{"id":13203,"date":"2024-02-01T07:54:22","date_gmt":"2024-02-01T15:54:22","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=13203"},"modified":"2024-02-02T09:07:48","modified_gmt":"2024-02-02T17:07:48","slug":"sharing-what-we-learned-deploying-our-secure-federal-environment","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/sharing-what-we-learned-deploying-our-secure-federal-environment\/","title":{"rendered":"Sharing what we learned deploying our secure federal environment"},"content":{"rendered":"

\"MicrosoftAt Microsoft, we serve a diverse range of customers, from individual users and large businesses to sovereign governments with specific regulatory requirements. Our platform products such as Microsoft Azure and our Microsoft 365 productivity suite perform extremely well for these different customer segments.<\/p>\n

Underneath those broad strokes, we serve very specific, complex customers.<\/p>\n

One set of such customers is in the federal sector, where the specific regulatory requirements of sovereign entities\u2014such as the Department of Defense (DoD) in the US\u2014require that we create highly secure environments that adhere to the Cybersecurity Maturity Model Certification (CMMC) standard. (CMMC is an intermediate cybersecurity certification for defense contractors that focuses on protecting controlled unclassified information through enhanced cyber hygiene practices.)<\/p>\n

Building environments that meet the CMMC standard presents unique opportunities and challenges, especially when it comes to managing complex collaboration scenarios at scale while also ensuring the security of our customers’ confidential information.<\/p>\n

To help us get this right, we build environments for our customers that employ our Zero Trust security model, which means operating on a \u201cnever trust, always verify\u201d principle. This enables us to deliver secure platform tools, networks, elastic computing, and storage options. It also helps provide our customers with better collaboration and business operations tools.<\/p>\n

This works for governments, their military and intelligence agencies, and goes beyond the high standards of our usual customers.<\/p>\n

To specifically address these unique needs within Microsoft, we have created a specialized IT environment, called the Federal Government Operating Environment or Microsoft FedNet. Powered by Azure for Government and Microsoft 365 Government, this environment is carefully designed to match the complex requirements of our US Federal and US Defense Industrial Base clients.<\/p>\n

Serving as Customer Zero<\/h2>\n

In this story, we\u2019ll explain some of the unique challenges we faced internally as we implemented this \u201ccompany within a company\u201d to allow our employees to work easily across both our traditional corporate environment (CorpNet) and the more highly regulated environment (FedNet) that we use to support our US Federal customers.<\/p>\n

We have a strong value around being Customer Zero for our products, so much so that we implement them the way we would suggest our customers use them, so we can experience the customer reality firsthand. While living on the edge of this innovation knife can be unsettling at times, it allows us to be first to encounter challenges our customers might face. As such, we become a valuable feedback loop back to our product teams, which speeds up the innovation cycle and lowers barriers to entry for actual customers.<\/p>\n

It was absolutely essential that we deliver a product for our federal customers that met or exceeded the experience that our own team expected. This is the critical benefit of our Customer Zero approach to engineering\u2014we live and breathe the product long before it reaches an external user. That gives us time to explore and refine the customer experience to be as good as can be.<\/p>\n

\u2014 Jason Zander, executive vice president, Strategic Missions and Technologies<\/p>\n<\/blockquote>\n

\"Zander
Jason Zander, executive vice president of Strategic Missions and Technologies, led teams across the company to develop, launch, and improve our Microsoft Federal program, which serves important clients such as governments, their militaries, and intelligence agencies.<\/figcaption><\/figure>\n

Cross function, cross company<\/h2>\n

At Microsoft, our commitment to creating a dedicated environment for highly regulated workloads was not just about establishing a separate space; it was about embodying a cloud-first and deeply integrated approach across our entire business spectrum. This strategic decision was pivotal in aligning our expansive scale with the nuanced demands of compliance-focused sectors.<\/p>\n

To get this right, our comprehensive, multi-disciplinary strategy coalesced around rethinking our sales pipeline management, financial systems, modernizing commerce tools, refining our support services, and evolving our internal engineering practices. This cross-organizational synergy was crucial to ensure that every aspect of our business supported and benefited from this new initiative.<\/p>\n

\u201cIt was absolutely essential that we deliver a product for our federal customers that met or exceeded the experience that our own team expected,\u201d says Jason Zander, our executive vice president of Strategic Missions and Technologies. \u201cThis is the critical benefit of our Customer Zero approach to engineering\u2014we live and breathe the product long before it reaches an external user. That gives us time to explore and refine the customer experience to be as good as can be.\u201d<\/p>\n

Embracing a growth mindset, we aimed to merge the insights gained from operating a $3 trillion-dollar company with our profound understanding of servicing compliance-intensive customers. This fusion of scale and specialization was geared not only toward meeting existing needs but also toward innovating in novel and impactful ways.<\/p>\n

Our workday began by signing in to this secure environment, using Microsoft 365 applications for our daily tasks, and collaborating through Teams. This wasn’t just a separate project; it was a complete shift in our work environment. We effectively isolated ourselves within a secure bubble, distinct from the rest of Microsoft, to ensure we could operate seamlessly as an independent entity.<\/p>\n

\u2014 Dwight Jones, principal product manager, Microsoft Federal team, Microsoft Digital<\/p>\n<\/blockquote>\n

Through this transformative journey, we have not only tailored our offerings to meet the stringent requirements of highly regulated sectors, but we have also significantly enhanced our overall business intelligence. By internalizing and refining our products early in their lifecycle, we ensure that our services not only align with but surpass the expectations of our most compliance-conscious customers, continuing our legacy as a global leader in technology solutions.<\/p>\n

What does this mean in the real world?<\/h2>\n

In our journey to develop a more secure platform for internal use at Microsoft, we took an unconventional and immersive approach; we essentially created a new federal entity within our larger corporate organization, where the creators and users of this platform merged into one. Our team, dedicated to building this secure environment, began to experience their daily work lives within FedNet, taking meetings on Microsoft Teams and using document collaboration across Microsoft 365 and ensuring its functionality and reliability firsthand.<\/p>\n

\u201cOur workday began by signing in to this secure environment, using Microsoft 365 applications for our daily tasks, and collaborating through Teams,\u201d says Dwight Jones, a principal product manager on the Microsoft Federal team in Microsoft Digital (MSD), our IT division. \u201cThis wasn’t just a separate project; it was a complete shift in our work environment. We effectively isolated ourselves within a secure bubble, distinct from the rest of Microsoft, to ensure we could operate seamlessly as an independent entity.\u201d<\/p>\n

This shift represented a significant change in our corporate experience.<\/p>\n

By establishing secure Microsoft tenants in the Azure Government Community Cloud’s high-security environment, we created what we call “Microsoft Federal”\u2014a company within a company. This bold move came with its own set of challenges, but it was essential. It enabled us to not just theorize but practically test and enhance our FedNet solution in real-world conditions, ensuring its effectiveness for our sovereign customers.<\/p>\n

Such an approach was pivotal in validating the reliability and security of our solution. It allowed us to experience the potential challenges our customers might face and address them proactively. Ultimately, this real world experiment was more than just a test; it was a commitment to delivering a product that we ourselves could rely on and trust, setting a new standard in our offerings to highly regulated sectors.<\/p>\n

Microsoft Federal is a prime example of the potential in public-private partnerships. We bring our expertise to key government organizations, offering them advanced, secure solutions to succeed in their missions. Together, we’re shaping the future of network security.<\/p>\n

\u2014 Jason Zander, executive vice president, Strategic Missions and Technologies<\/p>\n<\/blockquote>\n

Getting security right<\/h2>\n

The key distinction between our traditional business and our new Federal sector business model lies in the stringent regulatory constraints from agencies like the US Department of Defense, adhering to CMMC level 2. Our FedNet environment is designed to not just meet but exceed these standards. In fact, our FedNet implementation has achieved a perfect score (Microsoft Federal Successfully Completes Voluntary CMMC Assessment<\/a>), reflecting our security team\u2019s commitment to the highest standards, covering a broad range of customer requirements.<\/p>\n

\u201cMicrosoft Federal is a prime example of the potential in public-private partnerships,\u201d Zander says. \u201cWe bring our expertise to key government organizations, offering them advanced, secure solutions to succeed in their missions. Together, we’re shaping the future of network security.\u201d<\/p>\n

To align with our Zero Trust principles in FedNet, we started by enhancing device endpoint security using a combination of Microsoft Conditional Access and Microsoft Azure Virtual Desktop (AVD). This provides our teams with secure and controlled virtual access to standard collaboration and productivity capabilities, a shift from the traditional physical machine setup in our corporate environment.<\/p>\n

While aligning with our cloud-first strategy, this transition posed challenges.<\/p>\n

The virtual environment offered less flexibility than a commercially managed machine, particularly in terms of software installation control. In our commercial environments, users can install a variety of first- and third-party applications to enable them to be productive. To comply with more stringent regulations, we highly regulate what applications can be installed on the virtual client\u2014each piece of software has to be security cleared by our Security Portal for Assessment, Consulting and Engineering (ACE) tool\u2014we had to create controlled processes to qualify each piece of software we deployed in our FedNet environment.<\/p>\n

Teams is the lifeblood of collaboration at Microsoft, even a few-second delay in a Teams call hosted in our AVD environment can significantly disrupt the experience for our users in Microsoft Federal, just as it would for any other user.<\/p>\n

\u2014 Dwight Jones, principal product manager, Microsoft Federal team, Microsoft Digital<\/p>\n<\/blockquote>\n

\"Jones
Dwight Jones, principal product manager on the Microsoft Federal team in Microsoft Digital (MSD), was one of a number of Microsoft employees heavily involved in deploying an internal version of FedNet at Microsoft. Jones led MSD’s program, engineering, and support efforts to onboard and scale the secure collaboration environment across Microsoft 365.<\/figcaption><\/figure>\n

Getting to product parity<\/h2>\n

Getting back to our internal team charged with deploying a version of this platform inside the company, our internal users at Microsoft Federal need more than just robust compute platforms and Zero Trust technology\u2014they require the same modern communication and productivity tools as any of our other employee to manage daily operations effectively. Despite differing security protocols, essential tools like Microsoft Teams and Microsoft Outlook must function just as reliably for our Microsoft Federal users as they do for our CorpNet users.<\/p>\n

Take Microsoft Teams meetings, for example.<\/p>\n

\u201cTeams is the lifeblood of collaboration at Microsoft, even a few-second delay in a Teams call hosted in our AVD environment can significantly disrupt the experience for our users in Microsoft Federal, just as it would for any other user,\u201d Jones says.<\/p>\n

Such technical issues, if unresolved, could hinder business operations and negatively impact user perception of our products. We recognized the need for improvement in how Teams integrated within AVD highlighting key opportunities to accelerate quality of service features across both products that, once implemented, would quickly trickle down to all users of these services.<\/p>\n

The complexity of managing change<\/h2>\n

Not surprisingly, we found that managing change and expectations was as significant a challenge as the technical blockers. The biggest hurdle became managing the cognitive shift when moving between environments, rather than addressing technical gaps. For instance, implementing data loss prevention strategies via document labeling was optional in our commercial environment but mandatory in FedNet to comply with CMMC regulations. This necessitated a new approach to data handling and required significant adjustments from our users. Training users on the rational and procedures for data handling was critical to overcome this barrier to entry for new users.<\/p>\n

Our Microsoft Federal environment, while more secure, should not lack any functionality or features compared to the civilian version.<\/p>\n

\u2014 Dwight Jones, principal product manager, Microsoft Federal team, Microsoft Digital<\/p>\n<\/blockquote>\n

Experiment, learn, adjust, grow<\/h2>\n

After establishing the basic functionality needed for our Microsoft Federal employees to most closely match the experience of their counterparts in the larger Microsoft organization, our focus shifted to optimizing the environment. This entailed refining existing solutions and introducing the latest innovations Microsoft is known for.<\/p>\n

It was all about feature parity.<\/p>\n

\u201cOur Microsoft Federal environment, while more secure, should not lack any functionality or features compared to the civilian version,\u201d Jones says.<\/p>\n

A standout feature attracting global corporate interest in FedNet is Microsoft Teams Rooms. This innovative setup combines built-in screens, modern video cameras, eye-tracking technology, and Zero Trust security to revolutionize meeting experiences in Microsoft Teams, specifically tailored for our Microsoft Federal product.<\/p>\n

Serving some of the world\u2019s most security-conscious customers grants us unique experiences and insights that benefit our entire business. With exciting features and products, many fueled by Microsoft\u2019s AI innovations, we\u2019re charting a bright future for all our customers, including those in Microsoft Federal. This is how we fulfill our mission to empower every person and organization on the planet to achieve more.<\/p>\n

\u2014 Jason Zander, executive vice president, Strategic Missions and Technologies<\/p>\n<\/blockquote>\n

\u201cSecure Teams Rooms is exactly what our internal Microsoft Federal users, and indeed any organization, would desire,\u201d Jones says.<\/p>\n

Following this, we began a pilot rollout of Microsoft Teams Rooms in select secure locations, with plans to extend this enriched experience to all employees in the Microsoft Federal environment. By using the same technologies they provide to customers, our employees gain valuable insights and experiences, enhancing their ability to support customers deploying Microsoft Teams Rooms in their organizations.<\/p>\n

\u201cServing some of the world\u2019s most security-conscious customers grants us unique experiences and insights that benefit our entire business,\u201d Zander says. \u201cWith exciting features and products, many fueled by Microsoft\u2019s AI innovations, we\u2019re charting a bright future for all our customers, including those in Microsoft Federal. This is how we fulfill our mission to empower every person and organization on the planet to achieve more.\u201d<\/p>\n

Microsoft Federal and our experience building a company within a company exemplifies our commitment to empowering customers with secure, compliant, and innovative solutions. By harnessing technologies like Microsoft Teams, Azure, and Microsoft 365, we’re setting new standards for collaboration and security in government and beyond.<\/p>\n

\"Key<\/h3>\n

Here are some things to think about as you consider beefing up your security with a product like our FedNet solution:<\/p>\n