Aug 25 2020 09:38 AM
If an organization is using ITAR data with Microsoft solutions, is GCC high required for the storage or processing of this data?
Aug 25 2020 09:45 AM
@Anon414 GCCH is only required if a customer desires a contractual level of support from Microsoft committing to ensure that access to the service is restricted to US Persons. If customers are comfortable with the screening requirements implemented in GCC; or implementing their own compensating controls with regard to end to end encryption then services other than GCCH are feasible.
Aug 25 2020 09:47 AM - edited Aug 25 2020 09:49 AM
@Anon414 I discuss the inferred requirement for GCC High in my articles Understanding Compliance Between Microsoft 365 Commercial, GCC, GCC-High and DoD Offerings and Microsoft US Sovereign Cloud Myth Busters - CUI Effectively Requires Data Sovereignty
Aug 25 2020 09:53 AM