Office 36t
Important
Description Office 365 allows you to access Microsoft Word, Excel, PowerPoint, OneNote, OneDrive, Teams and Outlook from any device, anywhere. UCSF's Office 365 tenant is HIPAA-compliant and all files containing PHI are encrypted. Log in to Office 365 at office.ucsf.edu. Use Google Chrome for. Microsoft offers donated and discounted products for eligible nonprofit organizations, including cloud services like Office 365, Azure and Dynamics 365, Surface hardware, and on-premises software. Local Microsoft offices also regularly hold training events to help nonprofits better use technology and learn how technology can deepen the impact. After connecting Office 365, you will see data from a week back including any third-party applications connected to Office 365 that are pulling APIs. For third-party apps that weren't pulling APIs prior to connection, you see events from the moment you connect Office 365 because Cloud App Security turns on any APIs that had been off by default.
The improved Microsoft 365 security center is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. Learn what's new.
Important
Microsoft Defender for Office 365 evaluation is in public preview. This preview version is provided without a service level agreement. Certain features might not be supported or might have constrained capabilities.
Conducting a thorough security product evaluation can help give you informed decisions on upgrades and purchases. It helps to try out the security product's capabilities to assess how it can help your security operations team in their daily tasks.
The Microsoft Defender for Office 365 evaluation experience is designed to eliminate the complexities of device and environment configuration so that you can focus on evaluating the capabilities of Microsoft Defender for Office 365. With evaluation mode, all messages sent to Exchange Online mailboxes can be evaluated without pointing MX records to Microsoft. The feature only applies to email protection and not to Office Clients like Word, SharePoint, or Teams.
If you don't already have a license that supports Microsoft Defender for Office 365, you can start a free 30-day evaluation and test the capabilities in the Office 365 Security & Compliance center (https://protection.office.com/homepage). You'll enjoy the quick set-up and you can easily turn it off if necessary.
Note
If you're in the unified Microsoft 365 security portal (security.microsoft.com) you can start a Defender for Office 365 evaluation here: Email & Collaboration > Policies & Rules > Threat Policies > Additional Policies.
How the evaluation works
Defender for Office 365 in evaluation mode creates Defender for Office 365 email policies that log verdicts, such as malware, but don't act on messages. You are not required to change your MX record configuration.
With evaluation mode, Safe Attachments, Safe Links, and mailbox intelligence based impersonation policies are set up on your behalf. All Defender for Office 365 policies are created in non-enforcement mode in the background and are not visible to you.
As part of the setup, evaluation mode also configures Enhanced Filtering for Connectors. It improves filtering accuracy by preserving IP address and sender information, which are otherwise lost when mail passes through an email security gateway (ESG) in front of Defender for Office 365. Enhanced Filtering for Connectors also improves the filtering accuracy for your existing Exchange Online Protection (EOP) anti-spam and anti-phishing policies.
Enabled Enhanced Filtering for Connectors improves filtering accuracy but may alter deliverability for certain messages if you have an ESG in front of Defender for Office 365, and currently do not bypass EOP filtering. The impact is limited to EOP policies; MDO policies setup as part of the evaluation are created in non-enforcement mode. To minimize potential production impact, you can bypass all EOP filtering by creating a transport rule to set the Spam Confidence Level (SCL) to -1. See Use the EAC to create a mail flow rule that sets the SCL of a message for details.
When the evaluation mode is set up, you will have a report updated daily with up to 90 days of data quantifying the messages that would have been blocked if the policies were implemented (for example, delete, send to junk, quarantine). Reports are generated for all Defender for Office 365 and EOP detections. They are aggregated per detection technology (for example, impersonation) and can be filtered by time range. Additionally, message reports can be created on-demand to create custom pivots or to deep dive messages using Threat Explorer.
With the simplified set-up experience, you can focus on:
- Running the evaluation
- Getting a detailed report
- Analyzing the report for action
- Presenting the evaluation outcome
Before you begin
Licensing
To access the evaluation, you'll need to meet the licensing requirements. Any of the following licenses will work:
- Microsoft Defender for Office 365 Plan 1
- Microsoft Defender for Office 365 Plan 2
- Microsoft 365 E5, Microsoft 365 E5 Security
- Office 365 E5
If you don't have one of those licenses, then you'll need to obtain a trial license.
Trial
To obtain a trial license for Microsoft Defender for Office 365, you need to have the Billing admin role or Global admin role. Request permission from someone that has the Global admin role. Learn about subscriptions and licenses
Once you have the proper role, the recommended path is to obtain a trial license for Microsoft Defender for Office 365 (Plan 2) in the Microsoft 365 admin center by going to Billing > Purchase services. The trial includes a 30-day free trial for 25 licenses. Get a trial for Microsoft Defender for Office 365 (Plan 2).
You'll have a 30-day window with the evaluation to monitor and report on advanced threats. You'll also have the option to buy a paid subscription if you want the full Defender for Office 365 capabilities.
Roles
Exchange Online roles are required to set up Defender for Office 365 in evaluation mode. Assigning a Microsoft 365 compliance or security admin role won't work.
