Azure Resource Locks

Ever been in situation when someone removed your resource accidentally?
And what if that resource contained some very important confidential data?
And what if that data had no backup copy and is now lost with that resource?

I guess the above situation would have given you cold sweat. You must be wondering if there was a way to make sure that no one is able to delete that resource without review.

Yes, in the world of Azure, it is possible to lock your resource. Azure provides this incredible functionality called “Azure Resource Lock”. Interestingly most people know about this feature but is rarely implemented. In short, it’s often overlooked.

Now it must be looking like a good idea to implement. Yes? So go ahead and implement it.

How to implement?

To add Resource Lock to any resource, simply navigate to the Locks section in the resource settings.

Types of Locks

There are two types of locks that can be implemented:
– Read-Only – means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
– Delete – means authorized users can still read and modify a resource, but they can’t delete the resource.

Working of Resource Locks

When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the lock from the parent. The most restrictive lock in the inheritance takes precedence.

References

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources