Management locks can help you prevent accidental deletion or modification of your Azure resources. You can manage these locks from one of the following…the Azure Portal, ARM Templates, PowerShell, Azure CLI, or the REST API. To view, add, or delete locks, go to the Locks section of any resource’s settings blade. In the Azure Portal, the locks are called Delete and Read-Only respectively.

There are two possible types of locks on a resource:

  • CanNotDetele – This means authorized users can still read and modify a resource, but they can’t delete the resource.
  • ReadOnly – This means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

When a lock is applied at the parent level, all resources within that scope inherit the same lock. This applies to any resources you add later on to this parent resource. Resource locks do not restrict how a particular resource functions and only resource changes are restricted, but the most restrictive lock will always take precedence.

Creating a Lock using the Portal

1. In the portal, go to the particular resource you want to lock. In this case it’s a Resource Group but it could be any Resource, a Resource Group, or a Subscription  and then click on the Lock option under the Settings section:

image

2. To add a lock click on the Add button:

image

3. Give your lock a name and the type of lock (Delete or Read-Only) and then click on the OK button:

image

Your resources are now locked. If you try to delete a resource that is locked you will see the following warning which prevents you from deleting the particular resource:

image

Unlocking a Resource

To unlock the resource click on the ellipse (…) button and click on the Delete option:

image

Using resource locks is a must and really prevents an “oops…I deleted the wrong resource” situation which leads to accidental and hard to recover from downtown.

Enjoy!

Resources

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

Lock Down your Azure Resources

Remove Locks from Azure Resources

Posted by Callon Campbell [MVP]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s