Previous articles discussed the importance of knowing where your data is located, and a simple way to determine which services are available to you in your country or region. Today we will demonstrate a more technical way to validate where your data is at rest, and where services are being delivered from.
In an effort to share this information with you, we spent some time looking at different ways to see where a given tenant is hosted. After some research and testing, we discovered a couple of methods to help narrow down the search and identify your tenant’s hosting facilities.
WARNING: THESE METHODS ARE FOR THE INTERMEDIATE TO ADVANCED ADMINISTRATOR AND SHOULD NOT BE ATTEMPTED UNLESS YOU ARE COMFORTABLE WITH POWERSHELL. WE STRONGLY RECOMMEND BACKING UP YOUR DATA BEFORE ATTEMPTING TO USE POWERSHELL IN ANY CAPACITY. INFINITE IT CANNOT BE HELD RESPONSIBLE FOR ANY ISSUES YOU CAUSE TO YOUR HOSTED ENVIRONMENT AS A RESULT OF FOLLOWING THESE STEPS. WHEN IN DOUBT, CONTACT AN EXPERT.
The first step is to remote into Exchange Online. Once you have a remote session open, launch PowerShell.
In PowerShell, use the following command: Get -OrganizationalUnit
You should see something like: “The OrganizationalUnit was listed as Can002a001.prod.outlook.com/Microsoft Exchange Hosted Organizations/abccorp.onmicrosoft.com
The OrganizationID was Can002a001.prod.outlook.com/Microsoft Exchange Hosted Organizations/abccorp.onmicrosoft.com – Can002a001.prod.outlook.com/ConfigurationUnits/abccorp.onmicrosoft.com/Configuration”
Then try: Get-OrganizationConfig
You should see something like: “The DistinguishedName was CN=Configuration,CN=abccorp.onmicrosoft.com,CN=ConfigurationUnits,DC=CAN002A001,DC=prod,DC=outlook,DC=com
The ObjectCategory was CAN002A001.prod.outlook.com/Configuration/Schema/ms-Exch-Configuration-Unit-Container
The OriginatingServer was QCPR02A001DC01.CAN002A001.prod.outlook.com”
The naming conventions may be slightly different but what you are looking for are the following flags:
- The fact that it states CAN in the OrganizationalUnit tells you that data is at rest in Canada
- The fact that it states CAN in the OrganizationConfig is indicative of your services being run out of Canada
- Taking a look at your email headers as well should match up to these variables, which validates that services are running through the Canadian data centres (it’s one thing to see a message header occasionally with the Canadian data centres in the header, but that can change on the fly if you do not have your tenant set up as Canada – this process validates that)
Do the same thing for your SharePoint instance, and that will tell you as well where your SharePoint portal is located.
Another little trick is to use the following command: Get-MSOLCompanyInformation
This tells you the CountryLetterCode… you can technically see similar information in the Office Admin Portal (visit https://portal.office.com/adminportal/home#/homepage)
This portal has a plethora of tools and shortcuts – you need to get familiar with this admin portal as the latest updated in 2017 have made this tool a real asset to any administrator.
Stay tuned for our next Blog Entry that will discuss Canadian law and PIPEDA.