We want to enable users of Azure Managed Redis to disable public traffic without a private endpoint or allow both public and private access simultaneously.
In certain enterprise environments, Redis and networking responsibilities are handled by distinct teams. The Data Operations team may securely provision Azure Managed Redis instances with PublicNetworkAccess set to Disabled, subsequently establishing connections to private links overseen by the Networking Operations team. By introducing a dedicated control for PublicNetworkAccess, it provides the flexibility of being no longer necessary to configure a Private Endpoint concurrently with Azure Managed Redis at the time of creation.
With the new PublicNetworkAccess property, you can now restrict public IP traffic independently of Private Links to Virtual Networks. The following network configurations are now supported:
• Public traffic without Private Links
• Public traffic with Private Links
• Private traffic without Private Links
• Private traffic with Private Links
API changes
The PublicNetworkAccess property is introduced in Microsoft.Cache redisEnterprise 2025-07-01. This is a security-related breaking change. We will deprecate older API versions before 2025-07-01 in October 2026.
After October 2026:
• You can only set PublicNetworkAccess property using API versions 2025-07-01 or later
• You can no longer send API calls with older versions prior to 2025-07-01
• Your older caches provisioned with the older versions of the APIs will continue to work, but additional operations on it will require calls to be made with API versions 2025-07-01 or later
Changing an Existing Azure Managed Redis Cache to Use PublicNetworkAccess property
Use the Azure portal to add PublicNetworkAccess config to your existing Azure Managed Redis cache.
Steps to Change PublicNetworkAccess Property
1. Open your cache in the Azure Portal.
2. From the resource menu, select Networking.
3. In the portal, set the PublicNetworkAccess property here. Note: This is an irreversible operation—once set, you cannot revert to the unset state.
4. In the Public access pane, select Enable or Disable and save.
5. NOTE: your existing Private Endpoints will remain unaffected
Figure 1: Set PublicNetworkAccess in existing Azure Managed Redis by selecting ‘Disable’ or ‘Enable’ public access
Best practices
Having PublicNetworkAccess controlled separately by a setting provides more flexibility for a team to reuse existing Private Endpoints to enhance the end-to-end management experience.
To improve Azure Managed Redis security, disable PublicNetworkAccess and use a Virtual Network with Private Endpoint and Private Links. Virtual Networks provide network controls and extra protection, while Private Links enable one-way communication for greater isolation. This ensures other resources in the Virtual Network stay secure even if Redis is compromised.
Microsoft