AzPolicyAdvertizer

last sync: 2025-Jul-03 17:22:55 UTC

[Deprecated]: Azure Cache for Redis should reside within a virtual network

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Deprecated]: Azure Cache for Redis should reside within a virtual network
Id 7d092e0a-7acd-40d2-a975-dca21cae48c4
Version 1.0.3-deprecated
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.3 (1.0.3-deprecated)
Built-in Versioning [Preview]
Category Cache
Microsoft Learn
Description Azure Virtual Network deployment provides enhanced security and isolation for your Azure Cache for Redis, as well as subnets, access control policies, and other features to further restrict access.When an Azure Cache for Redis instance is configured with a virtual network, it is not publicly addressable and can only be accessed from virtual machines and applications within the virtual network.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Assessment(s) Assessments count: 1
Assessment Id: be264018-593c-1162-bd5e-b74a39396652
DisplayName: Azure Cache for Redis should reside within a virtual network
Description: Deploying Azure Cache for Redis within a Virtual Network (VNet) enhances security by providing isolation and restricting access.
This setup ensures that the cache instance is not publicly addressable and can only be accessed from within the VNet.
This includes access from virtual machines and applications.
Without this configuration, the cache instance could be exposed to potential threats and unauthorized access.
Therefore, for optimal security, we recommend housing Azure Cache for Redis within a VNet .

Remediation description: Injection into your custom Virtual Network/Subnet can only be done at cache creation time, so take these steps to mitigate: 1. Create and configure a new VNet-injected cache into your custom subnet for the Azure Cache for Redis. 2. Either embed your client application into the same virtual network or allow access for your client application to communicate with the cache instance within your subnet using NSG rules. Follow the guidance here: https://aka.ms/redis/vnet-faq 3. If necessary, export the data from your instance and import it into the new Azure Cache for Redis instance. Learn more about the import/export feature here: https://aka.ms/redis/import-export.
Categories: Data
Severity: Medium
preview: True
Mode Indexed
Type BuiltIn
Preview False
Deprecated True
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Cache/Redis/subnetId Microsoft.Cache Redis properties.subnetId True True
Rule resource types IF (1)
Compliance
The following 3 compliance controls are associated with this Policy definition '[Deprecated]: Azure Cache for Redis should reside within a virtual network' (7d092e0a-7acd-40d2-a975-dca21cae48c4)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Network Security Connect private networks together Customer Use Azure ExpressRoute or Azure virtual private network (VPN) to create private connections between Azure datacenters and on-premises infrastructure in a colocation environment. ExpressRoute connections do not go over the public internet , and they offer more reliability, faster speeds, and lower latencies than typical internet connections. For point-to-site VPN and site-to-site VPN, you can connect on-premises devices or networks to a virtual network using any combination of these VPN options and Azure ExpressRoute. To connect two or more virtual networks in Azure together, use virtual network peering or Private Link. Network traffic between peered virtual networks is private and is kept on the Azure backbone network. What are the ExpressRoute connectivity models: https://docs.microsoft.com/azure/expressroute/expressroute-connectivity-models Azure VPN overview: https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpngateways Virtual network peering: https://docs.microsoft.com/azure/virtual-network/virtual-network-peering-overview Azure Private Link: https://docs.microsoft.com/azure/private-link/private-link-service-overview n/a link 15
K_ISMS_P_2018 2.10.1 K_ISMS_P_2018_2.10.1 K ISMS P 2018 2.10.1 2.10 Establish Procedures for Managing the Security of System Operations Shared n/a Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions. 455
K_ISMS_P_2018 2.10.2 K_ISMS_P_2018_2.10.2 K ISMS P 2018 2.10.2 2.10 Establish Protective Measures for Administrator Privileges and Security Configurations Shared n/a Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations. 431
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Deprecated]: Azure Security Benchmark v2 bb522ac1-bc39-4957-b194-429bcd3bcb0b Regulatory Compliance Deprecated BuiltIn true
K ISMS P 2018 e0782c37-30da-4a78-9f92-50bfe7aa2553 Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-15 17:17:14 change Version remains equal, new suffix: deprecated (1.0.3 > 1.0.3-deprecated)
2021-02-10 14:43:58 change Patch (1.0.2 > 1.0.3)
2020-12-11 15:42:52 change Patch (1.0.1 > 1.0.2)
2020-05-21 16:06:38 add 7d092e0a-7acd-40d2-a975-dca21cae48c4
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC