Unable to delete account from Azure Managed Redis

Question

Unable to delete account from Azure Managed Redis

Prashanth Talari 0

We are experiencing an issue with Azure Managed Redis (Redis Enterprise) where user‑assigned managed identities (UAMI) added as Redis users cannot always be deleted.

Observed behavior:

Redis users are created using Bicep (Microsoft.Cache/redisEnterprise/databases/accessPolicyAssignments)

Deleting a Redis user from the Azure Portal shows “Deletion may take a few minutes” but never completes

No error message is returned via Portal, Azure CLI, ARM, or REST API

The Redis user remains indefinitely, and some entries display only GUIDs instead of friendly identity names

There is no supported force‑delete option for Redis Enterprise users

Steps tried to resolve:

Retried deletion multiple times over several days

Verified managed identity still exists in Entra ID

Re‑deployed access policy assignments using Bicep

Checked Azure CLI support for Redis Enterprise user deletion

The only way found to clear the stuck Redis users was to delete and recreate the Redis Enterprise instance, which is not a viable solution for production environments.

Questions:

Is this a known issue or bug in Azure Managed Redis (Redis Enterprise)?

Is there a supported way to fully delete stuck Redis users without recreating the Redis instance?

Is there a planned fix or recommended best practice when using managed identities with Redis Enterprise?

References used:

Bicep template:

https://learn.microsoft.com/en-us/azure/templates/microsoft.cache/redisenterprise/databases/accesspolicyassignments?pivots=deployment-language-bicep

CLI reference:

https://learn.microsoft.com/en-us/cli/azure/redisenterprise/database/access-policy-assignment

Thanks,

Saraswathi Devadula 16,015 Reputation points Microsoft External Staff Moderator

2026-04-17T05:16:08.6233333+00:00

Hello Prashanth Talari

Kindly please share the details to delete the account.
Saraswathi Devadula 16,015 Reputation points Microsoft External Staff Moderator

2026-04-20T05:11:48.3666667+00:00

Hello Prashanth Talari

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
martin ogorman 0 Reputation points

2026-04-20T07:59:25.42+00:00
Sarawathi

On the provided points

We do use Azure Cache for Redis, but it is now being retired, and we have been recommended to move to Azure Managed Redis. I would prefer to use a solution that supports RBAC and avoids the effort of implementing custom permissions code for data access policies.

“We recommend you proceed with our new offering – Azure Managed Redis (https://aka.ms/AzureManagedRedis). It is built for higher performance at a lower cost. Azure Cache for Redis is still available but will be retired on September 30, 2028. Learn more about the retirement here: https://aka.ms/AzureCacheForRedisRetirement.”

I am using the following in Bicep for the access policy assignments, which is the latest non-preview version: Microsoft.Cache/redisEnterprise/databases/accessPolicyAssignments@2025-07-01

I believe the issue occurred while developing the Bicep module using the above API, where the user-managed identity provided had an incorrect object ID. Rather than throwing an error, it was accepted and became impossible to remove.

The issue has now been resolved, as I was able to delete and re-add the managed Redis cache. However, I thought it would be prudent to inform you of the validation issue with the account.
Prashanth Talari 0 Reputation points

2026-04-29T15:51:40.23+00:00

Hello @Saraswathi Devadula ,Thanks for the response,
Have you had a chance to review Martin Ogorman’s comments and provide an update or any additional information.
Saraswathi Devadula 16,015 Reputation points Microsoft External Staff Moderator

2026-05-01T12:11:20.7466667+00:00

Hello Prashanth Talari

Kindly please share the details to delete the account.

2 answers

Your answer

Saraswathi Devadula 16,015 Reputation points Microsoft External Staff Moderator

2026-04-17T05:16:08.6233333+00:00

Hello Prashanth Talari

Kindly please share the details to delete the account.
Saraswathi Devadula 16,015 Reputation points Microsoft External Staff Moderator

2026-04-20T05:11:48.3666667+00:00

Hello Prashanth Talari

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
martin ogorman 0 Reputation points

2026-04-20T07:59:25.42+00:00

Sarawathi

On the provided points

We do use Azure Cache for Redis, but it is now being retired, and we have been recommended to move to Azure Managed Redis. I would prefer to use a solution that supports RBAC and avoids the effort of implementing custom permissions code for data access policies.

“We recommend you proceed with our new offering – Azure Managed Redis (https://aka.ms/AzureManagedRedis). It is built for higher performance at a lower cost. Azure Cache for Redis is still available but will be retired on September 30, 2028. Learn more about the retirement here: https://aka.ms/AzureCacheForRedisRetirement.”

I am using the following in Bicep for the access policy assignments, which is the latest non-preview version: Microsoft.Cache/redisEnterprise/databases/accessPolicyAssignments@2025-07-01

I believe the issue occurred while developing the Bicep module using the above API, where the user-managed identity provided had an incorrect object ID. Rather than throwing an error, it was accepted and became impossible to remove.

