Forum Discussion
Disaster Recovery Design for Microsoft Sentinel
I would like to know if there is a recommended design for disaster recovery of Sentinel SIEM like placing another Log Analytic workspace in a paired region. then pointing the DR servers to report to ...
Remember that the underlying storage and platform is highly available, and more so in Azure Regions with Availability Zones. Microsoft did have a preview a while back (two years???) to look at allowing a customer to perform a failover from one region/workspace to another, but it was paused.
If you want VM's and a Active/Active capability you can multi-home to two workspaces at once, however that will double your costs (so maybe only protect critical VM's that way?).
Note, not all resources allow this capability, but VMs with AMA (Windows and Linux) do allow multi-homing, or just Windows with the MMA deployed)
Thanks for the feedback Clive!