iCompaas Support

Profile Applicability:

•  Level 1

Description:
 Cross Tenant Replication allows Azure Storage Accounts to replicate data across different Azure Active Directory tenants. Disabling this feature ensures that data replication is restricted within the same tenant, reducing the risk of unauthorized data exposure across organizational boundaries.

Rationale:
 Preventing cross-tenant replication enhances data governance and compliance by limiting data movement to trusted tenant boundaries. It minimizes risks related to data leakage and unauthorized access from external tenants.

Impact:

Pros:

• Strengthens data isolation and security within a single tenant.
  

• Supports compliance with organizational data residency policies.
  

Cons:

• May limit some multi-tenant disaster recovery or collaboration scenarios.
  

• Requires alternative approaches for cross-tenant data sharing.
  

Default Value:
 Cross Tenant Replication is disabled by default unless explicitly enabled.

Pre-requisites:

• Permissions to view and modify replication settings.
  

• Understanding of tenant boundaries and data governance policies.
  

Remediation

Test Plan:

Using Azure Portal:

1. Sign in to https://portal.azure.com.
   

2. Navigate to the Storage Account.
   

3. Check the Replication or Geo-replication settings.
   

4. Verify that Cross Tenant Replication is not enabled.
   

Using Azure CLI:

1. Retrieve replication settings:
   

   # az storage account show --name <storage-account-name> --resource-group <resource-group> --query geoReplication

2. Confirm cross-tenant replication is not active.
   

Implementation Plan

Using Azure Portal:

1. Disable cross-tenant replication if found enabled.
   

2. Save changes and verify.
   

Using Azure CLI:

1. Disable cross-tenant replication by updating the replication settings as per organizational policy.
   (Note: Specific CLI commands depend on replication configuration and may require contacting Azure support if cross-tenant replication was enabled via special setup.)
   

Backout Plan:

Using Azure Portal:

1. Re-enable cross-tenant replication if necessary.
   

2. Communicate impact to stakeholders.
   

Using Azure CLI:

1. Revert changes by updating replication settings accordingly.
   

References:

• Azure Storage Geo-Replication
• Data Governance in Azure