Publish Date: December 2020

Significant Changes

  1. Advanced Threat Protection Plan 1 and Plan 2 are now “Defender for Office 365” Plan 1 and Plan 2 in GCC High.
    See updates on name change here.
  2. PowerApps 100K Page Review
  3. PowerApps T2
  4. Power Automate per flow (min. 5 licenses)
  5. Azure Money Commitment

When licensing Office/Microsoft 365 for an organization – especially Government Contractors, it is essential that you understand the various types of licensing and how it impacts your compliance with various government cyber security requirements such as CMMC, DFARS 252.204-7012 and NIST 800-171. It is critical that you take into consideration your organizational needs as well as the minimum guidance located in this brief. Learn where to deploy in this blog.

Depending on your IT Security policies you may require licensing that exceeds these recommendations.  Additionally, this guidance is only meant for organizations focused on meeting NIST 800-171 guidance for non-federal information systems.  This does not address ITAR requirements or any needs that may require DISA Security Requirements Guide Impact Level 4 environment such as the Microsoft Office 365 US Government Community Cloud tenant.

This guide covers three types of Office 365 Licensing:

  • Enterprise Licensing
  • Mobility and Security Licensing
  • Operating System Licensing
  • GCC High Licensing

NOTE: This video is currently being updated to reflect Microsoft's 2021 application criteria, which has eased significantly. Nevertheless, the same process shown will work for your organization. Please select “customers handling government-controlled data" in the form.


Simply want to know if Microsoft 365 GCC or GCC High is right for your organization? This page should help.