Plan for government clouds
Microsoft Teams plays a key role to facilitate secure and efficient communication across various government sectors and agencies. Government entities handle sensitive and confidential data, and there's a crucial need for cloud platforms that are secure and compliant. To meet the stringent security requirements, the specialized government cloud services offered are:
Government Community Cloud (GCC), GCC High, Department of Defense (DoD) are limited for use within the United States.
Teams app capabilities
Teams is compatible with all Microsoft 365 Government environments, but the capabilities and features vary by tenant. Due to security and compliance restrictions, all the features available in commercial tenants might not be accessible in government tenants while other features take time to roll out in government tenant. We recommend that you have the understanding of the Teams apps and its capabilities supported in government tenants to ensure effective utilization.
Important
Microsoft 365 Connectors (previously called Office 365 Connectors) are nearing deprecation, and the creation of new Microsoft 365 Connectors will soon be blocked. For more information on the schedule and how the Workflows app provides a more flexible and secure experience, see retirement of Microsoft 365 connectors within Microsoft Teams.
How can you create a webhook in Teams?
To automatically post to a chat or channel when a webhook request is received, use the predefined workflow templates or create a workflow from scratch using the When a Teams webhook request is received trigger. For more information, see post a workflow when a webhook request is received in Microsoft Teams..
For more information about the When a Teams webhook request is received trigger, see Microsoft Teams - Webhook.
If you've already built Office 365 Connectors:
Create a Power Automate connector: Power Automate enhances the widely used Workflows apps in Teams. It's the scalable and secure approach to transmit data programmatically into and out of Teams. If you adopt this method, you can create workflow templates for posting alerts from your product to Teams channels. This approach simplifies user adoption of the new method. For more information, see Power Automate for enterprise developers, ISVs, and partners.
Update your Teams app: You can enhance your current Teams app. For example, you can enable users to set up proactive messages based on trigger events within your system. For more information, see how bots can post to channels through proactive messages.
Known issues
- Workflows app can't post in private channels as a flow bot. However, it can post on behalf of a user.
- Workflows support Adaptive Cards only. It doesn't support the older message card format that Office 365 Connectors use. Workflows don't support using the message card format. For more information, see how to convert connector message card format to Adaptive Card.
- Workflows don't offer third-party connectors such as DataDog and Jenkins.
- Workflows can only be created in your default environment.
Limitations
Workflows are linked only to specific users (referred to as owners of the workflow) and not to a Teams team or channel. Workflows can become orphan flows in the absence of an owner if no co-owners assigned. To maintain continuity in the business process automated by the flow, admins can add one or more co-owners and grant them full control over the workflow. They can also add authentication for connections, if any, and enable the flow if it has been disabled. For more information, see manage orphan flows.
The following table details the Teams apps and its capabilities for GCC, GCC High, and DoD:
| GCC | GCC High | DoD | |
|---|---|---|---|
| Apps | |||
| Apps built by Microsoft | ✔️ | ✔️ | ✔️ |
| Third-party apps | ✔️ | ❌ | ❌ |
| Custom apps built for your org (LOB apps) distributed and used in specific organization | ✔️ | ✔️ | ✔️ |
| Upload a custom app | ✔️ | ❌ | ❌ |
| App capabilities | |||
| Tabs | ✔️ | ✔️ | ✔️ |
| Bots | ✔️ | ✔️ | ✔️ |
| Message extensions | ✔️ | ✔️ | ✔️ |
| Message actions | ✔️ | ✔️ | ✔️ |
| Cards: Adaptive, Hero, Thumbnail, Microsoft 365 connector, Receipt, Sign in, and OAuth cards | ✔️ | ✔️ | ✔️ |
| Dialogs (referred as task modules in TeamsJS v1.x) | ✔️ | ✔️ | ✔️ |
| Link unfurling | ✔️ | ✔️ | ✔️ |
| Meeting extensions | ✔️ | ✔️ | ✔️ |
| Webhooks and connectors | ✔️ | ✔️ | ❌ |
| Workflows | ✔️ | ❌ | ❌ |
| Experiences | |||
| Teams Store | ✔️ | ✔️ | ✔️ |
| In-context Teams Store or app flyouts | ✔️ | ✔️ | ✔️ |
| Manage apps in Teams | ✔️ | ✔️ | ✔️ |
| Manage apps in Teams Admin Center | ✔️ | ✔️ | ✔️ |
| Graph APIs | ✔️ | ✔️ | ✔️ |
| Developer Portal for Teams | ✔️ | ❌ | ❌ |
For more information on Graph API, see Graph API for Government clouds.
Note
- Third-party apps are turned off by default for GCC and aren't available for GCC High and DoD. To turn on third-party apps for GCC, see manage org-wide app settings for Microsoft 365 Government.
- GCC High supports Incoming Webhooks only.
Plan to deploy Teams in government clouds
To deploy Teams in GCC, GCC High, or DoD, you must purchase a suitable Microsoft 365 Government plan. US federal, state, local or tribal government entity, or other entities that handle data subject to government regulations can opt for a government cloud service license. For more information, see Teams for Government.
Compliance with third-party services
Here are few pointers to consider while connecting with third-party services from government clouds:
- Understand that by enabling third-party communication, the communication is processed through the third party and not Microsoft.
- Understand that enabling bots extend your system boundary beyond this tenant, and is based on the bot you choose to use. You must ensure that the bot meets the compliance requirements including FedRAMP, DFARS, and ITAR.
- Understand that Microsoft doesn't endorse and makes no warranties concerning the security of third parties that the customer allows to connect with their service.
- Mitigate risks associated with connecting to third-party bots in their services.
- Evaluate the risk and compliance of any endpoint and URL that the users connect to.
See also
Platform Docs