In this blog we will discuss about how to protect azure resources from accidental deletion or changes. Using Azure locks feature, we can restrict users from making any changes to specific azure resources or all resources within a resource group.
Currently there are two azure locks levels available:
- Read Only
Delete helps to prevent users from deleting the azure resource however user can still make changes to the azure resource. While read only will allow users to read azure resource and prevent from making any changes to azure resources.
Who can configure Azure Locks at Azure Resource:
Resource Owner and User access administrators have privilege to configure Azure lock at azure resources.
How to Set Azure Locks at Azure Resource:
In this example, we will restrict users from deleting Azure recovery vault created for Azure Backup.
- Navigate to Azure resource or Resource group and go to settings, Select Locks
- Click at Add to create lock. Provide Lock name, Lock Type and Notes and click OK
- This Azure resource is now locked down from deletion.
Let’s see what happens if user tries to delete Azure Resource which is locked from deletion:
- In this example I am trying to delete a resource group that has a resource locked down from deletion.
- As you can see, we couldn’t delete this Resource group due to locked configured at the child resource.
- Here you can see one of the child resource is configured with Lock type Delete under this resource group.
For more details please refer https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources