[pimlottc]

They're almost certainly not using the same version as the general public. Most major service providers have a specific version for government with additional controls and restrictions and have undergone certification through FedRAMP, including Microsoft:

https://www.microsoft.com/en-us/microsoft-365/government

Some other examples:

- AWS GovCloud https://aws.amazon.com/govcloud-us/

- Google Workspace for Government https://workspace.google.com/industries/government/

- GovSlack https://slack.com/solutions/govslack

- Atlassian Government Cloud https://www.atlassian.com/government

[bigfatkitten]

Or in some cases, different (but overall worse) controls to meet FedRAMP requirements, and much less security monitoring or active testing than the commercial environment.