Azure Government compliance

Microsoft Azure Government meets demanding US government compliance requirements that mandate formal assessments and authorizations, including:

Azure Government maintains the following authorizations that pertain to Azure Government regions US Gov Arizona, US Gov Texas, and US Gov Virginia:

  • FedRAMP High Provisional Authorization to Operate (P-ATO) issued by the FedRAMP Joint Authorization Board (JAB)
  • DoD IL2 Provisional Authorization (PA) issued by the Defense Information Systems Agency (DISA)
  • DoD IL4 PA issued by DISA
  • DoD IL5 PA issued by DISA

For links to extra Azure Government compliance assurances, see Azure compliance. For example, Azure Government can help you meet your compliance obligations with many US government requirements, including:

For current Azure Government regions and available services, see Products available by region.

Note

Services in audit scope

For a detailed list of Azure, Dynamics 365, Microsoft 365, and Power Platform services in FedRAMP and DoD compliance audit scope, see:

Audit documentation

For information on how to access Azure and Azure Government audit reports and related documentation, see Azure compliance offerings audit documentation.

Azure Policy regulatory compliance built-in initiatives

For extra customer assistance, Microsoft provides Azure Policy regulatory compliance built-in initiatives, which map to compliance domains and controls in key US government standards, including:

For more regulatory compliance built-in initiatives that pertain to Azure Government, see Azure Policy samples.

Regulatory compliance in Azure Policy provides built-in initiative definitions to view a list of the controls and compliance domains based on responsibility – customer, Microsoft, or shared. For Microsoft-responsible controls, we provide extra audit result details based on third-party attestations and our control implementation details to achieve that compliance. Each control is associated with one or more Azure Policy definitions. These policies may help you assess compliance with the control; however, compliance in Azure Policy is only a partial view of your overall compliance status. Azure Policy helps to enforce organizational standards and assess compliance at scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to more granular status.

Next steps