Disable Public Network Access to Azure Cache for Redis Servers

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equals all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Azure Cache for Redis for Value, then choose Apply to list the Azure Cache for Redis servers available in the selected subscription.

05 Click on the name (link) of the Azure Cache for Redis server that you want to examine.

06 In the resource navigation panel, under Settings, select Private Endpoint.

07 On the Private Endpoint page, check for any private endpoint connections configured for your cache server. If there are no private endpoints available on this page, the selected Azure Cache for Redis server can be accessed via public endpoints instead. As a result, all networks, including the Internet, will have access to your cache server.

08 Repeat steps no. 5 - 7 for each Azure Cache for Redis server deployed in the selected Azure subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created in your Microsoft Azure cloud account.

01 Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account:

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs):

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

03 Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to examine as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output):

az account set
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 Run redis list command (Windows/macOS/Linux) with custom output filters to list the identifier (ID) of each Azure Cache for Redis server available in the selected subscription:

az redis list
	--query '[*].id'

05 The command output should return the requested cache server IDs:

[
	"/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Cache/Redis/cc-project5-redis-cache",
	"/subscriptions/abcdabcd-1234-abcd-1234-abcd1234abcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Cache/Redis/cc-webapp-cache-server"
]

06 Run redis show command (Windows/macOS/Linux) with the ID of the Azure Cache for Redis server that you want to examine as the identifier parameter and custom output filters to determine if the public network access to the selected cache server is disabled:

az redis show
	--ids "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Cache/Redis/cc-project5-redis-cache"
	--query '{publicNetworkAccess:publicNetworkAccess,privateEndpointConnections:privateEndpointConnections[].id}'

07 The command output should return the state of the public network access and the ID of the private endpoint configured for the selected resource:

{
	"publicNetworkAccess": "Enabled",
	"privateEndpointConnections": null
}

08 Repeat step no. 6 and 7 for each Azure Cache for Redis server available within the current Azure subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created in your Microsoft Azure cloud account.

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equals all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Azure Cache for Redis for Value, then choose Apply to list the Azure Cache for Redis servers available in the selected subscription.

05 Click on the name (link) of the Azure Cache for Redis server that you want to configure.

06 In the resource navigation panel, under Settings, select Private Endpoint to create and attach the required private endpoint.

07 Choose Private Endpoint from the top menu and perform the following operations to create a new private endpoint connection:

1. For Basics, provide the following information:
   1. For Subscription, choose your Azure subscription.
   2. For Resource group, select the correct resource group.
   3. Provide a unique name for the private endpoint instance in the Name box.
   4. For Region, select the Azure cloud region where the private endpoint instance will be deployed.
   5. Choose Next : Resource > to continue the setup process.
2. For Resource, perform the following actions:
   1. For Connection method, choose Connect to an Azure resource in my directory.
   2. For Subscription, choose your Azure subscription.
   3. For Resource type, select Microsoft.Cache/Redis.
   4. For Resource, choose the name of your Redis cache server.
   5. For Target sub-resource, select redisCache.
   6. Choose Next : Virtual Network > to continue the setup.
3. For Virtual Network, perform the following operations:
   1. For Virtual network, choose the name of the Azure virtual network (VNet) that you want to use for your private endpoint.
   2. For Subnet, select the VNet subnet where the private endpoint will be deployed.
   3. (Optional) For Network policy for private endpoints, choose (edit) next to Disabled to configure network policies for the selected VNet subnet.
   4. For Private IP configuration, choose whether to dynamically or statically allocate the private IP address.
   5. (Optional) For Application security group, choose Create to create an Application Security Group (ASG) if required. ASGs allow you to configure network security by grouping Azure resources and defining policies based on these groups.
   6. Choose Next : DNS > to continue.
4. For DNS, select Yes for Integrate with private DNS zone under Private DNS integration, to integrate your private endpoint with a private DNS zone. Ensure that the correct subscription and resource group are selected for the private DNS zone. Choose Next : Tags > to continue the setup.
5. For Tags, use the Name, Value, and Resource fields to create tags that will help organize the identity of the selected resource. Choose Next : Review + create > to validate the private endpoint connection setup.
6. For Review + create, review the resource configuration details, then choose Create to create your new private endpoint. The connection is automatically approved and is ready to be used. Using a private endpoint connection will disable public network access to the selected Azure Cache for Redis server.

08 Repeat steps no. 5 – 7 for each Azure Cache for Redis server available within the selected subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created in your Microsoft Azure cloud account.

01 Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account:

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs):

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

03 Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to examine as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output):

az account set
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 Using a private endpoint connection will disable public network access to your Azure Cache for Redis server. Run network private-endpoint create command (Windows/macOS/Linux) to create and attach a private endpoint for your Redis cache server. Use the --private-connection-resource-id command parameter to specify the target resource. The private endpoint connection is automatically approved and is ready for use:

az network private-endpoint create
	--name cc-private-endpoint-connection
	--resource-group cloud-shell-storage-westeurope
	--vnet-name cc-project5-vnet
	--subnet cc-vnet-subnet-001
	--private-connection-resource-id "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Cache/Redis/cc-project5-redis-cache"
	--connection-name cc-redis-cache-private-connection
	--group-id redisCache
	--location westeurope

05 The command output should return the configuration information for your new private endpoint connection:

{
	"customDnsConfigs": [
		{
			"fqdn": "cc-project5-redis-cache.redis.cache.windows.net",
			"ipAddresses": [
				"10.0.0.10"
			]
		}
	],
	"customNetworkInterfaceName": "",
	"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/privateEndpoints/cc-private-endpoint-connection",
	"ipConfigurations": [],
	"location": "westeurope",
	"manualPrivateLinkServiceConnections": [],
	"name": "cc-private-endpoint-connection",
	"networkInterfaces": [
		{
			"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/networkInterfaces/cc-private-endpoint-connection.nic.abcdabcd-1234-abcd-1234-abcdabcdabcd",
			"resourceGroup": "cloud-shell-storage-westeurope"
		}
	],
	"privateLinkServiceConnections": [
		{
			"groupIds": [
				"redisCache"
			],
			"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/privateEndpoints/cc-private-endpoint-connection/privateLinkServiceConnections/cc-redis-cache-private-connection",
			"name": "cc-redis-cache-private-connection",
			"privateLinkServiceConnectionState": {
				"actionsRequired": "None",
				"description": "Auto-Approved",
				"status": "Approved"
			},
			"privateLinkServiceId": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Cache/Redis/cc-project5-redis-cache",
			"provisioningState": "Succeeded",
			"resourceGroup": "cloud-shell-storage-westeurope",
			"type": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections"
		}
	],
	"provisioningState": "Succeeded",
	"resourceGroup": "cloud-shell-storage-westeurope",
	"subnet": {
		"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/virtualNetworks/cc-project5-vnet/subnets/cc-vnet-subnet-001",
		"resourceGroup": "cloud-shell-storage-westeurope"
	},
	"type": "Microsoft.Network/privateEndpoints"
}

06 Repeat steps no. 4 and 5 for each Azure Cache for Redis server available in the selected subscription.

07 Repeat steps no. 3 – 6 for each Azure subscription created in your Microsoft Azure cloud account.