FedRAMP Authorized — High Impact
Microsoft Dynamics 365 GCC High by Microsoft. 6 compliance features verified.
Microsoft Dynamics 365 GCC High
by Microsoft
Impact Level
High
Status
Authorized
Pricing
enterprise
Authorization Date: April 18, 2020 | Sponsoring Agency: DoD
Overview
Microsoft Dynamics 365 GCC High provides FedRAMP High authorized CRM and ERP capabilities within the Azure Government cloud boundary. It offers sales, customer service, field service, and project operations modules designed for government and defense organizations. The platform integrates natively with Microsoft 365 GCC High.
Key Features
Certifications & Authorizations
Deployment Options
NIST 800-171 Compliance Coverage
How to Procure Microsoft Dynamics 365 GCC High for Defense Contracts
Microsoft Dynamics 365 GCC High is available through GSA MAS Contract GS-35F-0119Y and SEWP V Contract NNG15SC03B under Microsoft Corporation. Government pricing is typically 15-25% below commercial rates through volume licensing agreements. Contracting officers must specify the Azure Government GCC High tenant requirement and reference Microsoft's FedRAMP High P-ATO package (Package ID: F1607067912) in the SOW. The authorization boundary includes all Dynamics 365 applications, underlying Azure Government infrastructure, and Microsoft managed services within the IL2/IL4 regions. SSP development requires Microsoft's Customer Responsibility Matrix and Azure Government Blueprint artifacts. Typical procurement timeline is 6-12 weeks including security review, tenant provisioning, and configuration. For organizations requiring CMMC Level 2 compliance, Dynamics 365 GCC High must be included in the assessment boundary as it processes CUI. Ensure data residency requirements specify US persons only for system administration and that all data remains within CONUS boundaries. The service includes built-in encryption, audit logging, and access controls that satisfy DFARS cybersecurity requirements. Consider Microsoft Premier Support for Government for incident response requirements.
Compliance Cross-References
Microsoft Dynamics 365 GCC High directly satisfies DFARS 252.204-7012 requirements for adequate security of covered defense information through its FedRAMP High authorization and implementation of NIST 800-171 controls. The platform addresses DFARS 252.239-7010 cloud computing security requirements via DISA IL2/IL4 authorizations and continuous monitoring. Key NIST 800-171 control families implemented include Access Control (AC) through Azure AD integration and role-based permissions, System and Communications Protection (SC) via TLS 1.2 encryption and boundary protection, and Audit and Accountability (AU) through comprehensive logging and SIEM integration. For CMMC Level 2, Dynamics 365 GCC High satisfies Access Control (AC), System and Information Integrity (SI), and Configuration Management (CM) domains through built-in controls and Microsoft's security baseline. The DoD Cloud Computing SRG requirements are met through the IL2/IL4 authorizations, ensuring proper data classification handling, encryption in transit and at rest, and personnel security requirements for system administrators.
Defense Contractor Use Case
Defense contractors use Dynamics 365 GCC High for end-to-end customer engagement, combining CRM with ERP capabilities in a unified FedRAMP High platform that integrates with their Microsoft collaboration tools.
Related Products
More CRM & Sales Products
Related Compliance Assessments
Frequently Asked Questions
What is the FedRAMP authorization level for Microsoft Dynamics 365 GCC High?
Microsoft Dynamics 365 GCC High is authorized at the FedRAMP High impact level, with authorization granted on 2020-04-18 sponsored by DoD. The FedRAMP High baseline includes approximately 421 security controls and is the most rigorous authorization level.
Can defense contractors use Microsoft Dynamics 365 GCC High for CUI?
Yes, Microsoft Dynamics 365 GCC High is authorized at the FedRAMP High baseline, which is suitable for protecting CUI. Defense contractors can use this platform for processing, storing, and transmitting CUI in compliance with NIST 800-171 and DFARS 252.204-7012 requirements. The High baseline provides the most comprehensive set of security controls for cloud services.
How does Microsoft Dynamics 365 GCC High pricing compare to commercial?
Microsoft Dynamics 365 GCC High government pricing is typically negotiated on an enterprise basis and may differ from commercial list prices. Government and defense contractor pricing often includes compliance overhead that can make it 15-30% higher than commercial equivalents. However, volume discounts, GSA Schedule pricing, and multi-year commitments can help offset these costs. Contact Microsoft directly or check GSA Advantage for current government pricing.
Browse All FedRAMP Authorized Tools
Search and filter 80+ FedRAMP authorized products for your defense contracting needs.
Open FedRAMP FinderTrack Microsoft Dynamics 365 GCC High FedRAMP compliance updates with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.
Start Free — 90 Days