Scenario
Many times, we receive requests for a quick and reliable way to review Azure Redis configurations such as SKU tiers, Redis versions, TLS settings, Microsoft Entra authentication status, and public network exposure. Traditionally, these checks are performed using PowerShell, Azure CLI, or REST APIs. While effective, these methods can be time-consuming due to script development and module installation. Azure Resource Graph Explorer offers a faster and more scalable alternative by enabling customers to query Redis configurations directly using Kusto Query Language (KQL). This approach eliminates the need to create and maintain scripts while providing centralized visibility across multiple subscriptions.
Azure Resource Graph Explorer
Azure Resource Graph Explorer allows you to run KQL queries directly from the Azure portal to inspect Redis configurations across subscriptions at scale. All queries in this document use the Resources table, filter on Redis resource types, and retrieve configuration properties from the Redis resource schema.
The queries target the following resource types:
- microsoft.cache/redis
- microsoft.cache/redisenterprise
How to Open Azure Resource Graph Explorer (Quick Steps)
- Sign in to the Azure Portal
- In the global search bar, search for Resource Graph Explorer
- Open Resource Graph Explorer
- Paste the KQL query into the query window
- Click Run query to view results
Following queries can be used to quickly analyse and validate Azure Cache configurations across subscriptions:
1. Redis SKU Information
Find all Redis instances and identify their SKU tier.
|
Resources | where type in~ ("microsoft.cache/redis", "microsoft.cache/redisenterprise") | extend SKU = coalesce(tostring(sku.name), tostring(properties.sku.name)) | project name, resourceGroup, location, SKU |
Explanation
This query retrieves all Azure Cache for Redis instances and identifies their SKU tier (Basic, Standard, Premium, Enterprise and AMR).
The SKU information helps understand performance capabilities, high availability features, and scaling options configured for each Redis instance.
2. Redis Version Information (OSS Cache Only)
Identify Redis version being used for Azure Cache for Redis (Basic, Standard, Premium).
|
Resources | where type =~ "microsoft.cache/redis" | project name, resourceGroup, location, SKU=sku.name, RedisVersion=properties.redisVersion |
Explanation:
This query lists Redis instances along with their deployed Redis version.
Identifying older Redis versions helps prioritize upgrades, maintain supportability, and ensure compatibility with newer features and security enhancements.
Note: This query applies only to OSS Azure Cache for Redis (Basic, Standard, and Premium tiers). Azure Managed Redis (AMR) is not included because these properties are not exposed in Azure Resource Graph for AMR.
3. Minimum TLS Version for Redis
List Redis instances and configured minimum TLS version.
| Resources | where type in~ ("microsoft.cache/redis", "microsoft.cache/redisenterprise") | project name, resourceGroup, location, MinimumTLS = properties.minimumTlsVersion |
Explanation:
This query identifies the minimum TLS version configured for Redis cache.
Using TLS 1.2 or higher is recommended to meet modern security compliance and encryption standards.
4. Redis Instances with Public Network Access Enabled
Identify Redis instances that allow public network access.
| Resources | where type in~ ("microsoft.cache/redis", "microsoft.cache/redisenterprise") | project name, resourceGroup, location, PublicNetworkAccess = properties.publicNetworkAccess |
Explanation:
This query checks whether Redis instances are accessible over public internet.
Possible values include:
- Enabled — Redis accessible via public endpoint
- Disabled — Redis accessible only via private endpoint / virtual network
5. Microsoft Entra Authentication Enabled (OSS Cache Only)
Check Microsoft Entra ID authentication and key-based authentication for Azure Cache for Redis (Basic, Standard, Premium).
|
Resources | where type =~ "microsoft.cache/redis" | extend EntraAuthEnabled = tostring(properties.redisConfiguration["aad-enabled"]) | extend KeyBasedAuthDisabled = tostring(properties.disableAccessKeyAuthentication) | project name, resourceGroup, location, EntraAuthEnabled, KeyBasedAuthDisabled |
Explanation:
This query reviews authentication and access security settings for Azure Cache for Redis (OSS tiers).
- Microsoft Entra Authentication – Shows whether Microsoft Entra ID authentication is enabled
- true — Enabled
- false — Disabled
- Key-Based Authentication – Shows whether access keys are disabled
- true — Access keys disabled (Recommended)
- false — Access keys enabled
Note: This query applies only to OSS Azure Cache for Redis (Basic, Standard, and Premium tiers). Azure Managed Redis (AMR) is not included because these properties are not exposed in Azure Resource Graph for AMR.
Reference
- Overview of Azure Resource Graph - Azure Resource Graph | Microsoft Learn
- Quickstart: Run Resource Graph query using Azure portal - Azure Resource Graph | Microsoft Learn
- Microsoft Cache Redis Resource Schema
- Microsoft Cache Redis Enterprise Schema
Kindly note this blog is focused on Azure Cache configurations, the same approach can be leveraged for other Azure resource types in a similar way by querying their respective resource schemas using Azure Resource Graph.
Hope this helps!
Microsoft