	✅
Azure Database for MySQL	✅	✅	✅	✅
Azure Database for PostgreSQL	✅	✅	✅	✅
Azure Databricks	✅	✅	✅	✅
Azure Information Protection **	✅	✅	✅	✅	✅
Azure Kubernetes Service (AKS)	✅	✅	✅	✅	✅
Azure Maps	✅	✅	✅	✅
Azure Monitor (incl. Application Insights and Log Analytics)	✅	✅	✅	✅	✅
Azure NetApp Files	✅	✅	✅	✅
Azure Policy	✅	✅	✅	✅	✅
Azure Policy's guest configuration	✅	✅	✅	✅
Azure Red Hat OpenShift	✅	✅	✅
Service	FedRAMP High	DoD IL2	DoD IL4	DoD IL5	DoD IL6
Azure Resource Manager	✅	✅	✅	✅	✅
Azure Service Manager (RDFE)	✅	✅	✅	✅	✅
Azure Sign-up portal	✅	✅	✅	✅
Azure Stack Bridge	✅	✅	✅	✅	✅
Azure Stack Edge (formerly Data Box Edge) *	✅	✅	✅	✅	✅
Azure Stack HCI	✅	✅	✅
Azure Video Indexer	✅	✅	✅
Azure Virtual Desktop (formerly Windows Virtual Desktop)	✅	✅	✅	✅	✅
Azure VMware Solution	✅	✅
Backup	✅	✅	✅	✅	✅
Bastion	✅	✅	✅	✅
Batch	✅	✅	✅	✅	✅
Blueprints	✅	✅	✅	✅
Bot Service	✅	✅	✅	✅
Cloud Services	✅	✅	✅	✅	✅
Cloud Shell	✅	✅	✅	✅	✅
Service	FedRAMP High	DoD IL2	DoD IL4	DoD IL5	DoD IL6
Cognitive Search (formerly Azure Search)	✅	✅	✅	✅	✅
Azure AI services: Computer Vision	✅	✅	✅	✅
Azure AI services: Content Moderator	✅	✅	✅	✅
Azure AI containers	✅	✅	✅	✅
Azure AI services: Custom Vision	✅	✅	✅	✅
Azure AI services: Face	✅	✅	✅	✅
Azure AI services: LUIS (part of Azure AI Language)	✅	✅	✅	✅	✅
Azure AI services: Personalizer	✅	✅	✅	✅
Azure AI services: QnA Maker (part of Azure AI Language)	✅	✅	✅	✅
Azure AI Speech	✅	✅	✅	✅
Azure AI services: Text Analytics (part of Azure AI Language)	✅	✅	✅	✅
Azure AI services: Translator	✅	✅	✅	✅
Container Instances	✅	✅	✅	✅	✅
Container Registry	✅	✅	✅	✅	✅
Content Delivery Network (CDN)	✅	✅	✅	✅	✅
Service	FedRAMP High	DoD IL2	DoD IL4	DoD IL5	DoD IL6
Cost Management and Billing	✅	✅	✅	✅
Customer Lockbox	✅	✅	✅	✅
Data Box *	✅	✅	✅	✅	✅
Data Explorer	✅	✅	✅	✅	✅
Data Factory	✅	✅	✅	✅	✅
Data Share	✅	✅	✅	✅
Database Migration Service	✅	✅	✅	✅
Dataverse (formerly Common Data Service)	✅	✅	✅	✅
DDoS Protection	✅	✅	✅	✅
Dedicated HSM	✅	✅	✅	✅
DevTest Labs	✅	✅	✅	✅
DNS	✅	✅	✅	✅	✅
Dynamics 365 Chat (Omnichannel Engagement Hub)	✅	✅	✅	✅
Dynamics 365 Customer Insights	✅	✅	✅	✅
Dynamics 365 Customer Service	✅	✅	✅	✅
Service	FedRAMP High	DoD IL2	DoD IL4	DoD IL5	DoD IL6
Dynamics 365 Customer Voice (formerly Forms Pro)	✅	✅	✅	✅
Dynamics 365 Field Service	✅	✅	✅	✅
Dynamics 365 Finance	✅	✅	✅
Dynamics 365 Project Service Automation	✅	✅	✅	✅
Dynamics 365 Sales	✅	✅	✅	✅
Dynamics 365 Supply Chain Management	✅	✅	✅
Event Grid	✅	✅	✅	✅	✅
Event Hubs	✅	✅	✅	✅	✅
ExpressRoute	✅	✅	✅	✅	✅
File Sync	✅	✅	✅	✅
Firewall	✅	✅	✅	✅	✅
Firewall Manager	✅	✅	✅	✅
Azure AI Document Intelligence	✅	✅	✅	✅
Front Door	✅	✅	✅	✅	✅
Functions	✅	✅	✅	✅	✅
Service	FedRAMP High	DoD IL2	DoD IL4	DoD IL5	DoD IL6
GitHub AE	✅	✅	✅
HDInsight	✅	✅	✅	✅	✅
HPC Cache	✅	✅	✅	✅
Import/Export	✅	✅	✅	✅
IoT Hub	✅	✅	✅	✅	✅
Key Vault	✅	✅	✅	✅	✅
Lab Services	✅	✅	✅	✅
Lighthouse	✅	✅	✅	✅
Load Balancer	✅	✅	✅	✅	✅
Logic Apps	✅	✅	✅	✅	✅
Machine Learning	✅	✅	✅	✅
Managed Applications	✅	✅	✅	✅
Media Services	✅	✅	✅	✅	✅
Microsoft 365 Defender (formerly Microsoft Threat Protection)	✅	✅	✅	✅
Microsoft Azure portal	✅	✅	✅	✅	✅
Service	FedRAMP High	DoD IL2	DoD IL4	DoD IL5	DoD IL6
Microsoft Azure Government portal	✅	✅	✅	✅
Microsoft Defender for Cloud (formerly Azure Security Center)	✅	✅	✅	✅	✅
Microsoft Defender for Cloud Apps (formerly Microsoft Cloud App Security)	✅	✅	✅	✅
Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection)	✅	✅	✅	✅
Microsoft Defender for Identity (formerly Azure Advanced Threat Protection)	✅	✅	✅	✅
Microsoft Defender for IoT (formerly Azure Security for IoT)	✅	✅	✅	✅
Microsoft Defender Vulnerability Management	✅	✅
Microsoft Graph	✅	✅	✅	✅	✅
Microsoft Intune	✅	✅	✅	✅
Microsoft Purview (incl. Data Map, Data Estate Insights, and governance portal)	✅	✅
Microsoft Sentinel (formerly Azure Sentinel)	✅	✅	✅	✅	✅
Microsoft Stream	✅	✅	✅	✅
Migrate	✅	✅	✅	✅
Network Watcher (incl. Traffic Analytics)	✅	✅	✅	✅	✅
Notification Hubs	✅	✅	✅	✅
Peering Service	✅	✅	✅	✅
Planned Maintenance for VMs	✅	✅	✅	✅
Service	FedRAMP High	DoD IL2	DoD IL4	DoD IL5	DoD IL6
Power Apps	✅	✅	✅	✅
Power Automate (formerly Microsoft Flow)	✅	✅	✅	✅
Power BI	✅	✅	✅	✅	✅
Power BI Embedded	✅	✅	✅	✅
Power Data Integrator for Dataverse (formerly Dynamics 365 Integrator App)	✅	✅	✅	✅
Power Query Online	✅	✅	✅	✅	✅
Power Virtual Agents	✅	✅	✅
Private Link	✅	✅	✅	✅
Public IP	✅	✅	✅	✅
Resource Graph	✅	✅	✅	✅	✅
Resource Mover	✅	✅	✅	✅
Route Server	✅	✅	✅	✅
Scheduler (replaced by Logic Apps)	✅	✅	✅	✅
Service Bus	✅	✅	✅	✅	✅
Service Fabric	✅	✅	✅	✅	✅
Service	FedRAMP High	DoD IL2	DoD IL4	DoD IL5	DoD IL6
Service Health	✅	✅	✅	✅
SignalR Service	✅	✅	✅	✅	✅
Site Recovery	✅	✅	✅	✅
SQL Database	✅	✅	✅	✅	✅
SQL Managed Instance	✅	✅	✅	✅
SQL Server Stretch Database	✅	✅	✅	✅
Storage: Archive	✅	✅	✅	✅
Storage: Blobs (incl. Azure Data Lake Storage Gen2)	✅	✅	✅	✅	✅
Storage: Disks (incl. managed disks)	✅	✅	✅	✅	✅
Storage: Files	✅	✅	✅	✅
Storage: Queues	✅	✅	✅	✅	✅
Storage: Tables	✅	✅	✅	✅	✅
StorSimple	✅	✅	✅	✅
Stream Analytics	✅	✅	✅	✅
Synapse Analytics	✅	✅	✅	✅	✅
Service	FedRAMP High	DoD IL2	DoD IL4	DoD IL5	DoD IL6
Synapse Link for Dataverse	✅	✅	✅
Traffic Manager	✅	✅	✅	✅	✅
Virtual Machine Scale Sets	✅	✅	✅	✅	✅
Virtual Machines (incl. Reserved VM Instances)	✅	✅	✅	✅	✅
Virtual Network	✅	✅	✅	✅	✅
Virtual Network NAT	✅	✅	✅	✅
Virtual WAN	✅	✅	✅	✅	✅
VM Image Builder	✅	✅	✅
VPN Gateway	✅	✅	✅	✅	✅
Web Application Firewall	✅	✅	✅	✅

* Authorizations for edge devices (such as Azure Data Box and Azure Stack Edge) apply only to Azure services that support on-premises, customer-managed devices. You are wholly responsible for the authorization package that covers the physical devices. For assistance with accelerating your onboarding and authorization of devices, contact your Microsoft account representative.

** Azure Information Protection (AIP) is part of the Microsoft Purview Information Protection solution - it extends the labeling and classification functionality provided by Microsoft 365. Before AIP can be used for DoD workloads at a given impact level (IL), the corresponding Microsoft 365 services must be authorized at the same IL.

Next steps

• Acquiring and accessing Azure Government
• Azure Government overview
• Azure Government security
• FedRAMP High
• DoD Impact Level 2
• DoD Impact Level 4
• DoD Impact Level 5
• DoD Impact Level 6
• Azure Government isolation guidelines for Impact Level 5 workloads
• Azure guidance for secure isolation