Skip to main content
McAfee Enterprise MVISION Cloud

Multi-Geo Model for Office 365

Multi-Geo capability in Office 365 allows you to organize users and their data to spread across multi-geographic regions using a single Office 365 tenant. You have the flexibility to choose the country or region where each employee’s Office 365 data is stored at-rest. This promotes businesses to meet their global data residency goals and digitally transform with Office 365.

Create a single global tenant for the entire organization, so all users can access their data regardless of their locations. You can create tenant in your home data center region and add more satellite regions as they expand. For more details, see Microsoft 365 Multi-Geo.

MVISION Cloud supports the Multi-geo capabilities for SharePoint and OneDrive. 

NOTE: To support the multi-geo environment in MVISION Cloud, enable Office 365 Multi-Geo feature in your MVISION Cloud tenant. For details, contact MVISION Cloud Support

Configure Multi-Geo feature for Office 365 in MVISION Cloud

You can enable a multi-geo environment for Office 365 applications such as SharePoint, and OneDrive in MVISION Cloud.

Configure Multi-Geo for OneDrive 

Multi-Geo for OneDrive allows security admin to create and configure a OneDrive service instance in MVISION Cloud to monitor activities of users in specific geo for DLP and Activity Monitoring. DLP is supported both in near real-time and on-demand scan modes.

For example, say "myorg" is a multinational corporation located in 3 different regions: Headquarters in Canada and branches in the European Union and Australia. A group of OneDrive users of the organization has selected the preferred location as Canada, so OneDrive Account data is stored in this region. To monitor the OneDrive Account location, you need to create and configure instances for that specific region.  

IMPORTANT:

  • MVISION Cloud monitors the OneDrive account for multiple preferred regions only when a separate service instance of OneDrive is created for each region.
  • The activities of users who are assigned to the preferred data location are monitored for DLP and Activity Monitoring.

To configure OneDrive instance for the preferred data location:

  1. Login to MVISION Cloud as admin.
  2. Go to Settings > Service Management.
  3. From the Service Management page, click Add Service Instance to add OneDrive instance, and enter an Instance Name
  4. Select the OneDrive instance from the Services list. (If no services are listed, contact MVISION Cloud Support for help.)
  5. Under Setup, click Enable to enable API access. 
    clipboard_e18c84c4273f1061142792ff3839e34e5.png
  6. On the Enable API Review Prerequisites page, review the prerequisites, and then click the checkbox to confirm that you have completed the prerequisites. Click Next
    clipboard_e870e299ba7d9cbce7a74496a88a783d7.png
  7. On the Enable API page, click Provide API Credentials.
    clipboard_e79b0e5d1ffdc867c13680531a5eada2c.png
  8. Enter the preferred region's Geo Administrator Email and click Submit. 
    clipboard_ed0bc8cc70f4fe9038da8931e83276e50.png
    The multi geo location is configured successfully with OneDrive. 

NOTE: If the admin has more than one geo-location assigned for administrative purposes, McAfee Enterprise considers the 'preferred data location' (PDL) of the administrator as the geo that needs to be monitored.

Configure Multi-Geo for SharePoint

Multi-Geo for SharePoint allows security admin to create and configure a SharePoint service instance in MVISION Cloud to monitor SharePoint sites in specific geo for DLP and Activity Monitoring. DLP is supported both in near real-time and on-demand scan modes.

IMPORTANT:

  • MVISION Cloud monitors the SharePoint sites for multiple regions only when a separate service instance of SharePoint is created for each region.
  • The SharePoint sites that are assigned to the preferred data location are monitored for DLP and Activity Monitoring.

To configure SharePoint instance for the preferred data location:

  1. Login to MVISION Cloud as admin.
  2. Go to Settings > Service Management.
  3. From the Service Management page, click Add Service Instance to add SharePoint instance, and enter an Instance Name
  4. Select the SharePoint instance from the Services list. (If no services are listed, contact MVISION Cloud Support for help.)
  5. Under Setup, click Enable to enable API access. 
    clipboard_e791dc72739da9c55eacc9cf5c11ea9f5.png
  6. On the Enable API Review Prerequisites page, review the prerequisites, and then click the checkbox to confirm that you have completed the prerequisites. Click Next
    clipboard_e870e299ba7d9cbce7a74496a88a783d7.png
  7. On the Enable API page, click Provide API Credentials.
    clipboard_e79b0e5d1ffdc867c13680531a5eada2c.png
  8. Enter the preferred region's Geo Administrator Email and SharePoint admin center URL and click Submit.
    clipboard_e4a06cdbed297bf59821c723b6e69c04f.png
    The multi geo location is configured successfully with SharePoint. 

NOTE: If the admin has more than one geo-location assigned for administrative purposes, McAfee Enterprise considers the 'preferred data location' (PDL) of the administrator as the geo that needs to be monitored.

Multi-Geo for Exchange Online and Microsoft Teams

As of 5.2.1, it is not possible to monitor a specific geo/region of Exchange Online and Microsoft Teams from a service instance in MVISION Cloud.

When the security admin configures a service instance in MVISION Cloud for Exchange Online or Teams, user activities across all regions/geo-locations are monitored for DLP and Activity Monitoring by default from that service instance. 

  • Was this article helpful?