Crossposted using Lemmit.

Original post from /r/sysadmin by /u/NotNotMyself on 2023-07-07 15:10:48+00:00.

Hi,

I'm working up DR/BC plans, and wondering how to approach this scenario. I've heard of a company's entire Azure tenant getting corrupted, or somehow becoming inaccessible for a long time. We've got a hybrid AD, in an Azure VM-Windows Server. We keep files in a server share, as well as in like 50 different Teams/SP libraries.

I back up our server shares externally to an AWS bucket, in addition to Azure's built-in backup. I run test file restores once a month. We use Afi to backup mailboxes, Onedrives and Teams/Libraries. But the only backups of our AD are stored in Azure's backup; I've never tried to restore it.

Should we consider what happens if our whole Azure/MS365 tenant goes sour? Do companies keep an alternate domain? Testing the viability of restoring AD and Teams to it? Should we have a plan in case Microsoft goes south altogether?

Also, we're supposed to do vulnerability scans and network penetration testing, for our insurance policy. Should I be outsourcing DR planning and testing, along with scanning and pen testing?

Thanks!