Blog Post

Public Sector Blog
2 MIN READ

Microsoft Intune in GCC and GCC High Overview + CMMC Applications

Shawn Hays's avatar
Shawn Hays
Iron Contributor
Mar 30, 2021

What is Microsoft Intune for GCC and GCC High?

Microsoft Intune is now part of Microsoft Endpoint Manager, a suite that includes Intune and Configuration Manager. Microsoft Intune for Microsoft 365 GCC and GCC High is available as a standalone license or part of the Microsoft 365 EM+S E3 and E5 licenses.

 

 

Both products within Microsoft Endpoint Manager integrate with Azure Active Directory in Azure Government to give visibility and configuration management for mobile device access, while providing robust native control to IT leaders within small to large defense contractor organizations.

 

Does Microsoft Intune in GCC High Help Meet CMMC Level 3 Compliance?

Organizations can meet CMMC compliance for specific practices across several different domains using Microsoft Intune in GCC or GCC High in combination with configuration settings and policies in Azure Government and Microsoft Defender for Endpoint.

 

CMMC Level 3 has 130 practices that an organization will be assessed on. Organizations can meet 31 of these practices using Microsoft Intune in conjunction with other Microsoft products. While each domain and practice won’t be covered here, one of the key areas addressed in CMMC is the Access Control (AC) Domain.

 

For example, Intune allows you to fulfill the requirements for practice AC.3.022, which requires organizations to encrypt CUI on mobile devices and mobile platforms. Using Intune combined with the native polices and configuration options in Azure, users can set device compliance policies and configure Conditional Access to deny access to unencrypted devices to your systems, ensuring compliance with this specific practice. This in addition to data and file encryption applied through Microsoft Information Protection allows organizations to encrypt the data and the container on mobile devices.

 

 

In this blog and video below from Matt Soseman, Microsoft Sr Security Architect, you will find more insights on how to meet CMMC with Intune, current feature parity with GCC and GCC High, and other demonstrations on how companies in the Defense Industrial Base (DIB) are deploying Intune for their MDM and MAM needs.

 

 

 

 

 

 

 

Updated Mar 30, 2021
Version 2.0
cmmc
compliance
cybersecurity
dib
Endpoint Manager
Enterprise Mobility + Security
gcc
gcc high
Intune
Microsoft Security
  • justinO's avatar
    justinO
    Icon for Microsoft rankMicrosoft
    Jan 16, 2024

    rePell - Autopilot is currently in private preview for GCCH. You can also use some of the out of the box experience, enrollment status page, or GPO policy to meet many of the same capabilities you might be looking for with autopilot. 

  • rePell's avatar
    rePell
    Copper Contributor
    Jan 13, 2024

    Without AutiPilot, we get new users with local admin that we have to take it away from or alternatively make it difficult and complicated to issue a new laptop: provisioning packages.