Azure (also known as Azure Commercial, Azure Public, or Azure Global) maintains the following authorizations that pertain to all Azure public regions in the United States:
FedRAMP High Provisional Authorization to Operate (P-ATO) issued by the FedRAMP Joint Authorization Board (JAB)
DoD IL2 Provisional Authorization (PA) issued by the Defense Information Systems Agency (DISA)
Azure Government maintains the following authorizations that pertain to Azure Government regions US Gov Arizona, US Gov Texas, and US Gov Virginia (US Gov regions):
Some Azure services deployed in Azure Government regions US Gov Arizona, US Gov Texas, and US Gov Virginia (US Gov regions) require extra configuration to meet DoD IL5 compute and storage isolation requirements, as explained in Isolation guidelines for Impact Level 5 workloads.
For DoD IL5 PA compliance scope in Azure Government regions US DoD Central and US DoD East (US DoD regions), see US DoD regions IL5 audit scope.
JSIG PL3 ATO (for authorization details, contact your Microsoft account representative)
Azure Government Top Secret maintains:
ICD 503 ATO with facilities at ICD 705 (for authorization details, contact your Microsoft account representative)
JSIG PL3 ATO (for authorization details, contact your Microsoft account representative)
This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and Power Platform cloud services in scope for FedRAMP High, DoD IL2, DoD IL4, DoD IL5, and DoD IL6 authorizations across Azure, Azure Government, and Azure Government Secret cloud environments. For other authorization details in Azure Government Secret and Azure Government Top Secret, contact your Microsoft account representative.
Azure public services by audit scope
Last updated: December 2024
Terminology used
FedRAMP High = FedRAMP High Provisional Authorization to Operate (P-ATO) in Azure
DoD IL2 = DoD SRG Impact Level 2 Provisional Authorization (PA) in Azure
✅ = service is included in audit scope and has been authorized
* FedRAMP High and DoD SRG Impact Level 2 authorization for Microsoft Entra ID applies to Microsoft Entra External ID. To learn more about Entra External ID, refer to the documentation here
** FedRAMP High authorization for Azure Databricks is applicable to limited regions in Azure. To configure Azure Databricks for FedRAMP High use, contact your Microsoft or Databricks representative.
*** FedRAMP High authorization for edge devices (such as Azure Data Box, Azure Stack Edge and Azure Stack HCI) applies only to Azure services that support on-premises, customer-managed devices. For example, FedRAMP High authorization for Azure Data Box covers datacenter infrastructure services and Data Box pod and disk service, which are the online software components supporting your Data Box hardware appliance. You are wholly responsible for the authorization package that covers the physical devices. For assistance with accelerating your onboarding and authorization of devices, contact your Microsoft account representative.
Azure Government services by audit scope
Last updated: August 2024
Terminology used
Azure Government = Azure Government regions US Gov Arizona, US Gov Texas, and US Gov Virginia (US Gov regions)
FedRAMP High = FedRAMP High Provisional Authorization to Operate (P-ATO) in Azure Government
DoD IL2 = DoD SRG Impact Level 2 Provisional Authorization (PA) in Azure Government
DoD IL4 = DoD SRG Impact Level 4 Provisional Authorization (PA) in Azure Government
DoD IL5 = DoD SRG Impact Level 5 Provisional Authorization (PA) in Azure Government
DoD IL6 = DoD SRG Impact Level 6 Provisional Authorization (PA) in Azure Government Secret
✅ = service is included in audit scope and has been authorized
Note
Some services deployed in Azure Government regions US Gov Arizona, US Gov Texas, and US Gov Virginia (US Gov regions) require extra configuration to meet DoD IL5 compute and storage isolation requirements, as explained in Isolation guidelines for Impact Level 5 workloads.
For DoD IL5 PA compliance scope in Azure Government regions US DoD Central and US DoD East (US DoD regions), see US DoD regions IL5 audit scope.
* Authorizations for edge devices (such as Azure Data Box, Azure Stack Edge and Azure Stack HCI) apply only to Azure services that support on-premises, customer-managed devices. You are wholly responsible for the authorization package that covers the physical devices. For assistance with accelerating your onboarding and authorization of devices, contact your Microsoft account representative.
** Azure Information Protection (AIP) is part of the Microsoft Purview Information Protection solution - it extends the labeling and classification functionality provided by Microsoft 365. Before AIP can be used for DoD workloads at a given impact level (IL), the corresponding Microsoft 365 services must be authorized at the same IL.
Learn to develop a cloud computing digital transformation solution for the public sector. Use Azure, Azure Stack Hub, and Azure Stack Edge. Enforce data sovereignty, address custom compliance requirements, and apply all available protection to highly sensitive data.
Administer an SQL Server database infrastructure for cloud, on-premises and hybrid relational databases using the Microsoft PaaS relational database offerings.