If you want to prevent accidental deletion or changes to resources in your Azure Resource Groups, Microsoft Azure offers a great solution: Azure Resource Locks. In this post, I want to show you how to use Azure Resource Locks in Microsoft Azure using Azure PowerShell.

Features

There are two different types of locks available:

  • CanNotDelete:  Users can read and modify a resource, but can not eliminate the resource.
  • ReadOnly:  Users can read a resource, but can not delete or update the resource.

Important: Locks apply across all users and roles.

Azure Resource Locks can be applied at different levels:

  • Subscription
  • Resource Group
  • Resource

Locks are inherited within the scope where they apply. The most restrictive lock in the inheritance takes precedence

Az PowerShell Workaround

If you want to know how to install the PowerShell Az module on your machine, check out this link.

The simplest way to get started is to sign in interactively at the command line.

If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task we will use the following commands:

Once you set your default subscription, you are ready to add locks to your Azure Resources.

Creates an Azure resource lock

if you want to lock a resource, you should use the New-AzResourceLock cmdlet with the following syntax:

Azure Resource Locks

To lock a resource group, you should use the New-AzResourceLock cmdlet with the following syntax:

New-AzResourceLock

List all locks in your subscription

You can view all locks in your subscription using the Get-AzResourceLock cmdlet.

Get-AzResourceLock

Modifies an Azure resource lock

if you want to modify an existing block, you should use the Set-AzResourceLock cmdlet with the following syntax:

Set-AzResourceLock

Remove an Azure resource lock

To remove a lock of an Azure resource, you should use the following commands:

Remove-AzResourceLock

If you want to know more about Azure Resource Locks, check out this link: https://docs.microsoft.com/en-us/rest/api/resources/managementlocks