Host Microsoft Defender data locally in Switzerland

We are pleased to announce that local data residency support in Switzerland is now generally available for Microsoft for Endpoint and Microsoft for Identity. This announcement demonstrates our commitment to providing customers with the highest levels of security and compliance by offering services that are aligned to local data sovereignty requirements. Swiss customers can now confidently onboard to Defender for Endpoint and Defender for Identity in Switzerland, knowing that their data at rest will remain within Swiss boundaries, which ensures that customers in Switzerland can meet their regulatory obligations and maintain control over their data.

Defender products are now available in the US, the EU, the UK and Australia.

Configure Microsoft Defender for Endpoint with local data hosted in Switzerland.

Prerequisites

  1. Your EntraID tenant needs to be set to Switzerland, so the Microsoft Defender for Endpoint tenant will also be provisioned in this geo.
    1. jcelischarry_10-1715277115002.png
  2. To access the GoLocal Geo instance in Switzerland, you need to ensure each device is onboarded using Streamlined Connectivity for devices on their (see Enable access to Microsoft Defender for Endpoint service URLs in the Proxy Server for further details).

I am a new Defender for Endpoint customer:

  1. Once the EntraID tenant is created, access the Security Portal (https://security.microsoft.com) and continue with the onboarding in the GoLocal geo.
  2. Once that process is completed, the Microsoft Defender for Endpoint / Microsoft Defender XDR tenant should be located in the GoLocal geo.
    1. Confirmation: In the portal, go to Settings -> Microsoft Defender XDR-> Account; and see where the service is storing your data at rest.
    2. For example: in the image below, the service location for this Microsoft Defender XDR demo tenant is Switzerland.
    3. jcelischarry_11-1715277191280.png
  3. However, if the location of the data at rest is in one of the current service locations of US/UK/EU/AU, then a tenant reset needs to be requested via Microsoft Customer Support (see next section).

I am a Defender for Endpoint customer with existing tenants in geographies different from the Swiss GoLocal Geo and want to move to the local Geo in Switzerland.

Existing customers have to request a tenant reset by contacting the Microsoft Customer Support. Support can be reached by clicking on the “?” top right in the portal when signed in as an Admin. If you are a Microsoft Unified support customer, please reach out to your Customer Success Account Manager to support you in the process.

jcelischarry_12-1715277240501.png

Microsoft Defender for Endpoint will store and process data in the same location as used by Microsoft Defender XDR. If Microsoft Defender XDR has not been turned on yet, onboarding to Microsoft Defender for Endpoint will also turn on Microsoft Defender XDR and a new data center location is automatically selected based on the location of active Microsoft 365 security services. More details Set up Microsoft Defender for Endpoint deployment – Microsoft Defender for Endpoint | Microsoft Lear…

Configure Microsoft Defender for Identity data to be hosted in Switzerland

Prerequisites

 EntraID tenant needs to be set to Switzerland, so the Microsoft Defender for Identity workspace would be provisioned in this geo as well.

 

jcelischarry_14-1715277356943.png

I am a new Microsoft Defender for Identity customers

  1. Once the EntraID tenant is created, access the Security Portal (https://security.microsoft.com) and continue with the Microsoft Defender for Identity workspace onboarding in the GoLocal geo.
  2. The previous point is required because when a Microsoft Defender for Identity workspace is created, it is created in the Azure region closest to the customer's EntraID tenant location. See Microsoft Defender for Identity frequently asked questions – Microsoft Defender for Identity | Micro….

jcelischarry_15-1715277421487.png

I am a Defender for Identity customer with existing tenants in geographies different from the Swiss GoLocal Geo and want to move to the local Geo in Switzerland.

Existing customers have to request a workspace reset by contacting the Microsoft Customer Support. Support can be reached by clicking on the “?” top right in the portal when signed in as an Admin. If you are a Microsoft Unified support customer, please reach out to your Customer Success Account Manager to support you in the process.

With both our Endpoint Detection and Response, as well as our Identity and Response (ITDR) products now available for local data residency in Switzerland, we are giving more organizations the ability to meet local data sovereignty requirements, while deploying the best security solutions for their estate.

 

This article was originally published by Microsoft's Defender for Endpoint Blog. You can find the original article here.