Azure Government extends lead in the Cloud with leap in FedRAMP coverage

Publisert på 22 februar, 2017

Chief Information Security Officer, Azure Government

Microsoft continues to lead the charge in realizing the power and promise of the cloud for Government customers. We are pleased to announce that Azure Government has been granted authorization for 12 additional customer-facing services to our FedRAMP High P-ATO. We now offer 32 Infrastructure and Platform services to our customers in our Azure Government compliance boundary, all of which have been authorized for use with up to High Impact level data. Our coverage of services, and the rate at which we are increasing our scope, highlight our commitment to being the most Trusted and Certified cloud, accelerating compliance for Government customers.

We are pleased to announce that the entire Operations Management Suite (OMS) is now authorized for use in Azure Government. The OMS suite empowers customers to take full advantage of the Hybrid Cloud. OMS enables customers to gain insight across their entire fleet, allowing faster response to security threats, enabling consistent control and compliance, and ensuring the availability of apps and data irrespective of where those applications or data live; in Azure, on premises, or on other cloud platforms using a federated clouds model.

  • Azure Log Analytics: helps you collect and analyze data generated by resources in your cloud and on-premises environments. It gives you real-time insights using integrated search and custom dashboards to readily analyze millions of records across all your workloads and servers regardless of their physical location.
  • Azure Automation: saves time and increases the reliability of regular administrative tasks – even schedules them to be automatically performed at regular intervals. You can automate processes using runbooks or automate configuration management using Desired State Configuration. The Automation service allows customers to maximize the value proposition of the cloud, consuming services on demand and only when required.
  • Azure Backup: is a unified solution to protect data on-premises and in the cloud, with 99.9% guaranteed availability! Incremental backups provide efficiency and geo-replicated storage ensures you meet availability requirements for High Impact data. And to top it off, all data is encrypted in transit and at rest using FIPS 140-2 validated encryption modules.
  • Azure Site Recovery: delivers the power of the cloud for disaster recovery scenarios. With Azure Site Recovery, you can automate protection and replication of your virtual machines, remotely monitor the health of your fleet, orchestrate recovery as needed using customizable plans, and test your recovery capabilities without impacting your system availability.

Authorization of the Azure Resource Manager (ARM) service enables our government customers to deploy complex architectures in Azure Government automatically and consistently. With ARM, you define the infrastructure and dependencies for your app in a single declarative template. ARM templates are flexible enough to use for all your environments; test, staging, or production.  If you create a solution from the Azure Marketplace, the solution will automatically include a template that you can use for your app.

Corresponding with the addition of ARM, we have also added our Resource Providers for Compute, Storage, and Networking. These Resource Providers enable seamless, automated deployment of Compute, Storage, and Networking resources as needed and on demand using the ARM template architecture; including ARM templates that meet certification requirements which is coming soon as part of our Azure Blueprint program.

  • Azure CRP: is the Compute Resource Provider, used in creating and managing virtual machine resources and extensions in simple to use Azure Resource Manager templates.
  • Azure SRP: is the Storage Resource Provider, used in creating and managing blob, table, queue, and storage account management resources in simple to use Azure Resource Manager templates.
  • Azure NRP: is the Network Resource Provider, which delivers a series of Software-defined Networking (SDN) and Network Function Virtualization features for the Azure Government environment.  NRP gives you more granular network control, metadata tags, faster configuration, rapid and repeatable customization, and multiple control interfaces. You can use the NRP to create software load balancers, public IPs, network security groups, virtual networks, among others.

Microsoft has collaborated with our regulators to dramatically decrease the time required to take a service from available to certified. In fact, we have a roadmap that adds all services currently available in Azure Government to our FedRAMP High boundary. We are committed to ensuring that Azure Government provides the best the cloud has to offer and that all of our offerings are certified at the highest levels of compliance. Please visit the Microsoft Trust Center for additional details and reach out to AzureBlueprint@Microsoft.com for support on how these compliant services can be included in your cloud ATO efforts.

Product Group Azure Government Service Availability
Compute    
  Batch Newly Authorized
  Cloud Services Authorized
  Compute Resource Provider Newly Authorized
  Virtual Machines Authorized
  Service Fabric In Progress
  Virtual Machine Scale Sets In Progress
Storage    
  Storage Authorized
  Storage Resource Provider Newly Authorized
Networking    
  Application Gateway Authorized
  Express Route Authorized
  Load Balancer Authorized
  Network Resource Provider Newly Authorized
  Traffic Manager Authorized
  Virtual Network Authorized
  VPN Gateway Authorized
Databases    
  Redis Cache Newly Authorized
  SQL Database Authorized
  SQL Data Warehouse In Progress
  SQL Server Stretch Database In Progress
Intelligence + Analytics    
  Power BI Newly Authorized
  HDInsight In Progress
Monitoring + Management    
  Automation Newly Authorized
  Azure Government Portal Newly Authorized
  Azure Resource Manager Newly Authorized
  Azure Runtime Authorized
  Backup Authorized
  Log Analytics Newly Authorized
  Scheduler Newly Authorized
  Site Recovery Authorized
Security + Identity    
  Azure Active Directory Authorized
  Key Vault Authorized
  Azure MFA In Progress
Web + Mobile    
  Media Services Newly Authorized
  Notification Hubs Authorized
  Web Apps Authorized
  API Apps In Progress
  Mobile Apps In Progress
Enterprise Integration    
  Service Bus Authorized
  Store Simple Authorized
IoT    
  Event Hubs Authorized