Office 365 [PLACEHOLDER] Service Description

Office 365 [PLACEHOLDER] Service

Description

Applies to: Office 365 [PLACEHOLDER]

Topic Last Modified: 22-Apr-2016

In response to the unique and evolving requirements of the United States federal government and its

defense agencies and contractors, Microsoft has created Office 365 [PLACEHOLDER] for qualified

government entities and customers. This document provides an overview of features that are specific to

Microsoft Office 365 [PLACEHOLDER]. It is recommended that you read this supplementary document

alongside the general Office 365 Service Descriptions.

About Office 365 [PLACEHOLDER]

Office 365 [PLACEHOLDER] E1 and E3 subscription plans are available to qualified entities that meet one

or more of the following criteria:

?

US Federal Government entities requiring certification of cloud services in accordance with

DoD Cloud Computing Security Requirements Guide (SRG) for information up to Impact Level

5 (L5).

?

US Government entities comprised of Federal Government, State & Local Government, and

Federally Recognized Indian Tribal Government requiring certification of cloud services in

accordance with the Federal Risk and Authorization Management Program (FedRAMP

Moderate).

?

US Government contractors who hold US Government Controlled data. Controlled data types

include ITAR, NCUI, and CUI.

In addition to the features and capabilities of Office 365, your organization benefits from the following

features:

?

Your organization¡¯s customer data is logically and/or physically segregated from commercial

Office 365 customer content.

?

Your organization¡¯s customer data is stored at rest within the continental United States.

Office 365 [PLACEHOLDER] Service Description

? 2016 Microsoft Corporation. All rights reserved.

Page 1 of 6

?

Customer data in transit within Office 365 [PLACEHOLDER] is contained within the continental

United States.

?

Access to your organization¡¯s customer data is restricted to select Microsoft personnel who

have successfully passed additional screening and qualifications

?

Office 365 [PLACEHOLDER] complies with and maintains certifications and accreditations that

are required for U.S. Federal and Department of Defense agencies.

Office 365 [PLACEHOLDER] compliance commitments

Office 365 [PLACEHOLDER] is committed to meeting the compliance requirements for the following

certifications and accreditations:

?

The Federal Risk and Authorization Management Program at a Moderate baseline (FedRAMP

Moderate), including those security controls and control enhancements as outlined in the

National Institute of Standards and Technology (NIST) Special Publication 800-53.

?

The security controls and control enhancements for United States Department of Defense Cloud

Computing Security Requirements Guide (SRG) for information up to Impact Level 5 (L5)

?

Office 365 [PLACEHOLDER] services may be provided from an environment that satisfies the

Location and Separation Requirements as outlined in SRG Impact Level 5.

Restricted data access by administrators

Access to Office 365 [PLACEHOLDER] customer data by Microsoft personnel is restricted to personnel who

are U.S. citizens in accordance with U.S. International Traffic in Arms Regulations. In addition, all Microsoft

personnel who have access to customer data that are hosted in Office 365 [PLACEHOLDER] environments

must successfully complete the background checks and screenings as described in the following table:

Microsoft Personnel

Screening and Background Checks

Description

U.S. Citizenship

Verification of U.S. citizenship.

Employment History Check

Verification of seven (7) year employment history.

Education Verification

Verification of highest degree attained.

Office 365 [PLACEHOLDER] Service Description

? 2016 Microsoft Corporation. All rights reserved.

Page 2 of 6

Social Security Number (SSN) Search

Verification that the provided SSN is valid.

Criminal History Check

A seven (7) year criminal record check for felony and

misdemeanor offenses at the state, county, and local level and

at the federal level.

Office of Foreign Assets Control List (OFAC)

Validation against the Department of Treasury list of groups

with whom U.S. persons are not allowed to engage in trade or

financial transactions.

Bureau of Industry and Security List (BIS)

Validation against the Department of Commerce list of

individuals and entities barred from engaging in export

activities.

Office of Defense Trade Controls Debarred

Persons List (DDTC)

Validation against the Department of State list of individuals

and entities barred from engaging in export activities related

to the defense industry.

