There are a lot of questions surrounding DFARS requirements and implementing a POA&M for DoD Contractors. What does it mean for your business? What happens now that I have a POA&M and SSP? (Still not compliant? Check out parts 1-5 of this series) To help guide you through the process, here are some questions and answers that you may need to know.

Yes, Microsoft is expecting to make a change to this requirement. I expect that it will happen sometime in Q2CY18. As soon as it happens, we will make sure to make everyone aware of the change.
2. How does Microsoft identify to clients' which version they have subscribed to? For instance, how do you know if you have Azure or Azure Government?
You can tell which Azure environment you are accessing by what URL you use to manage your environment. Are you using https://portal.azure.com or https://portal.azure.us ? The .us suffix is for Azure Government.
3. Can MS Gold partners use our O365 E3 licensing benefit in GCC and/or GCC High?
4. The NIST 800-171 requirements for government contractors has been on the street for over 2 years. Why are cloud providers respond at a seemingly slower pace?
Interestingly, Microsoft has not been slow to respond. They have had this environment available for a couple of years, but they only made it available to smaller customers (down to 500 users) about a year or so ago. Prior to that it was only available to organizations with user counts above 20,000.
5. How long before GCC high will be available to smaller license companies so that ITAR can be addressed for them?

6. Will the Microsoft 365 subscription bundle be available to GCC High tenants?
The Microsoft 365 E3 bundle will be available beginning in March 2018. An availability date for the Microsoft 365 E5 bundle has not yet been identified.