GCC High for Microsoft Teams: The Security Requirements

The Microsoft Teams Government Cloud High baseline requirements provide a consistent set of security controls across all Office 365 GCC High customers. To meet these requirements, you must have proper security controls in place for your compliance with privacy, security, and related laws. The requirement tables include the requirements that apply to all GCC High customers as well as additional requirements that are specific to foreign governments' adoption of Office 365.

This section provides the requirements for Teams GCC High security.

• Azure AD Premium compliance is required to support the following features:
• Conditional access based on identity, such as MFA and app restrictions (access control)
• User access reviews in the Office 365 Security & Compliance Center (governance)

These controls are described in more detail in the following sections.

Network protection

Network protection includes network security, network availability, and network reliability. Network security includes configuring firewalls, IPS, and other network security devices. Network availability includes configuring load balancers and DNS. Network reliability includes configuring network monitoring and configuration management.

Data loss prevention

Data loss prevention (DLP) is a set of technologies that help protect sensitive data from unauthorized access, use, disclosure, or destruction. DLP solutions can be deployed at different layers in an organization:

• Network appliances can inspect traffic going into and out of the network for patterns that indicate personal information. A DLP policy could be set to block any email containing credit card numbers or Social Security numbers when it passes through the network appliance.
• Endpoint devices such as laptops, desktops, tablets, and smartphones can have software installed to identify sensitive information being transmitted. For example, an employee's laptop might have software installed to detect any credit card numbers sent over an unencrypted connection while away from your corporate network. If this happens, the employee would be alerted that there was an attempt to transmit sensitive data over a non-secure connection and prompted by a pop-up message asking them what they'd like to do next: continue sending data insecurely or stop sending it altogether.

Device access and management

• Enforce device access control. Device access control is the first step in securing a corporate environment, preventing unauthorized devices from connecting to your network. This includes identifying and authenticating users and devices that attempt to connect to your network or resources, as well as enforcing authorization for each user/device pair before allowing them into your system.
• Enforce device security policies. Once you've gained control of who has access to what, it's important to enforce security policies on those devices so that they remain secure when accessing or storing information. These policies should include requirements like strong passwords; encryption of data stored locally or in transit; disabling unwanted features such as Bluetooth functionality if the user doesn't need it; requiring automatic updates for operating systems, apps, and firmware; blocking known malware sources (such as websites containing viruses); defining acceptable use cases for using each type of device (for example, no personal browsing allowed on company laptops).

Communications protection, log collection, and reporting

You can choose to have communications protection, log collection, and reporting. With this setting, only the minimum permissions required to perform these functions are granted by default. This is the minimal level of privilege needed for your organization's security standards.

You can also choose to have full access to all features in GCC High for Microsoft Teams.

Conclusion

We're committed to helping government customers make the most of their investments in Microsoft products and services. We're also committed to maintaining a secure environment for federal agencies and departments for their data and communications. This blog post covers some of these requirements as they apply specifically to Teams. If you have questions about how your organization can benefit from using GCC High for MS Teams, please click on the "Let's Connect" image below for a free consultation: