Introducing cross-region disaster recovery for Windows 365 Enterprise

What’s up, everyone!

Join me in this post about arguably the most easy way to configure a part of business continuity and disaster recovery (BCDR) as I dig into cross-region disaster recovery for Windows 365. In this post I will cover the existing BCDR features and compare them when enabling cross-region disaster recovery. Enjoy!

Prerequisites

The following are requirements for cross-region disaster recovery;

  • Windows 365 Enterprise SKU. Business and Frontline are not supported.
  • Windows 365 cross-region disaster recovery add-on for each Cloud PC.

Business Continuity and Disaster Recovery comparison

Windows 365 is designed with business continuity and disaster recovery in mind as it comes with automated in-zone disaster recovery for compute, out of the box nonetheless. But what does this actually mean? 

Let’s quickly recap on Azure regions, availability zones, datacenters and some acronyms like RTO and RPO. 

Simply put, Azure regions are scattered over the world and many Azure regions have something called Availability Zones. Each zone within an Azure region is interconnected with high bandwidth and low latency lines and contains a group of datacenters. The idea behind availability zones is that if one zone is impacted by a disaster, the workloads can continue in another availability zone in the same Azure region which means that companies can continue their work with minimal to no impact.

The following image is a great representation of Azure regions vs availability zones vs datacenters:

Image credit: Microsoft Learn

Azure actually detects failures for compute, like power outages, and recovers Cloud PCs in the same availability zone in the same region. Let’s edit this image for a graphical representation:

In-zone disaster recovery

Does this mean that disaster recovery is pretty well configured out of the box? Well, yes! But does that mean that your Cloud PC is available when a complete Azure region fails? No, then your Cloud PC will be offline. Unless… you prepared well and enabled cross-region disaster recovery for a group of key users or perhaps even all users and their respective Cloud PCs. 

What happens when cross-region disaster recovery is enabled?

This feature relies on snapshots. Windows 365 already uses snapshots to revert to an earlier point in time, or admins can even export them for forensic investigation. It now also allows to be replicated to a different Azure region of your choice. So what happens now in case of a regional failure? 

The Windows  365 service checks if there’s enough capacity in the backup region. If there is, it will create a temporary Cloud PC so the end user can sign in. When the outage is resolved, IT admin can deactivate this feature which makes sure that the temporary Cloud PC is removed and all of the data in the backup region is deleted (but more an that later). 

Let’s see what that looks like:

Cross-region disaster recovery

The recovery process will happen automatically in case of an outage. There is no manual action required. Admins can test the recovery process using device actions.

Now it’s time to circle back to RTO and RPO. An in-zone disaster RPO is defined as near zero. Or as Microsoft puts it

Recovery Point Objective (RPO) of ~0.

The RTO and RPO is different for cross-region disaster recovery;

  • RTO: < 4 hours 
  • RPO: this feature uses existing snapshots. These snapshots are configured in User Settings policies. Therefore the RPO follows the cadence that is chosen in the user settings policy.

Configuring cross-region disaster recovery

Windows 365 is designed for simplicity. Things should be easy to configure and use. While configuring disaster recovery can be a complex task for most solutions, it is made as simple as switching a toggle in the user settings policy.

From the Microsoft Intune admin center, Devices, Windows 365 and go to the User Settings tab. Edit and existing policy or create a new one.

Make sure to enable the cross-region disaster recovery feature. Select the network type (either Microsoft Hosted Network or create your own network in the desired backup region, create a corresponding Azure Network Connection (ANC) and select the ANC). Keep in mind that you can test the network configuration by spinning up a Cloud PC in that region and see if the connectivity works as expected.

Choose your desired Geography and Region in the corresponding dropdown boxes and save the configuration. This is all that is required to configure this awesome feature. 

Here is a demo on how to test the recovery process using bulk device actions: from the Microsoft Intune admin center, Devices, All devices, select Bulk device actions in the ribbon.

Select Windows as the OS, Cloud PCs and the device type and Cross region disaster recovery (preview) as the device action:

Finish up by selecting the Cloud PCs and run the device action.

Reverting back is a similar process. Just use the bulk device action named Deactivate cross region disaster recovery.

Cloud PCs cross region disaster recovery status report

This feature also introduces a new report. It features your Cloud PCs and gives a nice overview if there are any configuration alerts, license type issues, it shows the disaster recovery status and if a certain Cloud PC is enabled for cross-region disaster recovery. It shows the current restore point, if there are issues with activation expiring and the related user settings policy.

You can find the report in the Microsoft Intune admin center, Reports, Cloud PC overview blade and select the Cross-Region Disaster Recovery Status report.

Here’s an example of the report;

That’s all there is to it!

Resources

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *