Microsoft 365 Defender for US Government customers, built in the Azure US Government environment, uses the same underlying technologies as Microsoft 365 Defender in Azure Commercial.
This offering is available to GCC, GCC High, and DoD customers and is based on the same prevention, detection, investigation, and remediation as the commercial version. However, there are some differences in the availability of capabilities for this offering.
If you are a GCC customer using Defender for Cloud Apps, Defender for Endpoint, or Defender for Identity in Commercial, you need to transition those services to their GCC versions to be eligible for Microsoft 365 Defender GCC.
Microsoft 365 Defender for US Government customers requires one of the following Microsoft volume licensing offers:
|Microsoft 365 GCC G5||Microsoft 365 E5 for GCC High||Microsoft 365 G5 for DOD|
|Microsoft 365 G5 Security GCC||Microsoft 365 G5 Security for GCC High||Microsoft 365 G5 Security for DOD|
|Enterprise Mobility + Security G5 GCC||Enterprise Mobility + Security E5 for GCC High||Enterprise Mobility + Security E5 for DOD|
|Office 365 G5 GCC||Office 365 E5 for GCC High||Office 365 E5 for DOD|
|Microsoft Defender for Cloud Apps GCC||Microsoft Defender for Cloud Apps for GCC High||Microsoft Defender for Cloud Apps for DOD|
|Microsoft Defender for Endpoint – GCC||Microsoft Defender for Endpoint for GCC High||Microsoft Defender for Endpoint for DOD|
|Microsoft Defender for Identity – GCC||Microsoft Defender for Identity for GCC High||Microsoft Defender for Identity for DOD|
|Microsoft Defender for Office 365 (Plan 2) GCC||Microsoft Defender for Office 365 (Plan 2) for GCC High||Microsoft Defender for Office 365 (Plan 2) for DOD|
|Windows 10 Enterprise E5 GCC||Windows 10 Enterprise E5 for GCC High||Windows 10 Enterprise E5 for DOD|
|Microsoft Defender for Endpoint Server GCC||Microsoft Defender for Endpoint Server for GCC High||Microsoft Defender for Endpoint Server for DOD|
|Microsoft Defender for servers||Microsoft Defender for servers – Government||Microsoft Defender for servers – Government|
The following are the Microsoft 365 Defender portal URLs for US Government customers:
|Customer type||Portal URL|
|GCC High||Rolling out|
If you are a GCC customer and in the process of moving from Microsoft Defender for Endpoint commercial to GCC, use https://transition.security.microsoft.com to access your Microsoft Defender for Endpoint commercial data.
Instead of the public URIs listed in our API documentation, you’ll need to use the following URIs:
|Endpoint type||GCC||GCC High & DoD|
|Microsoft 365 Defender API||
Feature parity with commercial
Microsoft 365 Defender for US Government customers doesn’t have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight.
These are the known gaps:
|Feature name||GCC||GCC High||DoD|
|Integrations: Microsoft Sentinel (Incidents & Raw data)||In private preview||In private preview|
|Microsoft Threat Experts||On engineering backlog||On engineering backlog||On engineering backlog|