Getty Images/iStockphoto

Understanding the basics of Windows 365 Government

Windows 365 Government isn't available to all Microsoft customers, but organizations such as governments and privileged contractors can benefit from this specialized offering.

Government desktop virtualization customers might have more advanced security needs than other types of organizations, which is why technologies such as Windows 365 have government editions to cater to them.

The service is one of three editions available to Windows 365, along with the Business and Enterprise editions. Similar to the other editions, Windows 365 Government provides dedicated Windows VMs to its customers, only in this case, the customers are U.S. government agencies and their contractors.

What comes with Windows 365 Government?

Windows 365 Government, similar to the other Windows 365 editions, is a separate offering from both Office 365 and Microsoft 365. Both are productivity suites that include an assortment of apps, services and, in the case of Microsoft 365, Windows Enterprise E3. However, Windows 365 delivers personalized Windows 10 or Windows 11 virtual desktops that users can securely stream to their devices.

Referred to as Cloud PCs, these VMs are always available and from any location with internet connectivity. Users get a complete, personalized Windows experience that includes the desktop, apps, settings and content.

Users can stream their virtual desktops to any supported device, including Windows, macOS or Linux PCs, or even Android mobile devices. To access their Cloud PCs, they have several options. They access the virtual desktop using the Windows 365 client app, a Microsoft Remote Desktop client or the Windows 365 portal. The exact approach will depend on the user's device and preference. For example, the Windows 365 app is only available to Windows 10 and Windows 11 computers, but even in this case users could choose the Remote Desktop client.

Microsoft hosts Enterprise Cloud PCs in the commercial part of Azure but hosts Government Cloud PCs in Azure Government, which adheres to much stricter compliance requirements.

In terms of functionality, Windows 365 Government is similar to the Windows 365 Enterprise and Business editions. The main difference is that the Government edition is specifically designed for government agencies or contractors that qualify to use services hosted in Government Community Cloud (GCC) or GCC High. The two cloud platforms adhere to stricter security and compliance requirements than Microsoft's commercial cloud, with GCC High being the more restrictive of the two.

As part of the compliance requirements, all data is stored within U.S. data centers. In addition, the Cloud PCs available through Windows 365 Government are provisioned only on GCC or GCC High. However, Windows 365 Government desktop users still get the same Windows experience that users get with the Enterprise or Business edition, which makes moving between editions much easier for users. In fact, they can sign in with their same identities and credentials.

Windows 365 Government offers a comprehensive service for delivering virtual desktops to customers who qualify for GCC or GCC High.

  • Full Windows experience. Users get complete Windows desktop experience with support for the desktop versions of Microsoft 365 apps. Each user is provided with a personalized PC in the cloud, complete with the user's own apps, data and settings. The Cloud PC is assigned to that user as a dedicated Windows desktop.
  • Intune integration. Windows 365 Government is fully integrated with Microsoft Intune. This management platform enables administrators to configure policies for protecting and managing Cloud PCs and the data of their users.
  • Cloud service model. Because Windows 365 Government is a cloud service, customers get all the advantages of the cloud. Users can access their desktops at any time, from any location and on any supported device. The virtual desktops are easy to deploy, manage and scale, and they help reduce on-site infrastructure and administrative costs.
  • Security and compliance. Windows 365 Government includes numerous built-in security features, such as conditional access, multifactor authentication and data loss prevention. Because the service is part of the Azure Government cloud platform, it is built to meet the specific security and compliance requirements of government agencies, including U.S. government and defense agencies, as well as state, local and tribal agencies.

Windows 365 Government vs. Windows 365 Enterprise

With Windows 365 Government, Microsoft has tried to match the features and functionality of Windows 365 Enterprise as much as possible. Unlike the Enterprise edition, however, Windows 365 Government is specifically designed to meet the requirements of U.S. government agencies and their contractors.

For example, Microsoft hosts Enterprise Cloud PCs in the commercial part of Azure but hosts Government Cloud PCs in Azure Government, which adheres to much stricter compliance requirements. As a result, the Government edition can support workloads such as Criminal Justice Information Services or IRS Publication 1075, unlike the Enterprise edition.

Microsoft has identified four key areas that Windows 365 Government addresses to meet U.S. government requirements:

  • Exclusive customer base. Only government agencies and authorized third-party contractors that handle sensitive government data can use the Windows 365 Government service.
  • Restricted internal access. Microsoft restricts internal access to Windows 365 Government customer data. Other than the customer, only Microsoft personnel who are U.S. citizens and who have passed the required background checks can access the data.
  • Third-party auditing. Certified auditors assess all infrastructure related to Windows 365 Government and provide their security assessments to the federal agencies, that use them to determine whether to issue an authorization to operate.
  • U.S. storage only. All data must be stored within the continental U.S. and on infrastructure that complies with the GCC or GCC High standards.

Windows 365 Enterprise is implemented on the commercial cloud and is not concerned with these four areas. However, the Enterprise edition also offers features that the Government edition currently does not. For example, the Government edition does not support unified dashboards, security baselines, Microsoft Dev Box, Windows 365 Frontline or the new Microsoft Teams client. Microsoft maintains a list of the features not included on its website.

Windows 365 Government eligibility

The Windows 365 Government service is available only to those customers who qualify to use GCC or GCC High services. However, the agencies themselves can be at the federal, state, local or tribal level. Microsoft defines an eligible agency as one of the following:

  • Federal agency. An agency of the U.S. government, including bureaus, offices, departments or other entities.
  • State/local agency. An agency of a state or local government, including counties, boroughs, commonwealths, cities, municipalities, towns, townships, special-purpose districts or similar legal structures. This category also includes entities such as the District of Columbia, the Commonwealth of Puerto Rico and the U.S. Virgin Island.
  • Tribal agency. A federally recognized tribal entity eligible for funding and services from the U.S. Department of the Interior.

Nongovernment entities are also eligible to use the Windows 365 Government service if they are "contractors sponsored to hold and process certain controlled data types." Examples of acceptable government data types include Criminal Justice Information, Department of Defense Impact Level data, Department of Defense, Unclassified Controlled Nuclear Information and other types of data subject to government regulation. Nongovernment contractors must be able to provide proof that they're handling this type of data.

How to buy Windows 365 Government

Customers ready to purchase Windows 365 Government should contact the Microsoft account team or a qualified partner to get price quotes and place their orders. Before purchasing the licenses, however, new customers must first complete and submit the Government Community Cloud Eligibility Intake Form, which verifies an organization's eligibility to use GCC or GCC High services. If additional information is needed beyond what is entered into the form, Microsoft will contact the organization.

Existing Microsoft customers with a Microsoft 365 GCC or GCC High tenant do not need to complete the intake form. They can simply contact the Microsoft account team or their licensing partner and add Windows 365 Government to their services.

In addition to a Windows 365 Government license, each user must also be licensed for the following three products:

  • Windows 10 or Windows 11 Enterprise.
  • Microsoft Intune.
  • Microsoft Entra ID P1.

Microsoft Intune and Entra ID P1 are included in several Microsoft 365 products, such as Microsoft 365 G3, Microsoft 365 G5, Microsoft 365 E3 and Microsoft 365 E5. Licenses for Intune and Entra ID P1 can also be purchased separately. Not surprisingly, Windows 365 Government is available only in the U.S.

Robert Sheldon is a technical consultant and freelance technology writer. He has written numerous books, articles and training materials related to Windows, databases, business intelligence and other areas of technology.

Dig Deeper on Cloud-based desktops and DaaS