The following roles are needed:
Task | Role (in Exchange Online) |
---|---|
Get a free trial or buy Microsoft Defender for Office 365 (Plan 2) | Billing admin role OR Global admin role |
Create evaluation policy | Remote and Accepted Domains role; Security admin role |
Edit evaluation policy | Remote and Accepted Domains role; Security admin role |
Delete evaluation policy | Remote and Accepted Domains role; Security admin role |
View evaluation report | Security admin role OR Security reader role |
Enhanced filtering
Your Exchange Online Protection policies, such as bulk and spam protection, will remain the same. However, the evaluation turns on enhanced filtering for connectors, which may impact your mail flow and Exchange Online Protection policies unless bypassed.
Enhanced filtering for connectors allows tenants to use anti-spoofing protection. Anti-spoofing is not supported if you're using an email security gateway (ESG) without having turned on Enhanced filtering for connectors.
URLs
URLs will be detonated during mail flow. If you don't want specific URLs detonated, manage your list of allowed URLs appropriately. See Manage the Tenant Allow/Block List for details.
URL links in the email message bodies won't wrap, to lessen customer impact.
Email routing
Prepare the corresponding details that you will need to set up how your email is currently routed, including the name of the inbound connector that routes your mail. If you are just using Exchange Online Protection, you won't have a connector. Learn about mail flow and email routing
Supported email routing scenarios include:
- Third-party partner and/or on-premises service provider: The inbound connector that you want to evaluate uses a third-party provider and/or you're using a solution for email security on-premises.
- Microsoft Exchange Online Protection only: The tenant that you want to evaluate uses Office 365 for email security and the Mail Exchange (MX) record points to Microsoft.
Email security gateway
If you're using a third-party email security gateway (ESG), you'll need to know the provider's name. If you're using an ESG on-premises or non-supported vendors, you'll need to know the public IP address(es) for the devices.
Supported third-party partners include:
- Barracuda
- IronPort
- Mimecast
- Proofpoint
- Sophos
- Symantec
- Trend Micro
Scoping
You will be able to scope the evaluation to an inbound connector. If there's no connector configured, then the evaluation scope will allow admins to gather data from any user in your tenant to evaluate Defender for Office 365.
Get started with the evaluation
Find the Microsoft Defender for Office 365 evaluation set-up card in the Office 365 Security & Compliance center (https://protection.office.com/homepage) from three access points:
- Threat management > Dashboard
- Threat management > Policy
- Reports > Dashboard
Setting up the evaluation
Once you start the set-up flow for your evaluation, you'll be given two routing options. Depending on your organization's mail routing setup and evaluation needs, you can select whether you are using a third-party and/or on-premises service provider or only Microsoft Exchange Online.
If you are using a third-party partner and/or on-premises service provider, you'll need to select the name of the vendor from the drop-down menu. Provide the other connector-related details.
Select Microsoft Exchange Online if the MX record points to Microsoft and you have an Exchange Online mailbox.
Review your settings and edit them if necessary. Then, select Create evaluation. You should get a confirmation message to indicate that your set-up is complete.
Your Microsoft Defender for Office 365 evaluation report is generated once per day. It may take up to 24 hours for the data to populate.
Exchange rules (optional)
If you have an existing gateway, enabling evaluation mode will activate enhanced filtering for connectors. This improves filtering accuracy by altering the incoming sender IP address. This may change the filter verdicts and if you are not bypassing Exchange Online Protection this may alter deliverability for certain messages. In this case you might want to temporarily bypass filtering to analyze impact. To bypass, navigate to the Exchange admin center and create a policy of SCL -1 (if you don't already have one). For details on the rule components and how they work, see Mail flow rules (transport rules) in Exchange Online.
Evaluate capabilities
After the evaluation report has been generated, see how many advanced threat links, advanced threat attachments, and potential impersonations were identified in the emails and collaboration workspaces in your organization.
Once the trial has expired, you can continue to access the report for 90 days. However, it won't collect any more information. If you want to continue using Microsoft Defender for Office 365 after your trial has expired, make sure you buy a paid subscription for Microsoft Defender for Office 365 (Plan 2).
You can go to Settings to update your routing or turn off your evaluation at any time. However, you need to go through the same set-up process again should you decide to continue your evaluation after having turned it off.
Provide feedback
Your feedback helps us get better at protecting your environment from advanced attacks. Share your experience and impressions of product capabilities and evaluation results.
Select Give feedback to let us know what you think.
-->Important
Microsoft Teams is experiencing a tremendous spike in online calls and audio/video conferencing due to the coronavirus (COVID-19) pandemic.
In response to the unprecedented increase in calls, and to ensure continuity and availability, Microsoft is allowing Microsoft Teams GCC audio/video servers to leverage processing capacity in our commercial datacenters, as well as in our government datacenters.
These audio/video servers reside within the Microsoft Azure FedRAMP High accreditation boundary servers in the United States and do not store any customer content. However, these servers are processing audio and video for calls and conferences and are operating under our commercial staff during this interim period.
Qualified, screened personnel are monitoring these servers for potential access to customer data by reviewing any interactive log-ons to these servers. Qualified personnel meet GCC requirements for access to customer content. For details about screening requirements, see the GCC service description.
Office 365 Free Download
Thank you for your support as we take steps to ensure that our services remain available and reliable in these extraordinary times.
In response to the unique and evolving requirements of the United States public sector, Microsoft has created Office 365 Government plans (or Office 365 Government). This service description provides an overview of features that are specific to Office 365 Government US environments. We recommend that you read this service description alongside other Microsoft 365 and Office 365 service descriptions.
How to use this service description
The Office 365 Government service description is designed to serve as an overlay to the general Office 365 service description. It defines the unique commitments and differences compared to Office 365 Enterprise offerings.
About Office 365 Government environments
Office 365 Government plans are monthly subscriptions and can be licensed to an unlimited number of users.
The Office 365 GCC environment provides compliance with Federal requirements for cloud services, including FedRAMP High, and requirements for criminal justice and federal tax information systems (CJI and FTI data types).
The Office 365 GCC High and DoD environments deliver compliance with Department of Defense Security Requirements Guidelines, Defense Federal Acquisition Regulations Supplement (DFARS), and International Traffic in Arms Regulations (ITAR).
In addition to the features and capabilities of Office 365, the organizations that use Office 365 Government benefit from the following features unique to Office 365 Government:
Your organization's customer content is logically segregated from customer content in Microsoft's commercial Office 365 Services.
Your organization's customer content is stored within the United States.
Access to your organization's customer content is restricted to screened Microsoft personnel.
Office 365 Government complies with certifications and accreditations that are required for US Public Sector customers.
Customer eligibility
Office 365 Government is available to (1) US federal, state, local, tribal, and territorial government entities, and (2) other entities that handle data that is subject to government regulations and requirements and where use of Office 365 Government is appropriate to meet these requirements, subject to validation of eligibility. Validation of eligibility by Microsoft will include confirmation of handling data subject to International Traffic in Arms Regulations (ITAR), law enforcement data subject to the FBI's Criminal Justice Information Services (CJIS) Policy, or other government-regulated or controlled data. Validation may require proof of registration with the U.S. Department of State for ITAR data or sponsorship by a government entity with specific requirements for the handling of data. The Office 365 DoD environment is for the exclusive use of the United States Department of Defense.
While eligibility criteria are consistent across Office 365 Government offerings, Microsoft will only agree to DFARS and ITAR contract language for the GCC High environment.
Entities with questions about eligibility for Office 365 Government should consult their account team.
Upon renewal of a customer's contract for Office 365 Government, revalidation of eligibility is required.
Customer content located within the United States
Office 365 Government services are provided from datacenters physically located in the United States. The following customer content is stored at rest in datacenters physically located only in the U.S.A.:
Exchange Online mailbox content (email bodies, calendar entries, and the content of e-mail attachments)
SharePoint Online site content and the files stored within that site
Skype for Business archived conversations, uploaded documents, and whiteboarding sessions
Microsoft Teams persistent chat threads
Note
With typical use, Skype for Business does not store customer content, but if such storage occurs, it will be stored in datacenters in the U.S.A.
If your users are located within the U.S.A. while using Office for the web (formerly known as Office Web Apps) or if you adopt the use of Active Directory Federation Services (AD FS) 2.0 and set up policies to help ensure your users connect to the services through single sign-on, any customer content that is temporarily cached in Office for the web will be located in the U.S.A.
The Site usage page for SharePoint sites is available for government plans, though per compliance, there are some features of this page that are only available to commercial customers. To learn more, see Site usage page for SharePoint sites in Microsoft 365.
Office 365 Government and third-party services
Office 365 provides the ability to integrate third-party applications into SharePoint Online sites, Skype for Business, Office applications included in Microsoft 365 Apps for enterprise (such as Word, Excel, PowerPoint, and Outlook), and Outlook Web App. In addition, Office 365 supports integration with third-party service providers. These third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Office 365 infrastructure and therefore are not covered by the Office 365 compliance and data protection commitments. It is recommended that you review the privacy and compliance statements provided by the third parties when assessing the appropriate use of these services for your organization.
Restricted data access by administrators
Access to Office 365 Government customer content by Microsoft administrators is restricted to screened personnel. For screening levels details, refer to the service description page for each respective environment (GCC or GCC High and DoD).
FastTrack Center onboarding assistance
With the FastTrack Center Benefit for Office 3651, you work remotely with FastTrack Specialists to get your Office 365 environment ready for use and plan rollout and usage within your organization. The FastTrack process provides onboarding and user adoption services.
Onboarding consists of:
Office 365 Sign In
Core onboarding - These are tasks required for tenant configuration and integration with Azure Active Directory (Azure AD) if needed. Core onboarding also provides the baseline for onboarding other eligible services.
Service onboarding and migration - Service onboarding tasks enable scenarios in your tenant. Data migration (including email and files) is covered in Data Migration.2
User adoption services are composed of tasks that provide guidance for you to ensure your users are aware of the eligible services and can use them to drive business value. This assistance occurs in parallel to onboarding activities.
