What You’ll Learn
Discover how Azure Government and GCC High can help achieve compliance with CMMC and FedRAMP High standards. Learn about application modernization, Azure AD integration, and addressing ITAR requirements. Gain insights into key architectural decisions for ISVs and strategies to optimize Azure investments for government IT projects.
In this session, we're going to focus on organizations that build applications for their own purposes (internal applications and/or provide services to their partner or customers) or an Independent Software Vendor (ISV) that delivers a Software as a Service (SaaS) that must also meet US government requirements. The core scenario here will be meeting the compliance requirements of the Cybersecurity Maturity Model Certification (CMMC) and FedRAMP High while leveraging Microsoft Azure Government.
Many organizations have existing applications that already leverage Microsoft Azure Active Directory as an integration source in the global/commercial environment. For those customers that have already migrated in part or full into the Microsoft 365 GCC High environment, the need to build applications or integrate their services with this new enclave is key to their business success. This includes ISV's that want to support those customers in the Microsoft GCC High/Azure Government environment.
During this session, we'll cover the following:
- Why an ISV would need their own Microsoft GCC High licensing and tenant to support customers
- What's the difference in endpoints between Microsoft Azure Global/Commercial and Government
- Is there a difference between GCC and GCC High
- Does this require migrating the entire application
- What licensing is recommended just to support the application versus using it as a corporate tenant
- Guidance on supporting both environments while minimizing the impact on the entire application codebase
Key highlights included:
- Compliance with CMMC and FedRAMP High: Strategies to ensure applications meet these critical government standards.
- Azure AD Integration: Insights on integrating applications with Azure Active Directory for enhanced security and identity management.
- Application Modernization in GCC High: Techniques for upgrading existing applications to align with GCC High requirements.
- ISV Architectural Decisions: Crucial considerations for Independent Software Vendors (ISVs) working within GCC High environments.
- Token Security and Data Management: Best practices for handling security tokens and managing data securely in Azure Government.
- Optimizing Azure Investments: Approaches for leveraging Azure services to maximize efficiency and compliance in government-related projects.
- Multi-Tenant Management: Understanding the complexities and solutions for managing multiple tenant types within Azure environments.