When a federal agency or other regulated company needs software, the issue of security, control and compliance always comes up. DynamicPoint’s suite of products, including Customer and Vendor Portals, EasyAP365 – AP Invoice Automation, and EasyEXP365 – Employee Expense Management, are built on the Microsoft 365 platform and can be deployed directly into a customer’s Azure GCC High / Microsoft 365 environment. Using this self-hosting configuration, our applications fall outside the scope of FedRAMP as they are used for a single agency’s operations. In addition, all the data is being stored utilizing an underlying cloud platform that holds a FedRAMP High Provisional Authority to Operate (P-ATO).
Microsoft Azure, FedRAMP and Applications
Microsoft has extended FedRAMP High coverage to its Azure GCC offerings as well as Microsoft 365. Agencies and vendors can use Azure’s FedRAMP High P-ATO as a foundation for their own applications. This significantly reduces the work required to maintain compliance with software applications that are built within this environment. Keep in mind that responsibility is always shared, while Azure can provide a FedRAMP authorized cloud provider, the application owner must configure and document the controls that apply to the application.
How DynamicPoint leverages Azure
- Deploy into the agency’s tenant / Azure subscription
DynamicPoint’s products are built on the Microsoft 365 framework (including SharePoint, Power Automate, Power Apps, Entra ID, etc.). This design enables customer hosted deployments where Portal, EasyAP365, and EasyEXP365 run in the agency’s own Microsoft 365 tenant and Azure subscription (including GCC or GCC High). Self-hosting in the customer’s environment means the agency:
- Keeps data inside its own tenant and maintains full data sovereignty
- Retains direct control over backups, access controls, logging, and monitoring
- Can leverage Azure GCC or GCC High services as the underlying platform
- Will qualify under the FedRAMP exception of “Information systems that are only used for a single agency’s operations, hosted on cloud infrastructure or platform, and are not offered as a shared service or do not operate with a shared responsibility model”
- Built on Microsoft 365 means familiarity
DynamicPoint apps are implemented using Microsoft 365 components, including SharePoint lists, Power Automate workflows, connectors to ERP systems, and Microsoft identity (Entra ID). This add-on model has practical security benefits:
- Proven control coverage: Microsoft has already documented how key platform services map to FedRAMP/High controls, so the application owner can reference existing platform attestations rather than inventing new justifications.
- Standardized identity and access: Using Entra ID (Azure AD) makes it straightforward to apply enterprise MFA, conditional access, privileged access review, and role-based access controls that agencies will expect in a software solution.
- Familiar configuration and audit resources: Because the app is built on managed Microsoft services, auditors can review familiar logs and audits rather than a proprietary stack.
- Customer controlled integrations
DynamicPoint’s integrations (ERP connections, OCR, workflows, app permissions) are deployed and configured inside the customer environment. That means agencies can:
- Place network and data controls around integrations.
- Keep sensitive keys and credentials in agency-controlled Azure Key Vaults.
- Ensure audit trails flow into agency SIEMs (Azure Monitor, Microsoft Sentinel) for continuous monitoring.
These deployment choices simplify the agency’s risk assessment and reduce third-party data exposure.
What this looks like for each DynamicPoint product
- Customer and Vendor Portal – Deploy the portal into your Microsoft 365 SharePoint tenant and host any custom services or connectors in your Azure subscription (or Azure Government). The portal’s content, authentication, and access controls are under the agency’s management, and the user interface is securely provided by a SharePoint extranet.
- EasyAP365 (Invoice Automation) – Invoice receipt, OCR, and workflow run on Microsoft 365 components and Azure services in the customer subscription. ERP integrations and storage remain under agency control, simplifying security and mitigating risk.
- EasyEXP365 (Expense Management) – Expense entry, approvals, and reporting operate inside Microsoft 365 and integrate into ERP systems via connectors configured in the customer Azure environment. Approval workflows use Power Automate, while identity management leverages Entra ID, which are both well-vetted for FedRAMP compliance.
Advantages to government customers
- Data sovereignty and agency control – Customers run the apps in their tenant/subscription (including Azure Government/GCC where required), so sensitive data never leaves the agency’s control.
- Transparency – Self-hosting avoids black-box SaaS applications, where control, logging, or data locality are ambiguous. Agencies retain the ability to configure and audit everything they need to meet their policies.
- Build on a trusted platform – Using Microsoft 365 components give evaluators a known set of controls to examine during any security assessment, rather than unfamiliar or proprietary.
Summary
Deploying Portal, EasyAP365, and EasyEXP365 inside an agency’s Microsoft 365 tenant and Azure subscription is an economical, compliance-minded approach in meeting a government agency’s software requirements. It gives agencies stronger control over data and integrations, reduces the infrastructure assessment burden, and leverages well-documented Microsoft 365 platform controls to simplify audits. For government customers who must balance automation with strict regulatory requirements, DynamicPoint’s Microsoft 365-native, customer-tenant deployment model is a strong differentiator versus vendor-hosted alternatives.
If you are interested in learning more about our three applications that can be deployed to your agency environment, please click on the product page buttons below:
