Multi-Geo Capabilities in Exchange Online
Multi-Geo Capabilities in Office 365 enable a single tenant to span multiple geographic locations. When multi-geo is enabled, customers can select the location of Exchange Online mailbox content (data at rest) on a per-user basis.
Your initial tenant location (referred to as the central location) is determined based on your billing address. When multi-geo is enabled, you can place mailboxes in additional satellite locations by:
Creating a new Exchange Online mailbox directly in a satellite location.
Moving an existing Exchange Online mailbox into a satellite location.
Onboarding a mailbox from an on-premises Exchange organization directly into a satellite location.
The following geo locations are available for use in a Multi-Geo configuration:
Before you can start using Multi-Geo capabilities in Exchange Online, Microsoft needs to configure your Exchange Online tenant for multi-geo support. This one-time configuration process is triggered after you order Office 365 Multi-Geo and the licenses show up in your tenant. This one-time configuration process should typically take less than 30 days to complete. To order Office 365 Multi-Geo, contact your Microsoft representative. For more information, see https://aka.ms/Multi-Geo.
You'll receive notifications in the Office 365 message center when your configuration has completed. Configuration is automatically triggered once your multi-geo licenses show up in your tenant.
Mailbox placement and moves
After Microsoft completes the prerequisite multi-geo configuration steps, Exchange Online will honor the PreferredDataLocation attribute on user objects in Azure AD.
Exchange Online synchronizes the PreferredDataLocation property from Azure AD into the MailboxRegion property in the Exchange Online directory service. The value of MailboxRegion determines the Geo where user mailboxes and any associated archive mailboxes will be placed. It is not possible to configure a user's primary mailbox and archive mailboxes to reside in different geo locations. Only one geo location may be configured per user object.
When PreferredDataLocation is configured on a user with an existing mailbox, the mailbox will be put into a relocation queue and automatically moved to the specified geo location.
When PreferredDataLocation is configured on a user without an existing mailbox, the mailbox will be provisioned into the specified geo location.
When PreferredDataLocation is not specified on a user, the mailbox will be placed in the central location.
If the PreferredDataLocation code is incorrect (e.g. a type of NAN instead of NAM), the mailbox will be placed in the central location.
Note: multi-geo capabilities and Skype for Business Online regionally hosted meetings both use the PreferredDataLocation property on user objects to locate services. If you configure PreferredDataLocation values on user objects for regionally hosted meetings, the mailbox for those users will be automatically moved to the specified geo location after multi-geo is enabled on the Office 365 tenant.
Feature limitations for Multi-Geo in Exchange Online
Only user mailboxes, resource mailboxes (room and equipment mailboxes), and shared mailboxes support multi-geo features. Public Folder Mailboxes and Office 365 Groups remain in the central location.
Security and compliance features (for example, auditing and eDiscovery) that are available in the Exchange admin center (EAC) aren't available in multi-geo organizations. Instead, you need to use the Office 365 Security & Compliance Center to configure security and compliance features.
Outlook for Mac users may experience a temporary loss of access to their Online Archive folder while you move their mailbox to a new geo location. This condition occurs when the user's the primary and archive mailboxes are in different geo locations, because cross-Geo mailbox moves may complete at different times.
Users can't share mailbox folders across geo locations in Outlook on the web (formerly known as Outlook Web App or OWA). For example, a user in the European Union can't use Outlook on the web to open a shared folder in a mailbox that's located in the United States. However, Outlook on the Web users can open other mailboxes in different Geos by using a separate browser window as described in Open another person’s mailbox in a separate browser window in Outlook Web App.
Note: Cross-geo mailbox folder sharing is supported in Outlook on Windows.
Remote PowerShell is required to view and configure multi geo properties in your Office 365 environment. For information on various PowerShell modules used to administer Office 365, see Managing Office 365 and Exchange Online with Windows PowerShell.
You need the Microsoft Azure Active Directory PowerShell Module v188.8.131.52 or later in v1.x to see the PreferredDataLocation property on user objects. User objects synchronized via AAD Connect into AAD cannot have their PreferredDataLocation value directly modified via AAD PowerShell. Cloud-only user objects can be modified via AAD PowerShell. To connect to Azure AD PowerShell, see Connect to Office 365 PowerShell.
To connect to Exchange Online PowerShell, see Connect to Exchange Online PowerShell.
Connect directly to a specific Geo using Exchange Online PowerShell
Typically, Exchange Online PowerShell will connect to the default geo location. But, you can also connect directly to non-default geo locations. Because of performance improvements, we recommend connecting directly to the non-default geo location when you only manage users in that geo location.
To connect to a specific Geo, the ConnectionUri parameter is different than the regular connection instructions. The rest of the commands and values are the same. The steps are:
On your local computer, open Windows PowerShell and run the following command:
$UserCredential = Get-Credential
In the Windows PowerShell Credential Request dialog box, type your work or school account and password, and then click OK.
<emailaddress>with the email address of any mailbox in the target geo location and run the following command. Your permissions on the mailbox and the relationship to your credentials in Step 1 are not a factor; the email address simply tells Exchange Online where to connect.
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell?email=<emailaddress> -Credential $UserCredential -Authentication Basic -AllowRedirection
For example, if email@example.com is the email address of a valid mailbox in the Geo you want to connect, run the following command:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://firstname.lastname@example.org -Credential $UserCredential -Authentication Basic -AllowRedirection
Run the following command:
Azure AD Connect version requirements
AAD Connect version 1.1.524.0 or later is the only supported method for setting the PreferredDataLocation property on user objects that are synchronized from on-premises Active Directory. User objects synchronized via AAD Connect into AAD cannot have their PreferredDataLocation value directly modified via AAD PowerShell. Cloud-only user objects can be modified via AAD PowerShell. For detailed instructions, see Azure Active Directory Connect sync: Configure preferred data location for Office 365 resources.
You use three-letter codes to specify the Geo in the PreferredDataLocation property. The following table lists the codes for the available Geos:
Note: The PreferredDataLocation and MailboxRegion properties are strings with no error checking. If you enter an invalid value (for example, NAN) the mailbox will be placed in the default Geo.
View the available Geos that are configured in your Exchange Online organization
To see the list of configured Geos in your Exchange Online organization, run the following command in Exchange Online PowerShell:
Get-OrganizationConfig | Select -ExpandProperty AllowedMailboxRegions | Format-Table
The output of the command looks like this:
APC AUS CAN EUR FRA GBR JPN KOR NAM
View the default Geo for your Exchange Online organization
To view the default geo of your Exchange Online organization, run the following command in Exchange Online PowerShell:
Get-OrganizationConfig | Select DefaultMailboxRegion
The output of the command looks like this:
DefaultMailboxRegion -------------------- NAM
Find the Geo location of a mailbox
The Get-Mailbox cmdlet in Exchange Online PowerShell displays the following multi-geo related properties on mailboxes:
Database: The first 3 letters of the database name correspond to the Geo code, which tells you where the mailbox is currently located. For Online Archive Mailboxes the ArchiveDatabase property should be used.
MailboxRegion: Specifies the geo location code that was set by the admin (synchronized from PreferredDataLocation in Azure AD).
MailboxRegionLastUpdateTime: Indicates when MailboxRegion was last updated (either automatically or manually).
To see these properties for a mailbox, use the following syntax:
Get-Mailbox -Identity <MailboxIdentity> | Format-List Database,MailboxRegion*
For example, to see the Geo information for the mailbox email@example.com, run the following command:
Get-Mailbox -Identity firstname.lastname@example.org | Format-List Database, MailboxRegion*
The output of the command looks like this:
Database : EURPR03DG077-db007 MailboxRegion : EUR MailboxRegionLastUpdateTime : 2/6/2018 8:21:01 PM
Note: If the geo location code in the database name doesn't match MailboxRegion value, the mailbox will be automatically be put into a relocation queue and moved to the geo location specified by the MailboxRegion value (Exchange Online looks for a mismatch between these property values).
Move an existing cloud-only mailbox to a specific Geo
A cloud-only user is a user not syncrhonized to the tenant via AAD Connect. This user was created directly in Azure AD. Use the Get-MsolUser and Set-MsolUser cmdlets in the Azure AD Module for Windows PowerShell to view or specify the Geo where a cloud-only user's mailbox will be stored.
To view the PreferredDataLocation value for a user, use this syntax in Azure AD PowerShell:
Get-MsolUser -UserPrincipalName <UserPrincipalName> | Format-List UserPrincipalName,PreferredDataLocation
For example, to see the PreferredDataLocation value for the user email@example.com, run the following command:
Get-MsolUser -UserPrincipalName firstname.lastname@example.org | Format-List
The output of the command looks like this:
UserPrincipalName : email@example.com PreferredDataLocation : EUR
To modify the PreferredDataLocation value for a cloud-only user object, use the following syntax in Azure AD PowerShell:
Set-MsolUser -UserPrincipalName <UserPrincipalName> -PreferredDataLocation <GeoCode>
For example, to set the PreferredDataLocation value to the European Union (EUR) geo for the user firstname.lastname@example.org, run the following command:
Set-MsolUser -UserPrincipalName email@example.com -PreferredDataLocation EUR
As mentioned previously you cannot use this procedure for synchronized user objects from on-premises Active Directory. You need to change the PreferredDataLocation value using AAD Connect. For more information, see Azure Active Directory Connect sync: Configure preferred data location for Office 365 resources.
