Understanding Compliance Between Microsoft 365 Commercial, GCC, GCC-High and DoD Offerings

Terry; yes. A small risk. Possible; yes, Probable; no. Good call on Lockbox as it is a great assurance feature/tool but I always try to be very transparent about it. It definitely helps a customer demonstrate control over access to their data. And, since our engineering staff almost never accesses customer data you may purchase this tool and never get a request from us! So while the risk is very small; and LockBox is a nice assurance complement; for me it boils down to two core things. 1) Being a service provider and needing to provide for a diverse range of potential solutions and risk appetites (while being clear on what is (and isn't) supported) and 2) Having discretionary vs mandatory control over dependencies. All that said, we know that risk is a very subjective discipline and many regulations purposefully leave room for flexible interpretation to achieve objectives different ways. In turn our services provide a myriad blend of features that help tenants add depth and breadth of data protections in addition to what the baseline service offers. You call out some great questions that can help customers explore the contrasts we are trying to highlight with this article so they might determine where their level of comfort is. Thank you.