The issue has now been resolved, as I was able to delete and re-add the managed Redis cache. However, I thought it would be prudent to inform you of the validation issue with the account.
Prashanth Talari 0 Reputation points

2026-04-29T15:51:40.23+00:00

Hello @Saraswathi Devadula ,Thanks for the response,
Have you had a chance to review Martin Ogorman’s comments and provide an update or any additional information.
Saraswathi Devadula 16,015 Reputation points Microsoft External Staff Moderator

2026-05-01T12:11:20.7466667+00:00

Hello Prashanth Talari

Kindly please share the details to delete the account.

Answer 1

Hello Prashanth Talari

It looks like the “stuck” Redis users you’re seeing are coming from the Data Access Policy feature in Azure Managed Redis Enterprise, which is still in preview and currently doesn’t support clean deletion of user-assigned identities once they’re added. At this time:

Recommended next steps:

If you absolutely need per-identity access control today, consider using a non-Enterprise Azure Cache for Redis with Azure RBAC (AAD) instead of the Preview Data Access Policy.
Bicep template for accessPolicyAssignments: https://learn.microsoft.com/azure/templates/microsoft.cache/redisenterprise/databases/accesspolicyassignments?pivots=deployment-language-bicep
Azure CLI access-policy-assignment ref: https://learn.microsoft.com/cli/azure/redisenterprise/database/access-policy-assignment?view=azure-cli-latest
Could you please share the details requested in the private message for further troubleshooting.

Answer 2

This behavior matches known intermittent issues with managed identity assignment and removal in Azure resources, but the context does not document a Redis Enterprise–specific bug or a supported force‑delete mechanism for stuck Redis users.

From the available information:

Known issue pattern with managed identities
Managed identities can occasionally get into a bad assignment state where operations such as assign/unassign fail silently or with confusing errors. The documented guidance for such cases is:
- For user‑assigned managed identities: remove the identity assignment from the resource and then reassign it.
- For system‑assigned identities: disable the identity and enable it again.
This pattern is described as a general managed identity issue, not specific to Redis, but the symptoms (resource thinks an identity is still attached, operations blocked or stuck) are similar to what is being observed with Redis Enterprise users.
No documented force‑delete for Redis Enterprise identities
The context only documents:
- How to create and manage Azure Managed Redis / Redis Enterprise resources via az redisenterprise.
- How to remove managed identities from Azure Cache for Redis using az redis identity remove (for the non‑Enterprise Microsoft.Cache/Redis resource).
There is no documented “force delete” or low‑level cleanup command for stuck Redis Enterprise access policy assignments or users. The only destructive cleanup shown is deleting the cache or resource group itself.
What is documented as supported remediation
Based on the general managed identity guidance, the only supported remediation steps that align with the documented best practices are:
- For user‑assigned managed identities used as Redis users:
  1. Remove the managed identity assignment from the Redis resource (or database/access policy assignment) using the supported management plane (Bicep/ARM/CLI/Portal).
  2. Reassign the user‑assigned managed identity to the resource.
- If the identity itself is no longer needed anywhere, delete the user‑assigned managed identity resource and then manually clean up any role assignments that reference it.
For system‑assigned identities (if used anywhere in the flow):
- Disable the system‑assigned identity on the resource and then enable it again.
These steps are the only documented workaround for identity assignment issues; there is no additional Redis‑specific cleanup guidance in the context.
Best‑practice considerations
The documented best practices for managed identities emphasize:
- Prefer managed identities over keys for authorization where possible.
- Carefully manage lifecycle: user‑assigned identities outlive resources and must be explicitly deleted; role assignments tied to deleted identities are not automatically removed and must be cleaned up.
Applied to Redis Enterprise:
- Design access policy assignments so that user‑assigned identities are reused and not frequently created/deleted per deployment, reducing the chance of hitting rare assignment bugs.
- Periodically audit role assignments and identity usage, and manually remove role assignments that reference deleted or unknown identities.
Answers to the specific questions
- Is this a known issue or bug in Azure Managed Redis (Redis Enterprise)?
  The context only documents a general “rare” issue with managed identity assignment operations across Azure resources, not a Redis Enterprise–specific bug.
- Is there a supported way to fully delete stuck Redis users without recreating the Redis instance?
  The context does not document a Redis Enterprise–specific force‑delete or cleanup mechanism. The only documented remediation for identity‑related stuck states is to remove and reassign managed identities (or disable/enable system‑assigned identities) and to manually clean up role assignments.
- Is there a planned fix or recommended best practice when using managed identities with Redis Enterprise?
  No planned fix is documented in the context. The only relevant best practices are the general managed identity recommendations: manage lifecycle carefully, delete unused user‑assigned identities, and manually remove stale role assignments.

References:

Share via

Unable to delete account from Azure Managed Redis

2 answers

Your answer