Azure-CosmosDB-Automatic-Failover-Enabled

Severity: Medium

Description: This control ensures that Automatic-failover is enabled for Azure CosmosDB. In the event of a region is unavailable due an DOS or outage Enabling automatic-failover will create a new write region for the account. By default, automatic-failover is not enabled.

Remediation Steps:

Perform following to configure automatic failover from Azure CLI :

1. az cosmosdb update -n -g --enable-automatic-failover true

Important:

Reference:

• https://docs.microsoft.com/en-us/cli/azure/cosmosdb?view=azure-cli-latest#az-cosmosdb-update