Outlook mobile meets needs of customers with the highest Federal security & compliance requirements
Published Jan 15 2019 09:00 AM 25.5K Views

Today, we’re announcing that the recently updated architecture for Outlook for iOS and Android meets the security and compliance needs of Office 365 US Government Community Cloud (GCC) High and Department of Defense customers. In addition to FedRAMP Moderate compliance announced last year, all US government customers can now utilize Outlook mobile. 


To meet the high level of government security and compliance requirements, we updated the Outlook mobile architecture to use a native Microsoft sync technology. This change intends to reduce latency and will provide access to new enterprise-grade features such as S/MIME as they roll out on the updated architecture over the coming months.


We will also be able to extend Enterprise Mobility and Security (EMS) capabilities for Outlook for iOS and Android to GCC High and DoD customers so that they can combine the power of Outlook mobile with Azure Active Directory Conditional Access and Intune App Protection Policies to securely manage email and calendar data on their mobile devices.


We’re excited that the GCC High and DoD customers can adopt Outlook mobile at this time as we continue to roll out new mobile experiences designed to get things done faster. Our aim is to help all customers stay connected and on top of what’s important while on the go and with confidence that their sensitive information is more protected.


For example, customers can experience recently launched calendaring capabilities such as the option to add a comment when canceling a meeting or take quick action from your inbox with one tap to remove a canceled event from your calendar. Seeing attendee status in your calendar events is also a good example of how Outlook mobile powers productivity and collaboration. 



Calendar event - attendee tracking Outlook for Android


Capabilities such as these are designed to get micro tasks done quickly, minimize typing, and with exquisite attention to craftsmanship, provide relevant context so you can get in and out of app fast and back to what matters in your day.


We learn every day with feedback from our customers and now look forward to hearing from GCC High and DoD customers about the power and simplicity of Outlook for iOS and Android. We remain committed to listening and learning from all our customers about the experiences that help you connect, organize and things done. Download it today.  



Q:       What changes were made to the architecture for Outlook mobile that makes it compliant for GCC High and DoD customers?

A:       To meet the high level of government security and compliance requirements, we updated the Outlook mobile architecture so that it establishes a direct connection between the Outlook mobile app and the compliant Exchange Online backend services using a native Microsoft sync technology and removes middle tier services.

The requirements for GCC High and DoD, DISA SRG Level 4 (GCC-High) and Level 5 (DoD), Defense Federal Acquisition Regulations Supplement (DFARS), and International Traffic in Arms Regulations (ITAR), have been approved by a third-party assessment organization and are FISMA compliant based on the NIST 800-53 rev 4.


Q:       Do GCC High or DoD customers need to do anything to prepare for this change?

A:       No, there is nothing these customers need to do to prepare for this change.  Effective January 15th, 2019, GCC High and DoD customers will be free to download and use Outlook for iOS and Android.


Q:       Should GCC High and DoD users turn on the GCC mode toggle in Outlook mobile settings?

A:       No, GCC High and DoD users should not turn on the GCC mode toggle.  If they do, they will not be able to authenticate and access their Exchange Online mailbox. The GCC mode toggle should only be used by existing GCC customers with moderate security requirements. Eventually, the GCC mode toggle will be removed from the app.


Q:       Is Outlook mobile an endpoint that uses the Azure Government AAD Authority?

A:       Yes, GCC High and DoD customers should ensure their tenant is configured using the new authority endpoint as previously notified and described here.


Q:       Are the Outlook mobile features for GCC customers with moderate compliance requirements the same as GCC High and DoD? 

A:       Yes, unless a GCC customer takes steps to opt out of the Government Community Cloud environment or apply configuration practices to change the set of available features (via mobile device management or other configuration controls), US Office 365 GCC customers will all have the same features.  In order to comply with the government compliance requirements, however, there are some features and services that are available to commercial and consumers but not available to US Office 365 GCC customers as described here.


Q:       Are there specific Outlook mobile app versions required for GCC High and DoD customers?  

A:       Yes, please refer here for the app version numbers that will enable Outlook for iOS and Android  for GCC High and DoD customers.  It is important to note however that the roll out of these app versions through the respective Apple and Google app stores may take several weeks to reach all GCC customers.  Administrators may wish to notify their helpdesks to check the app version should a GCC High or DoD user have trouble accessing their email and calendar date after January 15th, 2019.  


Q:       What is the target date for FedRAMP compliance for EMS GCC High?

A:        Intune and Azure Active Directory Premium, are available today in limited rollout for select GCC High and Department of Defense customers and are FedRAMP High compliant.  Full rollout is expected by March 2019.

Version history
Last update:
‎Jan 15 2019 09:41 AM
Updated by: