rss.livelink.threads-in-node

Architecture Risk Brief: Silent Data Integrity Failures in Distributed Criminal Justice Systems

deepeshd87 — Fri, 24 Apr 2026 17:18:12 GMT

Why Modernized Public Safety Environments Need Stronger Data Integrity Controls

In criminal justice information services systems, the most dangerous failures are often the ones you cannot see.

A system may appear fully operational—dashboards green, services responsive, transactions flowing—while critical data is incomplete, inconsistent, or out of sync across connected platforms. In these environments, the absence of alerts does not necessarily mean the absence of problems. Instead, it can signal that data integrity issues are developing silently beneath normal system behavior.

As agencies modernize criminal justice information services (CJIS) systems, adopt cloud platforms, and expand data sharing across jurisdictions, the challenge is not only keeping systems online; it is ensuring the data moving between them remains accurate, consistent, and trustworthy.

Why This Risk Is Growing

Criminal justice agencies are going through rapid modernization, and with that comes a level of complexity that simply didn’t exist in earlier, more isolated systems. In many environments, legacy applications are still running alongside newer cloud-based platforms, which creates gaps in how data is processed and interpreted. At the same time, transaction volumes have increased significantly, and under heavy load it’s not uncommon to see partial commits, retry behavior, or subtle inconsistencies that are hard to detect.

There’s also a growing expectation for near real-time synchronization across systems, even when those systems weren’t originally designed to stay perfectly in sync. As more agencies begin sharing data across jurisdictions, the number of integration points increases, and each one introduces its own risk. None of these changes are inherently problematic, but together they create conditions where data integrity issues can develop quietly without triggering any obvious system failures.

These changes improve capability but also create new failure modes that traditional monitoring does not detect. System uptime alone is no longer a reliable indicator of operational health. The CJIS Security Policy reinforces this requirement by mandating that criminal justice information (CJI) remain accurate, complete, and protected from unauthorized alteration throughout its lifecycle.

What Silent Data Integrity Failures Look Like

Silent failures almost never show up as outages. Most of the time, everything looks fine on the surface—systems are up, jobs are running, dashboards are green. The problems usually come to light much later, often when someone is preparing for an audit, reconciling data between agencies, or digging into a case where something just doesn’t add up.

In one scenario, a transaction completed successfully in the source system but never made it to a downstream platform. There were no errors, no retries flagged—just missing data. In another case, records looked perfectly valid within each system, but when compared across environments, they didn’t match. These kinds of discrepancies tend to surface during reporting or compliance checks, not during normal operations.

That’s what makes them difficult to catch. From an operational standpoint, everything appears healthy. There are no alerts or obvious failures, but underneath that, the data has slowly drifted out of sync.

Database Corruption: The Most Silent Failure of All

Beyond synchronization gaps, database corruption represents an even more dangerous and often invisible threat. Corruption can arise from:

Storage subsystem issues
Hardware degradation
Incomplete writes under high load
Failover anomalies
Legacy-to-cloud interactions

Low-severity corruption may go unnoticed for weeks but eventually impacts multiple agency systems. Because corruption directly threatens the accuracy and integrity of CJI, it poses a significant CJIS compliance risk.

My Implementation: Automated Corruption Alerts

To deal with this, I implemented a simple automated alerting system that monitors corruption indicators and notifies me as soon as something looks off. Instead of waiting for issues to surface during audits or downstream failures, this provides an early signal that something isn’t right.

In practice, it means I can react quickly, investigate the issue before it spreads, and avoid situations where bad data propagates into other systems. In CJIS environments, even a single corrupted record can have real consequences, so early visibility makes a meaningful difference.

Flow Diagram to Detect Integrity

Root Causes of Silent Data Drift

In most cases, these data integrity issues don’t come from obvious failures—they build up during normal day-to-day operations. In high-volume systems, retries and partial commits under load can leave data in an inconsistent state without triggering any errors. During modernization or cloud migrations, subtle differences in schema behavior or transformation logic can cause data to drift between systems over time.

Another common gap is monitoring. Most setups track uptime and performance, but very few validate whether the data itself remains consistent across platforms. And once data moves across multiple systems and integrations, each handoff becomes a potential point where something can go slightly wrong. None of these issues stand out individually, but together they create conditions where inconsistencies quietly accumulate.

Next Steps for Agencies

Criminal justice organizations don’t need to overhaul their entire technology stack to strengthen data integrity. Instead, they can take practical, incremental steps that build resilience into existing systems while preparing for future modernization.

Establish a Baseline for Data Integrity Map where data originates, how it moves, and where it is stored across multiple agency systems.

Implement Routine Cross-System Validation Use Azure Data Factory, Azure SQL Data Sync, and Log Analytics queries to automate comparisons between operational and reporting systems.

Monitor for Corruption and Synchronization Failures Enable corruption detection and configure automated notifications—similar to the low-to-critical corruption alerts I implemented.

Treat Failover and Migration as Integrity Events Use Azure SQL Failover Groups and ADF pipelines to verify data consistency before and after transitions.

Strengthen Governance and Documentation Use Microsoft Purview to track lineage, schema changes, and data ownership.

Build a Culture of Data Integrity Encourage teams to treat data correctness as a shared responsibility across the organization.

Final Thoughts

Criminal justice information systems have made significant progress in availability, scalability, and security. But as these systems become more distributed and interconnected, data integrity—including corruption detection—is emerging as one of the most critical and least visible operational risks.

The challenge is no longer simply ensuring systems stay online. It is ensuring that the data moving through them remains correct, consistent, and trustworthy across every system, agency, and workflow that depends on it.

In environments where data directly impacts investigations, reporting, and compliance decisions, integrity must be engineered, validated, and continuously enforced with the same rigor applied to system availability and security.

B2B SPO: GCCH tenant members as guests on commercial Entra

Kristin_L_365 — Fri, 24 Apr 2026 15:35:39 GMT

Has anyone successfully enabled GCC guest access to a Commercial SharePoint Online site?

We support customers on GCCH tenants and are migrating an on‑prem SharePoint workload to Commercial M365 SPO. Inviting GCC users as guests fails with token/Token ID errors. Entra sign‑in succeeds, but SharePoint token issuance fails. CTAP is configured on both GCC (outbound) and Commercial (inbound).

Microsoft support indicated it may not be possible (“Entra won’t pass OIDC to SPO”), but Microsoft documentation suggests B2B for SharePoint works across US Gov and Commercial.

If you’ve made this work (or confirmed it can’t), I’d appreciate any practical guidance or gotchas. Thanks!

Strengthening Microsoft 365 and Copilot in Government Clouds with In-Product User Feedback

jacobcamp — Mon, 13 Apr 2026 15:00:00 GMT

Delivering secure, reliable, mission-aligned productivity experiences in government clouds requires ongoing collaboration between Microsoft and the public sector organizations we serve. As organizations deploy Microsoft 365 apps and Copilot, tenant administrators need a way to understand how these experiences perform in real-world environments and pass that feedback on to Microsoft.

In-Product Feedback enables IT leaders to capture end-user signals inside Microsoft 365 and Copilot while keeping controls aligned to their compliance posture. In GCC, GCC High, and DoD, In-Product Feedback helps IT leaders spot mission-impacting experience issues, capture environment-specific needs, and share actionable signals with Microsoft.

Feedback Options for Government Clouds

Tenant administrators can choose between two configurations. The table below summarizes the key differences to help you decide what is appropriate for your environment and governance model.

Decision area	Restricted Feedback *(Default)*	Verbatim Feedback *(Admin-Enabled)*
What users can submit	Thumbs up / thumbs down and optional Microsoft-defined categories. No written comments.	Thumbs up / thumbs down and optional written comments. Categories available where applicable.
Where feedback is collected	Copilot experiences only.	Microsoft 365 and Copilot experiences.
Admin action required	None. Available by default.	Enable in Microsoft 365 feedback policy settings.
Operational use	Identify broad experience trends across your organization(s).	Identify and help understand mission-impacting usability or workflow opportunities.
Engineering influence	Supports aggregate experience analysis.	Supports engineering understanding of environment-specific feature behavior.
Why choose it	Low-friction signal at scale, with structured inputs aligned to tighter governance requirements.	Richer scenario context to help accelerate triage and improvement of specific product or feature challenges.

Value for Tenant Admins and IT Leaders

In-Product Feedback provides:

Early visibility into user experience trends and mission-workflow issues
A clear signal path to share environment-specific issues with Microsoft engineering
Real-world input to guide Copilot rollout, adoption, and support
Evidence to inform operating model, governance, and change-management decisions
Data-driven input that helps prioritize future product improvements

Choosing Restricted or Verbatim Feedback enables tenant admins to adjust the signal they receive and the data they share based on their governance, compliance, and support model.

How Microsoft Uses Feedback from Government Clouds

Feedback submitted by users in GCC, GCC High, and DOD environments is reviewed in aggregate to:

Detect recurring user experience challenges in sovereign cloud deployments
Prioritize quality improvements relevant to usage scenarios for these environments
Refine feature behavior across Microsoft 365 and Copilot workloads
Inform roadmap planning for GCC, GCC High and DOD environments

Microsoft uses these aggregated insights to help improve product quality in sovereign cloud deployments — triaging recurring issues, validating feature behavior, and informing product decisions across Microsoft 365 and Copilot for GCC, GCC High, and DoD.

Get Started Today

Tenant administrators can either:

Enable Verbatim Feedback in Microsoft 365 feedback policy settings to allow users to include optional written comments. Tenant administrators should consider this option when: richer scenario context is needed for Microsoft 365 and Copilot, piloting or deployed Microsoft 365 Copilot, investigating workflow-specific items, exploring deployment adjustments, or collaborating with Microsoft to explore and address capabilities or feature behavior.
Take no action to keep Restricted Feedback available using sentiment-based responses (i.e., thumbs up/thumbs down).

Choose the option that fits your governance model and together we can keep improving Microsoft 365 and Copilot.

To learn more about managing feedback policies in Microsoft 365 visit the following resources:

From Fragmentation to Resilience: Why Next Gen “Whole of State” Is Future of Pub Sec Cybersecurity

CyberCorey — Mon, 06 Apr 2026 11:00:00 GMT

Each year at the Billington State and Local Cybersecurity Summit, one message comes through clearly: the cyber threat landscape facing state and local governments is accelerating faster than traditional models of defense can keep up.

Cyber risk is no longer confined to a single agency, system, or jurisdiction. It spans emergency management, education, healthcare, critical infrastructure, and the workforce itself. At the same time, public sector leaders are being asked to modernize services, adopt AI responsibly, and do more with constrained resources.

These pressures are not isolated—and neither can the response be.

That is why Microsoft is focused on a Next Gen Whole of State approach: a state-wide, coordinated model that brings together cyber defense, risk management, and workforce development into a unified strategy—designed for scale, resilience, and trust.

Why “Whole of State” Matters Now

Many states have invested significantly in cybersecurity over the past decade. Yet most efforts remain fragmented—with agencies operating independently, duplicating tools, and competing for scarce talent.

Internal Microsoft analysis and field experience show that this model creates three persistent challenges:

Limited visibility across agencies and jurisdictions
Inconsistent security posture and response capability
Ongoing workforce shortages that slow modernization efforts

A Next Gen Whole of State program is designed to address these challenges holistically. It is a state-wide shared services model that improves efficiency, strengthens critical infrastructure defense, and accelerates AI and cyber talent development—while respecting the autonomy of individual agencies.

This is not about centralizing control. It is about coordinating outcomes.

Cybersecurity as Critical Infrastructure

At Billington, state and local leaders consistently emphasize that cybersecurity must be treated as critical infrastructure protection, not simply an IT function.

Next Gen Whole of State reflects that reality by enabling:

Shared cyber services across agencies and local governments
Proactive identification of vulnerabilities and “slow-burn” risks
Streamlined collaboration during incident response and emergencies

By aligning technology platforms, processes, and partners, states can move toward a more collective defense posture—reducing duplication while improving resilience across the entire ecosystem.

This approach supports more consistent policy enforcement, better situational awareness, and more efficient use of limited funding—priorities that resonate strongly across the state and local community.

Workforce Development Is a Security Imperative

Another theme that consistently surfaces at Billington is the workforce challenge.

Technology alone does not secure a state. People do.

Next Gen Whole of State explicitly integrates workforce and economic development into the security strategy. Through hands-on skilling, apprenticeships, and industry-recognized certifications, states can help build sustainable pipelines of AI and cyber talent using real-world platforms and tools.

This model supports:

Career-ready training aligned to actual state and local needs
Opportunities for students, veterans, and career changers
Long-term reduction in dependency on external resources

By investing locally, states strengthen both their security posture and their communities—an outcome public sector leaders increasingly view as inseparable.

Microsoft’s Role: Thought Leadership at Scale

Microsoft’s contribution to Next Gen Whole of State is grounded in three principles reflected across our public sector work:

Unified platforms that span identity, security, compliance, and AI
Cross-sector collaboration, connecting government, education, and partners
Responsible innovation, aligned with Zero Trust and secure-by-design practices

This enables states to move beyond isolated pilots toward enduring, state-wide programs—while positioning themselves to adapt as threats and technologies evolve.

Importantly, Whole of State also creates a framework for consistent executive engagement, allowing leaders to align strategy, funding, and outcomes around a shared vision.

Looking Ahead

The conversations happening at Billington reflect a broader shift underway across the public sector.

States that lead in the next decade will be those that:

Treat cybersecurity as a shared responsibility
Align technology, policy, and workforce strategy
Build trust through resilience, transparency, and scale

Next Gen Whole of State is not a single product or program.
It is a strategic approach to how states protect critical infrastructure, modernize services, and prepare their workforce for an AI-driven future.

And it is increasingly clear that this approach is no longer optional—it is foundational.

Join the Conversation

Microsoft continues to work with state and local leaders, educators, and partners to advance Next Gen Whole of State initiatives across the country.

To learn more or engage with the Microsoft Security community, visit the Microsoft Tech Community and continue the conversation.

Continuing our momentum: Expanding Microsoft 365 Copilot capabilities across U.S. Government clouds

elisabeth_jones — Thu, 02 Apr 2026 16:00:00 GMT

In December we announced the availability of Microsoft 365 Copilot for customers in GCC‑High—an important milestone in bringing work‑ready AI to organizations that meet the required security and compliance thresholds. Since then, we’ve continued to make steady progress expanding Copilot capabilities across GCC, GCC‑High, and DoD, building on earlier launches and deepening the value customers can access today.

With the rollout of the Analyst and Researcher agents and expanded agent creation capabilities in U.S. Government clouds, we’re marking another step forward in our commitment to delivering Copilot experiences to public sector customers—deliberately, responsibly, and ready for use from day one.

Agentic experiences, built for U.S. Government clouds

Agentic capabilities in Copilot for U.S. Government clouds now include Researcher and Analyst, along with Agent Builder and Copilot Studio publishing to create and share agents.

Researcher (rolling out now, starting with GCC) supports multi‑step research by gathering and synthesizing information across work content to produce clearer, grounded drafts—within U.S. Government cloud security and compliance boundaries. Learn how to get started with Researcher today.

Analyst (now available in GCC, GCC-High, and DoD) supports data analysis by turning information into structured insights and visualizations for decisions and briefings, including pattern detection and clear summaries of large volumes of information. Learn how to get started with Analyst today.

Agent Builder (now available in GCC and GCC-High) expands agent creation capabilities in U.S. Government clouds by enabling users to package instructions, prompts, and work knowledge into reusable agents that help ensure more consistent Copilot responses—grounded in the right organizational context and shareable across teams. Learn more about Agent Builder.

Publishing Copilot Studio Agents to Teams and Microsoft 365 (now available in GCC) extends agentic experiences to the tools users rely on every day. By enabling agencies to make vetted, purpose-built agents available directly in familiar Microsoft 365 surfaces, this capability helps scale consistent, role-relevant guidance and workflows—while keeping usage within the same security and compliance boundaries of U.S. Government clouds. Learn how to connect and configure an agent for Teams and Microsoft 365.

What else is new this quarter

Many core Microsoft 365 Copilot capabilities have also been enhanced in U.S. Government clouds in recent months, including:

Updated OpenAI models (GCC, GCC-High, DoD): Microsoft 365 Copilot for U.S. Government now leverages GPT 5.1 for Copilot Chat, GPT-5 for reasoning, and GPT-4o for image generation, supporting more accurate and contextual responses.

Microsoft 365 Copilot app enhancements: Copilot Search (GCC, GCC-High, DoD) helps users find relevant info across work content; the Create module (GCC, GCC-High) helps draft and refine images and other content.

Copilot Chat improvements (GCC, GCC-High, DoD), including enhanced language understanding for clearer, more accurate responses; Code Interpreter for in-chat data analysis and complex problem solving; and image upload with OCR to extract text for summaries, interpretation, and next steps.

Microsoft 365 Copilot Connectors (GCC, GCC-High) expand access to relevant third-party and line-of-business data sources to ground Copilot experiences in more of your organization’s knowledge. Learn more about Microsoft 365 Copilot Connectors.

In-product user feedback (GCC, GCC-High, DoD). U.S. Government users can now submit in-product feedback directly within Microsoft 365 and Copilot to help improve product experiences for mission work.

All these capabilities – agentic and otherwise – are built to support applicable regulatory and compliance requirements out of the box. U.S. Government compliance needs—including data residency, operational isolation, and restricted personnel access—are carefully considered prior to release, reducing the need for administrators to retrofit controls, disable features, or manage separate compliance workflows.

Moving forward

Delivering Copilot to U.S. Government clouds is a journey, not a single moment. Each new capability reflects a careful, staged approach to availability—helping to ensure features are compliant by design and usable as-is by government organizations.

For guidance on leveraging Microsoft 365 Copilot effectively, visit the Microsoft 365 Copilot for US Government Adoption site. Admins can also review how to manage Copilot agents in the Microsoft 365 Admin Center to help make the most of new agentic capabilities as they roll out.

We’ll continue to share updates as additional Microsoft 365 Copilot features continue to roll out across GCC, GCC‑High, and DoD. Thank you to our government customers and partners for your continued engagement and feedback. Your input helps shape how we responsibly bring AI to mission critical work.

Microsoft 365 Copilot Prompt a thon for Government is Coming to Ft. Lauderdale

Abby_Quinn — Fri, 20 Mar 2026 17:37:18 GMT

On April 16, Microsoft is bringing the Microsoft 365 Copilot Prompt‑a‑thon – Government Roadshow to Ft. Lauderdale, Florida, inviting all Government customers to experience Copilot in action through a hands‑on, in‑person session.

This government‑focused Prompt‑a‑thon is designed to help public sector organizations move beyond AI awareness and into practical, responsible use of Microsoft 365 Copilot. Attendees will learn how to apply effective prompting techniques to real‑world scenarios that reflect how government and education teams work every day.

What You’ll Experience

Participants will:

Practice using Microsoft 365 Copilot through guided, hands‑on exercises
Learn practical prompting techniques tailored to government and education workflows
Explore real scenarios relevant to policy, operations, communications, and IT teams
Leave with skills and examples they can immediately apply and share

This is an interactive working session—not a lecture—focused on learning by doing.

Who Should Attend

This event is designed for:

Federal End Users
State and Local Government professionals
Education sector customers
Commercial users
IT, program, policy, communications, and innovation leaders
Teams beginning or expanding their Copilot adoption journey

Whether you’re exploring Copilot for the first time or looking to drive broader adoption, this session is built to meet public sector needs.

Join Us in Florida

Attending in person provides the opportunity to learn alongside peers, ask questions in real time, and engage directly with Microsoft experts who support government and education customers.

Register HERE

Built on Trust: Microsoft’s Commitment to FedRAMP High and Federal Cloud Security

PaulLorimer — Thu, 19 Mar 2026 14:54:44 GMT

Microsoft builds cloud services for the U.S. government with one foundational principle: trust. For federal agencies, that trust is anchored in FedRAMP—a rigorous, government-led framework designed to ensure cloud services meet the highest security standards. The FedRAMP process plays a critical role in protecting government missions. It is a process Microsoft takes seriously, and we invest significant resources in building products that meet FedRAMP requirements and are secure-by-design and secure-by-default.

We unequivocally stand by all of our products and services for the U.S. government, as well as our FedRAMP authorizations and adherence to the FedRAMP process. While we recognize that conversations about security and compliance are both important and essential, recent flawed reporting seeks to undermine confidence in the U.S. government’s FedRAMP process and our Office 365 products.

To be clear, Office 365 GCC High is a fully authorized service at FedRAMP High following a comprehensive and exhaustive technical review by authorizing agencies, accredited third-party assessors, and the FedRAMP Program Management Office (PMO). Additionally, the service is continuously monitored, annually audited, and supported by one of the industry’s largest and most extensive security and compliance teams.

Why FedRAMP High Authorization Matters

FedRAMP High represents rigorous cybersecurity authorization framework. Its mandate is designed to validate that cloud services meet consistently high security standards. Authorization is grounded in independent verification by an accredited third‑party assessment organization (3PAO), which conducts a comprehensive evaluation of a provider’s security controls. Final risk acceptance rests with federal agency Authorizing Officials, supported by oversight from the FedRAMP PMO, which enforces standardized requirements and review processes across agencies.

Critically, FedRAMP authorization is not a one‑time certification, but an ongoing compliance posture. Cloud service providers must maintain continuous monitoring, including regular reporting, vulnerability management, incident response activities, and demonstrate sustained adherence to FedRAMP High requirements over time. This continuous oversight model reflects the reality that security risk evolves.

Office 365 GCC High Authorization Process

The authorization of Microsoft’s Office 365 GCC High followed a multi‑year review process involving the Department of Justice, accredited 3PAOs, and sustained oversight by the FedRAMP PMO. Over the course of these reviews, additional assessments and validation activities were conducted as requirements evolved. This process culminated in the Fall 2024, with the FedRAMP PMO’s final assessment that resulted in FedRAMP authorization, reflecting a comprehensive evaluation against FedRAMP High security standards.

That authorization signifies satisfaction of applicable security requirements based on documented evidence and risk acceptance by the appropriate authorizing officials. As is standard practice for FedRAMP authorizations and consistent with continuous risk management principles, the authorization included Plans of Actions and Milestones (POA&M) to address residual items under ongoing oversight. This approach aligns with FedRAMP’s established model, in which authorization represents a sustained compliance posture supported by continuous monitoring, rather than a static or one‑time determination.

Throughout the authorization process, Microsoft provided extensive technical artifacts, clarifications, and updated documentation in response to detailed review by accredited 3PAOs and the FedRAMP PMO. These materials were submitted as a comprehensive package that reflected the depth and complexity of assessing a hyperscale cloud environment. Microsoft’s complete security authorization package is made available to agency Chief Information Officers through the FedRAMP PMO, enabling independent government review and informed risk decisions. Iterative exchanges with the PMO and 3PAOs are a normal and expected feature of rigorous FedRAMP High assessments, particularly for large, evolving cloud services.

This effort culminated in Office 365 GCC High being fully authorized at FedRAMP High.

FedRAMP 20x

Under new leadership, the FedRAMP PMO took steps to modernize the FedRAMP process and reduce a backlog of accreditations, while still ensuring the same level of rigorous review and oversight. The FedRAMP reform effort launched in March 2025—often referred to as “FedRAMP 20x”—builds on input from agencies, Congress, and cloud service providers to improve clarity, accountability, and efficiency while preserving rigorous security standards.

We appreciate the Administration’s progress under FedRAMP 20x and welcome continued modernization and transparency in the program. We remain committed to working constructively with government partners to support a FedRAMP program that is both rigorous and responsive, and that continues to earn the trust of agencies, policymakers, and the public.

We stand behind the security of our cloud service offerings, especially those with FedRAMP High authorization. Federal customers can continue to rely on Microsoft’s service with high confidence to support mission‑critical operations. As always, we remain committed to transparency, rigorous compliance, and delivering national‑security‑grade cloud services for the U.S. Government.

Paul Lorimer, Corporate Vice President, Office 365 Enterprise and Cloud Engineering

Unlock the Power of M365 Copilot: Government Prompt-a-thon Comes to Charlotte, NC

Abby_Quinn — Tue, 17 Mar 2026 22:45:30 GMT

Government agencies are under growing pressure to do more with less—modernize operations, increase productivity, and deliver better services to citizens, all while maintaining trust, security, and compliance. On April 8 in Charlotte, North Carolina, government professionals will have the opportunity to experience how M365 Copilot can help meet those challenges head‑on.

The M365 Copilot Prompt‑a‑thon – Government Roadshow is coming to Charlotte, bringing together public sector leaders, IT professionals, and mission owners for an immersive, hands‑on experience focused on real‑world M365 Copilot use cases for government.

This is not a keynote-only event. It’s a working session designed to help you actually use M365 Copilot—confidently, responsibly, and effectively.

What Is a M365 Copilot Prompt‑a‑thon?

A Prompt‑a‑thon is a highly interactive learning experience where attendees go beyond “what M365 Copilot is” and focus on how to use it well. Participants learn how to ask better questions, structure effective prompts, and apply M365 Copilot to everyday government workflows.

Rather than abstract examples, the Prompt‑a‑thon centers on practical, job‑relevant scenarios—the kinds of tasks government employees handle every day, such as:

Drafting and refining documents and guidance
Summarizing long or complex information
Preparing for meetings or briefings
Turning notes and ideas into clear, actionable content
Finding insights across existing work artifacts

Attendees leave with prompt patterns, techniques, and confidence they can immediately bring back to their teams.

Why This Event Matters for Government

M365 Copilot is already transforming how organizations work—but government adoption requires thoughtful implementation. This event is intentionally designed for public sector realities, including:

Security and compliance considerations
Responsible AI usage
Change management and adoption challenges
Supporting diverse roles across IT, operations, policy, and mission teams

The Charlotte Prompt‑a‑thon focuses on helping government organizations move from curiosity to capability—bridging the gap between AI potential and everyday impact.

What You’ll Gain From Attending

By attending the Charlotte Prompt‑a‑thon, participants can expect to:

Learn by Doing

This is a hands‑on experience. You’ll actively work with M365 Copilot and practice prompt techniques you can reuse long after the event ends.

See Real Government Use Cases

Explore scenarios grounded in how government teams actually work—not generic demos.

Build Confidence With M365 Copilot

Understand how to engage M365 Copilot thoughtfully and responsibly, increasing trust and adoption within your organization.

Take Home Practical Assets

Walk away with prompt ideas, workflows, and approaches you can immediately apply and share with colleagues.

Who Should Attend?

This event is ideal for a broad range of government roles, including:

Program and mission leaders
Policy and communications teams
IT and security professionals
Transformation and innovation leads
Knowledge workers looking to improve daily productivity

Whether you are just beginning your M365 Copilot journey or looking to deepen usage across your organization, the Prompt‑a‑thon offers value at every stage.

Why Attend In Person in Charlotte?

The in‑person format allows for deeper engagement, peer learning, and real-time coaching. You’ll have the opportunity to:

Ask questions and experiment live
Learn alongside peers facing similar challenges
Gain insights from Microsoft experts who work closely with government customers

The result is a more meaningful, memorable learning experience—one that accelerates understanding and adoption.

Reserve Your Spot

Seats are limited, and interest in M365 Copilot across government continues to grow. If you’re ready to move beyond AI curiosity and start applying M365 Copilot in practical, responsible ways, this event is for you.

Microsoft 365 Copilot Prompt-a-thon for Government Comes to Boston

Abby_Quinn — Tue, 17 Mar 2026 22:45:24 GMT

On April 8, Microsoft is bringing the Microsoft 365 Copilot Prompt‑a‑thon – Government Roadshow to Boston, MA, inviting State and Local Government and Education customers to experience Copilot in action through a hands‑on, in‑person session.

What You’ll Experience

Participants will:

Practice using Microsoft 365 Copilot through guided, hands‑on exercises
Learn practical prompting techniques tailored to government and education workflows
Explore real scenarios relevant to policy, operations, communications, and IT teams
Leave with skills and examples they can immediately apply and share

This is an interactive working session—not a lecture—focused on learning by doing.

Who Should Attend

This event is designed for:

State and Local Government professionals
Federal End Users
Education sector customers
IT, program, policy, communications, and innovation leaders
Teams beginning or expanding their Copilot adoption journey

Whether you’re exploring Copilot for the first time or looking to drive broader adoption, this session is built to meet public sector needs.

Join Us in Boston

Attending in person provides the opportunity to learn alongside peers, ask questions in real time, and engage directly with Microsoft experts who support government and education customers.

Interested in joining? Reach out to Jay Leask at jay.leask@microsoft.com or Abby Quinn at abby.quinn@microsoft.com.

Don't Miss the Agent-a-thon Coming to Arlington, Virginia April 22!

Abby_Quinn — Tue, 17 Mar 2026 20:08:58 GMT

Don’t Just Hear About AI at Work — Experience It

Register now for the upcoming Microsoft 365 Copilot Agent-a-thon in Arlington, Virginia

AI isn’t “coming someday.” It’s already reshaping how teams write, analyze, collaborate, and deliver outcomes—especially in environments where time, accuracy, and accountability matter.

That’s why this upcoming Agent-a-thon is the one you’ll want on your calendar.

This is your chance to move beyond the hype and get clear, practical insight into how Copilot can help teams work smarter inside the M365 Copilot tools they already use—while keeping governance, security, and responsible use at the center of the conversation.

Why this event matters (and why now)

If your organization is asking any of these questions, you belong in this session:

“Where do we start with agents—without overwhelming users?”
“How do we turn early excitement into real adoption?”
“What use cases actually translate into time saved and better outcomes?”
“How do we maintain trust, controls, and compliance while scaling AI?”

This event is designed to help you walk away with clarity and momentum—not just inspiration.

What you can expect

You’ll explore how M365 Copilot Agents can support real work across everyday tools and workflows—think: turning information overload into summaries, accelerating drafting and revision, helping teams prepare, communicate, and decision faster, and improving consistency in outputs.

Just as important: you’ll get language and framing you can take back to your stakeholders—leadership, IT, security, and end users—to help align on responsible adoption and high‑value scenarios.

Who should attend

Bring your builders, your decision-makers, and end users—this is valuable whether you’re:

Leading productivity or modernization efforts
Supporting end users and change management
Shaping AI governance, security, or compliance
Driving outcomes for a mission, program, or service line
Looking to scale practical “Copilot-first” ways of working

If you’re trying to operationalize AI (not just discuss it), this is for you.

The biggest takeaway: confidence

The best events don’t just inform—they activate. This one is built to help you leave with:

Stronger understanding of where Copilot fits in daily work
Clearer ideas for repeatable, high-impact use cases
Better readiness to talk about adoption and change in a structured way
A practical next step: what to do Monday morning after the event

Seats fill. Momentum matters. Register now.

If you’ve been waiting for the “right moment” to lean into M365 Copilot, this is it.

✅ Save your spot here: Agent-a-thon Registration

And if you know someone who keeps saying, “I want to see what Copilot can really do,” forward this and bring them with you.

ITAR Compliance in the Microsoft Cloud: Navigating GCC, Azure Commercial, and Azure Government

bryanlopez — Fri, 20 Mar 2026 15:11:43 GMT

Why ITAR Compliance Matters in the Cloud

The International Traffic in Arms Regulations (ITAR) govern the export, temporary import, reexport, and transfer of defense articles, services, and related technical data directly related to defense articles listed on the United States Munitions List (USML) as well as furnishing defense services. Administered by the United States’ Department of State's Directorate of Defense Trade Controls (DDTC), the ITAR imposes strict requirements on manufacturers, exporters, and brokers of defense-related items - and those requirements extend to how and where ITAR-controlled data is stored, processed, and accessed in the cloud.

For federal agencies, Defense Industrial Base (DIB) organizations, and government contractors, choosing the right Microsoft cloud environment is not just a technical decision - it is a compliance imperative. Getting it wrong can result in civil penalties, criminal prosecution, loss of export privileges, and the erosion of trust with federal partners. It can even cause the government to bar companies from federal contracts.

This guide walks through how ITAR compliance maps to our cloud offerings - specifically Microsoft 365 GCC, Azure Commercial, and Azure Government - drawing exclusively from official Microsoft documentation to help you make informed decisions about where your ITAR-controlled workloads belong.

Understanding ITAR: Core Requirements

Before evaluating cloud environments, it is essential to understand what the ITAR requires:

Registration with DDTC: Organizations that manufacture, export, or broker defense articles must register with the Directorate of Defense Trade Controls.
Access Restricted to US Persons: ITAR-controlled technical data may only be accessed by US persons unless specific DDTC authorization has been granted.
Prohibition on Unauthorized Export: ITAR-controlled technical data may not be exported - included by making it available to foreign person – without authorization from the DDTC. As described in additional detail below, the ITAR does not impose an affirmative requirement that data be stored within the Continental United States (CONUS). However, storing data within CONUS and restricting access to U.S. persons is a widely adopted mitigation strategy. End-to-End Encryption: The revised ITAR rules, effective March 25, 2020, introduced a carve-out stating that sending, taking, or storing unclassified technical data does not constitute an export if the data is secured using end-to-end encryption with FIPS 140 compliant cryptographic modules, the means of decryption are not provided to any person other than the intended recipient, and the data is not intentionally sent to or stored in a proscribed country listed under 22 CFR § 126.1. Additionally, there are specific requirements for protecting and sharing access information for ITAR data to qualify for the carve-out.

Think of ITAR requirements as a vault within a vault. It is not enough that the building is secure — the room, the safe, and the access list all have to meet the standard independently.

There Is No ITAR Certification

A critical point that often creates confusion: there is no ITAR compliance certification for cloud service providers. We design and operate our in-scope services to be capable of supporting your ITAR obligations and compliance program, but there is no formal ITAR certification to obtain. This means that ITAR compliance is ultimately the responsibility of the data owner — we provide the capable platform, and you are responsible for the protection, architecture, and access controls within your environment.

Reference: International Traffic in Arms Regulations (ITAR) - Azure Compliance | Microsoft Learn

Microsoft Cloud Environments: Where Does ITAR Fit?

Microsoft 365 GCC

Microsoft 365 Government Community Cloud (GCC) is designed for US federal, state, local, and tribal government entities, along with contractors holding or processing data on behalf of the US Government. GCC provides compliance with FedRAMP High, DFARS, and requirements for criminal justice and federal tax information systems.

However, GCC does not natively support ITAR or EAR-controlled data. While GCC stores data within the United States and restricts access to screened personnel, it runs on Microsoft Entra ID Commercial. Support staff may include non-US persons, and we will only agree to ITAR contract language for the GCC High environment - not standard GCC.

Can Compensating Controls Make GCC Viable for ITAR? A Risk-Based Decision

We recognize that not every organization is positioned to leverage to GCC High - whether due to budget constraints, licensing timelines, or operational complexity. For organizations evaluating GCC, it is worth understanding the compensating controls available, the case they enable, and efforts need to reduce risk within their organization.

The core argument for GCC viability rests on four points:

Data never leaves the United States. GCC stores all customer data within US boundaries. Unlike Azure Commercial, where data residency depends on customer configuration, GCC's CONUS data residency is part of the environment boundary itself.
No unauthorized human access. When CMK and Customer Lockbox are implemented together, they eliminate the risk of unauthorized human access to ITAR-controlled data — regardless of the background check status of any individual. CMK ensures that we and our agents cannot decrypt your data without keys your organization controls. Customer Lockbox ensures that in rare instances where our support engineers need elevated access, you explicitly approve or reject every request.
Automated processing stays within the GCC boundary in CONUS. Automated service operations that process your data remain within the GCC environment and do not leave the United States.
Therefore, no export occurs. If the data never leaves the US, no Microsoft employee can access it in decrypted form without explicit customer approval, and all processing remains within CONUS - the conditions that would constitute an export under ITAR are not met.

Customer Managed Keys (CMK): GCC supports customer-managed encryption keys through Azure Key Vault. With CMK, your organization retains exclusive control of the encryption keys that protect your data at rest. Because Azure Key Vault is designed so that we and our agents cannot see or extract your cryptographic keys, CMK is a critical component of meeting the ITAR end-to-end encryption carve-out requirement that the means of decryption are not provided to any third party. This is the critical control - even if a non-US person were to encounter the encrypted data, nothing is revealed because they cannot decrypt it without your keys.

Customer Lockbox: Customer Lockbox for Microsoft 365 provides an explicit access governance gate. In rare instances where our support engineers need elevated access to your data to resolve a service request, Customer Lockbox requires your approval before any access is granted. This gives your organization direct control over who touches your data and when — making the background check status of individual support personnel a secondary concern, because no human access occurs without your authorization.

This is fundamentally a risk-based decision - and one that typically falls to the CISO and organizational leadership to approve and be held accountable for. Organizations that implement CMK and Customer Lockbox in GCC can build a defensible technical case that no export occurs, but they should ensure that decision is documented, reviewed by compliance stakeholders, and aligned with their organization's risk tolerance. For many organizations — particularly those in the DIB handling ITAR-controlled technical data — GCC High will remain the appropriate path because it eliminates these considerations by design.

Bottom line: Ultimately, it is incumbent on the data owner to decide what tools meet their purposes. GCC is suitable for Federally Controlled Information (FCI) and certain categories of Controlled Unclassified Information (CUI). Organizations with ITAR-controlled data may prefer GCC High or DoD environments, but CMK and Customer Lockbox can serve as meaningful compensating controls for organizations managing the transition or making a documented, risk-based determination that the technical controls in GCC are sufficient for their specific use case.

Reference: Office 365 US Government - Service Descriptions | Microsoft Learn

Azure Commercial

Azure Commercial can play a role in supporting ITAR compliance — but with an important distinction from our government cloud environments: the compliance boundary in Azure Commercial is customer-implemented rather than environment-guaranteed.

Both Azure and Azure Government can help you meet your ITAR compliance obligations. Our Azure datacenters (except for the Hong Kong SAR region) are not located in proscribed countries or the Russian Federation. Azure services rely on FIPS 140 validated cryptographic modules and provide multiple options for encrypting data in transit and at rest, including customer-managed keys (CMK) through Azure Key Vault backed by FIPS 140 validated HSMs.

Data Residency in Azure Commercial

While Azure Commercial is not hard-locked to CONUS the way Azure Government is, we provide you with the tools and transparency to control where your data resides. You select the Azure region where your applications and data are deployed. Most Azure services enable you to specify the region where your customer data will be stored and processed, and we will not store or process customer data outside the selected geography. We publish a data residency page and per-service documentation that identifies which services store data at rest in-region and which have global components that may process data outside the selected geography.

To enforce data residency in Azure Commercial, you can leverage region selection during deployment, Azure Policy to restrict resource creation to specific US regions, and service-specific residency controls documented for each service. It is your responsibility to review per-service documentation to understand which services are fully regional and which may have global processing components, and to architect your environment accordingly.

This is the fundamental difference: in Azure Government, the CONUS boundary is part of the environment. In Azure Commercial, you are building that boundary yourself through policy, encryption, access controls, and deliberate architecture choices for the available localized services.

The Encryption Carve-Out

The key enabler for ITAR in Azure Commercial is the ITAR end-to-end encryption carve-out. The ITAR states that storing encrypted technical data does not constitute an export when the data is unclassified, encrypted end-to-end with FIPS 140 compliant modules, and not intentionally stored in a proscribed country. Also, the means of encryption must not be provided to a third party. Azure Key Vault is designed so that Microsoft and its agents cannot see or extract customers’ cryptographic keys. Customer Lockbox for Azure puts you in charge of approving or rejecting any elevated access requests from our support engineers, providing an additional layer of access governance.

However, Azure Commercial does not provide the additional contractual commitments that Azure Government offers, such as guaranteed storage within the United States and access limited exclusively to screened US persons. The compliance controls are available to you - but the responsibility for implementing, configuring, and maintaining them rests entirely with your organization.

Bottom line: Azure Commercial can support ITAR workloads under the encryption carve-out, but you are building and enforcing the compliance boundary yourself. Most organizations with ITAR obligations are best served by Azure Government, where the boundary is built into the environment.

Reference: International Traffic in Arms Regulations (ITAR) - Azure Compliance | Microsoft Learn

Azure Government

Azure Government is a physically and logically isolated cloud environment built specifically for US government agencies and their partners. Data transmission and processing are restricted to CONUS, and access to systems processing customer data is limited to screened US persons. Azure Government provides contractual commitments regarding data residency and personnel access that go beyond what Azure Commercial offers.

Azure Government holds FedRAMP High authorization and supports DISA SRG Impact Level 5 (IL5), ITAR, and Export Administration Regulations (EAR). For organizations that need to store and process ITAR-regulated data, Azure Government provides the strongest alignment with ITAR requirements available in our cloud ecosystem.

Key capabilities that support ITAR compliance in Azure Government include:

Data location control: Robust tools to restrict data storage to US regions, ensuring customer data is not intentionally stored in a non-conforming location.
Access controls: Our technical support personnel do not have default access to customer data. Customer Lockbox for Azure enables you to approve or reject any elevated access requests.
End-to-end encryption: FIPS 140 validated cryptographic modules with customer-managed key options through Azure Key Vault HSMs.
Screened US citizens: Personnel with potential access to customer data undergo verification of US citizenship and additional background screening. This is more than what the ITAR requires, which is a US person.

Bottom line: Azure Government is the recommended environment for ITAR-controlled workloads and provides the strongest contractual and technical protections.

Reference: Azure support for export controls | Microsoft Learn

Microsoft 365 GCC High and DoD

For organizations that need Microsoft 365 productivity services (Exchange, SharePoint, Teams, OneDrive) alongside ITAR compliance, GCC High is the appropriate environment. GCC High is built on Azure Government infrastructure, stores data exclusively in US data centers, and limits access to screened US citizens. We will agree to ITAR contract language for the GCC High environment.

The Office 365 GCC High and DoD environments deliver compliance with Department of Defense Security Requirements Guidelines, DFARS, and ITAR. You must sign additional agreements notifying us of your intention to store ITAR-controlled data so that we can comply with our obligations to both you and the US government.