How long it takes to relocate a mailboxfrom its current geo to the new desired geo location depends on several factors:
The size and type of mailbox.
The number of mailboxes being moved.
The availability of move resources.
Move disabled mailboxes that are on Litigation Hold
Disabled mailboxes on Litigation Hold that are preserved for eDiscovery purposes cannot be moved by changing their PreferredDataLocation value in their disabled state. To move a disabled mailbox on litigation hold:
Temporarily assign a license to the mailbox.
Change the PreferredDataLocation.
Remove the license from the mailbox after it has been moved to the selected geo location to put it back into the disabled state.
Create new cloud mailboxes in a specific Geo
To create a new mailbox in a specific geo location, you need to do either of these steps:
Configure the PreferredDataLocation value as described in the previous section before the mailbox is created in Exchange Online. For example, configure the PreferredDataLocation value on a user before assigning a license.
Assign a license at the same time you set the PreferredDataLocation value.
To create a new cloud-only licensed user (not AAD Connect synchronized) in a specific Geo, use the following syntax in Azure AD PowerShell:
New-MsolUser -UserPrincipalName <UserPrincipalName> -DisplayName "<Display Name>" [-FirstName <FirstName>] [-LastName <LastName>] [-Password <Password>] [-LicenseAssignment <AccountSkuId>] -PreferredDataLocation <GeoCode>
This example create a new user account for Elizabeth Brunner with the following values:
User principal name: firstname.lastname@example.org
First name: Elizabeth
Last name: Brunner
Display name Elizabeth Brunner
Password: randomly-generated and shown in the results of the command (because we're not using the Password parameter)
License: contoso:ENTERPRISEPREMIUM (E5)
Location: Australia (AUS)
New-MsolUser -UserPrincipalName email@example.com -DisplayName "Elizabeth Brunner" -FirstName Elizabeth -LastName Brunner -LicenseAssignment contoso:ENTERPRISEPREMIUM -PreferredDataLocation AUS
For more information about creating new user accounts and finding LicenseAssignment values in Azure AD PowerShell, see Create user accounts with Office 365 PowerShell and View licenses and services with Office 365 PowerShell.
Note: If you are using Exchange Online PowerShell to enable a mailbox and need the mailbox to be created directly in the Geo that's specified in PreferredDataLocation, you need to use an Exchange Online cmdlet such as Enable-Mailbox or New-Mailbox directly against the cloud service. If you use the Enable-RemoteMailbox on-premises Exchange cmdlet, the mailbox will be created in the default Geo.
Onboard existing on-premises mailboxes in a specific Geo
You can use the standard onboarding tools and processes to migrate a mailbox from an on-premises Exchange organization to Exchange Online, including the Migration dashboard in the EAC, and the New-MigrationBatch cmdlet in Exchange Online PowerShell.
The first step is to verify a user object exists for each mailbox to be onboarded, and verify the correct PreferredDataLocation value is configured in Azure AD. The onboarding tools will respect the PreferredDataLocation value and will migrate the mailboxes directly to the specified Geo.
Or, you can use the following steps to onboard mailboxes directly in a specific geo location using the New-MoveRequest cmdlet in Exchange Online PowerShell.
Verify the user object exists for each mailbox to be onboarded and that PreferredDataLocation is set to the desired value in Azure AD. The value of PreferredDataLocation will be synchronized to the MailboxRegion attribute of the corresponding mail user object in Exchange Online.
Connect directly to the specific satellite Geo using the connection instructions from earlier in this topic.
In Exchange Online PowerShell, store the on-premises administrator credentials that's used to perform a mailbox migration in a variable by running the following command:
$RC = Get-Credential
In Exchange Online PowerShell, create a new New-MoveRequest similar to the following example:
New-MoveRequest -Remote -RemoteHostName mail.contoso.com -RemoteCredential $RC -Identity firstname.lastname@example.org -TargetDeliveryDomain <YourAppropriateDomain>
Repeat step #4 for every mailbox you need to migrate from on-premises Exchange to the satellite location you are currently connected to.
If you need to migrate additional mailboxes to a different satellite location, repeat steps 2 through 4 for each specific satellite location.
Multi-Geo Usage Reports in the Office 365 admin center displays the user count by geo location. The report displays user distribution for the current month and provides historical data for the past 6 months.