Microsoft Defender data can now be hosted locally in Australia

Update – 11/7/2023 – support for Microsoft 365 , Microsoft for Endpoint, and Microsoft for Identity data residency in Australia is now Generally Available.

We are pleased to announce that Microsoft Defender for Endpoint, Microsoft 365 Defender and Microsoft Defender for Identity now support data residency in Australia and is now generally available. This announcement demonstrates our commitment to providing customers with the highest levels of security and compliance by offering services that are aligned to local data sovereignty requirements. Customers can now confidently onboard to Microsoft Defender for Endpoint, Microsoft 365 Defender and Microsoft Defender for Identity in Australia, knowing that their data at rest will remain within Australian boundaries. This ensures that Australian customers can meet their regulatory obligations and maintain control over their data, while benefiting from the advanced threat detection and response capabilities of Microsoft Defender for Endpoint, Microsoft 365 Defender and Microsoft Defender for Identity. We are excited to share this new addition and look forward to your feedback.

How to configure Microsoft Defender data to be hosted in Australia

  1. Start by determining where the existing Microsoft 365 Defender portal is located.

    1. In the portal, go to Settings -> Microsoft 365 Defender -> Account and see where the service is storing your data at rest.
    2. For example: in the image below, the service location for this tenant is Europe.
      jcelischarry_0-1692192538485.jpeg
  2. If the service is storing your data in Australia, you are done! However, if it is in one of the traditional service locations of US/UK/EU, then a tenant reset/shift needs to be requested via Customer Service and Support (CSS) – see below for further details.
  3. To access the Australia instance, you need to ensure the new set of Microsoft Defender for Endpoint target URLs are accessible (see Configure device proxy and Internet connection settings | Microsoft Learn) from devices on your .
  4. For the tenant reset, you will need to contact CSS where they will walk you through the process.
    1. IMPORTANT – the tenant reset process is destructive. All existing data for Microsoft Defender for Endpoint and Microsoft 365 Defender in your current tenant will be deleted; for example, alerts, incidents, settings and configurations.
    2. Prior to requesting the tenant reset:
      • Remove any existing integrations with products and services that have been enabled on the tenant (e.g., Intune).
      • Save the off-boarding .
  5. Request the tenant reset/shift via CSS.
  6. When the reset process is completed, check the new location of Microsoft 365 Defender; The service will be storing your data at rest in Australia.
  7. Devices can now be onboarded to the new tenant and those removed integrations can be restored. As noted below, re-onboarding is the best option for Windows devices – just use the onboarding script from the portal and run over the top of any device previously onboarded to old tenant. No need to off-board first.
  8. For the onboarded devices the table below describes the action(s) needed for each OS Platform:


OS Platform Action Needed
Windows 10/11 , Server 2019 and later, 2008R2/2012R2/2016 with the Unified Agent Use Re-Onboarding from new Portal* or Offboard  and Onboard
macOS, Reinstall and onboard with the new onboarding script.
MMA based – 2008R2/2012R2/2016 , Windows 7/8.1 (Defender for Endpoint workspace) Replace the workspace configuration with the one from the new portal
MMA based – Windows Server 2008R2/2012R2/2016 (Defender for Cloud workspace) No action is needed. Defender for Cloud will automatically push the data to the new OrgId.

*This option is possible since the new onboarding script will contain a “PreviousOrg” field with the value of the OrgId before the reset.

Important: A restart is required for the changes to take effect.

 

This article was originally published by Microsoft's Defender for Endpoint Blog. You can find the original article here.