Office 365 Multi-Geo eDiscovery configuration

By default, an eDiscovery Manager or Administrator of a multi-geo tenant will be able to conduct eDiscovery only in the central location of that tenant. To support the ability to conduct eDiscovery for satellite locations, a new Compliance Security Filter parameter called “Region” is available via PowerShell.

The Office 365 global administrator must assign eDiscovery Manager permissions to allow others to perform eDiscovery and assign a “Region” parameter in their applicable Compliance Security Filter to specify the region for conducting eDiscovery as satellite location, otherwise no eDiscovery will be carried out for the satellite location.

When the eDiscovery Manager or Administrator role is set for a particular satellite location, the eDiscovery Manager or Administrator will only be able to perform eDiscovery search actions against the SharePoint sites and OneDrive sites located in that satellite location. If an eDiscovery Manager or Administrator attempts to search SharePoint or OneDrive sites outside the specified satellite location, no results will be returned. Also, when the eDiscovery Manager or Administrator for a satellite location triggers an export, data is exported to the Azure instance of that region. This helps organizations stay in compliance by not allowing content to be exported across controlled borders.

Note

If it's necessary for an eDiscovery Manager to search across multiple SharePoint satellite locations, another user account will need to be created for the eDiscovery Manager which specifies the alternate satellite location where the OneDrive or SharePoint sites are located.

Geo location Code eDiscovery data location
Asia-Pacific APC Southeast or East Asia datacenters
Australia AUS Southeast or East Asia datacenters
Canada CAN US datacenters
Europe / Middle East / Africa EUR Europe datacenters
France FRA Europe datacenters
India IND Southeast or East Asia datacenters
Japan JPN Southeast or East Asia datacenters
Korea KOR Southeast or East Asia datacenters
North America NAM US datacenters
South Africa ZAF (Coming soon)
United Arab Emirates ARE (Coming soon)
United Kingdom GBR Europe datacenters

To set the Compliance Security Filter for a Region:

  1. Open Windows PowerShell

  2. Enter
    $s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid -Credential $cred -Authentication Basic -AllowRedirection -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)

    $a = Import-PSSession $s -AllowClobber  

  3. New-ComplianceSecurityFilter -Action ALL -FilterName EnterTheNameYouWantToAssign -Region EnterTheRegionParameter -Users EnterTheUserPrincipalName

    For Example: New-ComplianceSecurityFilter -Action ALL -FilterName NAMEDISCOVERYMANAGERS -Region NAM -Users adwood@contosodemosx.onmicrosoft.com

See the New-ComplianceSecurityFilter article for additional parameters and syntax