A resource lock prevents resources from being accidentally deleted or changed.
There are two types of resource locks - a Delete lock, and a ReadOnly lock.
Even with Azure role-based access control (Azure RBAC) policies in place, there's still a risk that people with the right level of access could delete critical cloud resources.
Resource locks prevent resources from being deleted or updated.
Resource locks can be applied to individual resources, resource groups, or even an entire subscription. Resource locks are inherited, meaning that if you place a resource lock on a resource group, all of the resources within the resource group will also have the resource lock applied.
There are two types of resource locks:
Here's what it looks like when you try to add a lock:
You can manage resource locks from the Azure portal, PowerShell, the Azure CLI, or from an Azure Resource Manager (ARM) template.
To view, add, or delete locks in the Azure portal, go to the Settings section of any resource's left hand panel. Select the Locks option.
Resource locks helps prevent accidental changes, but you can still get around them by following a two-step process.
To update or delete a locked resource, you must first remove the lock. After you remove the lock, you can apply any action you have permissions to perform.
Some final things to note: