Hello again. It’s been too long since I made a post. But before I make any new posts, I want to migrate some of the better posts I did on TechNet Blogs. Most of them were migrated here. However a few seemed to not make it over. Regardless, I want to move the more relevant ones all over to WordPress since I did back them up.

This blog was a collection of Azure Government related resources for those that may work in the Government space in any capacity. It probably may need some updates. But I hope to get to those later this year. Here is the TechNet post. I hope these links are useful to you.

Microsoft Azure Government

Security and Compliance

Identity Considerations

  • Planning Identity for Azure Government This is a very important consideration in your planning!  In Azure Commercial (public), which is entirely separate from Azure Government, it has its own Azure Active Directory (AD).  In Azure Government, likewise it has an entirely separate instance of Azure AD from the Commercial space.  This becomes very important in considering authentication to applications like Office 365, which also can be in the Commercial or government space, which we’ll highlight in the section below.
  • Channel 9: Identity on Azure Government – get a great overview of all of the options for Identity in Azure Government.

Choosing your identity authority

Azure Government applications can use Azure AD Government identities, but can you use Azure AD Public identities to authenticate to an application hosted in Azure Government? Yes! Since you can use either identity authority, you need to choose which to use:

  • Azure AD Public – Commonly used if your organization already has an Azure AD Public tenant to support Office 365 (Public or GCC) or another application.
  • Azure AD Government – Commonly used if your organization already has an Azure AD Government tenant to support Office 365 (GCC High or DoD) or are creating a new tenant in Azure AD Government.

Once decided, the special consideration is where you perform your app registration. If you choose Azure AD Public identities for your Azure Government application, you must register the application in your Azure AD Public tenant. Otherwise, if you perform the app registration in the directory the subscription trusts (Azure Government) the intended set of users cannot authenticate.

The other consideration is the identity authority URL. You need the correct URL based on your chosen authority:

  • Azure AD Public = login.microsoftonline.com
    Azure AD Government = login.microsoftonline.us

Azure Government Videos

External Related Documentation

Office 365 Government Community Cloud (GCC)

This is where your Identity information is important to know.  Did you read that section above?  Remember the mention about two different instances of Azure AD? The public or commercial cloud has a distinct and separate instance of Azure AD from  Microsoft Government.

The part that gets tricky is that although we have two different flavors of O365 GCC i.e. government, the two versions do not use the same Azure AD as Azure Government uses. Below are the two versions as documented  here.

  • The Office 365 GCC environment provides compliance with Federal requirements for cloud services, including FedRAMP Moderate, and requirements for criminal justice and federal tax information systems (CJI and FTI data types).
  • The Office 365 GCC High and DoD environments deliver compliance with Department of Defense Security Requirements Guidelines, Defense Federal Acquisition Regulations Supplement (DFARS), and International Traffic in Arms Regulations (ITAR).

The point above is the Office 365 GCC uses the same Azure AD as the Commercial or public space of Azure, while Office 365 GCC High, uses the same Azure AD as Microsoft Azure Government.

More O365 GCC Resources

Tags Azure government

From <https://blogs.technet.microsoft.com/tangent_thoughts/2017/11/02/azure-government-resources-aka-msazuregov/>

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s