If you've spent any time in the Azure console, you've probably noticed there's a Locksoption against a lot of the resources. Azure Resource Locks allow administrators to lock resources explicitly in a particular state to prohibit modification. In this article, let's cover how to use these locks to prevent Azure resources from removal or change.

As an example, we'll log into our Azure portal and navigate over to one of our virtual machines (VMs). If we scroll down a bit, we can see an option for Locks.

The Locks option

The Locks option

If we try to create a new lock, we'll find we have two lock types available: read-only and delete. To demonstrate creating a lock, we're going to insert a delete lock on this VM, type in a few notes in the Notesfield, and click OK.

Creating a lock

Creating a lock

After creating the lock, we can scroll back up to the top of the resource and try to delete it. You'll notice we get an error because the lock is in process.

Error message

Error message

Let's now go back to Locksand add a read-only lock.

Adding a read only lock

Adding a read only lock

Once we do this and attempt to edit our VM by resizing it, we'll notice we will get an error again because the read-only lock is in process.

Resizing the VM

Resizing the VM

If we take off that read-only lock and try the resizing again, we will be able to resize our VM successfully. We can perform the same action by removing the delete lock on this VM and then attempt to remove the VM again, and it will succeed.

We've demonstrated applying locks on an individual resource, but we can apply locks to entire resource groups too. This will apply locks to all resources under that group. To demonstrate this, we'll navigate to our resource groups and find a resource group. In this example, I'll use my TestVMs resource group, which has all of my test VMs underneath it.

I'll navigate to the Lockssection and create a delete and a read-only lock.

Creating a lock on a resource group

Creating a lock on a resource group

If we now try to delete one of these VMs inside the resource group, we'll notice it's blocked again with that familiar error message. Alternatively, we can also attempt to resize this VM again, and it will be blocked again.

Subscribe to 4sysops newsletter!

Azure Resource Rocks are a great way to prevent modification of critical Azure resources regardless of user access. Resource locks are an excellent failsafe to apply to your resources, forcing an explicit behavior to remove the locks manually (if you have access).

6 Comments
  1. Leos Marek 3 years ago

    Hey Adam,

    you got a typo in the header – Azure Resource Rocks

    avataravatar
    • Samuel Jamkhandi 3 years ago

      Nice one, thanks for sharing. Second Leos , there’s a typo ‘Rocks’

  2. Michael Pietroforte 3 years ago

    Leos, thanks a lot for the hint! I corrected the typo now.

  3. Swapnil Kambli 3 years ago

    With Azure ARM we can apply locks at three levels(In future may be at Management group level as well)
    1. Subscription Level
    2. Resource Group Level
    3. Resource Level.
    When we apply a lock at a parent scope, all resources within that scope inherit the same lock. 

     

  4. Swapnil Kambli 3 years ago

    Not only Resource Lock helps in protecting the existing environment against accidental deletion and modification, but It also protects the environment against uncontrolled provisioning of new resources by blocking the creation of new resources.   

    • Saman 2 years ago

      Hi Swapnil,

      Could you explain a little more about how locks can prevent creation of new resources?

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account