You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
### Enable Microsoft Entra ID authentication on your cache
9
+
### Use Microsoft Entra ID authentication on your cache
10
10
11
-
If you have a cache, check to see if Microsoft Entra Authentication has been enabled. If not, then enable it. We recommend using Microsoft Entra ID for your apps.
11
+
Azure Redis caches, except for Enterprise and Enterprise Flash tiers, have Microsoft Entra Authentication enabled by default. Access keys are disabled by default.
12
12
13
-
1. In the Azure portal, select the Azure Cache for Redis instance where you'd like to use Microsoft Entra token-based authentication.
1. Select **Authentication** from the Resource menu.
16
-
17
-
1. Check in the working pane to see if **Enable Microsoft Entra Authentication** is checked. If so, you can move on.
15
+
1. In the Azure portal, select the cache where you'd like to use Microsoft Entra token-based authentication.
18
16
19
-
1. Select **Enable Microsoft Entra Authentication**, and enter the name of a valid user. The user you enter is automatically assigned _Data Owner Access Policy_ by default when you select **Save**. You can also enter a managed identity or service principal to connect to your cache instance.
20
-
21
-
:::image type="content" source="media/cache-entra-access/cache-enable-microsoft-entra.png" alt-text="Screenshot showing authentication selected in the resource menu and the enable Microsoft Entra authentication checked.":::
17
+
1. Select **Authentication** from the Resource menu.
22
18
23
-
1.A popup dialog box displays asking if you want to update your configuration, and informing you that it takes several minutes. Select **Yes.**
19
+
1.Select **Select member** and enter the name of a valid user. The user you enter is automatically assigned _Data Owner Access Policy_ by default when you select **Save**. You can also enter a managed identity or service principal to connect to your cache instance.
24
20
25
-
> [!IMPORTANT]
26
-
> Once the enable operation is complete, the nodes in your cache instance reboots to load the new configuration. We recommend performing this operation during your maintenance window or outside your peak business hours. The operation can take up to 30 minutes.
21
+
:::image type="content" source="media/cache-entra-access/cache-enable-microsoft-entra.png" alt-text="Screenshot showing authentication selected in the resource menu and the enable Microsoft Entra authentication checked.":::
27
22
28
23
For information on using Microsoft Entra ID with Azure CLI, see the [references pages for identity](/cli/azure/redis/identity).
1. To create an Azure Managed Redis (preview) instance, sign in to the Azure portal and select **Create a resource**.
10
10
11
-
1. On the **New** page, select **Databases** and then select **Azure Cache for Redis**.
12
-
<!-- Fran, need screenshot. -->
13
-
<!-- :::image type="content" source="../media/managed-redis-create/new-cache-menu.png" alt-text="Screenshot showing how to select Azure Managed Redis."::: -->
14
-
11
+
1. On the **New** page, in the search box type **Azure Cache for Redis**.
12
+
15
13
1. On the **New Redis Cache** page, configure the settings for your new cache.
16
14
17
15
| Setting | Choose a value | Description |
@@ -26,23 +24,31 @@ ms.custom:
26
24
27
25
1. Select **Next: Networking** and select either a public or private endpoint.
28
26
29
-
1. Select **Next: Advanced**.
30
-
Here, you can configure any [Redis modules](../managed-redis/managed-redis-redis-modules.md) to be added to the instance.
31
-
27
+
1. Select **Next: Advanced**.
28
+
29
+
Configure any [Redis modules](../managed-redis/managed-redis-redis-modules.md) you wan to add to the instance.
30
+
31
+
By default, for a new managed cache:
32
+
- Microsoft Entra ID is enabled.
33
+
--**Access Keys Authentication** is disabled for security reasons.
34
+
35
+
> [!IMPORTANT]
36
+
> For optimal security, we recommend that you use Microsoft Entra ID with managed identities to authorize requests against your cache if possible. Authorization by using Microsoft Entra ID and managed identities provides superior security and ease of use over shared access key authorization. For more information about using managed identities with your cache, see [Use Microsoft Entra ID for cache authentication](/azure/azure-cache-for-redis/cache-azure-active-directory-for-authentication).
37
+
32
38
Set **Clustering policy** to **Enterprise** for a nonclustered cache, or to **OSS** for a clustered cache. For more information on choosing **Clustering policy**, see [Cluster policy](../managed-redis/managed-redis-architecture.md#cluster-policies).
33
39
34
40
:::image type="content" source="media/managed-redis-create/managed-redis-advanced-settings.png" alt-text="Screenshot that shows the Azure Managed Redis Advanced tab.":::
35
41
36
-
If you are using **Active geo-replication**, it must be configured during creation. For instructions on how do to this, see [Configure active geo-replication for Azure Managed Redis instances](../managed-redis/managed-redis-how-to-active-geo-replication.md).
37
-
42
+
If you're using **Active geo-replication**, it must be configured during creation. For more information, see [Configure active geo-replication for Azure Managed Redis instances](../managed-redis/managed-redis-how-to-active-geo-replication.md).
43
+
38
44
> [!IMPORTANT]
39
45
> You can't change the clustering policy of an Azure Managed Redis (preview) instance after you create it. If you're using [RediSearch](../managed-redis/managed-redis-redis-modules.md#redisearch), the Enterprise cluster policy is required, and `NoEviction` is the only eviction policy supported.
40
46
>
41
47
42
48
> [!IMPORTANT]
43
-
> If you're using this cache instance in a geo-replication group, eviction policies cannot be changed after the instance is created. Be sure to know the eviction policies of your primary nodes before you create the cache. For more information on active geo-replication, see [Active geo-replication prerequisites](../managed-redis/managed-redis-how-to-active-geo-replication.md#active-geo-replication-prerequisites).
49
+
> If you're using this cache instance in a geo-replication group, eviction policies cannot be changed after the instance is created. Be sure to know the eviction policies of your primary nodes before you create the cache. For more information on active geo-replication, see [Active geo-replication prerequisites](../managed-redis/managed-redis-how-to-active-geo-replication.md#active-geo-replication-prerequisites).
44
50
>
45
-
51
+
46
52
> [!IMPORTANT]
47
53
> You can't change modules after you create a cache instance. Modules must be enabled at the time you create an Azure Cache for Redis instance. There is no option to enable the configuration of a module after you create a cache.
48
54
>
@@ -55,4 +61,4 @@ ms.custom:
55
61
56
62
1. Review the settings and select **Create**.
57
63
58
-
It will take several minutes for the Redis instance to create. You can monitor progress on the Azure Managed Redis **Overview** page. When **Status** shows as **Running**, the cache is ready to use.
64
+
It takes several minutes for the Redis instance to create. You can monitor progress on the Azure Managed Redis **Overview** page. When **Status** shows as **Running**, the cache is ready to use.
> Microsoft recommends using Entra ID authentication, rather than passwords or access keys, for the most secure authentication experience. The authentication described in this document uses access keys, which require a very high degree of trust in the application and carries risks not present when using EntraID. Use the approach in this document only when EntraID authentication is not viable.
0 commit comments