This chapter provides a comprehensive comparison of Azure Storage redundancy options: Locally Redundant Storage (LRS), Zone-Redundant Storage (ZRS), Geo-Redundant Storage (GRS), and Geo-Zone-Redundant Storage (GZRS). Understanding these options is critical for the AZ-104 exam, as questions on storage redundancy appear in roughly 15-20% of storage-related questions. You will learn the exact durability numbers, replication mechanisms, failover behaviors, and cost implications for each option, enabling you to choose the right redundancy for any scenario.
Jump to a section
Think of Azure storage as a bank vault system. LRS (Locally Redundant Storage) is like a single safety deposit box in one bank branch. If the bank burns down, your box is gone. ZRS (Zone-Redundant Storage) is like having three safety deposit boxes in three different branches within the same city. If one branch floods, you still have access to your boxes in the other two. GRS (Geo-Redundant Storage) is like having a primary box in your local city bank and a copy sent by armored truck to a vault in a different city. But that copy is read-only until a disaster triggers a failover. GZRS (Geo-Zone-Redundant Storage) combines the best: your data is spread across three branches in your city (like ZRS) AND a copy is sent to a vault in another city (like GRS). The local copies allow immediate reads and writes, while the remote copy is a read-only backup that becomes writable only if the entire city suffers a catastrophe. The key mechanism: the armored truck transfer (asynchronous geo-replication) has a delay (typically minutes), so the remote copy might not have the very latest transaction if the city is destroyed before the truck arrives. This is the recovery point objective (RPO) — usually 15 minutes for GRS and GZRS.
What is Storage Redundancy and Why Does It Exist?
Azure Storage always stores multiple copies of your data to protect against planned and unplanned events, including hardware failures, network outages, power outages, natural disasters, and even entire datacenter loss. The redundancy options determine how many copies are kept, where they are located geographically, and whether they are synchronously or asynchronously replicated. The trade-off is always between durability, availability, and cost.
Azure guarantees at least 99.9999999999% (12 nines) durability for objects stored in RA-GRS or RA-GZRS if you choose read-access to the secondary region. For LRS, the durability is 99.999999999% (11 nines). These numbers are theoretical maximums based on the replication mechanism and failure assumptions.
How Replication Works Internally
#### LRS (Locally Redundant Storage)
LRS replicates your data three times within a single storage scale unit in a single datacenter in a single region. The three replicas are placed on separate fault domains and upgrade domains within the same datacenter. This protects against drive failures and server rack failures, but NOT against a datacenter-wide disaster (fire, flood, power outage).
Synchronous replication: A write is acknowledged only after all three replicas have committed to disk. This ensures strong consistency.
Durability: 11 nines (99.999999999%)
Availability SLA: 99.99% for read and write operations (for cool and hot tiers)
Best for: Cost-sensitive scenarios where data can be reconstructed or is non-critical, or where application-level replication is already in place.
#### ZRS (Zone-Redundant Storage)
ZRS replicates your data synchronously across three Azure availability zones within the same region. Each zone is a physically separate datacenter (or multiple datacenters) with independent power, cooling, and networking. This protects against a single zone failure (e.g., a datacenter fire) but NOT against a region-wide disaster.
Synchronous replication across zones: A write is acknowledged after all three zones have committed.
Durability: 12 nines (99.9999999999%)
Availability SLA: 99.99% for read and write (for cool and hot tiers)
Only supported for: Block blobs, Azure Files (standard), page blobs (for Azure virtual machine disks), and Azure Data Lake Storage Gen2.
Not supported for: Azure Files premium, Azure managed disks (except via shared disks? Actually, managed disks use LRS or ZRS? Wait — managed disks support LRS and ZRS for premium SSD and standard SSD. But for page blobs, ZRS is supported for VHDs? Actually, for Azure managed disks, only LRS and ZRS are available. GRS and GZRS are not supported for managed disks because they require synchronous replication for consistency. So for VM disks, you can use LRS or ZRS only.
#### GRS (Geo-Redundant Storage)
GRS replicates your data three times synchronously within a primary region (using LRS in that region) and then asynchronously replicates to a secondary region (paired region). The secondary region also stores three replicas using LRS. The asynchronous replication means there is a delay (RPO typically 15 minutes) during which data loss can occur if the primary region becomes unavailable before the geo-replication completes.
