Blog Post

Public Sector Blog
6 MIN READ

Microsoft US Sovereign Cloud Myth Busters - A Global Address List (GAL) Can Span Multiple Tenants

RichardWakeman's avatar
RichardWakeman
Icon for Microsoft rankMicrosoft
Dec 12, 2019
This article is the first of a series in the Microsoft Tech Community Public Sector Blog that explore myths of deploying Microsoft Cloud Services into the US Sovereign Cloud with Azure Government and...
Updated Nov 03, 2023
Version 12.0
best practices
defense
office365
public sector
emiliom65's avatar
emiliom65
Copper Contributor
Dec 13, 2019

Great explanation!  Definitely a worthwhile read!

 

In the effort to reduce / eliminate Spill.  There is a line of thought around providing a naming convention within the universal GAL to identity the correct person within the organization in regards to  ITAR/DFARS/etc....   i.e. Mary Smith (Gov) vs. Mary Smith, the counterpoint is that the organization does not want to call attention to their government workers / cleared personnel. 

 

Obfuscated identifiers could also be invoked;

  • Mary Smith (A) - Commercial Employee
  • Mary Smith (B) - US Citizen
  • Mary Smith (C) - OCONUS 

Next option could potentially be:

"Tool Tips" within the Outlook client triggered on GAL attributes

  • Tool Tip Display - This "Mary Smith" is outside the the Government Enclave are you certain this is your intent.
  • Tool Tip Display - Preventing sending to "Mary Smith" OCONUS
    • Create escalated exception process

Next option could potentially be:

Evoking "AIP Encryption" on the GCC High side environment for all personnel who are placing commercial aliases within email.  This can be accomplished by creating groups.  https://docs.microsoft.com/en-us/azure/information-protection/prepare

 

And not but least a combination of some or all of the previously mentioned options above.  Open to thoughts and comments -