Reference: Office 365 GCC High and DoD - Service Descriptions | Microsoft Learn

Comparing the Environments at a Glance

Capability	GCC	Azure Commercial	Azure Government	GCC High / DoD
ITAR Contract Language	No	No	Yes	Yes
Data Residency (CONUS)	US only (environment boundary)	Customer-configured via region selection, Azure Policy, and per-service residency controls	US only (contractual)	US only (contractual)
Compliance Boundary	Environment-guaranteed	Customer-built through policy, encryption, and architecture	Environment-guaranteed	Environment-guaranteed
Personnel Screening (US Persons)	Screened personnel, but support staff may include non-US persons	No specific commitment	Screened US persons	Screened US citizens
Physical/Logical Isolation	Logical segregation on Azure Commercial	Shared commercial infrastructure	Physically isolated	Physically isolated (Azure Gov)
FIPS 140 Encryption	Yes	Yes	Yes	Yes
Customer Managed Keys (CMK)	Yes (Azure Key Vault)	Yes (Azure Key Vault)	Yes (Azure Key Vault)	Yes (Azure Key Vault)
Customer Lockbox	Yes	Yes	Yes	Yes
FedRAMP Authorization	FedRAMP High	Varies by service	FedRAMP High	FedRAMP High
ITAR-Capable	Not natively; CMK + Customer Lockbox enable a defensible no-export case (risk-based decision)	Under encryption carve-out (customer-built boundary)	Yes	Yes

Shared Responsibility: Your Role in ITAR Compliance

Regardless of which cloud environment you choose, ITAR compliance is a shared responsibility. We provide the platform capabilities — encryption, data residency, access controls, and personnel screening — but your organization is responsible for:

Registering with DDTC if you manufacture, export, or broker defense articles.
Classifying and labeling data to identify ITAR-controlled technical data.
Configuring access controls to ensure only authorized US persons can access regulated information.
Signing additional agreements with us to formalize your intention to store ITAR-controlled data (required for Azure Government and GCC High).
Designing application architecture to maintain end-to-end encryption that meets ITAR requirements. We do not inspect, approve, or monitor your applications.
Managing third-party integrations that may fall outside the compliance boundary.

The Microsoft Enterprise Agreement Amendment enables us and the customer to work together in reporting ITAR violations, fulfilling the specific reporting obligations that ITAR requires.

Reference: International Traffic in Arms Regulations (ITAR) - Microsoft Compliance | Microsoft Learn

Action Plan for Getting Started

Step 1: Assess Your Data Determine whether your organization handles defense articles, services, or technical data on the USML. Understand which data is ITAR-controlled and map your data flows.

Step 2: Choose the Right Environment For ITAR-controlled workloads, Azure Government and Microsoft 365 GCC High provide the strongest alignment. If you are evaluating GCC with compensating controls like CMK and Customer Lockbox, or Azure Commercial under the encryption carve-out, ensure the decision is documented and approved by your CISO and compliance stakeholders — as the CISO is ultimately accountable for the risk acceptance and the defensibility of the chosen approach.

Step 3: Engage Your Microsoft Account Team If you are seeking to host ITAR-controlled data, work with your Microsoft account and licensing teams to obtain proper agreements and access relevant system architecture information.

Step 4: Develop Your Compliance Architecture Leverage tools like Azure Policy, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, and Customer Lockbox to enforce and monitor your compliance posture.

Step 5: Document and Maintain Develop a System Security Plan (SSP) that reflects your ITAR controls, and continuously monitor and update your controls as your environment evolves.

Resources and Further Reading

Conclusion

ITAR compliance in the cloud is achievable - but it requires deliberate environment selection, proper contractual agreements, and disciplined architecture. Microsoft 365 GCC does not natively support ITAR, but Customer Managed Keys and Customer Lockbox can enable a defensible technical case that no export occurs - a risk-based decision that falls to the CISO and organizational leadership to approve. Azure Commercial can support ITAR under the encryption carve-out, but the compliance boundary is customer-built rather than environment-guaranteed, which demands careful architecture and per-service residency review. Azure Government and GCC High provide the contractual commitments, data residency guarantees, and personnel screening that most closely align with ITAR requirements — with the compliance boundary built into the environment by design.

The path forward starts with understanding your data, choosing the right environment, and building your compliance architecture on our capable platform.

Join the Discussion

Join the conversation below to ask questions, share deployment insights, and connect with other public sector professionals working with Microsoft capabilities. Your feedback and experience help strengthen the community.

Sunderland City Profile: Frontier transformation in practice

DanNarloch — Mon, 02 Mar 2026 23:30:47 GMT

Download the SmartCitiesWorld City Profile – Sunderland

Cities everywhere are facing the same pressure: modernize infrastructure, grow the economy, and improve quality of life, without widening inequality. Sunderland offers a credible path forward.

Once defined by shipbuilding and coal mining, Sunderland has spent the last four decades deliberately reinventing itself. Today, it is positioning itself as the UK’s leading smart city by investing in digital infrastructure, data, and low‑carbon innovation to drive inclusive, long‑term growth. The latest City Profile from SmartCitiesWorld captures how this strategy is being executed and why it matters for city leaders globally.

A digital backbone built for outcomes, not optics

Sunderland’s progress starts with a clear foundation: connectivity and data designed with purpose.

Full‑fibre connectivity across the city
Citywide 5G and LoRaWAN coverage
A secure, cloud‑based smart city data platform

Together, this stack enables real‑time visibility across transport, environment, and public services. More importantly, it shifts the city from reactive decision‑making to proactive, evidence‑led operations.

The impact is measurable. Data and analytics now support:

Safer, more predictable event planning
Smarter traffic and mobility management
Earlier environmental interventions
More targeted social and health services

From digital health hubs that reduce exclusion to intelligent transport pilots that cut emissions and improve safety, Sunderland is applying technology where it delivers the highest public value—not where it looks most impressive on a slide.

What comes next: two opportunities to scale impact

The City Profile also highlights where cities like Sunderland can go further. Two opportunities stand out.

Move from smart services to predictive city operations
With real‑time data already in place, the next step is predictive modeling—anticipating demand across social care, transport, energy, and public safety before pressure points emerge. Done right, this enables earlier investment decisions, lower long‑term costs, and better outcomes across services.
Turn digital inclusion into a workforce engine
Sunderland’s digital health hubs create a foundation for something bigger: linking access and digital skills directly to workforce development. By aligning inclusion efforts with local demand in advanced manufacturing, data, and clean energy, cities can convert access into sustained economic mobility.

Why Sunderland’s approach matters

Sunderland’s experience reinforces a critical point: smart city transformation is not about technology in isolation. It is about aligning infrastructure, data, governance, and community priorities around a shared vision for inclusive growth.

For public‑sector leaders moving from ambition to execution, the full City Profile provides practical insight into the partnerships, operating models, and decisions behind Sunderland’s approach. It’s a useful reference for anyone looking to translate a digital‑first strategy into measurable impact—for people, place, and long‑term resilience.

From AI pilots to public decisions: what it really takes to close the intelligence gap

DanNarloch — Thu, 26 Feb 2026 19:56:59 GMT

Across the public sector, the conversation about AI has shifted. The question is no longer whether AI can generate insight—most leaders have already seen impressive pilots. The harder question is whether those insights survive the realities of government: public scrutiny, auditability, cross‑department delivery, and the need to explain decisions in plain language.

That challenge was recently articulated by Sadaf Mozaffarian, writing in Smart Cities World, in the context of city‑scale AI deployments. Governments don’t need more experiments. They need decision‑ready intelligence—intelligence that can be acted on safely, governed consistently, and defended when outcomes are questioned.

What’s emerging now is a more operational lens on AI adoption, one that exposes two issues many pilots quietly avoid.

Decision latency is the real enemy

In government, decision latency is not about slow analytics, it’s the time lost between having a signal and being able to act on it with confidence.

Much of the focus in AI discussions is on accuracy, bias, or model performance. But in cities, the more damaging problem is often this latency. When data is fragmented across departments, policies live in PDFs, and institutional knowledge walks out the door at 5pm, leaders may have insight but still can’t decide fast enough. AI pilots often demonstrate answers in isolation, but they don’t reduce the friction between insight, approval, and execution.

Decision‑ready intelligence directly attacks this problem. It brings together:

Operational data already trusted by the organization
Policy and regulatory context that constrains decisions
Human checkpoints that reflect how accountability actually works

The result isn’t faster answers—it’s faster decisions that stick, because they align with how governments are structured to operate.

Institutional memory is infrastructure

Cities invest heavily in physical infrastructure—roads, pipes, facilities—but far less deliberately in institutional memory. Yet planning rationales, inspection notes, precedent cases, and prior decisions are often what make or break today’s choices.

Consider a routine enforcement or permitting decision that looks reasonable on current data, but quietly contradicts a prior settlement, a regulator’s interpretation, or a lesson learned during a past inquiry. AI systems that don’t account for this history don’t just miss context, they create risk.

Decision‑ready intelligence treats institutional memory as a first‑class asset. It ensures that when AI supports a decision, it does so with:

Access to relevant historical records and prior outcomes
Clear lineage back to source documents and policies
Logging that preserves not just what was decided, but why

This is what allows governments to move faster without relearning the same lessons under audit pressure.

Why this matters now

Public sector AI initiatives rarely fail because of a lack of ambition. They stall because trust questions—governance, records, explainability—arrive too late. By the time leaders ask, “Can we stand behind this decision?” the system was never designed to answer.

Decision‑ready intelligence flips that sequence. Governance is not bolted on after the pilot; it’s built into the operating model from the start. That’s what allows agencies to scale from a single use case to repeatable patterns across departments.

A practical starting point

The cities making progress aren’t trying to transform everything at once. They start small but visible:

Identify one cross‑department “moment of truth”
Define what must be logged, retained, and explainable
Connect just enough data, policy, and work context to support that decision

From there, they reuse the same patterns—governed data products, policy knowledge bases, and human‑in‑the‑loop workflows—to scale responsibly.

AI in government will ultimately be judged the same way every public investment is judged: by outcomes, fairness, and public confidence. Closing the intelligence gap isn’t about smarter models. It’s about designing decision systems that reflect how governments actually work—and are held accountable.

Learn more by reading Sadaf's full article: Closing the intelligence gap: how cities turn AI experiments into operational impact

Microsoft 365 Copilot Government Events Are Hitting the Road & Coming to a City Near YOU

Abby_Quinn — Tue, 10 Mar 2026 15:14:43 GMT

Did Someone Say Prompt‑a‑thon?!

M365 Copilot Government Events Are Hitting the Road

Generative AI is no longer a “future” conversation—it’s happening now across government. And there’s no better way to move from curiosity to confidence than getting hands on with M365 Copilot alongside peers and experts who understand your mission.

That’s why we’re excited to bring M365 Copilot Government in‑person experiences to cities across the United States! These immersive, collaborative events are designed to help government organizations build real skills, unlock immediate value, and accelerate their M365 Copilot journey—all within GCC guardrails and responsible AI practices.

Whether you’re just getting started or ready to level up, this is your chance to roll up your sleeves and experience Copilot in action.

What to Expect: A True Hands‑On Prompt‑a‑thon Experience

Each event is a full‑day, interactive experience focused on practical learning, real scenarios, and meaningful connection.

Arrival & Networking

Kick off the day by connecting with peers and Microsoft specialists. This informal networking time sets the stage for open conversation—sharing challenges, exchanging ideas, and learning how other agencies are approaching AI adoption.

M365 Copilot Overviews and Prompting Masterclass

Prompting is where the magic happens. In this session, you’ll learn the fundamentals of effective prompting—how to provide the right context, structure requests, and guide Copilot toward higher‑quality results. Live demos show Copilot at work across M365 apps, turning prompts into powerful outcomes.

Hands‑On Team Scenario Building

This is where theory turns into practice. Working in small teams, you’ll tackle realistic government scenarios using M365 Copilot across Word, Excel, PowerPoint, Teams, and Outlook. With guidance from Microsoft Cloud Solution Architects and specialists, you’ll experiment, iterate, and build workflows you can take back to your organization.

Team Showcases & Takeaways

Teams share what they built, what worked, and what surprised them. You’ll leave with clear takeaways on where Copilot can save time, improve quality, and reduce friction in everyday mission workflows—plus inspiration from what your peers accomplished.

What You’ll Leave With

By the end of the day, you won’t just understand M365 Copilot—you’ll know how to use it.

Practical, reusable prompt patterns
A clearer understanding of Copilot capabilities and limitations
Actionable ideas to pilot with your team right away
Ongoing connections with peers and Microsoft experts

Coming to a City Near You

Choose the location and date that works best for you and your team:

Date	Location	Registration Link
March 04, 2026	Chicago, IL	Chicago, IL
March 18, 2026	Arlington, VA	Arlington, VA
April 1, 2026	Dallas, TX	Dallas, TX
April 8, 2026	Charlotte, NC	Charlotte, NC
April 16, 2026	Fort Lauderdale, FL	Fort Lauderdale, FL
May 7, 2026	New York City, NY	New York City, NY
May 13, 2026	Seattle, WA	Seattle, WA
May 20, 2026	Irvine, CA	Irvine, CA

Why Attend?

At each stop, you’ll collaborate with peers and Microsoft experts in a hands‑on environment to:

Craft powerful, effective prompts
Explore agentic AI scenarios
Apply Copilot across M365 apps to solve real mission challenges

This isn’t a lecture—it’s a Prompt‑a‑thon built for government practitioners who want to turn AI potential into real impact.

Spots are limited—register today and secure your seat.
We can’t wait to see you on the road!

Genesis Mission: How Microsoft & the U.S. Department of Energy Accelerate Science

hekobyls — Thu, 02 Apr 2026 16:44:13 GMT

The Genesis Mission, led by the U.S. Department of Energy (DOE), is a coordinated national initiative to dramatically accelerate scientific discovery, strengthen U.S. energy leadership, and advance national security through the responsible application of artificial intelligence (AI), high‑performance computing (HPC), and world‑class scientific infrastructure.

At Microsoft, we are honored to support this mission in close partnership with the DOE and its National Laboratories. By providing secure cloud platforms, advanced AI capabilities, and scientific domain‑specific tools, Microsoft is working alongside America’s scientists and engineers to help modernize research workflows and reduce the time required to move from hypothesis to discovery.

This collaboration reflects a shared commitment to ensuring that AI serves as a force multiplier for the scientific workforce, enabling new approaches to research while maintaining the security, governance, and integrity required for mission‑critical work.

The Genesis Mission: Building an Integrated Platform for American Science

The Genesis Mission brings together the DOE’s 17 National Laboratories, advanced experimental facilities, large‑scale scientific datasets, and next‑generation computing resources into a more integrated scientific discovery platform. The goal is to double the productivity and impact of American research and innovation within the decade by embedding AI directly into the scientific process.

Achieving this vision requires trusted technology partners who understand the unique requirements of government‑led science - from secure data handling and regulatory compliance to collaboration across institutions and disciplines.

Microsoft’s work under the Genesis Mission is focused on enabling this integrated approach by delivering:

Secure, government‑ready cloud infrastructure accredited to support workloads ranging from unclassified to Secret data and protected with industry-leading cybersecurity systems
AI capabilities designed for scientific and engineering workflows
Responsible AI practices aligned with federal standards
Close collaboration with DOE scientists and laboratory experts
Collaboration on Nuclear R&D and Permitting
Autonomous Lab & Agentic Enablement

Microsoft has a long-standing partnership with DOE, NNSA, and the National Laboratories to accelerate national security, scientific research, nuclear capabilities, and artificial intelligence.

Here are a few existing partnerships that Microsoft expects to grow in light of the Genesis Mission:

Accelerating Materials Science Discovery with Pacific Northwest National Laboratory

Materials science is foundational to many of the DOE’s mission priorities, including energy storage, advanced manufacturing, and sustainability. Through our partnership with Pacific Northwest National Laboratory (PNNL), Microsoft is helping demonstrate how AI can transform how materials are discovered and evaluated.

Using , Microsoft and PNNL combined AI and HPC to screen more than 32 million inorganic material candidates - a task that would traditionally take many years using conventional methods. AI models rapidly narrowed this vast search space to a small set of promising materials, enabling PNNL researchers to experimentally synthesize and validate a previously unknown compound for potential battery applications.

This collaboration illustrates how AI can:

Rapidly explore large scientific search spaces
Prioritize the most promising candidates for laboratory validation
Complement—not replace—the expertise of human scientists

By accelerating early‑stage discovery, this work supports the Genesis Mission’s objective to shorten scientific timelines while preserving rigorous experimental validation.

Modernizing Nuclear Energy Workflows with Idaho National Laboratory

Advanced nuclear energy is a critical component of the nation’s long‑term energy strategy, and the DOE has emphasized the need to modernize processes that support reactor development and deployment.

Microsoft is working with Idaho National Laboratory (INL) to apply AI in a targeted, responsible way to streamline portions of the nuclear licensing and permitting workflow. Preparing the engineering and safety analysis documentation required for regulatory review is labor‑intensive and time‑consuming. Together, Microsoft and INL are exploring how Azure AI can assist by organizing and drafting documentation based on existing technical materials.

Importantly:

AI is used to support document generation, not to perform safety analyses
Human experts remain fully responsible for review, verification, and decision‑making
The solution is designed to align with DOE and Nuclear Regulatory Commission requirements

By reducing administrative burdens, this collaboration helps engineers and scientists focus more of their time on technical innovation—directly supporting the Genesis Mission’s emphasis on accelerating energy innovation while maintaining the highest standards of safety and oversight.

Secure AI Enablement for National Security Science at Sandia National Laboratories

For national security missions, AI adoption must meet stringent requirements for security, governance, and data protection.

At Sandia National Laboratories, Microsoft supported the deployment of a secure, private AI capability built on Microsoft Azure and Azure OpenAI. This solution enables Sandia personnel to use generative AI tools within a tightly controlled environment, ensuring that sensitive, unclassified data remains protected and isolated.

The result is a practical example of how:

Enterprise‑grade AI can be deployed in high‑security government environments
Scientists and staff can gain productivity benefits without compromising data protections
Responsible AI practices can be operationalized at scale

This work aligns directly with the Genesis Mission’s focus on ensuring that AI innovation for science is secure, trustworthy, and mission‑ready.

Investing in Classified Cloud Capabilities for the Nation’s Most Sensitive Missions

Microsoft has made sustained, long-term investments in high security, classified cloud infrastructure to meet the U.S. government’s most stringent security and operational requirements.

Azure Government Secret and Azure Government Top Secret are engineered to meet U.S. government requirements for classified data handling and enable government agencies and national laboratories to adopt cloud and AI technologies for sensitive scientific, energy, and national security missions without compromising security, compliance, or mission assurance.

Azure Government classified clouds ensures that the benefits of modern cloud and AI technologies are available for the full spectrum of government missions—supporting secure collaboration, operational resilience, and trusted innovation in alignment with the Genesis Mission’s objectives. A Responsible Path Forward for AI‑Powered Science

Across materials science, nuclear energy, and national security, Microsoft’s collaborations with the DOE National Laboratories demonstrate a common approach:

AI augments scientific expertise, rather than replacing it
Security, compliance, and governance are foundational, not afterthoughts
Human‑in‑the‑loop workflows remain central to decision‑making
Cloud and AI platforms are designed to scale across institutions and domains

The Genesis Mission represents a new chapter in how the nation conducts science—one where AI is deeply integrated into research workflows to help scientists move faster, collaborate more effectively, and tackle increasingly complex challenges.

Microsoft remains committed to working with the Department of Energy and its National Laboratories to ensure that AI is applied responsibly, securely, and in service of the public mission—supporting American scientific leadership today and for decades to come.

Join the Discussion:

Comment below or reach out to mailto:genesismission@microsoft.com for more information.

Azure Government or Azure Commercial for CJIS 6.0: Choosing Your Compliance Path

Mike Smucny — Fri, 27 Mar 2026 17:37:40 GMT

Since 2014, United States criminal justice agencies have trusted Microsoft Azure Government to manage Criminal Justice Information (CJI). Built exclusively for regulated government data, it provides datacenters with physical, network, and logical isolation and is operated by CJIS-screened U.S. persons—the "gold standard" for compliance.

However, we understand that flexibility is critical for modern agencies. As first announced with the release of CJIS Security Policy (CJISSECPOL) v5.9.1, agencies have the option to utilize Azure Commercial for CJIS workloads by leveraging advanced technical controls in place of traditional personnel screening.

With the release of CJIS Security Policy 6.0, this hybrid landscape has evolved. The new policy moves beyond simple access control toward a "Zero Trust" framework which minimizes implicit trust, verifies all requests, and requires continuous monitoring.

What’s New in CJIS 6.0? The 6.0 update (released late 2024) is a modernization overhaul. Key changes include:

Phishing-Resistant MFA: Strict requirements for FIDO2 or certificate-based authentication for all privileged access.
Continuous Monitoring: A shift from point-in-time audits to real-time threat detection and automated logging.
Supply Chain Risk Management: Enhanced vetting of third-party software and vendors.

The Choice: Azure Government or Azure Commercial: Criminal Justice Agencies can still choose between our two distinct offerings, but the "How" of compliance differs:

Azure Government: The path of personnel screening. Microsoft executes CJIS Management Agreements with state CJIS Systems Agencies that include their screening of Microsoft personnel. This offers the broadest feature set with the simplest compliance burden.
Azure Commercial: The path of technical controls. Because Azure Commercial support staff are not CJIS-screened, compliance relies on an agency implementing Customer Managed Keys (CMK) encryption. This way, Microsoft cannot access unencrypted criminal justice information, effectively removing Microsoft staff from the scope of trust.

Our Commitment Whether you choose the physically secure location of Azure Government or the global scale of Azure Commercial, Microsoft provides the tools—Entra ID, Azure Key Vault, and Microsoft Sentinel—to meet the rigorous demands of CJIS 6.0.

Step-by-Step Walkthrough for CJIS 6.0 in Azure Commercial

Managing CJI in Azure Commercial requires you to bridge the gap between "standard commercial security" and "CJIS compliance" using your own configurations. Because Microsoft Commercial staff are not CJIS-screened, you must ensure they can never see unencrypted data.

Phase 1: Foundation & Residency

Step 1: Restrict Data Residency CJIS 6.0 mandates that CJI must not leave the United States.

Action: Deploy all Azure resources (compute, storage, disks, networking, monitoring, logging, backups, etc.) exclusively in US regions (e.g., East US, West US, Central US).
Policy: Use Azure Policy to deny the creation of resources in non-US regions to prevent accidental drift.

o Documentation: Tutorial: Manage tag governance with Azure Policy (See the concept of "Allowed Locations" built-in policy).

o Documentation: Azure Policy built-in definitions and assignment (Allowed locations)

o Documentation: Details of the "Allowed locations" policy definition.

Phase 2: The "Technical Control" (Encryption)

This is the most critical step for Azure Commercial.

Step 2: Implement Customer Managed Keys (CMK) To meet CJIS requirements in Azure Commercial, which is operated by Microsoft personnel who aren’t CJIS-screened, you must use encryption where you hold the keys, and Microsoft has no access.

Action: Provision Azure Key Vault (Premium) or Managed HSM for FIPS 140-2 Level 2/3 compliance.

o Documentation: About Azure Key Vault Premium and HSMs.

o Documentation: Secure your Azure Managed HSM deployment.

Action: Generate your encryption keys within your HSM or import them from on-premises.

o Documentation: How to generate and transfer HSM-protected keys (BYOK).

Action: Configure Disk Encryption Sets and Storage Account Encryption to use these keys. Do not use the default "Microsoft Managed Key" setting.

o Documentation: Server-side encryption of Azure Disk Storage (CMK).

o Documentation: Configure customer-managed keys for Azure Storage.

o Documentation: Services that support customer-managed keys (CMKs)

Step 3: Client-Side Encryption (For SaaS/PaaS) For data processing, encryption should happen before data reaches Azure.

Action: Ensure applications encrypt CJI at the application layer before writing to databases (SQL Azure, Cosmos DB). This ensures that even a database admin with platform access sees only ciphertext.

Step 3b: Protecting CJI While In Use (Confidential Compute) -

Azure Commercial and Customer Managed Key (CMK) encryption satisfy the requirements of the CJIS Security Policy but customers can choose to add an additional control through a Confidential Computing enclave

CJIS Security Policy 6.0 requires that Criminal Justice Information be protected while at rest, in transit, and in use.
In Azure Commercial, once CJI is decrypted for processing by an application, traditional encryption controls (including CMK) no longer protect the data from platform-level access risks such as memory inspection, diagnostics, or hypervisor operations.
To address this risk, agencies may implement Azure Confidential Computing, which uses hardware-backed Trusted Execution Environments (TEEs) to cryptographically isolate data in memory and prevent access by cloud provider personnel—even at the infrastructure layer.

o Documentation: Always Encrypted for Azure SQL Database.

o Documentation: Client-side encryption for Azure Cosmos DB.

o Documentation: Confidential Computing

o Documentation: Confidential Compute Offerings

Phase 3: Identity & Access (CJIS 6.0 Focus)

Step 4: Phishing-Resistant MFA CJIS 6.0 raises the bar for Multi-Factor Authentication (MFA). SMS and simple push notifications may no longer suffice for privileged roles.

Action: Deploy Microsoft Entra ID (formerly Azure AD).

o Documentation: What is Microsoft Entra ID?.

Action: Enforce FIDO2 security keys (like YubiKeys) or Certificate-Based Authentication (CBA) for all users accessing CJI.

o Documentation: Enable passkeys (FIDO2) for your organization.

o Documentation: How to configure Certificate-Based Authentication in Entra ID.

Phase 4: Continuous Monitoring

Step 5: Unified Audit Logging You must retain audit logs for at least one year (or longer depending on state rules) and review them weekly.

Action: Enable Diagnostic Settings on all CJIS resources to stream logs to an Azure Log Analytics Workspace.

o Documentation: Create diagnostic settings in Azure Monitor.

Action: Deploy Microsoft Sentinel on top of Log Analytics.

o Documentation: Quickstart: Onboard Microsoft Sentinel.

Action: Configure Sentinel analytic rules to detect anomalies (e.g., "Mass download of CJI," "Access from foreign IP").

o Documentation: Detect threats out-of-the-box with Sentinel analytics rules.

Phase 5: Endpoint & Mobile

Step 6: Mobile Device Management (MDM) If CJI is accessed on mobile devices (MDTs, tablets), CJIS 6.0 requires remote wipe and encryption capability.

Action: Enroll devices in Microsoft Intune.

o Documentation: Enroll Windows devices in Intune.

o Documentation: Enroll iOS/iPadOS devices in Intune.

Action: Create a Compliance Policy requiring BitLocker/FileVault encryption and complex PINs.

o Documentation: Create a compliance policy in Microsoft Intune.

o Documentation: Manage BitLocker policy for Windows devices with Intune.

Action: Configure "App Protection Policies" to ensure CJI cannot be copied/pasted into unmanaged apps (like personal email).

o Documentation: App protection policies overview.

Phase 6: Personnel & Documentation

Step 7: Update your SEIP/SSP Since you are using Azure Commercial, your System Security Plan (SSP) must explicitly state that you are using encryption as the compensating control for the lack of vendor personnel screening.

Action: Document the CMK architecture in your CJIS audit packet.
Action: Ensure your agency's "CJI Administrators" (who manage the Azure keys) have met the policy’s personnel screening requirements

o Documentation: Microsoft CJIS Audit Scope & Personnel Screening (Reference).

From SOP Overload to Simple Answers: Building Q&A Agents With SharePoint Online + Agent Builder

jay_leask — Thu, 29 Jan 2026 21:01:27 GMT

Turning SOPs Into Simple Q&A Agents is possibly one of the fastest wins for public‑sector teams. Take the SOPs and guidance you already have, upload them to SharePoint Online (what's that? they're already there? I know!). Then, create an agent using nothing but descriptive natural language. No code. No connectors. No fuss. (Disclaimer: these claims are the author's personal boasts, not all use cases or requirements will match this example and therefore these statements are not legally binding 🤣)

Employees can then ask natural‑language questions such as:

What are the steps for the annual review process?
Do I need an attachment for a proposal amendment?
How do I request parental leave?

The agent reads the SOPs, process manuals, and guidance documents and returns clear, plain‑language answers grounded in official policy. (see Marketing Review Agent example below)

No workflow building.

No complex setup.

Just natural language in, natural language out.

Using the Marketing Review Agent to approve this blog post

As a Microsoft employee, on this blog, I have to get approval when publishing content about our products. This process requires human intervention and multiple reviews: Draft the article, submit it to Legal, wait for someone's workload to clear so they can review it, receive feedback, make changes, submit again.

But the documentation is there. Dozens of word documents and PDFs that say what I can post, what I can't post, when I need to get review, when I need approval from customers. Over and over, this process must be followed exactly and without fail. By people who simply don't have the energy to be as careful as we should in the review of the policies.

Microsoft's Marketing Review Agent removes any potential bottlenecks. For example, I wrote this blog at 2:30am, submitted it to the Marketing Review Agent at 2:47, and was editing it at 2:52. Not even one day to turn around the edits and publish the blog post, in what could possibly have taken weeks.

This is an actual screenshot from the Marketing Review Agent's feedback on this very blog post

Compliance documents, stored in SharePoint, are the sole source of truth for the agent, and plain language instructions ensure each time the agent evaluates a blog it does so exactly the same way - over and over and over ... was there a policy change? Marketing simply updates the knowledge sources, the agent immediately applies the change to the next review it makes.

New social media types?

New instructions?

New NDA policies?

New human intervention requirements?

Thousands of employees have the opportunity to take advantage of this agent without having to know the policies.

Disclaimer: AI assists but does not replace compliance officers or legal determination processes. The Marketing Review Agent ensures timely delivery of content for public consumption, but also recognizes some situations require human intervention. End users are ultimately responsible for the results of AI generated content, as that content may be inaccurate - I know this because the Marketing Review Agent told me, multiple

The structure of the review comes from the agent’s natural language instructions, ensuring every submitted draft receives the same consistent, policy‑aligned review—without the author crafting prompts.

This same pattern applies across government scenarios - simply provide your SOPs as knowledge to an agent and ease the burden of human intervention, giving employees the ability to run their first pass on these type of scenarios:

Proposal compliance
HR guidance updates
Program office communications
Grant compliance

Requirements and features may vary, but anywhere teams need a consistent, repeatable check against policy, this agent pattern may fit.

Join Us in Arlington

We’re hosting the M365 Copilot Agent‑a‑thon in Arlington February 26, an interactive event for public‑sector teams.

You’ll get hands on with M365 copilot and learn to:

Build agents using natural language
Connect them to SOPs, policies, and guidance in SharePoint Online
Create Q&A and document‑review agents
Learn best practices for accuracy and governance

If your organization is buried in SOPs and process documents, this is the fastest way to turn them into service agents your workforce can actually use.

Upcoming M365 Copilot Government Roadshow Dates

Abby_Quinn — Wed, 28 Jan 2026 16:21:14 GMT

There’s never been a more exciting time to explore what Microsoft 365 Copilot and agentic AI can do for your organization. To help you build momentum, sharpen skills, and accelerate real adoption, we’re rolling out a series of immersive, hands‑on experiences across multiple cities. These sessions are designed to help teams move beyond the basics and start building high‑impact solutions that transform the way they work.

Below is an overview of three upcoming events—each offering deep technical learning, practical exercises, and direct guidance from Microsoft experts. Choose the session and location that best aligns with your goals and join us for an experience that will elevate your Copilot journey.