Primary region: LRS (3 copies) — synchronous writes acknowledged after 3 copies in primary.
Secondary region: LRS (3 copies) — asynchronous writes from primary to secondary.
Failover: Manual or automatic (Microsoft-initiated) failover. After failover, the secondary becomes the new primary (writable). But you cannot control the failover yourself unless you enable customer-managed failover (preview) for certain storage account types.
Read-access: By default, the secondary is not directly readable. You must enable RA-GRS (Read-Access Geo-Redundant Storage) to allow read-only access to the secondary region while the primary is healthy.
Durability: 12 nines (with RA-GRS)
RPO: 15 minutes (typical) — but can be higher under heavy load.
RTO: Typically hours for Microsoft-initiated failover; for customer-managed failover (preview), RTO can be minutes.
#### GZRS (Geo-Zone-Redundant Storage)
GZRS combines ZRS in the primary region (three copies across three zones) with asynchronous geo-replication to a secondary region (where data is stored using LRS). This provides the highest durability and availability: you survive a zone failure (ZRS) and also a region failure (geo-replication).
Primary region: ZRS (3 copies across zones) — synchronous writes across zones.
Secondary region: LRS (3 copies) — asynchronous replication from primary to secondary.
Read-access: RA-GZRS allows read-only access to the secondary region.
Durability: 12 nines (with RA-GZRS)
RPO: 15 minutes (typical)
RTO: Similar to GRS.
Best for: Mission-critical data that must survive both a zone outage and a region outage.
Key Components, Values, Defaults, and Timers
Storage Account Type: The redundancy option is selected at storage account creation time. It cannot be changed later for most account types. You must create a new account and migrate data.
Supported Storage Account Types:
LRS: General-purpose v2, Blob Storage, Block Blob, File Storage, etc.
ZRS: General-purpose v2, Block Blob, File Storage, etc. (but not premium file shares or managed disks? Actually, managed disks support ZRS for premium SSD and standard SSD).
GRS: General-purpose v2, Blob Storage, etc. (not for Azure Files premium or managed disks).
GZRS: General-purpose v2, Blob Storage, File Storage, etc. (not for premium file shares or managed disks).
Replication Synchronization:
LRS and ZRS: synchronous within region/zone.
GRS and GZRS: synchronous within primary region (LRS or ZRS), asynchronous to secondary.
Failover Behavior:
For GRS/GZRS, you can initiate a customer-managed failover (preview) for general-purpose v2 storage accounts. This switches the secondary to become the new primary writable region. After failover, the original primary becomes the new secondary (and is read-only). You can fail back later.
Microsoft may also initiate a forced failover in extreme disaster scenarios.
There is no failover for LRS or ZRS — if the datacenter/zone fails, data is lost.
Replication Lag (RPO):
GRS/GZRS: Typically 15 minutes, but can be up to 24 hours in worst case (unlikely).
LRS/ZRS: No lag (synchronous).
Cost:
LRS is cheapest.
ZRS is more expensive than LRS (roughly 2x for storage costs).
GRS is more expensive than LRS (roughly 2x for storage, plus data egress if read from secondary).
GZRS is the most expensive (ZRS cost plus geo-replication cost).
Configuration and Verification Commands
You can create a storage account with a specific redundancy using Azure CLI:
az storage account create \
--name mystorageaccount \
--resource-group myResourceGroup \
--location eastus \
--sku Standard_GRSThe SKU determines the redundancy:
- Standard_LRS
- Standard_ZRS
- Standard_GRS
- Standard_RAGRS (Read-Access Geo-Redundant)
- Standard_GZRS
- Standard_RAGZRS
To check the current redundancy of an existing account:
az storage account show \
--name mystorageaccount \
--resource-group myResourceGroup \
--query 'sku.name'You can also view the replication status and last sync time using:
az storage account show \
--name mystorageaccount \
--resource-group myResourceGroup \
--query 'replicationStatus'Note: The replicationStatus property is only available for GRS/GZRS accounts and shows the status of geo-replication (e.g., "InSync" or "OutOfSync").
Interaction with Related Technologies
Azure Backup: When using Azure Backup for VMs, the backup data is stored in a Recovery Services vault. The vault uses LRS by default, but you can choose GRS during vault creation. This affects disaster recovery.
Azure Site Recovery: For replicating VMs to a secondary region, you can choose LRS or GRS for the cache storage account. The replicated disks use LRS or ZRS.
Azure Data Lake Storage Gen2: Supports LRS, ZRS, GRS, and GZRS. However, for hierarchical namespace enabled accounts, some redundancy options may have limitations (e.g., GZRS is supported but with same RPO).
Azure Files: Standard file shares support LRS, ZRS, GRS, and GZRS. Premium file shares support LRS and ZRS only.
Azure Managed Disks: Support LRS and ZRS only. GRS/GZRS are not supported because managed disks require synchronous replication for consistency, and geo-replication is asynchronous.
Choose Redundancy Option
When creating a storage account, you select a redundancy option from LRS, ZRS, GRS, or GZRS (including read-access variants). This decision is permanent for most account types — you cannot change it later. The choice depends on your durability requirements, availability needs, and budget. LRS is for non-critical data or data that can be reconstructed. ZRS adds zone-level protection. GRS adds region-level protection with asynchronous replication. GZRS combines both zone and region protection. Consider the SLA: LRS offers 99.99% availability, ZRS and GRS offer 99.99% for reads and writes (with RA-GRS/RA-GZRS offering 99.99% for reads from secondary).
Data Written to Primary Region
For all options, data is first written to the primary region. With LRS, three copies are made synchronously within a single datacenter. With ZRS, three copies are made synchronously across three availability zones in the same region. With GRS and GZRS, the primary region uses LRS or ZRS respectively (synchronous within primary). The write is acknowledged to the client only after all synchronous copies are committed. This ensures strong consistency for the primary region.
Asynchronous Geo-Replication (GRS/GZRS Only)
For GRS and GZRS, after the data is committed in the primary region, it is asynchronously replicated to a secondary paired region. The replication is done by Azure Storage internally, using a background process that continuously copies changes. The secondary region stores three copies using LRS. Because replication is asynchronous, there is a delay (RPO) during which data in the primary may not yet be in the secondary. The typical RPO is 15 minutes, but can be longer under heavy load. You can monitor the last sync time using Azure Monitor metrics.
Read Access to Secondary (Optional)
By default, the secondary region is not directly accessible for reads or writes. If you enable Read-Access Geo-Redundant Storage (RA-GRS or RA-GZRS), you can read data from the secondary region while the primary is healthy. This is useful for read-heavy workloads that can tolerate slightly stale data (up to the RPO). The secondary endpoint is `-secondary.blob.core.windows.net` (or `-secondary.file.core.windows.net` for files). Writes are only allowed on the primary. Read access from secondary does not affect the replication process.
Failover (GRS/GZRS Only)
If the primary region becomes unavailable (disaster), you can initiate a failover to the secondary region. For customer-managed failover (preview), you can trigger it via Azure portal, CLI, or PowerShell. After failover, the secondary becomes the new primary writable region. The DNS endpoints are updated to point to the new primary. Data that was not yet replicated (within the RPO window) is lost. After failover, the original primary becomes the new secondary (read-only). You can fail back later. Microsoft may also initiate a forced failover if the primary is lost permanently. Failover is not available for LRS or ZRS.
Scenario 1: Enterprise Backup Storage
A large enterprise uses Azure Backup to store backups of on-premises servers and Azure VMs. The Recovery Services vault is configured with GRS because the backups are critical and must survive a regional disaster. The vault's storage is separate from the workload storage. During normal operation, backups are written to the primary region (eastus) and asynchronously replicated to the paired region (westus). The backup administrator monitors the replication health via Azure Monitor alerts for 'Replication Lag' exceeding 30 minutes. In production, the RPO is typically under 15 minutes. A common misconfiguration is selecting LRS for the vault to save costs, which would result in data loss if the primary region goes down. The correct choice for compliance (e.g., HIPAA) is GRS or GZRS.
Scenario 2: Global File Sharing with Low Latency
A multinational company uses Azure Files for shared file storage across offices in North America and Europe. They choose ZRS for the primary region (eastus) to protect against zone failures, and enable RA-GZRS for read-access to the secondary region (westeurope). This allows European offices to read files from the secondary with lower latency, while writes are still directed to the primary. The RPO of 15 minutes is acceptable for their use case. They use Azure File Sync to cache frequently accessed files on-premises. A mistake would be using LRS for the file share, which would cause a complete outage if the datacenter fails.
