Protect Azure Resources from Accidental Changes or Deletion


1
8 shares, 1 point
(Last Updated On: July 23, 2018)

In this blog we will discuss about how to protect azure resources from accidental deletion or changes. Using Azure locks feature, we can restrict users from making any changes to specific azure resources or all resources within a resource group.

Currently there are two azure locks levels available:

  • Delete
  • Read Only

Delete helps to prevent users from deleting the azure resource however user can still make changes to the azure resource. While read only will allow users to read azure resource and prevent from making any changes to azure resources.

Who can configure Azure Locks at Azure Resource:

Resource Owner and User access administrators have privilege to configure Azure lock at azure resources.

How to Set Azure Locks at Azure Resource: 

In this example, we will restrict users from deleting Azure recovery vault created for Azure Backup.

  • Navigate to Azure resource or Resource group and go to settings, Select Locks

 

  • Click at Add to create lock. Provide Lock name, Lock Type and Notes and click OK

  • This Azure resource is now locked down from deletion.

Az-BackupSVault - Locks p Search [C Overview Activity log Access control (IAM) Tags Diagnose and solve problems SETTINGS Properties Resource group Subscription LOCK NAME Prevent Deletion LOCK TYPE Delete This resource Prevent Admins from Deleting Azure Recovery Vault

 

Let’s see what happens if user tries to delete Azure Resource which is locked from deletion:

  • In this example I am trying to delete a resource group that has a resource locked down from deletion.              

 

  • As you can see, we couldn’t delete this Resource group due to locked configured at the child resource.
  • Here you can see one of the child resource is configured with Lock type Delete under this resource group.

For more details please refer https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

 


Like it? Share with your friends!

1
8 shares, 1 point
Hasnain Shaikh
I am a Messaging and Cloud enthusiast with 12 years of experience in Presales, Planning, Designing and Implementing Microsoft Exchange, Office 365, Microsoft Azure IaaS, Microsoft Intune and Active directory infrastructure. I love to learn new technologies and share my knowledge with others.

0 Comments

Leave a Reply

Send this to a friend