Publish Date: August 2021

Significant Changes

  1. Microsoft Defender for Identity and Defender for Endpoint now available as a standalone license
  2. Defender for Endpoint Server license available
  3. PowerApps Portal Login T1 & T2 licenses now available
  4. Microsoft 365 F5 Security + Compliance Add On licenses now available

When licensing Office/Microsoft 365 for an organization – especially Government Contractors, it is essential that you understand the various types of licensing and how it impacts your compliance with various government cyber security requirements such as CMMC, DFARS 252.204-7012 and NIST 800-171. It is critical that you take into consideration your organizational needs as well as the minimum guidance located in this brief. Learn where to deploy in this blog.

Depending on your IT Security policies you may require licensing that exceeds these recommendations.  Additionally, this guidance is only meant for organizations focused on meeting NIST 800-171 guidance for non-federal information systems.  This does not address ITAR requirements or any needs that may require DISA Security Requirements Guide Impact Level 4 environment such as the Microsoft Office 365 US Government Community Cloud tenant.

This guide covers three types of Office 365 Licensing:

  • Enterprise Licensing
  • Mobility and Security Licensing
  • Operating System Licensing
  • GCC High Licensing

NOTE: This video is currently being updated to reflect Microsoft's 2021 application criteria, which has eased significantly. Nevertheless, the same process shown will work for your organization. Please select “customers handling government-controlled data" in the form.


Simply want to know if Microsoft 365 GCC or GCC High is right for your organization? This page should help.