Azure Governance – Resource Locks

Resource Locks help protect Azure resource against any accedital deletion, this is very powerful feature when it comes to protect critical resources such as Express Route, VNETs etc against any accedental deletion

There are two types of locks in Azure:

  • ReadOnly – This lock prevents against any modification to Azure resources
  • DoNotDelete – This lock allows to add any resource, however, it won’t allow removing any resources and this is also a recommended lock to use in any production environment

How to implement a resource locks in a subscription – Replcae the name of the resource group with your resource group name

New-AzureRMResourceLock -LockName “LockRG” -LockLevel CanNotDelete -ResourceGroupName “AzureLock-Demo”

How to lock a single resource group

How to view resource locks applied in a subscription 

Get-AzureRmResourceLock | ft

View Locks in a Subscription

How to remove a lock from a resource group 

Remove-AzureRmResourceLock -LockName “LockRG” -ResourceGroupName “AzureLock-Demo”

Remove Lock