Scenario 3: High-Performance VM Storage
A SaaS provider runs production databases on Azure VMs with premium SSD managed disks. They use ZRS for the managed disks to ensure data survives a zone failure. They cannot use GRS or GZRS for managed disks because geo-replication is asynchronous and would break database consistency. For additional disaster recovery, they use Azure Site Recovery to replicate the VMs to a secondary region using asynchronous replication at the VM level. The storage account for the replication target uses LRS to minimize costs. A common mistake is trying to use GRS for managed disks, which is not supported. The exam tests this: 'Which redundancy options are available for Azure managed disks?' Answer: LRS and ZRS only.
Exactly What AZ-104 Tests on This Topic
The AZ-104 exam objective 'Configure storage accounts' (2.1) includes 'Choose a replication strategy'. You will be asked to select the appropriate redundancy option based on a scenario. The exam tests:
The durability percentages (11 nines for LRS, 12 nines for others with RA-GRS/RA-GZRS).
The availability SLA (99.99% for LRS and ZRS hot/cool, 99.99% for reads from secondary with RA-GRS/RA-GZRS).
Which redundancy options support which storage types (e.g., managed disks only LRS/ZRS; Azure Files premium only LRS/ZRS; Blob storage supports all).
The difference between synchronous and asynchronous replication.
The RPO for GRS/GZRS (15 minutes typical).
Read-access secondary feature (RA-GRS/RA-GZRS).
Failover behavior (manual vs Microsoft-initiated).
Common Wrong Answers and Why
Choosing LRS for a critical database that must survive a region failure. Candidates see 'LRS is cheapest' but forget that LRS does not protect against region loss. The correct answer is GRS or GZRS.
Thinking ZRS protects against region failures. ZRS only protects against zone failures within a region. For region-wide disasters, you need GRS/GZRS.
Believing that RA-GRS allows writes to the secondary. RA-GRS only allows reads from the secondary; writes are only to the primary. After failover, the secondary becomes writable.
Assuming GRS provides synchronous replication. GRS is synchronous within primary (LRS) but asynchronous to secondary. The secondary may be behind.
Selecting GRS for managed disks. Managed disks do not support GRS or GZRS. The exam loves this trap.
Specific Numbers and Terms
Durability: LRS = 11 nines, others (with RA) = 12 nines.
RPO: 15 minutes for GRS/GZRS.
SLA: 99.99% for reads/writes (LRS/ZRS), 99.99% for reads from secondary (RA-GRS/RA-GZRS).
SKU codes: Standard_LRS, Standard_ZRS, Standard_GRS, Standard_RAGRS, Standard_GZRS, Standard_RAGZRS.
Secondary endpoint format: mystorageaccount-secondary.blob.core.windows.net.
Edge Cases and Exceptions
Azure Files premium: Only LRS and ZRS supported.
Azure managed disks: Only LRS and ZRS supported.
Change after creation: You cannot change redundancy after creating the storage account for most types. You must migrate data to a new account.
Customer-managed failover: Currently in preview for general-purpose v2 accounts. Not all regions support it.
Hierarchical namespace (ADLS Gen2): Supports all redundancy options, but some features may be limited.
How to Eliminate Wrong Answers
If the scenario says 'must survive a region failure', eliminate LRS and ZRS.
If the scenario says 'must survive a zone failure but not region failure', eliminate LRS and consider ZRS.
If the scenario says 'read-only access from secondary region', eliminate GRS (no read access) and choose RA-GRS or RA-GZRS.
If the scenario involves managed disks, eliminate GRS and GZRS.
If the scenario involves premium file shares, eliminate GRS and GZRS.
If cost is the primary concern and data is non-critical, choose LRS.
LRS: 3 copies in one datacenter, 11 nines durability, cheapest, no region protection.
ZRS: 3 copies across 3 zones in one region, 12 nines durability, protects against zone failure.
GRS: LRS in primary + async copy to secondary region, 12 nines durability with RA-GRS, RPO ~15 min.
GZRS: ZRS in primary + async copy to secondary region, highest durability and availability, most expensive.
RA-GRS and RA-GZRS allow read-only access to the secondary region while primary is healthy.
Managed disks and premium Azure Files support only LRS and ZRS.
You cannot change redundancy after storage account creation; must migrate data to a new account.
Customer-managed failover is in preview for GRS/GZRS, allowing you to initiate failover yourself.
These come up on the exam all the time. Here's how to tell them apart.
LRS
3 copies in a single datacenter
Synchronous replication
11 nines durability
99.99% availability SLA
Cheapest option
ZRS
3 copies across 3 availability zones
Synchronous replication across zones
12 nines durability
99.99% availability SLA
Higher cost than LRS
GRS
Primary uses LRS (3 copies in one datacenter)
Asynchronous geo-replication to secondary region
Secondary uses LRS
12 nines durability (with RA-GRS)
RPO typically 15 minutes
GZRS
Primary uses ZRS (3 copies across 3 zones)
Asynchronous geo-replication to secondary region
Secondary uses LRS
12 nines durability (with RA-GZRS)
RPO typically 15 minutes, higher availability than GRS
Mistake
LRS replicates data across multiple datacenters in a region.
Correct
LRS replicates data three times within a single datacenter in a single region. It does not protect against datacenter failure.
Mistake
ZRS protects against a region-wide disaster.
Correct
ZRS replicates across availability zones within a single region. It does not protect against a region-wide disaster such as a large earthquake or hurricane.
Mistake
GRS provides synchronous replication to the secondary region.
Correct
GRS uses synchronous replication within the primary region (LRS) but asynchronous replication to the secondary region. There is a delay (RPO) of typically 15 minutes.
Mistake
You can change the redundancy option of a storage account after creation.
Correct
For most storage account types, the redundancy option cannot be changed after creation. You must create a new account and migrate data. The only exception is converting from LRS to ZRS (or vice versa) for certain account types using the `az storage account update` command? Actually, that is not supported. You must recreate.
Mistake
RA-GRS allows writes to the secondary region.
Correct
RA-GRS only allows read access to the secondary region while the primary is healthy. Writes are only accepted on the primary. After a failover, the secondary becomes the new primary and accepts writes.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
LRS (Locally Redundant Storage) stores three copies of your data within a single datacenter in a single region. ZRS (Zone-Redundant Storage) stores three copies across three different availability zones within the same region. ZRS provides higher durability (12 nines vs 11 nines) and protects against a datacenter failure, while LRS does not. ZRS is more expensive than LRS.
No, for most storage account types, you cannot change the redundancy option after creation. You must create a new storage account with the desired redundancy and migrate your data. The only exception is that you can convert from LRS to ZRS (or vice versa) for certain account types? Actually, even that is not supported. Always check the latest documentation, but as of now, you need to recreate.
The typical recovery point objective (RPO) for GRS and GZRS is 15 minutes. This means that in the event of a disaster, you may lose up to 15 minutes of data that had not yet been replicated to the secondary region. The actual RPO can vary under heavy load.
No. RA-GRS (Read-Access Geo-Redundant Storage) only allows read access to the secondary region while the primary region is healthy. Writes are only permitted on the primary region. After a failover, the secondary becomes the new primary and accepts writes.
Azure managed disks support only LRS and ZRS. GRS and GZRS are not supported because managed disks require synchronous replication for consistency, and geo-replication is asynchronous. For premium SSD managed disks, you can choose LRS or ZRS.
LRS offers 99.999999999% (11 nines) durability, while ZRS offers 99.9999999999% (12 nines) durability. The extra nine comes from the fact that ZRS replicates across multiple datacenters (zones), reducing the risk of data loss from a single datacenter failure.
When creating a storage account, select the SKU 'Standard_RAGRS' for read-access geo-redundant storage, or 'Standard_RAGZRS' for read-access geo-zone-redundant storage. Alternatively, you can convert an existing GRS account to RA-GRS? Actually, you cannot change the SKU after creation, so you must create the account with the correct SKU.
You've just covered Storage Redundancy: LRS, ZRS, GRS, GZRS Compared — now see how well it sticks with free AZ-104 practice questions. Full explanations included, no account needed.
Done with this chapter?