The Department of Defense (DoD) decommissioned its Commercial Virtual Remote (CVR) solution this month and has already transitioned almost 70,000 organizations to its new Microsoft Office 365 environment with enhanced cybersecurity features, known as DoD 365 Joint (DoD365-J), DoD officials said today.
Since CVR’s decommission on June 15, the DoD has transferred about 67,000 mail boxes, including non-person entities, to DoD365-J, according to Caroline Bean, program director of the Defense Enterprise Office Solution (DEOS) at the Defense Information Systems Agency (DISA). Over the next few months, Bean said the DoD expects 200,000 to be transferred.
“This became a DISA-wide effort. We started by migrating our own components onto DoD365-J and this became the blueprint for migrating future agencies and combatant commands to Microsoft 365,” Bean said during GDIT Emerge: Defense Cloud on June 23.
“This included coordinating with boundary cloud access points and establishing connectivity to our tenants, installing exchange hyper servers to support mail migration, conducting modeling and simulation to identify potential network issues, optimizing network component settings, and updating our desktops and mobile devices. All while coordinating with our customers to prepare them for migration,” she added.
According to Bean, agencies and organizations transferred to DoD365-J so far include the Defense Contract Management Agency, Joint Service Provider, Defense Finance Accounting Service, Defense Health Agency, and the U.S. Strategic Command.
DoD365-J has served as a successful solution for on-site and remote office work, fulfilling needs that CVR couldn’t meet, according to Danielle Metz, deputy CIO for information enterprise at DoD.
“CVR filled a mission critical need during a time of crisis, but it was never a perfect solution for the department for three main routes reasons,” Metz said during GDIT Emerge today.
The first reason, according to Metz, was because CVR “was not a complete integral productivity and collaboration tool suite” and didn’t integrate with other important DoD applications. The second, Metz said was “because CVR was established in such a tumultuous time, it was not a mandatory enterprise application,” therefore not every DoD employee had equal access to CVR. The final and most important reason, according to Metz, was “the ubiquitous access to CVR and the large-scale demand for its capabilities introduced new cybersecurity risks that needed to be fully assessed and mitigated.”
According to Metz, due to “the unique challenges of telework during the pandemic and to allow time for the department to stand up a more permanent solution,” CVR received a security waiver that expired on June 15, which is why CVR was scheduled to be decommissioned on that date.
“Still, CVR served as a catalyst for the department and the development of the DoD365 is certainly informed by our experiences with CVR – especially in terms of workforce needs for mobility and remote capabilities,” Metz said.
Although DoD365-J has received “positive feedback” regarding user experience and the onboarding process so far, Bean acknowledged that “no migration is perfect.”
“Our job is certainly not done,” Bean said. “Our DEOS user engagement teams continue to assist organizations with licensing requests, local network and desktop configurations, and developing migration plans to prepare for the transition to Microsoft 365.”