By vendor · Productivity / email / identity
Microsoft 365 (Government / GCC / GCC High)
M365 GCC and GCC High host email, documents, Teams, and SharePoint for many US municipalities. Compromise is almost always identity-based, not platform-based.
Reporting path
- Open a Microsoft case at https://admin.microsoft.com — for an active incident escalate to a Premier or Unified Support contract if you have one.
- Engage Microsoft's Detection and Response Team (DART) via your reseller or partner if the incident is suspected to be ongoing and large.
- For US federal-data exposure on GCC High, additional notification to the federal data owner may be required.
Contract clauses to read first
- Confirm your tenant agreement (the Microsoft Customer Agreement for Government) includes the appropriate breach-notification commitments.
- Confirm conditional-access policies enforce MFA for all administrative roles — this is your single biggest control.
- Confirm audit-log retention is configured (Audit Standard vs Audit Premium changes available history).
Known incident pattern
Customer-side compromises of M365 commercial and government tenants are the most common municipal incident — phishing, MFA-fatigue, OAuth consent grants. The Storm-0558 and Midnight Blizzard incidents in 2023–2024 affected Microsoft itself; review the Microsoft Security Response Center for the customer-action items.
Descriptive reference only. Microsoft 365 (Government / GCC / GCC High) is a trademark of its owner. No affiliation or endorsement is implied.