What is Microsoft 365 GCC High?
Office 365 US Government Community (GCC High) is a version of Microsoft Microsoft 365 intended for use by US defense contractors.
In addition to the range of standard services and features included in Microsoft 365, this offering also provides a number of features intended to directly support the work that defense contractors and contractors undertake.
These additional features are based on compliance accreditations, personnel screening, and data residency, all of which can better meet the needs of US Government citizens,
often better than outdated legacy equipment.

Microsoft 365 Government (GCC High) + Azure Government
Commercial | M365 "GCC" | M365 "GCC High" | M365 "DoD" | |
---|---|---|---|---|
Customer Eligibility | Any Customer | Federal, SLG, Tribes, DIB | Federal, DIB | DoD Only |
Datacenter Locations | US & OCUNUS | CONUS Only | CONUS Only | CONUS Only |
FedRAMP* | High | High | High | High |
DFARS252.204-7012 | No | Yes | Yes | Yes |
FCI + CMMC L1-2 | Yes | Yes | Yes | Yes |
CUI / CDI + CMMC L3-5 | No | Yes^ | Yes | Yes |
ITAR / EAR | No | No | Yes | Yes |
Do CC SRG Level ** | N/A | IL2 | IL4 | IL5 |
NIST SP 800-53 / 171 *** | Yes | Yes | Yes | Yes |
CIS Agreement | No | State | Federal | No |
NERC / FERC | Yes^ | Yes | Yes | |
Customer Support | Worldwide / Commercial Personnel | US-Based / Restricted Personnel | ||
Director / Network | Azure Commercial | Azure Government | ||
US Sovereign Cloud |
Supports Accreditation
at noted impact level
PA Issued for DoD Only
Values (ODv’s) Will Vary
According to the Microsoft Trust Center Compliance page, each of these services, applications, and features offered in Microsoft 365 GCC High must meet the compliance requirements. Using Microsoft 365 GCC High will keep you compliant with:
- FedRAMP
- DFARS 252.204-7012
- FCI+ CMMC L1-2
- CUI / CDI+ CMMC L3-5
- ITAR/EAR
- DoD CC SRG Level
- NIST SP 800-53/171
- CJIS Agreement
- NERC/FERC
It’s important to note that Microsoft offers a range of programs related to these areas, including GCC, GCC High and DoD, which include different features and capabilities.
Furthermore, as a cloud platform, Microsoft 365 GCC High also supports US Department of Defense Cloud Computing Security Requirements Guide for Level 2 (Non-Controlled Unclassified Information) systems. Your data centers and customer support will be restricted to the US, and your directory and network will be secured via Microsoft Azure Government.
It’s important to note that there are incentives in terms of compliance along with fines and penalties for noncompliance. The US government is currently exploring ways in which to incentive contractors to gain CMMC 2.0 compliance, which could further benefit your firm.
The fact is that, as compliance becomes more demanding and business technology continues to advance, defense contractors need to think more strategically about the tools they rely on.
![]() |
||||
Microsoft 365 Enterprise |
Microsoft 365 Government |
|||
![]() |
Office 365 |
Office 365 ‘GCC’ |
Office 365 ‘GCC High’ |
Office 365 ‘DoD’ |
![]() |
Azure ‘Commercial’ |
Azure ‘Government’ |
Defense Contractors Are Falling Behind…
Just like any conventional business, defense contractors can benefit from harnessing modern technology. Despite strict compliance regulations and closely monitored budgets, governments tend to be expected to deliver effective and timely services.
Unfortunately, one of the biggest obstacles to this is the widespread use of legacy and outdated technology in the defense industry. It’s clear, then, that in at least a few cases, defense contractors and contractors could do to update their IT.
Unfortunately, that’s easier said than done…

3 Obstacles To Modernizing Defense Industry IT
Data stored and accessed by defense contractors have to be kept secure and
backed up all of which is regulated by a range of compliance systems, including:
- FedRAMP
- DFARS 252.204-7012
- FCI+ CMMC L1-2
- CUI / CDI+ CMMC L3-5
- ITAR/EAR
- DoD CC SRG
- NIST SP 800-53/171
- CJIS
- NERC/FERC
These systems continue to evolve, and present complex problems for firms that
want to avoid fines while continuing their operations.
Ideally, any government agency or contractor could invest in an entirely new IT system and hardware refresh—but that’s not often the reality. Paying for these
types of upgrades can often be too expensive for these organizations to include
in their budget.
If responsible for delivering vital services, an agency or contractor can’t
necessarily afford to undergo extended downtime while a system-wide
migration takes place.
At best, migrations need to be managed during the evening or weekends
when offices are closed, but hiring technicians to install and deploy new
hardware and software during these hours can be more expensive.
All of this is to say that upgrading an extremely outdated IT system in use
by a contractor is easier said than done. However, if you find yourself in a
situation like this, there is a potential solution available to you: Microsoft
365 GCC High.

Can You Migrate Directly From Microsoft 365
To Microsoft 365 GCC High?
No—if you are an existing Microsoft 365 customer, you cannot simply migrate from that
plan to a Government GCC High plan.
In order to implement the correct controls and standards, Microsoft 365 GCC High must be
set up in that way from the beginning. That means you’d have to arrange for an entirely
new installation and deployment process.
Allow HRCT to help…
We Will Handle Your Microsoft 365 GCC
High Migration
It’s possible to handle a migration of this scale on your own—but it won’t be easy. As you can see, there’s a lot to consider, and this doesn’t even take into account the time and money you would spend on handling the process independently.
It’s much wiser to simply enlist the assistance of an IT company like HRCT. We will be able to offer the experience and skills necessary to manage the migration end to end and avoid the common pitfalls.
HRCT offers Microsoft 365 support geared to address the needs of today’s businesses. Our Microsoft 365 solutions are based on a tailored approach to workflow, ensuring that you have the correct version, setup, and integration of Microsoft 365.
When additional support is needed, our team of IT specialists is able to provide troubleshooting assistance or strategic advice—enabling clients to leverage the power of Microsoft 365 to their benefit.


Microsoft 365 GCC High & CMMC 2.0
The Department of Defense has recently published CMMC 2.0, an updated program resulting from the completion of an internal program assessment led by senior leaders across the Department.
As explained in the DoD’s new CMMC program overview and implementation overview, contractors like you now have more time to consider their CMMC strategy.
In order to ensure your Microsoft 365 GCC High configuration is properly compliant, we can perform a thorough assessment of your systems, then prepare the security system plan SSP and plan of action and milestones POAM.

Harness Microsoft 365 GCC
HRCT has extensive experience supporting cloud applications for US government
contractors. Talk to us today about the deployment of Microsoft’s Government
Community Cloud solutions.