If you are pursuing CMMC compliance and plan to use a Virtual Desktop Infrastructure (VDI) or GCC High licenses, there is an important step you will need to complete before your licenses can be activated.

A GCC High Tenant is a Microsoft environment required to bind your Azure Government licenses to. Without one, your licenses cannot be activated and your progress in Secureframe Navigator will be delayed.

If you do not already have a GCC High tenant, you will need to submit the Microsoft GCC High Intake Form to get authorization from Microsoft before your licenses can be bound. You can find the form here: Microsoft GCC High Intake Form

If you already have a GCC High tenant, you do not need to fill out the form and your licenses can bind to it upon receiving.

This step asks you to identify what type of organization you are and what you need validated.

Under Select a category, choose Customers handling government-controlled data. This is the appropriate selection for most organizations pursuing CMMC compliance, as you are a commercial entity that handles government regulated data such as CUI or DFARS covered defense information, rather than a government entity itself.

Under Select the validation or service that you need, select Azure Government tenant. This is what creates the GCC High environment your licenses will be bound to. From there, select Azure Government Trial to get started.

You will also need to provide your desired Azure Government tenant domain and username under the Azure Government Tenant Information section. This will be the domain associated with your new GCC High tenant, for example: yourcompany.onmicrosoft.us. When entering your domain, only enter the domain name itself, not the full suffix. For example, if your domain is acme.onmicrosoft.us, you would just type acme into the field.

This step collects your organization's details. Fill out all required fields including:

Make sure the contact information you provide belongs to someone at your organization who has the authority to bind your organization to Microsoft's terms, as this form is a legal agreement. Microsoft may follow up with this contact if additional information is needed.

This step verifies your organization's eligibility by confirming what government programs you are registered with and what types of regulated data you handle.

Under government programs, the most common selections for defense contractors are:

Under types of data subject to government regulation, select everything that applies to your organization. For most organizations pursuing CMMC, this will include at minimum:

Select any additional data types that are relevant to your organization, such as ITAR if you handle export controlled technical data.

The Small Business Association section and NAICS Code field are optional but worth filling out if applicable to your organization.

Once complete, review and agree to the Microsoft Privacy Statement and Online Subscription Agreement, then click Submit.

Note: After submitting, Microsoft will review your request typically within 24-48 hours. Once approved you will receive an Eligibility ID by email. Share that email with your Secureframe Customer Success Manager and they will help you move forward with binding your licenses.

The authorization process can take a few days, plus additional time for initial setup by an admin user. Completing this step as early as possible ensures there are no delays in your onboarding experience and keeps your CMMC implementation on track.

If you have any questions about the intake form or the setup process, please reach out to our team at [email protected]