When licensing Office/Microsoft 365 for an organization – especially Government Contractors, it is essential that you understand the various types of licensing and how it impacts your compliance with various government cyber security requirements such as CMMC, DFARS 252.204-7012 and NIST 800-171. It is critical that you take into consideration your organizational needs as well as the minimum guidance located in this brief. Learn where to deploy in this blog.

Depending on your IT Security policies you may require licensing that exceeds these recommendations.  Additionally, this guidance is only meant for organizations focused on meeting NIST 800-171 guidance for non-federal information systems.  This does not address ITAR requirements or any needs that may require DISA Security Requirements Guide Impact Level 4 environment such as the Microsoft Office 365 US Government Community Cloud tenant.

This guide covers three types of Office 365 Licensing:

  • Enterprise Licensing
  • Mobility and Security Licensing
  • Operating System Licensing
  • GCC High Licensing