Skip to main content
McAfee Enterprise MVISION Cloud

Multi-Geo Model for Office 365

Multi-Geo capability in Office 365 allows organizations to organize and users and their data to spread across multi geographic regions using a single Office 365 tenant. Organizations have the flexibility to choose the country or region where each employee’s Office 365 data is stored at-rest. This promotes businesses to meet their global data residency goals and digitally transform with Office 365.

A single global tenant is used by the entire organization, so all users are able to access their data regardless of their locations. An organization can create tenant in their home datacenter region and add additional satellite regions as they expand. For more details, see Microsoft 365 Multi-Geo.

MVISION Cloud supports the Multi-geo capabilities for SharePoint and OneDrive. 

NOTE: To support the multi-geo environment in MVISION Cloud, your McAfee Enterprise MVISION Cloud tenant should have Office 365 Multi-Geo feature enabled. To enable your multi-geo feature, contact MVISION Cloud Support

Configure Multi-Geo feature for Office 365 in MVISION Cloud

This section describes how to enable a multi-geo environment for various Office 365 applications such as SharePoint, and OneDrive in MVISION Cloud.

Configure Multi-Geo for OneDrive 

Multi-Geo for OneDrive allows security admin to create and configure an OneDrive service instance in MVISION Cloud to monitor activities of users in specific geo for DLP and Activity Monitoring. DLP is supported both in near real-time and on-demand scan modes.

For example, say "myorg" is a multinational corporation located in 3 different regions: Headquarters in Canada and branches in the European Union and Australia. A group of OneDrive users of the organization has selected the preferred location as Canada, so OneDrive Account data is stored in this region. To monitor the OneDrive Account location, you need to create and configure instances for that specific region.  

IMPORTANT:

  • MVISION Cloud monitors the OneDrive account for multiple preferred regions only when a separate service instance of OneDrive is created for each region.
  • The activities of users who are assigned to the preferred data location are monitored for DLP and Activity Monitoring.

To configure OneDrive instance for the preferred data location:

  1. Login to MVISION Cloud as admin.
  2. Go to Settings > Service Management.
  3. From the Service Management page, click Add Service Instance to add OneDrive instance, and enter an Instance Name
  4. Select the OneDrive instance from the Services list. (If no services are listed, contact MVISION Cloud Support for help.)
  5. Under Setup, click Enable to enable API access. 
    clipboard_e18c84c4273f1061142792ff3839e34e5.png
  6. On the Enable API Review Prerequisites page, review the prerequisites, and then click the checkbox to confirm that you have completed the prerequisites. Click Next
    clipboard_e870e299ba7d9cbce7a74496a88a783d7.png
  7. On the Enable API page, click Provide API Credentials.
    clipboard_e79b0e5d1ffdc867c13680531a5eada2c.png
  8. Enter the preferred region's Geo Administrator Email and click Submit. 
    clipboard_ed0bc8cc70f4fe9038da8931e83276e50.png
    The multi geo location is configured successfully with OneDrive. 

NOTE: If the admin has more than one geo-location assigned for administrative purposes, McAfee Enterprise will consider the 'preferred data location' (PDL) of the administrator as the geo and that needs to be monitored.

Configure Multi-Geo for SharePoint

Multi-Geo for SharePoint allows security admin to create and configure a SharePoint service instance in MVISION Cloud to monitor SharePoint sites in specific geo for DLP and Activity Monitoring. DLP is supported both in near real-time and on-demand scan modes.

IMPORTANT:

  • MVISION Cloud monitors the SharePoint sites for multiple regions only when a separate service instance of SharePoint is created for each region.
  • The SharePoint sites that are assigned to the preferred data location are monitored for DLP and Activity Monitoring.

To configure SharePoint instance for the preferred data location:

  1. Login to MVISION Cloud as admin.
  2. Go to Settings > Service Management.
  3. From the Service Management page, click Add Service Instance to add Sharepoint instance, and enter an Instance Name
  4. Select the SharePoint instance from the Services list. (If no services are listed, contact MVISION Cloud Support for help.)
  5. Under Setup, click Enable to enable API access. 
    clipboard_e791dc72739da9c55eacc9cf5c11ea9f5.png
  6. On the Enable API Review Prerequisites page, review the prerequisites, and then click the checkbox to confirm that you have completed the prerequisites. Click Next
    clipboard_e870e299ba7d9cbce7a74496a88a783d7.png
  7. On the Enable API page, click Provide API Credentials.
    clipboard_e79b0e5d1ffdc867c13680531a5eada2c.png
  8. Enter the preferred region's Geo Administrator Email and SharePoint admin center URL and click Submit.
    clipboard_e4a06cdbed297bf59821c723b6e69c04f.png
    The multi geo location is configured successfully with SharePoint. 

NOTE: If the admin has more than one geo-location assigned for administrative purposes, McAfee Enterprise will consider the 'preferred data location' (PDL) of the administrator as the geo and that needs to be monitored.

Multi-Geo for Exchange Online and Microsoft Teams

As of 5.2.1, it is not possible to monitor a specific geo/region of Exchange Online and Microsoft Teams from a service instance in MVISION Cloud.

When security admin configures a service instance in MVISION Cloud for Exchange Online or Teams, activities of users across all regions/geo-locations are monitored for DLP and Activity Monitoring by default from that service instance. 

  • Was this article helpful?