last sync: 2021-Jan-18 16:05:48 UTC

Azure Policy definition

Azure Cache for Redis should reside within a virtual network

Name Azure Cache for Redis should reside within a virtual network
Azure Portal
Id 7d092e0a-7acd-40d2-a975-dca21cae48c4
Version 1.0.2
details on versioning
Category Cache
Microsoft docs
Description Azure Virtual Network (VNet) deployment provides enhanced security and isolation for your Azure Cache for Redis, as well as subnets, access control policies, and other features to further restrict access.When an Azure Cache for Redis instance is configured with a VNet, it is not publicly addressable and can only be accessed from virtual machines and applications within the VNet.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-12-11 15:42:52 change Patch (1.0.1 > 1.0.2) *changes on text case sensitivity are not tracked
2020-05-21 16:06:38 add 7d092e0a-7acd-40d2-a975-dca21cae48c4
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: Azure Security Benchmark v2 bb522ac1-bc39-4957-b194-429bcd3bcb0b Regulatory Compliance Preview
Enable Monitoring in Azure Security Center 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA
JSON Changes

Json
{
  "properties": {
    "displayName": "Azure Cache for Redis should reside within a virtual network",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Azure Virtual Network (VNet) deployment provides enhanced security and isolation for your Azure Cache for Redis, as well as subnets, access control policies, and other features to further restrict access.When an Azure Cache for Redis instance is configured with a VNet, it is not publicly addressable and can only be accessed from virtual machines and applications within the VNet.",
    "metadata": {
      "version": "1.0.2",
      "category": "Cache"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "The effect determines what happens when the policy rule is evaluated to match."
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Cache/redis"
          },
          {
            "field": "Microsoft.Cache/Redis/subnetId",
            "exists": "false"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/7d092e0a-7acd-40d2-a975-dca21cae48c4",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "7d092e0a-7acd-40d2-a975-dca21cae48c4"
}