You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
title: BCDR recommendations for working with Microsoft Sentinel
2
+
title: BCDR Recommendations for Working With Microsoft Sentinel
3
3
description: Learn about Business Continuity and Disaster Recovery (BCDR) in Microsoft Sentinel, including availability zones and cross-region disaster recovery strategies.
4
4
author: batamig
5
5
ms.author: bagol
@@ -16,67 +16,66 @@ ms.collection: usx-security
16
16
17
17
# Business continuity and disaster recovery for Microsoft Sentinel
18
18
19
-
This article describes reliability support in Microsoft Sentinel and covers both regional resiliency with availability zones and cross-region resiliency with business continuity and disaster recovery (BCDR). While this article is mainly directed at Microsoft Sentinel customers working in the Azure portal, this guidance also covers data currently covered by Azure services after having onboarded to the [Microsoft Defender portal](/unified-secops-platform/overview-unified-security).<!--last sentence i added-->
19
+
This article describes reliability support in Microsoft Sentinel and covers both regional resiliency with availability zones and cross-region resiliency with business continuity and disaster recovery (BCDR). While this article is mainly directed at Microsoft Sentinel customers working in the Azure portal, this guidance also covers data currently managed by Azure services after onboarding to the [Microsoft Defender portal](/unified-secops-platform/overview-unified-security).
20
20
21
21
For more information, see [Azure reliability](/azure/well-architected/resiliency/).
22
22
23
23
## Availability zone support
24
24
25
-
Availability zones are physically separate groups of data centers within each region. When one zone fails, services can fail over to one of the remaining zones.
25
+
Availability zones are physically separate groups of data centers within each region. When one zone fails, services fail over to one of the remaining zones.
26
26
27
-
Microsoft Sentinel uses availability zones in regions where they're available to provide high-availability protection for your applications and data from data center failures.
27
+
Microsoft Sentinel uses availability zones in regions where they're available to provide highavailability protection for your applications and data from data center failures.
28
28
29
29
For more information, see [What are availability zones?](/azure/reliability/availability-zones-overview).
30
30
31
31
## Cross-region disaster recovery
32
32
33
-
Disaster recovery (DR) is about recovering from high-impact events, such as natural disasters or failed deployments that result in downtime and data loss. Regardless of the cause, the best remedy for a disaster is a well-defined and tested DR plan and an application design that actively supports DR. Before you begin to think about creating your disaster recovery plan, see [Recommendations for designing a disaster recovery strategy](/azure/well-architected/reliability/disaster-recovery).
33
+
Disaster recovery (DR) is about recovering from high-impact events, such as natural disasters or failed deployments that result in downtime and data loss. Regardless of the cause, the best remedy for a disaster is a well-defined and tested DR plan and an application design that actively supports DR. Before you create your disaster recovery plan, see [Recommendations for designing a disaster recovery strategy](/azure/well-architected/reliability/disaster-recovery).
34
34
35
-
When it comes to DR, Microsoft uses the [shared responsibility model](/azure/reliability/concept-shared-responsibility). In a shared responsibility model, Microsoft ensures that the baseline infrastructure and platform services are available. At the same time, many Azure services don't automatically replicate data or fall back from a failed region to cross-replicate to another enabled region. For those services, customers are responsible for setting up a disaster recovery plan that works for their environment. <!--changed from workload-->Most services that run on Azure platform as a service (PaaS) offerings provide features and guidance to support DR and you can [use service-specific features](/azure/reliability/reliability-guidance-overview) to support fast recovery to help develop your DR plan.
35
+
When it comes to DR, Microsoft uses the shared responsibility model. In this model:
36
36
37
-
In the unlikely event of a full region outage, customers have the option of using one of two strategies:
37
+
- Microsoft ensures that the baseline infrastructure and platform services are available.
38
+
- Many Azure services don't automatically replicate data or fall back from a failed region to cross-replicate to another enabled region. For those services, customers are responsible for setting up a disaster recovery plan that works for their environment.
38
39
39
-
-**Manual recovery:** Manually deploy to a new region, or wait for the region to recover, and then manually redeploy all environments and apps.
40
-
-**Resilient recovery:** First, deploy your container apps in advance to multiple regions. Next, use Azure Front Door or Azure Traffic Manager to handle incoming requests, pointing traffic to your primary region. Then, should an outage occur, customers can redirect traffic away from the affected region. For more information, see [Cross-region replication in Azure](/azure/reliability/cross-region-replication-azure).
