vaults
Summary
Details
Ensure static IP addresses in Site Recovery VM failover settings are available in failover subnet
Impact: High Category: Disaster Recovery
APRL GUID: e93bb813-b356-48f3-9bdf-a06a0a6ba039
Description:
Ensure VM failover settings' static IP addresses are available in the failover subnet to maintain consistent IP assignment during failover, with the target VM receiving the same static IP if it's available or the next available IP otherwise. IP adjustments can be made in VM Network settings.
Potential Benefits:
Smooth failover IP management
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Validate VM functionality with a Site Recovery test failover to check performance at target
Impact: High Category: Disaster Recovery
APRL GUID: 17e877f7-3a89-4205-8a24-0670de54ddcd
Description:
Perform a test failover to validate your BCDR strategy and ensure that your applications are functioning correctly in the target region without impacting your production environment. Test your Disaster Recovery plan periodically without any data loss or downtime, using test failovers.
Potential Benefits:
Ensures BCDR plan accuracy and VM performance
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// Find all VMs where replication has been enabled but Test Failover was never performed
recoveryservicesresources
| where type == "microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems"
| where properties.providerSpecificDetails.dataSourceInfo.datasourceType == 'AzureVm' and isnull(properties.lastSuccessfulTestFailoverTime)
| project recommendationId="17e877f7-3a89-4205-8a24-0670de54ddcd" , name = properties.providerSpecificDetails.recoveryAzureVMName, id=properties.providerSpecificDetails.dataSourceInfo.resourceId
Migrate from classic alerts to built-in Azure Monitor alerts for Azure Recovery Services Vaults
Impact: Medium Category: Monitoring and Alerting
APRL GUID: 2912472d-0198-4bdc-aa90-37f145790edc
Description:
Classic alerts for Recovery Services vaults in Azure Backup will be retired on 31 March 2026.
Potential Benefits:
Enhanced, scalable, and consistent alerting.
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// This Resource Graph query will return all Recovery services vault with Classic alerts enabled.
resources
| where type in~ ('microsoft.recoveryservices/vaults')
| extend monitoringSettings = parse_json(properties).monitoringSettings
| extend isUsingClassicAlerts = case(isnull(monitoringSettings),'Enabled',monitoringSettings.classicAlertSettings.alertsForCriticalOperations)
| extend isUsingJobsAlerts = case(isnull(monitoringSettings), 'Enabled', monitoringSettings.azureMonitorAlertSettings.alertsForAllJobFailures)
| where isUsingClassicAlerts == 'Enabled'
| project recommendationId = "2912472d-0198-4bdc-aa90-37f145790edc", name, id, tags, param1=strcat("isUsingClassicAlerts: ", isUsingClassicAlerts), param2=strcat("isUsingJobsAlerts: ", isUsingJobsAlerts)
Enable Cross Region Restore for your GRS Recovery Services Vault
Impact: Medium Category: Disaster Recovery
APRL GUID: 1549b91f-2ea0-4d4f-ba2a-4596becbe3de
Description:
Cross Region Restore enables the restoration of Azure VMs in a secondary, Azure paired region, facilitating drills for audit or compliance and allowing recovery of VMs or disks in the event of a primary region disaster. It is an opt-in feature available exclusively for GRS vaults.
Potential Benefits:
Enhances disaster recovery capabilities
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// Displays all recovery services vaults that do not have cross region restore enabled
resources
| where type =~ "Microsoft.RecoveryServices/vaults" and
properties.redundancySettings.standardTierStorageRedundancy =~ "GeoRedundant" and
properties.redundancySettings.crossRegionRestore !~ "Enabled"
| extend
param1 = strcat("CrossRegionRestore: ", properties.redundancySettings.crossRegionRestore),
param2 = strcat("StorageReplicationType: ", properties.redundancySettings.standardTierStorageRedundancy)
| project recommendationId = "1549b91f-2ea0-4d4f-ba2a-4596becbe3de", name, id, tags, param1, param2
Enable Soft Delete for Recovery Services Vaults in Azure Backup
Impact: Medium Category: Disaster Recovery
APRL GUID: 9e39919b-78af-4a0b-b70f-c548dae97c25
Description:
With soft delete, if backup data is deleted, the backup data is retained for 14 additional days, allowing the recovery of that backup item with no data loss with no cost to you. Soft delete is enabled by default. Disabling this feature isn't recommended.
Potential Benefits:
Enhances disaster recovery capabilities
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// Find all Azure Recovery Services vaults that do not have soft delete enabled
resources
| where type == "microsoft.recoveryservices/vaults"
| mv-expand issoftDelete=properties.securitySettings.softDeleteSettings.softDeleteState
| where issoftDelete == 'Disabled'
| project recommendationId = "9e39919b-78af-4a0b-b70f-c548dae97c25", name, id, tags, param1=strcat("Soft Delete: ",issoftDelete)