For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-sai.md. A documentation index is available at /llms.txt.

Storage accounts should have geo-redundant storage enabled

azure.storage

Description

Geo-redundant storage (GRS) replicates data to a geographically separate secondary region, providing high availability against regional outages. Storage accounts without geo-replication risk permanent data loss if the primary region experiences a catastrophic failure.

Enabling geo-redundant storage increases costs due to cross-region data replication. Evaluate cost against business continuity requirements when remediating.

Remediation

In the Azure portal, change the storage account redundancy to a geo-redundant option (GRS, RA-GRS, GZRS, or RA-GZRS) under the Data management > Redundancy settings. See Azure Storage redundancy.