What does multi-geo mean for Microsoft 365?
Multinational companies with offices around the world often have needs to store their employee data at-rest in specific regions to meet data residency requirements. Storing data in close proximity to the source of the data is also mandated by laws and regulations in multiple countries. To facilitate communication, enterprises are adopting cloud-based collaboration tools like Microsoft 365 (M365), which store employee data in emails, attachments, and files.
How Microsoft helps to enable multi-geo capabilities
Microsoft allows M365 customers to enable multi-geo capabilities in their tenant. By enabling multi-geo capabilities on the tenant, companies have a single M365 tenant that spans across multiple data center geographies (geos), and have full control over where the data is stored. This means customers have a central data location (where its billing address is associated) and multiple satellite locations across the globe. Currently, M365 multi-geo is supported for Exchange, OneDrive and SharePoint workloads.
In a multi-geo tenant, information about geolocations, groups, and locations is mastered in Azure active directory (AD). Administrators use service admin centers to manage geo locations and more information on this, including details on licensing and locations worldwide, can be found in Microsoft’s documentation. You will need to reach out to a Microsoft account representative to enable this feature at your tenant.
Enabling data locations
Exchange and OneDrive
In a multi-geo tenant, users are assigned to a primary data location (PDL) where data is stored. For new users, their Exchange mailbox and OneDrive will be set up in that location. For existing users, Exchange data will be moved to the new location, but an additional step is needed for OneDrive to migrate to the new location. Microsoft provides the ability to change user data location and will move data from one location to another when a user changes locations via multiple powershell commands. Examples of these commands can be seen below.
- Set-MsolUser -UserPrincipalName firstname.lastname@example.org -PreferredDataLocation JPN
- Start-SPOUserAndContentMove -UserPrincipalName email@example.com -DestinationDataLocation JPN
- Get-SPOUserAndContentMoveState -UserPrincipalName firstname.lastname@example.org
Let’s take a look at how multi-geo capabilities work for SharePoint sites. Management of the multi-geo feature is available through the SharePoint admin center. Detailed information on this can be found in this Microsoft blog post.
When a user creates a SharePoint site in a multi-geo environment, the user’s PDL is used to determine the location where the site is created. If no PDL is set for the user, the site will be created in the central location. If the user’s PDL changes and there is a need to move the site to the new location, powershell commands can be triggered to move the site from one location to another.
Below are the powershell commands to move SharePoint sites to a specific location.
Sites with no associated groups
- Start-SPOSiteContentMove -SourceSiteUrl <siteURL> -DestinationDataLocation <DestinationDataLocation> -DestinationUrl <DestinationSiteURL>
Sites associated to a group
- Set-SPOUnifiedGroup -PreferredDataLocation <PDL> -GroupAlias <GroupAlias>
- Get-SPOUnifiedGroup -GroupAlias <GroupAlias>
- Start-SPOUnifiedGroupMove -GroupAlias <GroupAlias> -DestinationDataLocation <DestinationDataLocation>
- Get-SPOUnifiedGroupMoveState -GroupAlias <GroupAlias>
Find more information from Microsoft here.
Data residency should be transparent to the end-user. Irrespective of where data resides, users should be able to access the data from whichever location in the Microsoft 365 portal. Data residency requirements should be opaque to the customer and for administrators who manage the totality of the data.
Storing data in regional locations allows multinational businesses to assign locations to Microsoft 365 users, storing data in the right jurisdictions to meet GDPR and other related compliance requirements.
Druva and multi-geo
Druva also allows customers to store their data in their most accessible geolocation, enabling compliance with data residency requirements. Druva picks up PDL information from the Microsoft 365 environment associated with the user account and applies it to the customer’s Druva storage instances. Additionally, administrators can change data storage location from Druva Cloud UI. Please note that multi-geo capabilities are provided to the customer for ensuring data residency requirements and not for performance improvements. With this capability, customers have peace of mind that their data follows the rules and regulations of the country in question.
Exchange and OneDrive
As an example, for a user with a PDL in Australia (AUS), a storage location will be created in AUS data centers and all backup data will be stored there. If a user moves to another location, the administrator has the capability to assign a new storage location and the new backups will be stored automatically in the newly assigned data location.
SharePoint and Teams
Druva also now supports multi-geo capabilities for SharePoint and Teams sites. A multi-geo storage mapping feature can map storage locations to associated PDLs. This feature also automatically discovers all the sites (SharePoint and Teams’ sites) from each geolocation, identifies new geolocations, and automates storage assignment. Read the Druva release notes for more information on this functionality.
Azure AD integration with Druva inSync
With Druva’s integration with Azure AD for Microsoft 365 protection, users can be imported directly from your Azure AD instance. This simplifies the management of M365 users in Druva inSync as PDL information is imported directly from Azure AD and mapped to specific storage locations.
In short, Druva inSync provides support for the protection of customer Microsoft 365 data, including SharePoint and Teams data for multi-geo tenants. This enhanced functionality delivers central visibility and management across all remote sites, enabling systems administrators to meet their data residency requirements. With this support, inSync provides customers with the following:
- Automatic discovery at all sites (SharePoint and Teams data) from each geolocation
- Automatic identification for new geolocations enabled in Microsoft 365 tenants
- Automatic storage assignment for discovered sites and unconfigured sites from all mapped geolocations
As a 100% SaaS offering, Druva reduces complexity and cost by eliminating the hassles of hardware and software, and enables customers to rest easy knowing the product will always update automatically with new and improved functionality.
Striving to consistently update our products and provide the best user experience possible, Druva is highlighting some of its recent enhancements and product updates in our new and ongoing “What’s new” blog series. Read the previous blog for an in-depth look at recent enhancements for data center workloads, and register for a free demonstration to witness data protection for the cloud era in action.