kentoh - Fotolia

Manage Learn to apply best practices and optimize your operations.

Multi-geo service tackles Office 365 data residency issues

Admins often deal with data residency requirements with separate tenants in geographic regions. A multi-geo feature looks to remove this complex setup for some Office 365 services.

Many modern enterprises have workers in offices spread all over the world. While there are numerous advantages to a multinational organization, the complexities of managing the data generated by a global workforce can vex even the most adept Office 365 administrator.

When the admin creates the Office 365 tenant, the Exchange Online mailboxes reside in a specific geographic region determined by the organization's billing address. The mailboxes may be replicated to different data centers within that geographic region. To meet data residency requirements, organizations can create multiple Office 365 tenancies in different geographic regions, but this increases overall administrative complexity.

To address these Office 365 data residency needs and streamline how businesses handle them, Microsoft designed what it calls multi-geo capabilities. With multi-geo, organizations that use Exchange Online can store a mailbox in one of multiple geographic regions within a single Office 365 tenancy.

Here is some information on the multi-geo feature and its configuration for Office 365 data residency.

Multi-geo comes with restrictions

As of publication, the multi-geo feature is in a selective preview stage for Exchange Online and OneDrive for Business. Microsoft plans to release it into general availability for those services in the first half of 2018. The company intends to add multi-geo to SharePoint Online with a preview expected in the first half of 2018. Microsoft said it might add this capability to other Office 365 apps, such as Microsoft Teams, but it has not given any timelines.

However, the multi-geo service comes with restrictions. For example, the India and South Korea geographic regions are only available to organizations with licenses and billing addresses there. Other regions, such as France, are not yet available.

Microsoft recommends an organization with questions about the multi-geo feature talk to its Microsoft account team. The company has yet to unveil licensing details for the service.

Multi-geo introduces new terminology

Home geo is the term Microsoft uses for the geographic region where the Office 365 tenancy was created. Regions that the organization adds later are known as satellite geos. The multi-geo feature provisions new mailboxes in the home geo by default, but admins can start them in a satellite geo.

The organization can move existing mailboxes between home and satellite geos. This operation should not adversely affect workers because the mailboxes will remain in the same Office 365 tenancy, and the Autodiscover service automatically locates the user's mailbox in the background. However, Microsoft said the multi-geo service does not support Exchange public folders, which must reside in the home geo.

Organizations should monitor the Microsoft Office 365 roadmap for changes in support of the multi-geo service.

PowerShell cmdlets adjust regions

In organizations where directory synchronization hasn't been deployed, administrators can use two PowerShell cmdlets to set configuration parameters for the multi-geo feature.

Admins can use the Set-MsolCompanyAllowedDataLocation cmdlet from the Azure Active Directory (AD) PowerShell module to set up the additional geographic regions in the Office 365 tenant.

The Set-MsolUser cmdlet features a PreferredDataLocation parameter to specify the geographic region that will store the user's Exchange Online mailbox and OneDrive for Business files. A user account can only have one PreferredDataLocation for those services.

Considerations with directory synchronization

Businesses that have deployed directory synchronization and run a hybrid configuration of Exchange, where some mailboxes are stored on premises and others in Exchange Online, need a new version of Azure AD Connect to support the multi-geo feature. Azure AD Connect synchronizes an on-premises AD user account custom attribute into the PreferredDataLocation attribute in Azure AD.

The admin sets up the geographic region of the user's Exchange Online mailbox with the AD on-premises custom attribute. After the value is synchronized with Azure AD, Exchange Online uses that setting to place the mailbox in the proper region. This enables admins to adjust settings in on-premises AD accounts to control the geographical region of Exchange Online mailboxes.

Next Steps

Keep Office 365 data secure

Microsoft adds data loss prevention features across services

Back up Office 365 before disaster strikes

Dig Deeper on Office 365 and Microsoft SaaS setup and management