GCC HIGH S&A MIGRATION
For general S&A IT technical support: firstname.lastname@example.org
If there is a high priority/emergency, please call:
Michael Levine 757-727-3354
Director of IT/Cybersecurity
Q. WHAT IS MICROSOFT O365 COMMERCIAL?
A. Microsoft 365 Commercial is the form of Office 365 used outside the government by most private sector organizations, built on globally replicated directory services with a global network and global support personnel. Where it’s lacking is having export controls for ITAR to ensure information doesn’t leave the U.S., and while this environment is built to FedRAMP Moderate standards and can be configured to meet NIST 800-171, it will not currently meet paragraphs e) and f) of DFARS 7012. This makes it not ideal for defense or government compliance.
Q. WHAT IS MICROSOFT O365 GCC HIGH?
A. GCC High is a copy of the DOD cloud environment for use by DOD contractors and cabinet-level
agencies as well as cleared personnel. One critical distinction: when handling classified data,
environments have a high side and a low side, the high side existing so users can handle classified data. GCC High is NOT a high side environment. It received its name because it meets FedRAMP high impact
Microsoft O365 GCC High is built on Microsoft Azure Government within 8 dedicated government data centers that are physically located within the continental United States. Azure Government is currently certified to FedRAMP High. Each Microsoft employee working those environments is a US Citizen and background checked. This is particularly important for companies handling ITAR data. In order to meet DFARS 7012 for example, GCC High is required. GCC High acts as a data enclave of Office Commercial. It’s compliant with DFARS, ITAR, NIST-800 171, and NIST-800 53.
Q. WHY IS S&A MIGRATING TO GCC HIGH?
A. Organizations in the Defense Industrial Base (DIB), DoD contractors, and Federal agencies that need to meet specific security and compliance requirements such as the Cybersecurity Maturity Model Certification (CMMC) and are moving to Microsoft O365 GCC High. CMMC is a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. The CMMC is the DoD’s response to significant compromises of sensitive defense information located on contractors’ information systems.
As a result, and to satisfy the requirements of the DoD and our contracts, S&A will meet CMMC 2.0 compliance by migrating all our Information Systems users from O365 Commercial to O365 GCC High.
How to prepare for migration
Q. WHEN IS THE MIGRATION TAKING PLACE?
A. EST COB August 26th through August 28th
This process will take place over a weekend, however it will not require user intervention once it begins, so, enjoy your weekend!
Q. CAN I DROP MY LAPTOP AND POWER CORD OFF AT THE SAN DIEGO OR CHESAPEAKE OFFICE ON 8/26/22 AND PICK UP ON 8/29/22?
A. YES! That is preferred (If you live within a reasonable driving distance) of the corporate offices. If you are too far or unable to, it is ok. It will help the entire process speed up if the laptops are in front of us rather than having to remote in. Just keep your laptop plugged into power, turned on, and connected to the internet.
Q. CAN I USE MY LAPTOP OR EMAIL OVER THE MIGRATION WEEKEND?
A. NO! Email will be shut down and the S&A IT team will be remoting in and getting it migrated over the weekend to minimize any efforts on your part, so this would only cause delays on getting your laptop up and running again. Just keep your laptop plugged into power, turned on, and connected to the internet.
Q. WHAT ABOUT THE S&A EMAIL ACCOUNT ON MY MOBILE DEVICE?
A. You will lose access to it over the weekend, and you will probably get annoying messages saying your password is invalid. You can either remove the account from your device and add it back on 8/29 with your new password, or just deal with the invalid password message and replace the password on 8/29. There are no plans to remove the capability today, but that will change in the future. Information will be distributed when we are making any changes.
Q. WITH USER ACCOUNTS UNACCESSABLE OVER THE WEEKEND, HOW WILL WE STAY INFORMED?
A. The S&A IT Team expects that all users will be able to login to their laptops on the morning of 8/29/22. You will have a new password to login, which is outlined in the FAQ on the next page. We will post updates all weekend long and possibly through Monday the 29th. We will also keep a copy of this FAQ there as well. Please do not attempt to login to your laptop UNTIL there is a post saying it is ok to do so. There may be exceptions, so please read the full content before doing anything.
The updates will be found here https://sellersaa.com/migration/
You will be able to view this on any device that can browse the web.
Q. WHAT STEPS DO I NEED TO TAKE?
A. The most important step is to make sure that your laptop is plugged into power, turned on, and connected to the internet. If you don’t use your laptop every day, please power up and connect your laptop to the internet now and leave it that way when not in use. We have updates that are being pushed from now through the migration. IT may also send emails requesting that you reboot your laptop, it is important that you do this as soon as possible to avoid potential issues during the migration. If these instructions are not followed, you will not have access to email or apps on Monday the 29th.
Also, you may want to cancel or reschedule any meetings you are hosting on Monday 8/29/2022 as the calendar invites need to be recreated after you are migrated.
What to expect after migration
Q. WHAT HAPPENS AFTER OUR LAPTOP HAS BEEN MIGRATED?
A. Like many other companies in the DIB, we are going through this for the first time and there is minimal documentation. The expectation is that you log back into your laptops the morning of 8/29 and automatically get a new S&A configuration (same email address). This will include the requirement to setup a security PIN. You may notice applications uninstall and/or install to provide updated versions or removal of obsolete applications. Even though behind the scenes we built this from the ground up to mimic our previous configuration, it shouldn’t look or feel much different overall. Essentially, you will have a NEW Windows 10 user profile, so expect it to look slightly different. All of your data will still be there. If you find something is missing, please put in a ticket to email@example.com and we will locate the missing data for you.
Some notable changes include:
• Microsoft Edge will be the standard Internet browser; Chrome has been removed.
• Microsoft Defender will now be the Anti-Virus/Malware software
• USB Devices have been blocked unless they are on the S&A Whitelist (more info will be provided) NOT YET IMPLEMENTED
• All laptops will now be “print ready” at any S&A office by default
• Microsoft Teams phone numbers have changed, we are going through a 3rd party provider as required
• A PIN number has been added for additional Windows login security
When you log in for the first time, you will be asked to set up your “Windows Hello” PIN number (See below), reset your sellersaa.com password, and to setup Multi-Factor Authentication using your phone number and a second email address., You MUST login to your laptop using NEW Credentials. The email address will be the same, your temporary password will be SellersXXXX! With the “XXXX” being your month and day of your birthday.
For example. If your Birthday is July 4th, your password would be Sellers0704!
Current Blue screen startup/Bit locker PIN (WILL NOT CHANGE)
Windows Hello PIN (Pin number to log into your laptop ONLY)
XXXXXXXXX@sellersaa.com password (Password for online apps such as OWA, excel, word, etc.)
ALSO, you will need to re-create ALL MS Teams meetings that you HOST, then cancel the old meetings. There is a new phone number and link that you will need to use. This will automatically be generated with the new teams meeting. This should be performed ASAP, especially if you have upcoming meetings.
Q. WHAT IS A Windows Hello PIN AND WHY DO I NEED ONE?
A. Your PIN is an 8-digit number that you create that is tied to your specific device. You will use this to login to your Windows desktop from now on. You will still need to remember your S&A Password as it will be used to access online resources. Your PIN is a form of 2-Factor Authentication and is more secure than using a password. If someone obtained your S&A password, they would not be able to login to your laptop.
Q. WHAT IS MY RESPONSIBILITY AFTER THE MIGRATION IS COMPLETE?
1. Monday the 29th – Login with your new credentials and set up the security as prompted.
2. Check your email, make sure it looks correct, add your email signature back in Outlook since you are on a new profile. Verify other apps that you use are on your laptop and working. Be sure that you can access any files you utilize in Teams.
3. Re-create any Teams meetings that you HOST so you can use the new link and phone number. The old one will no longer work.
4. Report any issues to firstname.lastname@example.org. If you are unable to access email, please call Michael Levine directly.
5. Once you have confirmed everything is ok, please submit a ticket to email@example.com informing us that you have been successfully migrated. If we don’t hear from you, expect us to contact you until you respond 😊