February 24, 2026 — Malvern, PA

M365 Copilot Prompt‑a‑thon

Register here

The Malvern Prompt‑a‑thon is an in‑depth, hands‑on exploration of how to write high‑quality prompts that drive meaningful results with M365 Copilot. This workshop is ideal for business users in any department, technical roles, and leaders seeking to develop repeatable prompting practices that elevate productivity across their teams.

During the session, attendees will:

Work through real business scenarios using Microsoft 365 Copilot across apps like Word, Excel, Teams, and Outlook.
Learn the underlying structure of effective prompts, including clarity, sequencing, grounding, and constraints.
Experiment with advanced techniques such as role prompting, iterative refinement, and context‑building strategies.
Compare and analyze sample prompts to understand what improves—or diminishes—Copilot’s output.
Receive hands‑on coaching from Microsoft Cloud Solution Architects and specialists.

Participants will leave with a library of reusable prompt patterns, a clearer understanding of Copilot capabilities, and the confidence to train and influence their own business units. Seats are limited to ensure an interactive workshop environment.

February 26, 2026 — Arlington, VA

Agent‑a‑thon

Register here

The Arlington Agent‑a‑thon focuses on the next phase of Copilot maturity: building agentic AI solutions. This session is designed for teams looking to go beyond prompts and begin assembling automated workflows, custom copilots, and intelligent agents using Microsoft’s latest development tooling.

Throughout the event, participants will:

Explore the fundamentals of agentic AI and how agents differ from traditional automation or prompting.
Learn how to design AI agents that can reason, execute tasks, integrate with enterprise data, and coordinate across systems.
Use Microsoft’s newest frameworks and tooling to build functional agents—no advanced coding experience required.
Work hands‑on with Copilot Studio, connectors, actions, and orchestration patterns.
Review best practices for security, governance, and responsible AI when deploying agentic solutions at scale.
Develop a roadmap that identifies practical, high‑impact agent opportunities within their own organizations.

By the end of the session, attendees will have built real working agent prototypes and will understand how to expand these solutions into production‑ready assets across their digital estate.

March 4, 2026 — Chicago, IL

M365 Copilot Prompt‑a‑thon

Register here

The Chicago event offers an expanded, immersive Prompt‑a-thon experience tailored for organizations looking to advance both prompting skills and agentic Copilot solutions. Taking place in downtown Chicago, this full‑day session blends hands‑on labs, collaborative challenges, and expert‑led instruction.

Participants can expect to:

Build prompts for real‑world workflows across Microsoft 365 apps, including synthesis, data analysis, content generation, and decision support.
Work through guided labs that highlight best practices for grounding Copilot with reliable enterprise data.
Learn how prompting and agentic patterns intersect—moving from single‑step prompts to multi‑step autonomous workflows.
Participate in a team‑based challenge designed to simulate cross‑functional AI solution development.
Engage directly with Microsoft AI engineers, architects, and product specialists.
Compare approaches with peer organizations and share adoption strategies, governance lessons, and value‑tracking methods.

This session is ideal for organizations looking to accelerate Copilot adoption through structured hands‑on experience, cross‑team collaboration, and practical solution building. Seating is intentionally limited to maintain a workshop‑driven format.

M365 Copilot Agent-a-thon Coming to Arlington, VA

Abby_Quinn — Wed, 21 Jan 2026 20:05:54 GMT

Join Us In-Person on February 26, 2026 – Arlington, VA

Ready to boost your productivity, streamline mission workflows, and get hands-on with the latest in Microsoft 365 AI? We’re excited to invite government employees to an immersive, in-person Agentathon at the Washington DC Microsoft Innovation Hub on Thursday, February 26, 2026, from 9:00 AM to 4:00 PM (EST).

This highly interactive event is designed specifically to help government teams unlock the potential of agents in Microsoft 365 Copilot (GCCaligned)—and transform real mission work into repeatable, instruction-driven assistance.

Register now — space is very limited!

Why You Should Attend

Modern government work demands more agility, smarter processes, and tools that help teams stay ahead of mission needs. This session focuses on exactly that—personal productivity agents built within Microsoft 365 that connect your natural language instructions with your organization’s existing data.

You’ll walk away with clarity on:

When to use M365 Copilot vs. agents

How to design instruction-driven agents

How to turn common workflows into repeatable AI powered patterns

What capabilities exist today in GCC, GCC High, and DoD—plus what’s coming next

Our Microsoft experts and coaches will guide you every step of the way.

What You’ll Do

Collaborate with Government Peers & Microsoft Experts

Work together to explore agent concepts, compare approaches, and hone instruction patterns using government-aligned Microsoft 365 capabilities.

Hands-On Agent Building

Draft agent instructions, validate inputs, define success measures, and refine solutions through real-world scenario-focused exercises.

Interactive Learning & Real Examples

See how agents fit across Microsoft 365, how they extend personal productivity, and how to map mission workflows into AI-driven guidance.

Breakout Sessions

Small-group coaching sessions help you sharpen your scenario, simplify your design, and accelerate your build.

What You’ll Learn

What to use when: Make clear decisions on when M365 Copilot fits your need—and when an agent is the stronger choice.

Personal Productivity Agent Design: Learn how natural language + your Microsoft 365 data = faster, more consistent work.

Cross Agency Best Practices: Share designs, trade insights, and take home reusable patterns you can apply immediately in your environment.

This is your opportunity to level up your AI expertise—at no additional cost.

Agenda Snapshot

09:00 – 09:30 Arrival & Networking
09:30 – 10:00 State of AI in Government
10:00 – 10:45 Agents in Microsoft 365: What They Are + What to Use When
10:45 – 12:00 Breakouts: Scenario Selection + Instruction Patterns
12:00 – 01:00 Lunch & Build Sprint
01:00 – 02:30 Breakouts: Build, Refine & Test
02:30 – 02:45 Break
02:45 – 03:45 Share Out: Your Agent + Reusable Patterns
03:45 – 04:00 Wrap-Up & Next Steps

Location

Microsoft Innovation Hub – Washington, D.C.
1300 Wilson Blvd, 14th Floor
Arlington, VA 22209

Important Notes

Registration is processed first come, first served.

Due to limited capacity (~30 participants), you’ll be automatically waitlisted upon registration. A confirmation email will follow within a few business days.

All participants must adhere to the Microsoft Event Code of Conduct:
https://www.microsoft.com/en-us/events/codeofconduct?rtc=1

Government employees should confirm participation complies with applicable organizational policies and laws.

Secure Your Spot Today

Don’t miss this opportunity to supercharge your personal productivity and learn how Microsoft 365 Copilot and agent capabilities can accelerate the mission each day.
Seats are limited—register now to save your place!

Where is the Teams Pay-As-You-Go Calling Plan for GCC Tenant License

ksalvail — Fri, 09 Jan 2026 21:08:17 GMT

Currently we are using Direct Routing for Teams calling and want to transition to a Teams pay-as-you-go (PAYG) calling plan for GCC license. Unfortunately, direct purchase through Microsoft 365 Admin Center "Microsoft Online Subscription Agreement" (MOSA) billing account is not available; and the license does not appear on our reseller "Microsoft Customer Agreement" (MCA) billing account price list. Microsoft’s Modern Work FAQ – Microsoft Teams (https://www.microsoft.com/licensing/docs/documents/download/Modern%20Work%20FAQ_Microsoft%20Teams_July2024.pdf) (last updated July 29, 2024), item 103 states pay-as-you-go calling plan is available for GCC.

Has anyone successfully purchased a Teams PAYG calling plan for GCC license since the implementation of the new Microsoft billing experience?

rss.livelink.threads-in-node

Architecture Risk Brief: Silent Data Integrity Failures in Distributed Criminal Justice Systems

B2B SPO: GCCH tenant members as guests on commercial Entra

Strengthening Microsoft 365 and Copilot in Government Clouds with In-Product User Feedback

Feedback Options for Government Clouds

Value for Tenant Admins and IT Leaders

How Microsoft Uses Feedback from Government Clouds

Get Started Today

From Fragmentation to Resilience: Why Next Gen “Whole of State” Is Future of Pub Sec Cybersecurity

Why “Whole of State” Matters Now

Cybersecurity as Critical Infrastructure

Workforce Development Is a Security Imperative

Microsoft’s Role: Thought Leadership at Scale

Looking Ahead

Join the Conversation

Continuing our momentum: Expanding Microsoft 365 Copilot capabilities across U.S. Government clouds

Agentic experiences, built for U.S. Government clouds

What else is new this quarter

Moving forward

Microsoft 365 Copilot Prompt a thon for Government is Coming to Ft. Lauderdale

What You’ll Experience

Who Should Attend

Join Us in Florida

Register HERE

Built on Trust: Microsoft’s Commitment to FedRAMP High and Federal Cloud Security

Why FedRAMP High Authorization Matters

Office 365 GCC High Authorization Process

FedRAMP 20x

Unlock the Power of M365 Copilot: Government Prompt-a-thon Comes to Charlotte, NC

What Is a M365 Copilot Prompt‑a‑thon?

Why This Event Matters for Government

What You’ll Gain From Attending

Who Should Attend?

Why Attend In Person in Charlotte?

Reserve Your Spot

Microsoft 365 Copilot Prompt-a-thon for Government Comes to Boston

What You’ll Experience

Who Should Attend

Join Us in Boston

Don't Miss the Agent-a-thon Coming to Arlington, Virginia April 22!

Don’t Just Hear About AI at Work — Experience It

Register now for the upcoming Microsoft 365 Copilot Agent-a-thon in Arlington, Virginia

Why this event matters (and why now)

What you can expect

Who should attend

The biggest takeaway: confidence

Seats fill. Momentum matters. Register now.

ITAR Compliance in the Microsoft Cloud: Navigating GCC, Azure Commercial, and Azure Government

Why ITAR Compliance Matters in the Cloud

Understanding ITAR: Core Requirements

There Is No ITAR Certification

Microsoft Cloud Environments: Where Does ITAR Fit?

Microsoft 365 GCC

Can Compensating Controls Make GCC Viable for ITAR? A Risk-Based Decision

Azure Commercial

Data Residency in Azure Commercial

The Encryption Carve-Out

Azure Government

Microsoft 365 GCC High and DoD

Comparing the Environments at a Glance

Capability

GCC

Azure Commercial

Azure Government

GCC High / DoD

ITAR Contract Language

Data Residency (CONUS)

Compliance Boundary

Personnel Screening (US Persons)

Physical/Logical Isolation

FIPS 140 Encryption

Customer Managed Keys (CMK)

Customer Lockbox

FedRAMP Authorization

ITAR-Capable

Shared Responsibility: Your Role in ITAR Compliance

Action Plan for Getting Started

Conclusion

Sunderland City Profile: Frontier transformation in practice

A digital backbone built for outcomes, not optics