Specific information on the FastTrack Center process can be found here. For a breakdown of engagement roles and responsibilities, review FastTrack Responsibilities as well as Your Responsibilities.
1 You must purchase at least 50 licenses from the list of the eligible plans to receive FastTrack services.
2 Data Migration services are available to Office 365 tenants with 500 or more licenses.
Data migrations performed by FastTrack
Customers who choose the FastTrack migration benefit will need to grant access to the team managing their data migrations. These personnel are US citizens and undergo the following background checks before performing migrations for customers of Office 365 US Government services.
Background screening | GCC | GCC High and DoD |
---|---|---|
Verification of US citizenship | Yes | Yes |
Employment history check | Yes | Yes |
Education verification | Yes | Yes |
Social Security number (SSN) search | Yes | Yes |
Criminal history check (7 year) | Yes | Yes |
Office 365 US Government and Azure Government ExpressRoute
Office 365 US Government customers can use Azure Government ExpressRoute services to connect privately to supported Office 365 services instead of connecting over the public internet.
For details, such as supported providers, pricing models, and more, review the Azure ExpressRoute information.
For details on Office 365 support for Azure ExpressRoute, see Azure ExpressRoute for Office 365
System requirements
For system requirements for Office 365 US Government plans, see System requirements for Office on the office.com products site.
Security & Compliance Center
Office 365 Login
For information about the Security & Compliance Center and links to additional information and availability, see Security & Compliance Center.
Service availability for each plan
Each Office 365 plan includes a number of individual services, such as Exchange Online and SharePoint Online. The following table shows the services that are available in each Office 365 US Government plan.
Office 365 service | Office 365 Government G1 | Office 365 Government G3 | Office 365 Government G5 | Office 365 Government F3 |
---|---|---|---|---|
Office for the web | Yes | Yes | Yes | Yes |
Microsoft 365 Apps for enterprise | No | Yes | Yes | No |
Exchange Online | Yes | Yes | Yes | Yes |
Exchange Online Protection | Yes | Yes | Yes | Yes |
SharePoint Online | Yes | Yes | Yes | Yes |
OneDrive for Business | Yes | Yes | Yes | Yes |
Skype for Business (Instant Messaging & Presence) | Yes1 | Yes | Yes | Yes1 |
Voice - Phone System, Audio Conferencing | No2 | No2 | Yes5 | No |
Power BI Pro | No2 | No2 | Yes | No2 |
Project Online | No2 | No2 | No2 | No2 |
Visio for the web | No6 | No6 | No6 | No6 |
Yammer Enterprise | No4 | No4 | No4 | No4 |
1 Skype for Business Basic is available for all customers. The Skype for Business desktop client is a locally installed application that provides presence, instant messaging, and conferencing features for Office 365 plans that include Skype for Business Online. Microsoft 365 Apps for enterprise, G3, and G5 include the full Skype application, which includes additional features such as advanced telephony support, archiving, and compliance features. A Skype for Business Online license must be assigned for each user.
2 Not included but can be purchased as a separate add-on. Project Online includes Project Online Desktop Client as a part of the subscription.
3 Not yet available in GCC High or DoD plans, but coming soon.
4 Yammer Enterprise is not a component of Office 365 US Government, but may be acquired at no cost as a standalone offer for each user licensed for Office 365 in GCC. This offer is currently limited to customers that purchase Office 365 GCC under Enterprise Agreements and Enterprise Subscription Agreements. Yammer is not available in GCC High or DoD.
5 Calling Plan is an add-on.
6 Not included but can be purchased as a separate add-on. Visio for the web includes the Visio desktop app as a part of the subscription.
Platform features
The following table lists the platform features and services that are available across the Office 365 US Government plans.
