last sync: 2025-Jul-25 17:39:48 UTC

Azure Cache for Redis only secure connections should be enabled

Azure Landing Zones (ALZ) Policy definition

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deny-Redis-http
Deploy policy Deny-Redis-http (1.1.0) to Azure
Display name Azure Cache for Redis only secure connections should be enabled
Id Deny-Redis-http
Version 1.1.0
Details on versioning
Category Cache
Description Audit enabling of only connections via SSL to Azure Cache for Redis. Validate both minimum TLS version and enableNonSslPort is disabled. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking
Cloud environments AzureChinaCloud
AzureCloud
AzureUSGovernment
Mode Indexed
Type Custom Azure Landing Zones (ALZ)
Preview False
Deprecated False
Effect Default
Deny
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Cache/Redis/enableNonSslPort Microsoft.Cache Redis properties.enableNonSslPort True True
Microsoft.Cache/Redis/minimumTlsVersion Microsoft.Cache Redis properties.minimumTlsVersion True True
Rule resource types IF (1)
Microsoft.Cache/redis
Initiatives usage
Rows: 1-3 / 3
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Initiative DisplayName Initiative Id Initiative Category State
[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit Enforce-EncryptTransit_20240509 Encryption Deprecated
[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit Enforce-EncryptTransit Encryption Deprecated
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit Enforce-EncryptTransit_20241211 Encryption GA
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-10-10 01:17:21 change Minor (1.0.0 > 1.1.0)
JSON compare
compare mode: version left: version right:
1.0.0 → 1.1.0 RENAMED
@@ -3,9 +3,9 @@
3
  "mode": "Indexed",
4
  "displayName": "Azure Cache for Redis only secure connections should be enabled",
5
  "description": "Audit enabling of only connections via SSL to Azure Cache for Redis. Validate both minimum TLS version and enableNonSslPort is disabled. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
6
  "metadata": {
7
- "version": "1.0.0",
8
  "category": "Cache",
9
  "source": "https://github.com/Azure/Enterprise-Scale/",
10
  "alzCloudEnvironments": [
11
  "AzureCloud",
@@ -35,9 +35,9 @@
35
  "1.1",
36
  "1.0"
37
  ],
38
  "metadata": {
39
- "displayName": "Select minumum TLS version for Azure Cache for Redis.",
40
  "description": "Select minimum TLS version for Azure Cache for Redis."
41
  }
42
  }
43
  },
@@ -55,9 +55,9 @@
55
  "equals": "true"
56
  },
57
  {
58
  "field": "Microsoft.Cache/Redis/minimumTlsVersion",
59
- "notequals": "[parameters('minimumTlsVersion')]"
60
  }
61
  ]
62
  }
63
  ]
 
3
  "mode": "Indexed",
4
  "displayName": "Azure Cache for Redis only secure connections should be enabled",
5
  "description": "Audit enabling of only connections via SSL to Azure Cache for Redis. Validate both minimum TLS version and enableNonSslPort is disabled. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
6
  "metadata": {
7
+ "version": "1.1.0",
8
  "category": "Cache",
9
  "source": "https://github.com/Azure/Enterprise-Scale/",
10
  "alzCloudEnvironments": [
11
  "AzureCloud",
 
35
  "1.1",
36
  "1.0"
37
  ],
38
  "metadata": {
39
+ "displayName": "Select minimum TLS version for Azure Cache for Redis.",
40
  "description": "Select minimum TLS version for Azure Cache for Redis."
41
  }
42
  }
43
  },
 
55
  "equals": "true"
56
  },
57
  {
58
  "field": "Microsoft.Cache/Redis/minimumTlsVersion",
59
+ "less": "[parameters('minimumTlsVersion')]"
60
  }
61
  ]
62
  }
63
  ]
JSON
EPAC
Deploy policy Deny-Redis-http (1.1.0) to Azure
{7 items
  • policyType: "Custom",
  • mode: "Indexed",
  • displayName: "Azure Cache for Redis only secure connections should be enabled",
  • description: "Audit enabling of only connections via SSL to Azure Cache for Redis. Validate both minimum TLS version and enableNonSslPort is disabled. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
  • metadata: {4 items
    • version: "1.1.0",
    • category: "Cache",
    • source: "https://github.com/Azure/Enterprise-Scale/",
    • alzCloudEnvironments: [3 items
      • "AzureCloud",
      • "AzureChinaCloud",
      • "AzureUSGovernment"
      ]
    },
  • parameters: {2 items},
  • policyRule: {2 items}
}