Application Guidance for CMMC & FedRAMP High

What You’ll Learn

Discover how Azure Government and GCC High can help achieve compliance with CMMC and FedRAMP High standards. Learn about application modernization, Azure AD integration, and addressing ITAR requirements. Gain insights into key architectural decisions for ISVs and strategies to optimize Azure investments for government IT projects.

In this session, we're going to focus on organizations that build applications for their own purposes (internal applications and/or provide services to their partner or customers) or an Independent Software Vendor (ISV) that delivers a Software as a Service (SaaS) that must also meet US government requirements. The core scenario here will be meeting the compliance requirements of the Cybersecurity Maturity Model Certification (CMMC) and FedRAMP High while leveraging Microsoft Azure Government.

Many organizations have existing applications that already leverage Microsoft Azure Active Directory as an integration source in the global/commercial environment. For those customers that have already migrated in part or full into the Microsoft 365 GCC High environment, the need to build applications or integrate their services with this new enclave is key to their business success. This includes ISV's that want to support those customers in the High/Azure Government environment.

During this session, we'll cover the following:

1. Why an ISV would need their own Microsoft GCC High licensing and tenant to support customers
2. What's the difference in endpoints between Microsoft Azure Global/Commercial and Government
3. Is there a difference between GCC and GCC High
4. Does this require migrating the entire application
5. What licensing is recommended just to support the application versus using it as a corporate tenant
6. Guidance on supporting both environments while minimizing the impact on the entire application codebase