Feature | Office 365 Government G1 | Office 365 Government G3 | Office 365 Government G5 | Office 365 Government F3 |
---|---|---|---|---|
Office 365 administration | ||||
Use the Microsoft 365 admin center to administer Office 365 | Yes16 | Yes16 | Yes | Yes16 |
Manage core service settings from Office 365 | Yes | Yes | Yes | Yes |
Use Windows PowerShell to manage Office 365 | Yes | Yes | Yes | Yes |
Protect content by using Azure Information Protection | No1 | Yes15 | Yes15 | No1 |
Office 365 suite features | Office 365 Government G1 | Office 365 Government G3 | Office 365 Government G5 | Office 365 Government F3 |
Microsoft Bookings | No | Yes21 | Yes21 | No |
Microsoft Briefing email | No | No | No | No |
Microsoft Power Automate | Yes15 | Yes15 | Yes15 | Yes15 |
Microsoft Forms | Yes | Yes | Yes | Yes |
Microsoft Graph API | Yes | Yes | Yes | Yes |
Microsoft MyAnalytics | No | No | Yes17 | No |
Microsoft Planner | Yes | Yes | Yes | Yes |
Microsoft PowerApps | Yes15 | Yes15 | Yes15 | Yes15 |
Microsoft StaffHub | No | No | No | No |
Microsoft Stream | Yes9, 15 | Yes9, 15 | Yes9, 15 | Yes9, 15, 20 |
Microsoft Sway | No | No | No | No |
Microsoft Teams | Yes | Yes | Yes | Yes |
Office Delve | Yes17 | Yes17 | Yes | Yes17 |
Office 365 Groups | Yes | Yes | Yes | Yes |
User account management | Office 365 Government G1 | Office 365 Government G3 | Office 365 Government G5 | Office 365 Government F3 |
Cloud identity | Yes | Yes | Yes | Yes |
Federated identity (single sign-on) | Yes | Yes | Yes | Yes |
Multi-factor authentication | Yes | Yes | Yes | Yes |
Phone factor authentication | Yes9 | Yes9 | Yes | Yes9 |
Office 365 desktop setup | Yes | Yes | Yes | Yes |
Manage users with Office 365 | Yes | Yes | Yes | Yes |
Bulk upload using .csv files | Yes9 | Yes9 | Yes | Yes9 |
Directory Sync tool | Yes | Yes | Yes | Yes |
Exchange simple (cutover) migration | Yes | Yes | Yes | Yes |
Delete accounts by using Office 365 | Yes3 | Yes3 | Yes3 | Yes3 |
Admin can reset user password from Office 365 or by using Windows PowerShell | Yes4 | Yes4 | Yes4 | Yes4 |
Users can change their own password | Yes5 | Yes5 | Yes5 | Yes5 |
Manage licenses | Yes7, 8 | Yes7, 8 | Yes7, 8 | Yes7,8 |
Manage security groups from Office 365 | Yes | Yes | Yes | Yes |
Multiple administrator roles available | Yes | Yes | Yes | Yes |
Allow a partner to administer Office 365 for you | Yes11 | Yes11 | Yes11 | Yes11 |
Azure Active Directory services | Yes | Yes | Yes | Yes |
Domains | Office 365 Government G1 | Office 365 Government G3 | Office 365 Government G5 | Office 365 Government F3 |
Add custom 2nd-level domains, like fourthcoffee.com | Yes | Yes | Yes | Yes |
Add custom 3rd-level domains, like marketing.fourthcoffee.com | Yes | Yes | Yes | Yes |
Add up to 900 custom domains | Yes | Yes | Yes | Yes |
Domain ownership verification required for custom domains | Yes | Yes | Yes | Yes |
Service health and continuity | Office 365 Government G1 | Office 365 Government G3 | Office 365 Government G5 | Office 365 Government F3 |
Status information available on the Service health or Service status page | Yes9, 15 | Yes9, 15 | Yes9, 15 | Yes9, 15 |
Status of individual alerts available on the Microsoft 365 admin center dashboard | Yes9, 15 | Yes9, 15 | Yes9, 15 | Yes9, 15 |
Service health RSS feed | Yes | Yes | Yes | Yes |
Reports | Office 365 Government G1 | Office 365 Government G3 | Office 365 Government G5 | Office 365 Government F3 |
Active and inactive mailboxes | Yes15 | Yes15 | Yes15 | Yes15 |
New and deleted mailboxes | Yes15 | Yes15 | Yes15 | Yes15 |
New and deleted groups | Yes15 | Yes15 | Yes15 | Yes15 |
Mailbox usage | Yes15 | Yes15 | Yes15 | Yes15 |
Types of mailbox connections | Yes15 | Yes15 | Yes15 | Yes15 |
Sent and received mail | Yes15 | Yes15 | Yes15 | Yes15 |
Top senders and recipients | Yes15 | Yes15 | Yes15 | Yes15 |
Spam detections | Yes15 | Yes15 | Yes15 | Yes15 |
Malware detections | Yes15 | Yes15 | Yes15 | Yes15 |
Top malware for mail | Yes15 | Yes15 | Yes15 | Yes15 |
Rule matches for mail | Yes15 | Yes15 | Yes15 | Yes15 |
Top rule matches for mail | Yes15 | Yes15 | Yes15 | Yes15 |
Top DLP policy matches for mail | No | Yes15 | Yes15 | No |
DLP policy matches by severity for mail | No | Yes15 | Yes15 | No |
DLP policy matches, overrides, and false positives for mail | No | Yes15 | Yes15 | No |
Top DLP rule matches for mail | No | Yes15 | Yes15 | No |
IM and audio sessions | Yes15 | Yes15 | Yes15 | Yes15 |
Application sharing, web, and dial-in conferences | Yes15 | Yes15 | Yes15 | Yes15 |
Video, application sharing, and file transfer sessions | Yes15 | Yes15 | Yes15 | Yes15 |
IM and audio/video conferences | Yes15 | Yes15 | Yes15 | Yes15 |
Downloadable mail protection reports | Yes15 | Yes15 | Yes15 | Yes15 |
Browser used | Yes15 | Yes15 | Yes15 | Yes15 |
Operating system used | Yes15 | Yes15 | Yes15 | Yes15 |
