Enable Data Persistence for Azure Cache for Redis Servers

Risk Level: Medium (should be achieved)

To ensure resilience against unexpected Redis cache node failures, enable data persistence for your Microsoft Azure Cache for Redis servers. Data persistence allows you to save data stored in the cache, enabling data recovery in the event of data loss.

Reliability

Because Azure Cache for Redis primarily stores data in memory, hardware failures can lead to data loss when cache nodes are unavailable. To mitigate this risk and enhance durability, Redis data persistence provides a mechanism to save your cached data. This allows the cache instance to be automatically repopulated from the persistence file after recovery, making it a vital component of any robust high availability and disaster recovery strategy.

Data persistence is not currently available for the Azure Cache for Redis servers in the Basic and Standard tiers.

Audit

To determine if data persistence is enabled for your Microsoft Azure Cache for Redis servers, perform the following operations:

Using Azure Portal

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equals all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Azure Cache for Redis for Value, then choose Apply to list the Azure Cache for Redis servers available in the selected subscription.

05 Click on the name (link) of the Azure Cache for Redis server that you want to examine.

06 In the resource navigation panel, under Settings, select Data persistence to access the data persistence settings available for the selected server.

07 In the Data Persistence section, check the Backup file configuration setting to determine the if data persistence is enabled for the selected cache server. If Backup file is set to No Persistence, the Data Persistence feature is not enabled for the selected Azure Cache for Redis server.

08 Repeat steps no. 5 - 7 for each Azure Cache for Redis server deployed in the selected Azure subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created in your Microsoft Azure cloud account.

Using Azure CLI

01 Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account:

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs):

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

03 Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to examine as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output):

az account set
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 Run redis list command (Windows/macOS/Linux) with custom output filters to list the identifier (ID) of each Azure Cache for Redis server available in the selected subscription:

az redis list
	--query '[*].id'

05 The command output should return the requested cache server IDs:

[
	"/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Cache/Redis/cc-project5-redis-cache",
	"/subscriptions/abcdabcd-1234-abcd-1234-abcd1234abcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Cache/Redis/cc-webapp-cache-server"
]

06 Run redis show command (Windows/macOS/Linux) with the ID of the Azure Cache for Redis server that you want to examine as the identifier parameter and custom output filters to determine if data persistence is enabled for the selected Redis cache server:

az redis show
	--ids "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Cache/Redis/cc-project5-redis-cache"
	--query '{"rdbBackupEnabled":redisConfiguration.rdbBackupEnabled,"aofBackupEnabled":redisConfiguration.aofBackupEnabled}'

07 The command output should return the operational status for both the Redis Database (RDB) and Append-only file (AOF) data persistence types. For more details about data persistence types, see the official Redis documentation:

{
	"aofBackupEnabled": "false",
	"rdbBackupEnabled": "false"
}

If the redis show command output returns null or "false" for both "aofBackupEnabled" and "rdbBackupEnabled" configuration attributes, as shown in the example above, the Data Persistence feature is not enabled for the selected Azure Cache for Redis server.

08 Repeat step no. 6 and 7 for each Azure Cache for Redis server available within the current Azure subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created in your Microsoft Azure cloud account.

Remediation / Resolution

To enable data persistence for your Microsoft Azure Cache for Redis servers, perform the following operations:

Using Azure Portal

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equals all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Azure Cache for Redis for Value, then choose Apply to list only the Azure Cache for Redis servers available in the selected subscription.

05 Click on the name (link) of the Azure Cache for Redis server that you want to configure.

06 In the resource navigation panel, under Settings, select Data persistence to access the data persistence settings available for the selected server.