Fingerprinting Check

Fingerprint background check against FBI databases.

U.S. Department of Defense Background

Screening

National Agency Check with Local Agency Check and Credit

Check (NAC-LC) background investigation.

Selected background checks will be repeated on a recurring basis for Microsoft personnel that have

access to customer data.

Office 365 [PLACEHOLDER] and Azure dependencies

Office 365 provides several services through integration with Microsoft Azure services. For any features

that involve the storage, processing, or transmission of customer content in Azure systems, Office 365

[PLACEHOLDER] uses Azure U.S. Government services to ensure alignment of compliance and data

protection commitments. Note that new Office 365 [PLACEHOLDER] features may release to Office 365

Commercial first based on availability of Azure Commercial service dependencies.

For more information on Azure¡¯s U.S. Government service offerings and their compliance commitments,

please visit the Microsoft Trust Center online at .

Office 365 [PLACEHOLDER] Service Description

? 2016 Microsoft Corporation. All rights reserved.

Page 3 of 6

Office 365 [PLACEHOLDER] and SRG L5-eligible

customer considerations

Customers meeting the eligibility requirements for SRG Impact Level 5 may have Office 365

[PLACEHOLDER] services provided from an environment that satisfies the Location and Separation

Requirements as outlined in the Department of Defense Cloud Computing Security Requirements Guide

for Impact Level 5

Office 365 features not available in Office 365

[PLACEHOLDER]

Office 365 [PLACEHOLDER] includes the core Exchange Online, Exchange Online Protection, SharePoint

Online, and Skype for Business features. Given the increased certification and accreditation commitments

of Office 365 [PLACEHOLDER], some features that are available in the general commercial Office 365

offerings are not available:

?

Delve

?

Information Rights Management1

?

Office 365 Planner

?

Office 365 Video

?

Mobile Device Management (MDM)

?

Power BI

?

Sway

?

Unified Compliance Center

?

Yammer

Office 365 [PLACEHOLDER] feature differences

Information Rights Management using Azure Rights Management Services is not available. Exchange Online can use

on-premises Active Directory Rights Management Services for Integrated Rights Management functionality.

1

Office 365 [PLACEHOLDER] Service Description

? 2016 Microsoft Corporation. All rights reserved.

Page 4 of 6

Office 365 [PLACEHOLDER] includes the core Exchange Online, SharePoint Online, and Skype for Business

features. Given the increased certification and accreditation of the Office 365 [PLACEHOLDER] service,

there are some feature differences between the general commercial Office 365 offerings and those

available in Office 365 [PLACEHOLDER].

Exchange Online

Exchange Online Unified Messaging Support for On-Premises IP-PBX ¨C Support for integrating onpremises IP-PBX systems with Exchange Online Unified Messaging is not supported in Office 365

[PLACEHOLDER].

SharePoint Online

External Sharing: External Access / Guest Link: Any user-initiated invitations to people outside of your

organization will be restricted to the system security boundary for your cloud services and to any mail

routing restrictions in your environment; tenant administrators can set the appropriate restrictions via

administrative actions.

External Application Access: Connections to external applications such as data sources for Add-Ins are

limited to sources that are located within the system security boundaries supported by Office 365

[PLACEHOLDER]

Business Connectivity Services ¨C BCS functionality is supported for connectivity scenarios where the

data sources remain reachable within the security boundary for your cloud service.

Sandbox Solutions ¨C This feature has been deprecated is not available in Office 365 [PLACEHOLDER]. Any

sandboxed solutions should be migrated to the SharePoint Add-In extensibility model

.

Skype for Business Online

PSTN Calling & PSTN Conferencing ¨C Due to the requirement to utilize the Public Switched Telephone

Network (PSTN) for telephony-oriented services, PSTN Calling & PSTN Conferencing services are currently

not available in Office 365 [PLACEHOLDER].

Office 365 [PLACEHOLDER] Service Description

? 2016 Microsoft Corporation. All rights reserved.

Page 5 of 6

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download