Create your own reports using Microsoft 365 reporting web services | Yes15 | Yes15 | Yes15 | Yes15 |
Service updates | Office 365 Government G1 | Office 365 Government G3 | Office 365 Government G5 | Office 365 Government F3 |
Regular updates provided to all customers | Yes | Yes | Yes | Yes |
Notifications sent to Message Center when action is required | Yes15 | Yes15 | Yes15 | Yes15 |
Roadmap.office.com for some service updates | No10, 13 | No10, 13 | No10, 13 | No10, 13 |
Option to turn on Targeted Release | Yes10 | Yes10 | Yes10 | Yes10 |
Help and training | Office 365 Government G1 | Office 365 Government G3 | Office 365 Government G5 | Office 365 Government F3 |
Online help | Yes | Yes | Yes | Yes |
Community | Yes | Yes | Yes | Yes |
Other self-help resources | Yes | Yes | Yes | Yes |
Self-paced training | Yes | Yes | Yes | Yes |
Networking | Office 365 Government G1 | Office 365 Government G3 | Office 365 Government G5 | Office 365 Government F3 |
IPv4 and IPv6 protocols | Yes | Yes | Yes | Yes |
Trust | Office 365 Government G1 | Office 365 Government G3 | Office 365 Government G5 | Office 365 Government F3 |
Privacy, security, and transparency | ||||
Advanced Data Governance | No12 | No12 | Yes | No12 |
Cloud App Security | No12, 19 | No12, 19 | Yes19 | No12, 19 |
Microsoft Defender for Office 365 | No12, 18 | No12, 18 | Yes18 | No12, 18 |
Customer Lockbox | No12 | No12 | Yes | No12 |
Advanced eDiscovery | No12 | No12 | Yes | No12 |
Secure Score14 | Yes9, 15 | Yes9 | Yes9, 15 | Yes9, 15 |
Office Message Encryption | No | Yes | Yes | No |
Threat Intelligence | No12 | No12 | Yes | No12 |
Compliance | ||||
SAS 70 / SSAE16 Assessments | Yes | Yes | Yes | Yes |
ISO 27001 certified | Yes | Yes | Yes | Yes |
EU Model Clauses | Yes | Yes | Yes | Yes |
EU Safe Harbor | Yes | Yes | Yes | Yes |
HIPAA-Business Associate Agreement | Yes | Yes | Yes | Yes |
FISMA Authority to Operate | Yes | Yes | Yes | Yes |
Microsoft Data Processing Agreement | Yes | Yes | Yes | Yes |
PCI DSS Level One | Yes | Yes | Yes | Yes |
PCI-governed PAN data | No | No | No | No |
Service continuity | Yes | Yes | Yes | Yes |
BlackBerry | Office 365 Government G1 | Office 365 Government G3 | Office 365 Government G5 | Office 365 Government F3 |
Use BlackBerry Internet Service (BIS) | No2 | No2 | No2 | No2 |
Partners | ||||
Create trial invitations and purchase orders for a customer who is using the specified plan | No11 | No11 | No11 | No11 |
Provide delegated administration | No11 | No11 | No11 | No11 |
Service Level Agreement | Yes | Yes | Yes | Yes |
Product use rights | Yes | Yes | Yes | Yes |
1 Azure Information Protection is not included, but can be purchased as a separate add-on and will enable the supported Information Rights Management (IRM) features. Some Azure Information Protection features require a subscription to Microsoft 365 Apps for enterprise, which is not included with Office 365 Government G1 or Office 365 Government F3. >
2 Existing BBCS and BIS customers can continue use of the service. New customers are not being accepted.
3 If using directory synchronization, you must delete accounts or change passwords by using Active Directory, rather than the Office 365 portal or by using the Azure Active Directory module for Windows PowerShell.
4 If using password synchronization, users must change their passwords in the local Active Directory.
5 To learn how to set self-service password management policies for users, see Manage Passwords in Azure AD.
6 You can have only one public website with Office 365, unless you've upgraded from an earlier version of Office 365. In that case, you have two public websites, but only one of them can be hosted with a custom domain name. For more information about working with the two websites for Business subscriptions, see Work with your two Office 365 public websites. If you have a different subscription, learn more about public websites at Learn about partner website hosting and public websites in Office 365.
7 Reducing seats that were purchased with a term discount may be subject to an early termination fee. This is not applicable to subscriptions paid on a monthly basis.
8 The following plans do not support license seat changes from the Microsoft 365 admin center: Office 365 Government G1, Office 365 Government G3, Office 365 Government F3.
9 Not yet available in GCC High, but coming soon.
10 For Office 365 Government G1, G3, and F3, Targeted release and the Office 365 for business roadmap apply; however, there may be some differences or delays for specific service updates due to compliance requirements.
11 Not yet available in Office 365 Government offerings, but coming soon.
12 Not included, but can be purchased as a separate add-on in GCC.
13 Not supported for Office 365 Government offerings.
14 Available at https://securescore.office.com. Requires admin permissions. For more information, see Introducing the Office 365 Secure Score.).
