Hi there, I have a scenario with Azure Storage Accounts enabled with GRS and private endpoints and Microsoft Defender for Storage malware scanning configured. The scan results are sent to a custom Event Grid topic via the scanResultsEventGridTopicResourceId property.
Scenario details:
Storage account is GRS enabled.
Defender for Storage is configured to send scan results to a custom Event Grid topic in the primary region.
The storage account fails over to the secondary region (planned or unplanned).
A secondary Event Grid topic exists in the new primary region.
My question:
After failover, is it supported to update the scanResultsEventGridTopicResourceId to point to the secondary region Event Grid topic?
Will Defender accept the new topic post-failover?
Are there any undocumented constraints for region, private endpoints, or system topics during failover?
What happens to the system topics and existing event subscriptions tied to the storage account after failover?
I want to understand the best practices for DR when handling Defender scan results via Event Grid in multi-region setups.
Thanks in advance!