A financial-services architect is configuring failover-group policy for a mission-critical Azure SQL Database deployment. Internal recovery procedures require humans to make the call to fail over so business continuity owners stay in control of timing. Which failover policy aligns with this requirement?
- ASet the failover policy to Microsoft-managed (automatic) with the default grace period.
- BSet the failover policy to customer-managed (manual) and document the human-driven runbook. Correct
- CSet the failover policy to Microsoft-managed with a zero-hour grace period for fastest failover.
- DDisable failover groups and rely on per-database active geo-replication failovers.
Why A is wrong: Microsoft-managed failover only triggers during widespread regional outages and removes human control over when failover happens, contrary to the requirement.
Why B is correct: Correct. Customer-managed failover keeps the decision with the customer; the documentation explicitly recommends this policy so the business retains control over when failover happens.
Why C is wrong: A zero-hour grace period still hands the failover decision to Microsoft; the requirement is human-controlled timing.
Why D is wrong: Active geo-replication failover is also manual but loses the listener endpoint and the group abstraction that the architect explicitly relies on.