15 Not yet available in DoD environment, but coming soon.
16 Admin center does not include usage analytics in DoD or GCC High environments.
17 Not supported for GCC High or DoD environments.
18 Anti-phishing for user and domain impersonation and spoof intelligence are not yet available in GCC High and DoD.
19 Not yet available in GCC environment, but coming soon.
20 Consumption only for Microsoft Stream: no publishing or sharing.
21 Not available for the Microsoft Graph API or Microsoft Teams.
Office application availability and enterprise value
The following table shows the Office application features that are available across Office 365 US Government plans.
Application/feature | Office 365 Government G1 | Office 365 Government G3 | Office 365 Government G5 | Office 365 Government F3 |
---|---|---|---|---|
Office applications | ||||
Microsoft Word7 | No | Yes | Yes | No |
Microsoft Excel7 | No | Yes | Yes | No |
Microsoft PowerPoint7 | No | Yes | Yes | No |
Microsoft OneNote7 | No | Yes | Yes | No |
Microsoft Outlook7 | No | Yes | Yes | No |
Microsoft Forms7 | Yes | Yes | Yes | No |
Microsoft Whiteboard7 | No | Yes | Yes | No |
Microsoft Publisher | No | Yes | Yes | No |
Microsoft Access | No | Yes | Yes | No |
Skype for Business | Yes3 | Yes | Yes | Yes3 |
Office for Mac for Office 365 | No | Yes | Yes | No |
Office Mobile for iPad/iPhone | Yes | Yes | Yes | Yes |
Office Mobile for Android | Yes | Yes | Yes | Yes |
Office Mobile for Windows Phone | Yes | Yes4 | Yes4 | Yes |
Office Mobile for Windows 10 tablets | Yes | Yes | Yes | Yes |
Outlook for iOS and Android5, 4 | Yes | Yes | Yes | Yes |
Enterprise value | Office 365 Government G1 | Office 365 Government G3 | Office 365 Government G5 | Office 365 Government F3 |
5 installs per user on PC or Mac | No | Yes | Yes | No |
Automated user account provisioning | Yes | Yes | Yes | Yes |
Multilingual user interface | No | Yes | Yes | No |
Client push deployment | No | Yes4 | Yes4 | No |
Client support for on-premises Exchange | No | Yes | Yes | No |
Client support for on-premises SharePoint | No | Yes | Yes | No |
Control of software updates | No | Yes | Yes | No |
Database Compare | No | Yes | Yes | No |
Desktop virtualization | No | Yes | Yes | No |
Excel Spreadsheet Compare | No | Yes | Yes | No |
Excel Spreadsheet Inquire | No | Yes | Yes | No |
Exchange Online and SharePoint Online Archiving and Compliance | No | Yes | Yes | No |
Group Policy support | No | Yes | Yes | No |
Information Rights Management using Azure Information Protection | No1 | Yes6 | Yes6 | No1 |
Information Rights Management using Windows Server AD RMS | Yes2 | Yes2 | Yes2 | Yes2 |
Office Add-in, ActiveX, and BHO support | No | Yes | Yes | No |
OneNote client access to notebooks on SharePoint Server, SharePoint Online, OneDrive for Business, and Office 365 | No | Yes | Yes | No |
Office Lens | No | No | No | No |
Office Telemetry | No | Yes4 | Yes4 | No |
Offline support for client applications | No | Yes | Yes | No |
Optimized side-by-side client installation | No | Yes | Yes | No |
Power Map for Excel | No | No | No | No |
Power Pivot for Excel | No | Yes4 | Yes4 | No |
Power Query for Excel | No | Yes4 | Yes4 | No |
Power View for Excel | No | Yes4 | Yes4 | No |
Roaming settings | No | Yes | Yes | No |
Shared computer activation | No | Yes | Yes | No |
Support for blocking cloud-based file storage | No | Yes | Yes | No |
Version upgrades | No | Yes4 | Yes4 | No |
Volume activation (KMS/MAK) | No | No | No | No |
1 Azure Information Protection is not included, but can be purchased as a separate add-on and will enable the supported Information Rights Management (IRM) features. Some Azure Information Protection features require a subscription to Microsoft 365 Apps for enterprise, which is not included with Office 365 Government G1 or Office 365 Government F3.
2 Windows Server AD RMS is an on-premises server that must be purchased and managed separately to enable the supported IRM features.
3 Skype for Business Basic is available for all customers. The Skype for Business desktop client is a locally installed application that provides presence, instant messaging, and conferencing features for Office 365 plans that include Skype for Business Online. Microsoft 365 Apps for enterprise, and Office 365 Enterprise E3 include the full Skype application, which includes additional features such as advanced telephony support, archiving, and compliance features. A Skype for Business Online license must be assigned for each user. For more information on Lync Basic features, see Skype for Business Online client comparison tables.
4 Not yet available in GCC High or DoD environments, but coming soon.
5 See Using Outlook for iOS and Android in the Government Community Cloud for more details.
6 Not yet available in Office 365 DoD environment, but coming soon.
7 Applications are fully available in the government clouds, with the exception of the specific features not available at this time. See Office application feature availability for details.
Office application and feature availability in Government plans
The following Office applications are available in the government clouds; however, some cloud-based capabilities may not be currently available, as indicated in the table.
Application/feature | GCC | GCC High | DOD |
---|---|---|---|
Microsoft Excel is fully available in the government clouds except the following features, which aren't available at this time: | |||
3D embedded animations and 3D models | No | No | No |
Data types | No | No | No |
Flash fill | No | No | No |
Ideas (Insight Services) | No | No | No |
Improved integration with Power BI (custom visuals, create PBI charts straight from Excel) | No | No | No |
Intelligent Digital Ink | No | No | No |
Office 365 Groups | No | No | No |
PivotCharts data connected to PivotTables | No | No | No |
PowerPivot | No | No | No |
Publish to Power BI | No | No | No |
Real-time collaboration (presence, regular coauthoring, in-document chat) | No | No | No |
Shared with Me | No | No | No |
Smart Lookup | No | No | No |
Charts: sunburst treemap, waterfall, histogram, maps, timeline, funnel | No | No | No |
Version history | No | No | No |
Microsoft Forms is fully available in the government clouds except the following features, which aren't available at this time: | GCC | GCC High | DOD |
Email notification | No1 | No1 | No |
Insert a picture | No1 | No1 | No |
Insert a video | No1 | No1 | No |
Math | No1 | No1 | No |
Office integration | No1 | No1 | No |
Most recent group forms | No4 | Yes | Yes |
External sharing3 | Yes | No | No |
Forms Pro | No | No | No |
Microsoft OneNote is fully available in the government clouds except the following features, which aren't available at this time: | GCC | GCC High | DOD |
Researcher | No | No | No |
Intelligent Digital Ink | No | No | No |
Microsoft Outlook is fully available in the government clouds except the following features, which are not available in all Government Clouds as indicated in the below table. | GCC | GCC High | DOD |
Office sounds (some) | No | No | No |
Dynamic Data Exchange (DDE) disabled by default | No | No | No |
Dictation | Yes | Yes | No1 |
Microsoft PowerPoint is fully available in the government clouds except the following features, which are not available in all Government Clouds as indicated in the below table. | GCC | GCC High | DOD |
Smart Lookup | No | No | No |
Office sounds (some) | No | No | No |
3D models and 3D embedded animations | No | No | No |
Charts: maps | No | No | No |
Intelligent Digital Ink | No | No | No |
Live captions and subtitles in PowerPoint | No | No | No |
Presenter Coach | No | No | No |
Shared with Me | No | No | No |
Skype for Business integration with sharing | No | No | No |
Version history | No | No | No |
Office 365 Groups | No | No | No |
Real-time collaboration (presence, regular coauthoring, in-document chat) | No | No | No |
Dictation | Yes | Yes | No1 |
Reuse slides | No | No | No |
Microsoft Whiteboard in government clouds is currently only available on Hub clients, and not on the desktop. | GCC2 | GCC High2 | DOD2 |
Insert sticky notes, text, and images | Yes2 | Yes2 | Yes2 |
Ink to shape and ink to table | Yes2 | Yes2 | Yes2 |
Ink beautification | Yes2 | Yes2 | Yes2 |
Convert image to ink | Yes2 | Yes2 | Yes2 |
Accessibility Checker | Yes2 | Yes2 | Yes2 |
Dynamic templates (KANBAN, SWOT, and so on) | No | No | No |
Real-time collaboration | No | No | No |
Real-time presence | No | No | No |
Reactions on content | No | No | No |
Board gallery of whiteboards, including shared with you | No | No | No |
Microsoft Word is fully available in the government clouds except the following features, which are not available in all Government Clouds as indicated in the below table. | GCC | GCC High | DOD |
Smart Lookup | No | No | No |
Researcher | No | No | No |
Office sounds | No | No | No |
3D models | No | No | No |
3D embedded animations | No | No | No |
Tap | No | No | No |
Resume Assistant | No | No | No |
Map charts | No | No | No |
Intelligent Digital Ink | No | No | No |
Shared with Me | No | No | No |
Translation | Yes5 | Yes5 | Yes5 |
Skype for Business integration with sharing | No | No | No |
Version history | No | No | No |
Office 365 Groups | No | No | No |
Contextual chat with co-authors: chat with co-authors within the document | No | No | No |
Dictation | Yes | Yes | No1 |
For feature availability for Microsoft Teams within GCC/GCC High/DoD, please visit the Microsoft Teams service description.
1 Availability forthcoming.
2 Availability on local Surface Hub (not signed in).
3 External sharing is available for the GCC environment. Learn more about how to turn off or turn on Microsoft Forms for your organization. External sharing is disabled for GCC High and DOD environments; users within your organization may do the following: complete a form and submit responses, duplicate and share a form as a template, co-author or collaborate on a form, and access form results.
4 Recent group forms feature is disabled for the GCC environment. Users, however, can still access group forms by selecting a specific group on the Group forms tab.
5 Word, Excel PowerPoint Windows client only, not web, MacOS, iOS or Android.