120 Azure Government services now authorized for DoD IL5 workloads
We continue to drive expansion of our support for Department of Defense Security Requirements Guide (DoD SRG) Impact Level 5 (IL5) across all Azure Government regions. Our latest addition of 23 new services brings a total of 120 services authorized for IL5 workloads in Azure Government – more than any other cloud provider.
These services include a broad range of IaaS and PaaS capabilities to enable mission owners to do more, faster. Mission owners can choose from multiple regions across the country and benefit from decreased latency, expanded geo-redundancy, and a range of options for backup, recovery, and cost optimization.
When supporting IL5 workloads on Azure Government, the isolation requirements can be met in different ways. Isolation guidelines for IL5 workloads documentation page addresses configurations and settings for the isolation required to support IL5 data with specific service instructions.
You can find a full list of Azure Government services that meet the requirements of DoD in the Azure Government audit scope documentation.
Learn more about the latest services accredited for DoD IL5 in Azure Government:
- Azure Information Protection – control and help secure email, documents, and sensitive data inside and outside your organization walls.
- Microsoft Intune – cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM).
- Microsoft Cloud App Security – a Cloud Access Security Broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy. Provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services.
- Azure SignalR Service – an Azure-managed service that helps developers easily build web applications with real-time features.
- Azure Active Directory Domain Services – provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. You use these domain services without the need to deploy, manage, and patch domain controllers (DCs) in the cloud.
- Azure DDoS Protection – protects your applications from Distributed Denial of Service (DDoS) attacks
- Azure Private Link – enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure hosted customer-owned/partner services over a private endpointin your virtual network.
- Content Delivery Network – delivers high-bandwidth content rapidly to users by caching their content at strategically placed physical nodes across the world. Accelerates dynamic content, which cannot be cached, by leveraging various network optimizations using CDN Points of Presence (POPs).
- Azure Data Box – send terabytes of data into and out of Azure in a quick, inexpensive, and reliable way. Secure data transfer is accelerated by shipping you a proprietary Data Box storage device. Each storage device has a maximum usable storage capacity of 80 TB.
- Azure Bastion – a fully managed PaaS service that provides secure and seamless RDP and SSH access to your virtual machines directly through the Azure Portal.
- Azure Cognitive Services:Infuse apps, websites, and bots with intelligent algorithms to see, hear, speak, understand, and interpret your user needs through natural methods of communication. Here are the latest Cognitive Services authorized for DoD IL5:
- Custom Vision – an image recognition service that lets you build, deploy, and improve your own image identifiers.
- Personalizer – helps your applications choose the best content to show your users, learning from their real-time behavior.
- QnA Maker – allows you to create a natural conversational layer over your data. Commonly used to build conversational client applications, which include social media applications, chat bots, and speech-enabled desktop applications.
- Azure Databricks – a unified analytics platform consisting of SQL Analytics for data analysts and Workspace for data engineers, data scientists, and machine learning engineers.
- Azure Data Share –share data safely, in any format and any size, from multiple sources with other organizations.
- Azure NetApp Files – create and manage NetApp accounts, capacity pools, and volumes, configure export policy, mount a volume for a virtual machine, and manage snapshots.
- Azure HPC Cache – expedites file access for read-intensive high-performance computing (HPC) workloads.
- Azure Service Health – notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime.
- Microsoft Azure Peering Service – enhances customer connectivity to Microsoft cloud services such as Microsoft 365, Dynamics 365, software as a service (SaaS) services, Azure, or any Microsoft services accessible via the public internet.
- Virtual Network NAT – deploy a NAT gateway and virtual network.
- Web Application Firewall – provides centralized protection of your web applications from common exploits and vulnerabilities.
- Azure API for FHIR – enables rapid exchange of data through Fast Healthcare Interoperability Resources (FHIR®) APIs, backed by a managed PaaS offering in cloud.
- Windows Virtual Desktop – deliver a virtual desktop experience and remote apps to any device. Bring together Microsoft 365 and Azure to provide users with the only multi-session Windows 10 experience—with exceptional scale and reduced IT costs.
- To learn more about isolation for IL5 workloads, watch DoD Impact Level 5 Expansion on Azure Government with Azure Global Government’s Steve Michelotti and Zach Kramer.
- See the isolation guidelines for IL5 workloads documentation page which addresses configurations and settings for the isolation required to support IL5 data.
- For a list of the latest Azure compliant services for government, see Azure services by FedRAMP and DoD CC SRG audit scope.