BenjaminEngeset · Copilot · Nov 22, 2025 · Nov 22, 2025 · Nov 22, 2025 · Nov 22, 2025
diff --git a/docs/changelog.md b/docs/changelog.md
@@ -34,6 +34,9 @@ See [upgrade notes][1] for helpful information when upgrading from previous vers
   - App Configuration:
     - Check that replica locations are in allowed regions by @BernieWhite.
       [#3441](https://github.com/Azure/PSRule.Rules.Azure/issues/3441)
+  - Azure Cache for Redis:
+    - Check for Azure Cache for Redis retirement path by @BenjaminEngeset.
+      [#3605](https://github.com/Azure/PSRule.Rules.Azure/issues/3605)
   - Managed Instance for Apache Cassandra:
     - Check that Managed Instance for Apache Cassandra clusters have availability zones enabled by @BenjaminEngeset.
       [#3592](https://github.com/Azure/PSRule.Rules.Azure/issues/3592)

diff --git a/docs/en/rules/Azure.Redis.Retirement.md b/docs/en/rules/Azure.Redis.Retirement.md
@@ -0,0 +1,105 @@
+---
+severity: Important
+pillar: Operational Excellence
+category: Infrastructure provisioning
+resource: Azure Cache for Redis
+resourceType: Microsoft.Cache/redis
+online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.Redis.Retirement/
+---
+
+# Migrate to Azure Managed Redis
+
+## SYNOPSIS
+
+Azure Cache for Redis is on the retirement path. Migrate to Azure Managed Redis.
+
+## DESCRIPTION
+
+Microsoft has announced the retirement timeline for Azure Cache for Redis across all SKUs.
+The recommended replacement going forward is Azure Managed Redis.
+
+Azure Cache for Redis will be retired according to the following timeline:
+
+- Basic and Standard SKUs will be retired on September 30, 2025.
+- Premium SKU will be retired on September 30, 2027.
+
+To avoid service disruption, migrate your workloads to Azure Managed Redis.
+
+Azure Managed Redis provides several advantages:
+
+- **Improved Performance**: Enhanced throughput and lower latency.
+- **Enhanced Security**: Built-in support for Azure Active Directory authentication and managed identities.
+- **Better Availability**: Higher availability SLA and improved zone redundancy support.
+- **Simplified Management**: Streamlined configuration and maintenance with automated updates.
+- **Cost Optimization**: More predictable pricing and better resource utilization.
+
+## RECOMMENDATION
+
+Plan and execute migration from Azure Cache for Redis to Azure Managed Redis before the retirement dates to avoid service disruption.
+
+## EXAMPLES
+
+### Configure with Azure template
+
+Azure Managed Redis uses a different resource type. Update your templates to use `Microsoft.Cache/redisEnterprise` instead of `Microsoft.Cache/Redis`.
+
+For example:
+
+```json
+{
+  "type": "Microsoft.Cache/redisEnterprise",
+  "apiVersion": "2023-11-01",
+  "name": "[parameters('redisCacheName')]",
+  "location": "[parameters('location')]",
+  "sku": {
+    "name": "Enterprise_E10",
+    "capacity": 2
+  },
+  "zones": [
+    "1",
+    "2",
+    "3"
+  ],
+  "properties": {
+    "minimumTlsVersion": "1.2"
+  }
+}
+```
+
+### Configure with Bicep
+
+Azure Managed Redis uses a different resource type. Update your Bicep files to use `Microsoft.Cache/redisEnterprise` instead of `Microsoft.Cache/Redis`.
+
+For example:
+
+```bicep
+resource redisEnterprise 'Microsoft.Cache/redisEnterprise@2023-11-01' = {
+  name: redisCacheName
+  location: location
+  sku: {
+    name: 'Enterprise_E10'
+    capacity: 2
+  }
+  zones: [
+    '1'
+    '2'
+    '3'
+  ]
+  properties: {
+    minimumTlsVersion: '1.2'
+  }
+}
+```
+
+## NOTES
+
+This rule will fail for all Azure Cache for Redis resources as part of informing you about the retirement path.
+Consider migrating to Azure Managed Redis before the retirement dates.
+
+## LINKS
+
+- [Infrastructure provisioning](https://learn.microsoft.com/azure/architecture/framework/devops/automation-infrastructure)
+- [Azure Cache for Redis retirement: What to know and how to prepare](https://techcommunity.microsoft.com/blog/azure-managed-redis/azure-cache-for-redis-retirement-what-to-know-and-how-to-prepare/4458721)
+- [Azure Cache for Redis retirement FAQ](https://learn.microsoft.com/azure/azure-cache-for-redis/retirement-faq)
+- [Azure Managed Redis documentation](https://learn.microsoft.com/azure/azure-cache-for-redis/managed-redis/managed-redis-overview)
+- [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.cache/redisenterprise)
diff --git a/src/PSRule.Rules.Azure/en/PSRule-rules.psd1 b/src/PSRule.Rules.Azure/en/PSRule-rules.psd1
@@ -131,4 +131,5 @@
     ResourceHasNoTags = "The resource does not have any tags. Expected tags: {0}."
     ActiveSecurityAlerts = "There are {0} active security alerts of high or medium severity."
     KeyValueShouldNotContainSecrets = "The key value '{0}' property should not contain secrets."
+    AzureCacheRedisRetirement = "Azure Cache for Redis is on the retirement path. Migrate to Azure Managed Redis."
 }
diff --git a/src/PSRule.Rules.Azure/rules/Azure.Redis.Rule.ps1 b/src/PSRule.Rules.Azure/rules/Azure.Redis.Rule.ps1
@@ -123,6 +123,11 @@ Rule 'Azure.Redis.Version' -Ref 'AZR-000347' -Type 'Microsoft.Cache/redis' -Tag
     ).Reason($LocalizedData.AzureCacheRedisVersion)
 }
 
+# Synopsis: Azure Cache for Redis is on the retirement path. Migrate to Azure Managed Redis.
+Rule 'Azure.Redis.Retirement' -Ref 'AZR-000505' -Type 'Microsoft.Cache/redis' -Tag @{ release = 'GA'; ruleSet = '2025_12'; 'Azure.WAF/pillar' = 'Operational Excellence'; } {
+    $Assert.Fail($LocalizedData.AzureCacheRedisRetirement)
+}
+
 #region Helper functions
 
 function global:GetCacheMemory {

diff --git a/tests/PSRule.Rules.Azure.Tests/Azure.Redis.Tests.ps1 b/tests/PSRule.Rules.Azure.Tests/Azure.Redis.Tests.ps1
@@ -353,6 +353,19 @@ Describe 'Azure.Redis' -Tag 'Redis' {
             $ruleResult.TargetName | Should -BeIn 'redis-R';
             $ruleResult.Length | Should -Be 1;
         }
+
+        It 'Azure.Redis.Retirement' {
+            $filteredResult = $result | Where-Object { $_.RuleName -eq 'Azure.Redis.Retirement' };
+
+            # Fail - All Azure Cache for Redis instances should fail this rule
+            $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
+            $ruleResult | Should -Not -BeNullOrEmpty;
+            $ruleResult.Length | Should -Be 12;
+            $ruleResult.TargetName | Should -BeIn 'redis-A', 'redis-B', 'redis-C', 'redis-D', 'redis-E', 'redis-F', 'redis-G', 'redis-H', 'redis-I', 'redis-J', 'redis-Q', 'redis-R';
+
+            # Verify the reason message
+            $ruleResult[0].Reason | Should -BeExactly "Azure Cache for Redis is on the retirement path. Migrate to Azure Managed Redis.";
+        }
     }
 
     Context 'With Configuration Option' -Tag 'Configuration' {