07 In the Data Persistence section, perform the following actions to configure data persistence for the selected cache server:

For Backup file, select the format of data persistence that you want to use for your server. The Redis Database (RDB) format creates snapshots of the entire dataset at specified intervals, offering fast recovery and smaller storage but risks data loss between snapshots. The Append-only file (AOF) format logs each write operation in sequence, providing higher data durability and recovery accuracy but requiring more storage (i.e., a second storage account). To learn more about the advantages and disadvantages of RDB and AOF data persistence, check the official Redis documentation.
For Authentication Method, select Managed Identity. If system-assigned managed identity is not enabled for the selected cache server, follow the steps outlined on this page to enable the feature.
For Subscription, choose the appropriate Azure subscription.
If you selected Redis Database (RDB) for Backup file, select the backup frequency from the Backup Frequency dropdown list and the name of the necessary storage account from the Storage Account dropdown menu. The backup frequency determines how often to persist the cache snapshot. The Soft Delete feature must be enabled on the selected Azure Storage account.
If you selected Append-only file (AOF) for Backup file, select the necessary storage accounts from the First Storage Account and Second Storage Account dropdown lists.
Choose Save to apply the configuration changes. This will enable the Data Persistence feature for the selected Azure Cache for Redis server.

08 Repeat steps no. 5 – 7 for each Azure Cache for Redis server that you want to configure, available within the selected subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created in your Microsoft Azure cloud account.

Using Azure CLI

01 Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account:

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs):

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

az account set
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 If system-assigned managed identity is not enabled for the selected cache server, follow the steps outlined on this page to enable the feature.

05 Run redis update command (Windows/macOS/Linux) with the name of the Azure Cache for Redis server that you want to configure as the identifier parameter, to enable the data persistence based on Redis Database (RDB) for the selected cache server. Replace \<storage-account-name\> with the name of your Azure Storage account. The Soft Delete feature must be enabled on the specified storage account:

az redis update
	--ids "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Cache/Redis/cc-project5-redis-cache"
	--set "redisConfiguration.rdbBackupEnabled"="true" "redisConfiguration.rdbBackupFrequency"="15" "redisConfiguration.rdbBackupMaxSnapshotCount"="1" "redisConfiguration.rdbStorageConnectionString"="https://<storage-account-name>.blob.core.windows.net/"

06 The command output should return the configuration information available for the modified Redis cache server:

{
	"accessKeys": null,
	"disableAccessKeyAuthentication": false,
	"enableNonSslPort": true,
	"hostName": "cc-project5-redis-cache.redis.cache.windows.net",
	"identity": null,
	"instances": [
		{
			"isMaster": true,
			"isPrimary": true,
			"nonSslPort": 13000,
			"shardId": null,
			"sslPort": 15000,
			"zone": null
		},
		{
			"isMaster": false,
			"isPrimary": false,
			"nonSslPort": 13001,
			"shardId": null,
			"sslPort": 15001,
			"zone": null
		}
	],
	"linkedServers": [],
	"location": "West Europe",
	"minimumTlsVersion": "1.2",
	"name": "cc-project5-redis-cache",
	"port": 6379,
	"privateEndpointConnections": null,
	"provisioningState": "Succeeded",
	"publicNetworkAccess": "Disabled",
	"redisConfiguration": {
		"aadEnabled": "true",
		"additionalProperties": null,
		"aofBackupEnabled": "false",
		"aofStorageConnectionString0": null,
		"aofStorageConnectionString1": null,
		"authnotrequired": null,
		"maxclients": "7500",
		"maxfragmentationmemoryReserved": "642",
		"maxmemoryDelta": "642",
		"maxmemoryPolicy": null,
		"maxmemoryReserved": "642",
		"notifyKeyspaceEvents": null,
		"preferredDataArchiveAuthMethod": null,
		"preferredDataPersistenceAuthMethod": "managedIdentity",
		"rdbBackupEnabled": "True",
		"rdbBackupFrequency": "15",
		"rdbBackupMaxSnapshotCount": "1",
		"rdbStorageConnectionString": "https://<storage-account-name>.blob.core.windows.net/",
		"storageSubscriptionId": "abcdabcd-1234-abcd-1234-abcdabcdabcd",
		"zonalConfiguration": null
	},
	"redisVersion": "6.0",
	"replicasPerMaster": null,
	"replicasPerPrimary": null,
	"resourceGroup": "cloud-shell-storage-westeurope",
	"shardCount": null,
	"sku": {
		"capacity": 1,
		"family": "P",
		"name": "Premium"
	},
	"sslPort": 6380,
	"staticIp": null,
	"subnetId": null,
	"tags": {},
	"tenantSettings": null,
	"type": "Microsoft.Cache/Redis",
	"updateChannel": "Stable",
	"zones": null
}

07 Run redis update command (Windows/macOS/Linux) with the name of the Azure Cache for Redis server that you want to configure as the identifier parameter, to enable the data persistence based on Append-only file (AOF) for the selected cache server. Replace \<first-storage-account-name\> and \<second-storage-account-name\> with the names of your Azure Storage accounts. The Soft Delete feature must be enabled on the specified storage accounts:

az redis update
	--ids "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Cache/Redis/cc-project5-redis-cache"
	--set "redisConfiguration.aofBackupEnabled"="true" "redisConfiguration.aofStorageConnectionString0"="https://<first-storage-account-name>.blob.core.windows.net/" "redisConfiguration.aofStorageConnectionString1"="https://<second-storage-account-name>.blob.core.windows.net/"

08 The command output should return the configuration information available for the modified Redis cache server:

{
	"accessKeys": null,
	"disableAccessKeyAuthentication": false,
	"enableNonSslPort": true,
	"hostName": "cc-project5-redis-cache.redis.cache.windows.net",
	"identity": null,
	"instances": [
		{
			"isMaster": true,
			"isPrimary": true,
			"nonSslPort": 13000,
			"shardId": null,
			"sslPort": 15000,
			"zone": null
		},
		{
			"isMaster": false,
			"isPrimary": false,
			"nonSslPort": 13001,
			"shardId": null,
			"sslPort": 15001,
			"zone": null
		}
	],
	"linkedServers": [],
	"location": "West Europe",
	"minimumTlsVersion": "1.2",
	"name": "cc-project5-redis-cache",
	"port": 6379,
	"privateEndpointConnections": null,
	"provisioningState": "Succeeded",
	"publicNetworkAccess": "Disabled",
	"redisConfiguration": {
		"aadEnabled": "true",
		"additionalProperties": null,
		"aofBackupEnabled": "True",
		"aofStorageConnectionString0": "https://<first-storage-account-name>.blob.core.windows.net/",
		"aofStorageConnectionString1": "https://<second-storage-account-name>.blob.core.windows.net/",
		"authnotrequired": null,
		"maxclients": "7500",
		"maxfragmentationmemoryReserved": "642",
		"maxmemoryDelta": "642",
		"maxmemoryPolicy": null,
		"maxmemoryReserved": "642",
		"notifyKeyspaceEvents": null,
		"preferredDataArchiveAuthMethod": null,
		"preferredDataPersistenceAuthMethod": "managedIdentity",
		"rdbBackupEnabled": "false",
		"rdbBackupFrequency": "15",
		"rdbBackupMaxSnapshotCount": "1",
		"rdbStorageConnectionString": null,
		"storageSubscriptionId": "abcdabcd-1234-abcd-1234-abcdabcdabcd",
		"zonalConfiguration": null
	},
	"redisVersion": "6.0",
	"replicasPerMaster": null,
	"replicasPerPrimary": null,
	"resourceGroup": "cloud-shell-storage-westeurope",
	"shardCount": null,
	"sku": {
		"capacity": 1,
		"family": "P",
		"name": "Premium"
	},
	"sslPort": 6380,
	"staticIp": null,
	"subnetId": null,
	"tags": {},
	"tenantSettings": null,
	"type": "Microsoft.Cache/Redis",
	"updateChannel": "Stable",
	"zones": null
}

09 Repeat steps no. 5 - 8 for each Azure Cache for Redis server that you want to configure, available in the selected subscription.

10 Repeat steps no. 3 – 9 for each Azure subscription created in your Microsoft Azure cloud account.

References

Azure Official Documentation
High availability and disaster recovery
Data persistence in Azure Cache for Redis

Azure Command Line Interface (CLI) Documentation
az account list
az account set
az redis list
az redis show
az redis update

Redis Official Documentation
Redis persistence

Publication date May 12, 2025

Audit

Using Azure Portal

Using Azure CLI

Remediation / Resolution

Using Azure Portal

Using Azure CLI

References

Related RedisCache rules