40
+
Most services that run on Azure platform as a service (PaaS) offerings provide features and guidance to support DR. You can [use service-specific features](/azure/reliability/reliability-guidance-overview) to support fast recovery and help develop your DR plan.
41
41
42
-
<!--removed business continuity from title - here we only talk about dr-->
42
+
For more information, see [Shared responsibility for reliability](/azure/reliability/concept-shared-responsibility).
43
43
44
44
## BCDR implementation for Microsoft Sentinel
45
45
46
-
Microsoft Sentinel uses Microsoft best practices for resiliency, safe deployment, and BCDR with Azure Availability Zones (AZs).
46
+
Microsoft Sentinel uses Microsoft's best practices for resiliency, safe deployment, and BCDR with Azure Availability Zones (AZs).
47
47
48
-
To support BCDR in case of a regional outage, Microsoft Sentinel employs a customer-enabled BCDR approach, which means that customers are responsible for setting up disaster recovery. To ensure continuous business operations, customers must configure their Microsoft Sentinel environment in an active-active or mirrored fashion across the two paired regions relevant to them, depending on the cloud environment.
48
+
To support BCDR in case of a regional outage, Microsoft Sentinel uses a customer-enabled BCDR approach, which means customers are responsible for setting up disaster recovery. To ensure continuous business operations, customers must configure their Microsoft Sentinel environment in an active-active (mirrored) fashion across the two paired regions relevant to them, depending on the cloud environment.
49
49
50
50
Customer-enabled BCDR involves:
51
51
52
52
- Creating two identical Log Analytics workspaces enabled for Microsoft Sentinel in the appropriate regions. For more information, see [Quickstart: Onboard Microsoft Sentinel](quickstart-onboard.md).
53
53
- Ensuring that the same data sources, analytic rules, and all other settings and configurations are mirrored between the regions, and maintained consistently throughout the continuous operations of these workspaces.
54
54
55
-
These activities must be done manually by the customer and do not happen automatically.
55
+
These activities must be done manually by the customer and don't happen automatically.
56
56
57
-
A customer-enabled BCDR setup ensures that if an Azure regional outage occurs in one of the customer's regions, the other paired region, which is geographically and physically separate from the impacted region, will remain unaffected. As a result, continuous business operations can proceed without any downtime or data loss.
57
+
A customer-enabled BCDR setup ensures that if an Azure regional outage occurs in one of the customer's regions, the other paired region, which is geographically and physically separate from the impacted region, remains unaffected. As a result, continuous business operations can proceed without any downtime or data loss.
58
58
59
59
## Regional and cloud support
60
60
61
61
The following table describes the recommended actions for setting up BCDR in different regions and cloud environments:
62
62
63
63
|Cloud type |Guidance |
64
64
|---------|---------|
65
-
|Public | We recommend that customers outside of Europe create one workspace in their local region and another in any of the supported European regions. |
66
-
|Azure Government | We recommend that customers in US government clouds create one workspace in Arizona and another in Virginia. |
67
-
|Air-gapped clouds | We recommend that customers in air-gapped US government clouds create one workspace in USSEC East and another workspace in USSEC West, or in USNAT East and USNAT West. |
65
+
|**Public**| We recommend customers outside of Europe create one workspace in their local region and another in any of the supported European regions. |
66
+
|**Azure Government**| We recommend customers in US government clouds create two workspaces, one in each of their relevant regions. For details about air-gapped clouds, contact your account team.|
68
67
69
-
For more information, see [Geographical availability and data residency in Microsoft Sentinel](geographical-availability-data-residency.md).
68
+
For more information, see [Geographical availability and data residency in Microsoft Sentinel](geographical-availability-data-residency.md).
70
69
71
-
The following geographical regions are not currently supported for the customer-enabled BCDR approach described in this artice:
70
+
The following geographical regions are not currently supported for the customer-enabled BCDR approach described in this article:
72
71
73
-
- EU customers, due to EUDB compliance limitations
74
-
- Israel
75
-
- Azure China 21Vianet
72
+
- EU customers due to EUDB compliance limitations.
73
+
- Israel.
74
+
- Azure China 21Vianet.
76
75
77
76
## Related content
78
77
79
78
For more information, see:
80
79
81
-
-[Geographical availability and data residency in Microsoft Sentinel](geographical-availability-data-residency.md)
82
-
-[Microsoft Sentinel feature support for Azure commercial/other clouds](feature-availability.md)
80
+
-[Geographical availability and data residency in Microsoft Sentinel](geographical-availability-data-residency.md)
81
+
-[Microsoft Sentinel feature support for Azure commercial / other clouds](feature-availability.md)
0 commit comments