Hotpatch updates for Windows 11, version 24H2 are now generally available. Read the announcement for more details.
Today we announce the public preview of hotpatch updates for Windows 11 Enterp...
Updated Apr 08, 2025
Version 4.0
Blog Post
GCC is set by the government, not Microsoft who I'm sure would love to have one standard offering. The question then is why the government limits a lot of modern security features in the cloud for the sake of bureaucracy? Set by those with no inherent IT knowledge?
My point here is why are we asking Microsoft about this
Are you implying that Microsoft has no hand in the certification and offering of features in GCC tenants? That getting them certified and functional in GCC is not under their purview at all? That when I've asked product groups "When is this going to be release to GCC?" and they've responded with something like "We're aiming for late Q1," that they were lying to me because they don't actually have any control over features being GCC compliant? And if all of the above is true, who exactly are we supposed to ask about whether specific features are going to be made available in GCC tenants, if not Microsoft?
I just want to make sure I understand your question, and statement. And I'd love it if you can direct me towards the correct Government contact to reach out to, since I've been incorrect for all these years when reaching out to Microsoft for answers.
This is mostly to answer your frustration which you mention yourself:
"basically screwed, increasingly frustrating"If it was up to Microsoft themselves they would of course not bother with this. Though as you say it's to be "GCC compliant".
Microsoft obviously does not set the GCC goals and controls. These controls are set by bureaucrats without necessarily having the IT knowledge of how the modern world works. An example is how people follow standards with no TLS 1.3 implemented yet. Why? Politics.
If you are frustrated with GCC, that's not on Microsoft's shoulder, but they may of course be able to answer you - however the frustration is something you can put towards whoever is maintaining the GCC controls making it harder to implement modern measures
I fully understand that Microsoft does not set the GCC compliance standards, but they are the ones that have to ensure their products and services are compliant with them. It is on their shoulders to ensure that features they release are compliant with the mandates set forth by whatever Government bureaucrats.
This is not a new process to them. In some instances, the features they release are immediately compliant (which is the goal, for some of the teams I've spoken to). In other cases, such as this, there are long standing features that still not GCC compliant, even if they control some of the more critical aspects. E.g., It makes it harder to push for conversion to things like WUfB when you do not have access to the Quality Updates feature to push an update "Right meow" because your knee-jerking SecOps team is freaking out and dry-heaving into paper bags after the latest alert.
Either way, this particular line of discourse is irrelevant. It is entirely upon them to make a feature compliant with mandates, be it FedRAMP High, CJIS, or IRS 1075, to name a few.
If they have an answer, or even a "Hey! We're aiming for Q2 of `25," I'd love to hear it.