Prevent unexpected deletion and modification of Azure resources with Microsoft Azure Locks

Microsoft Azure is growing rapidly. With it there are a lot of organizations which are providing access to there resources to work with their subscription to spin up resources and deploy their solutions. With many people managing different resources it's sometime confusing and sometimes one might accidentally modify or remove the resources. Microsoft Azure does an amazing job to prevent it, resource locks are available in Microsoft Azure portal that help your resources be save.

As an administrator, you may need to lock a subscription, resource group or may be a resource to prevent other users in very organization from accidentally deleting or modifying critical resources. You can set the lock in Microsoft Azure portal, currently there are two kind of locks available,

• CanNotDelete
• ReadOnly

In ReadOnly one can view resource, read it but can not modify it or delete it. Whereas in CanNotDelete option there are two things available, one may modify the resource and can view or read the resource but can not delete the resource.

To create or delete management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/*  actions. Of the built-in roles, only Owner and User Access Administrator are granted those actions.

There are a lot of options for creating a lock,

• You can create a lock with REST API
• You can create a lock with Azure PowerShell or CLI

So if you are afraid of getting your resource accidentally deleted by someone or modified, apply locks to your resources, resource groups and subscription which ever suites you best and save your resources, time and accidental down time.

Documentation: