OneDrive and SharePoint Multi-Geo


Office 365 Multi-Geo provides an answer for many multinational companies who must meet local policies regarding local data residency. Or perhaps there are different levels of need, such as one office requiring local data residency while another may not. Multi-Geo enables a single Office 365 tenant to span across multiple Office 365 datacentre geographies (Geos) while addressing the needs of clients who may be required or need to keep data locally. The greater need that is addressed with Office 365 Multi-Geo is the ability for international satellite offices to collaborate with each other on a global scale.

Multi-Geo affects two types of data:  user attached resources, such as user mailboxes and OneDrive; and shared resources, such as SharePoint Team Sites and Office 365 Groups, which includes shared sites and shared mailboxes.

Multi-Geo is available in 3 geographical locations: North America, Europe and Australia. By enabling your tenant to be Multi-Geo, you could extend your tenant into nine potential geos. These nine geos include Asia-Pacific, Australia, Canada, European Union, India, Japan, UK, US, South Korea. Additional geos will be launched in the future, including France. At the time of writing, services available in Multi-Geo include Exchange Online (in preview), OneDrive for Business (in preview), and SharePoint Online (in development).

Because Office 365 Multi-Geo is a single tenant spanning across multiple geos, rolling out globally is very straightforward in the Global Admin Centre. Once your tenant is Multi-Geo enabled, open PowerShell where you will specify the:

ServiceType – which service do you want to extend such as Exchange, SharePoint or Skype For Business

Location – where you want to extend the content to (which geo will you extend to)

InitialDomain – what content do you want to extend to the geo. Because data in SharePoint and OneDrive, as it is provisioned, must be addressable by a URL, the InitialDomain specifies the URL for the content to reach the extended geo.  

Once executed, the system will refresh and update the URL for all affected users in the extended geos.  

Office 365 Multi-Geo: Common Foundations and Concepts

There are 3 basic concepts for the Admin and these are:

AllowedDataLocation: tenant level property that specifies the allowed geos for Office 365 applications. New and additional geos will not show up automatically and this setting will need to be set up initially or when Microsoft releases new locations.  

PreferredDataLocation (PDL): user-level property that specifies the location of Mailbox and OneDrive with one PDL assigned per user. On the user objects, configure PDL in Azure AD. This information will then flow into Exchange and OneDrive resulting in users mailboxes and OneDrives to be placed in their respective locations.

Azure AD Connect Tool: used to configure PDL, for On-prem AD, on synchronized user objects.

Exchange Online Multi-Geo: Mail & Calendar

Multi-Geo for Exchange Online has been in development for many years and had been implemented since it was first developed. Based upon these capabilities in Exchange Online, it is continuing to evolve. In Exchange Online, the global front-end service, single namespace, allowed service access via outlook.office.com and already multi-geo being the point of connection for the client to Exchange Online. With Office 365 Multi-Geo, you can now select where the users’ data is stored in the background.

Auto-discovery of mailbox location was implemented in On-Prem sites whereby Outlook automatically connected a user to their mailbox. In Office 365 Multi-Geo, auto-discovery automatically connects the user’s mailbox when they are moved from one geo location to another. For an end user, this will be like magic as this functionality runs in the background and is invisible to them.

Having a central site with multiple geos requires a standardization such as a single view Exchange Tenant Configuration. Stored in the Exchange Directory, the recipient information and tenant configuration ensure that the view of the tenant configuration is the same regardless of which geo you are accessing it from.

There are several Admin advantages with Multi-Geo when it comes to mailboxes. First, new mailboxes can be provisioned directly into a specified Geo. Second, existing Office 365 mailboxes can be moved into a specific Geo without disrupting the end user. Lastly, existing Exchange On-prem mailboxes can be on-boarded to a specific Geo.

From the end user’s perspective, Office 365 Multi-Geo is mostly invisible for both mail and calendar.  

OneDrive Multi-Geo: Files

OneDrive Multi-Geo

What is a OneDrive Multi-Geo? The central location for the satellites will have SharePoint Online, OneDrive for Business, and Exchange Online. The structure for the whole organization includes one global Azure Active Directory. Having a single tenant allows management of all users for the whole organization, regardless of where they are located. For each satellite location that the central location extends to, access to OneDrive for Business Multi-Geo and Exchange Online is given when the user is assigned their mailbox and OneDrive.

OneDrive Multi-Geo: Admin Centre

There is a separate OneDrive Admin Centre for each Geo because OneDrive is URL based. In the OneDrive Admin Centre, you will be able to see whose OneDrive is where, which will streamline the unlocking for the rollout of OneDrive. Another advantage of having separate OneDrives per Geo is the management of OneDrive settings. By having separate Admin Centres, the settings can be specified for each Geo.

In terms of licensing and other aspects of managing user aspects, one can access the Global Office 365 Portal Centre. Here, user-specific aspects such as passwords can be managed.

OneDrive Multi-Geo: Geo Users

The Geo user does not know that they are a Multi-Geo user. Once a user launches their app on the browser, they are automatically redirected to the Geo that they have been assigned to by the Admin. For the mobile client, Office Client, and OneDrive sink client, the user only needs to enter their email address. The Client is Geo-aware and will automatically connect the user to the corresponding OneDrive in the correct Geo.

Office 365 Multi-Geo: Delve, Profile, and Unified Auditing

How does the Delve experience look like when there are multiple users collaborating from different Geos? A user will see all the signals from all the users across the Geos, including their own Geo.

From a security compliance perspective, Unified Auditing allows the Admin to see a single unified view of all the activities that have occurred in your Multi-Geo tenant, regardless of what the user has done or where the content resides. The activities log can be exported or filtered according to the data that you require.

SharePoint Online Multi-Geo: Sites and Groups

The major difference between OneDrive Multi-Geo and SharePoint Online Multi-Geo is that SharePoint Online Multi-Geo satellites will have the full SharePoint Online experience. This includes SharePoint Online, OneDrive for Business Multi-Geo, Exchange Online and Skype for Business. Team Sites and Office 365 Groups can be created in the satellite Geos in SharePoint Online Multi-Geo.

SharePoint Online Multi-Geo

SharePoint Online Multi-Geo: Admin Centre

Each Geo will be having its own Admin Centre. In the Admin Centre, you will be able to create Team Sites in that particular Geo. To create a Team Site in a specific Geo, you must first navigate to it and then create the Team Site. Otherwise, it will create that Team Site in whichever location are you currently in.

Another consideration is the sharing policy for data residency. As each Geo location may have its own requirements for data residency, the sharing policy can be configured for each Geo independently of the central location as well as with other satellites. If the same policy is to apply across all Geos, then in PowerShell you have the capability to push this policy across all Geos.

Each Geo is identifiable by a user, an Admin, or a compliance officer, based on its unique URL. Because you will choose the namespace for the URL for your SharePoint Admin Centre, it is important to consider how and what you will name this URL.

Data Loss Prevention (DLP) Policies can be created and applied to specific Geos. To These types of policies can be created by going to the Security Compliance Centre. Once created, they can then be applied to a specific Geo’s OneDrive Site, SharePoint Site or mailbox in that site. Each Geo can have its own security compliance policy.

Microsoft has continued to develop and evolve Office 365 Multi-Geo by integrating IT Admin best practices, shared services, and ensuring an invisible and seamless product for end-users. Office 365 Multi-Geo delivers OneDrive as well as SharePoint Online with a single global tenant, which provides centralized control over satellite locations, and each Geo has the capabilities to be customized for its local policies on data residency and policies. Office 365 Multi-Geo is meeting the demands of on the go collaboration across continents and its users.

  • Monday, February 12, 2018 By : Mike Maadarani    0 comment