Event banner
Event details
- Looking forward to tomorrow's AMA! The CMMC landscape has gone through some major changes and can't wait to see how MSFT is prepping for what's next!
- justinO
Microsoft
Hi Jay - We are looking forward to having you participate. To learn more about changes and how Microsoft's approach visit Microsoft CMMC Acceleration Update (March 2022): https://techcommunity.microsoft.com/t5/public-sector-blog/microsoft-cmmc-acceleration-update-march-2022/ba-p/3258999
- Is the long term vision for Azure AD B2B for GCC High <-> Commercial to be a fully integrated experience like we get with Commercial <-> Commercial right now? Or will there likely be features that won't ever come?
Paul MeachamHowdy Andy!
Cross cloud B2B (CCB2B) will work the same way as in-cloud B2B works.
CCB2C is currently in a Private Preview. Currently, CCB2B allows for sharing of web documents (OneDrive/SharePoint) and authentication into web apps (apps with a web front end that authenticate to AAD). Web app authentication includes custom LoB apps, 3P SaaS apps, it does not include Teams.
We are working to release the current capabilities as a Private Preview this quarter (Q2CY22) so stay tuned! Additional capabilities such as Teams guesting, and authenticated Meeting Join are still in development and will be made available in a later feature release after the initial Public Preview release.
In order to prepare for CCB2B we recommend that customers review Cross-tenant access settings which give tenant admins granular control over inbound and outbound sharing. Cross-tenant access settings is available in all clouds for "in-cloud" B2B. Cross-tenant access settings will work across CCB2B once it is available publicly. Read more here: Cross-tenant access overview - Azure AD | Microsoft Docs
I hope this helps!
- Sarah_Gilbert
Community Manager
Welcome to the Microsoft Government CMMC Ask Microsoft Anything (AMA)! This live hour gives you the opportunity to ask questions directly to the Microsoft team. Please post any questions in a separate, new comment thread on this event. Thanks! - What would be the recommendation for an organization that does both CMMC required business and non-CMMC (commercial) business? Would this require one GCC-High tenant for CMMC and a second commercial tenant for the rest of the organization? Thanks!
- justinOHi Matthew - This is really a business decision. There are a number of factors that you need to consider as you plan for CMMC compliance. The two important factors are what types of CUI do you have (and where) and who will need to gain access to that data. We see a variety of configurations across the defense industrial base and the option you mentioned is one variation. In addition, CMMC might not be the only requirement that you have to comply with.
- Thanks Justin. Follow-up question, can you elaborate on the difference between GCC and GCC-High when it comes to CUI/CMMC compliance?
- It really depends on the size of your organization. With a medium to large organization, it would be possible to create an enclave for the CUI data. But for a small organization it might just be easier to secure everything at that level regardless of whether everyone needs access to CUI.
- Sarah_GilbertThank you for joining our AMA today! We appreciate all the great questions and hope you learned something new! I'll be locking this event to new questions and sharing a summary of the questions and answers in this space in a bit. Stay tuned for our next Public Sector AMA in the coming months!
- What are the current rules around conducting a penetration test against a company's footprint in GCC High and Azure government? We have a handful of clients that are expecting eventual CMMC Level 3 requirements.
- justinOHi Nick - Thank you for asking this. We do have a Penetration Testing Rules of Engagement which outlines scope and engagement: https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement?msclkid=bf4ba221ba8711ec80349cf2bb73b179. Aside from this Microsoft also conducts penetration testing on a regular basis of our services and software.
- Thanks Justin! Just to clarify, these rules apply to GCC High and Azure Government as well?
- We are building out a GCC high for cmmc level2. We already have a commercial tenant. Users will only have one device\workstation. How do we keep users from using their device that is azure ad joined to the commercial tenant from using this same device to log into the GCC high tenant ? We dont want the users to have to use two separate devices (one for gcc high and one for commercial)
- justinOHi James - We see many organizations leveraging one device/workstation but having those users access both commercial and government environments. Most will leverage Azure Virtual Desktop (https://azure.microsoft.com/en-us/services/virtual-desktop/). We are also really excited about Windows 365 as some of the organizations do not have the bandwidth to manage the configuration of virtual desktops (https://docs.microsoft.com/en-us/windows-365/overview). Organizations that are already in GCCH leverage W365 or AVD to access commercial resources this way users spend the majority of their time in a higher baseline environment. In the future W365 will be available for GCCH (https://www.microsoft.com/en-us/microsoft-365/roadmap?featureid=93691).
- Does Microsoft have a Walking Deck that highlights the benefits and details of CMMC? (Like they do around other Cloud Industry Solutions)
jolenetamHi Joshua, not a deck but check out the Microsoft CMMC page and this CMMC overview blog.
- Any plans/timeframe for Azure Devops Service coming to GCC High?
- justinOHi Peter - At this point we do not have a timeline to share for Azure DevOps. With that being said we see GCCH customers leveraging both Azure DevOps Server(https://azure.microsoft.com/en-us/services/devops/server/) or Github Enterprise deployed in Azure Gov.
- RichardWakemanWe also are closing the gap in functionality between ADO & GitHub, and will surface as a SaaS offer in GCCH. GitHub that is FedRAMP compliant is called "GHAE".
- If we want to migrate from Commercial to GCC High biggest hurdle is the Voice. How is Microsoft looking to address the PSTN involvement via third-party? What is the best recommendation for someone who is on commercial and using Microsoft Team for Calling
- justinOHi Shamshul - Thank you for the question. You are correct that as organizations move into GCCH it is important for them to understand how audio-conferencing works. Organizations in GCCH that want to enable audio-conferencing will need to set up direct routing with an external telecommunications company. We have a few partners with GCCH specific offerings including AT&T and Call Tower as an example. I hope this helps.
- LisaHaywoodhttps://docs.microsoft.com/en-us/microsoftteams/audio-conferencing-with-direct-routing-for-gcch-and-dod This documentation might be helpful.
