In your Azure environment, there could be several critical Azure resources that you don’t ever want to be deleted or modified. For an instance, deleting a SQL Azure resource, or deleting any running services from the Azure portal. Of course, no one just really doesn’t want to do it. Nevertheless, it may get deleted or modified by chance, or as an administrator or owner the solution you want to prevent the delete or change access to other users of the same subscription or resources. You can take help of Azure Resource Locking. This will help you by ‘locking down‘ a resource or a resource group all together to prevent accidentally modifying or deleting it.
Locking Azure Resource
From the Azure Portal, Open the respective Azure Resource you want to lock. In this case, we choose one Cosmos DB resource and select the Locks option from the Settings category.
Provide a Lock name and choose the type of Lock. The lock type you can choose here it to make it read-only or restrict delete access. Let’s choose “Delete” lock and provide some additional notes for future references.
Once the above information is filled. Click on OK to proceed with Lock creation.
Once the lock is created, you can see the details of Locks as shown in the below screenshot.
Once the lock is in placed, if you and anyone who has the access to this resource try to delete it, will get a Delete Failure notification.
You need to unlock the resource before you delete. The same goes for making a read-only lock as well.
Locking Azure Resource Group
The scope of the above lock was set to “This Resource”, which mean only that attached resource is bounded with the lock. There are cases you may lock your entire resource group which is running on production. In that case, you can lock the entire resource group. It will cascade the effects to all its child resources.
Once the lock is created, if you check for the scope of this lock – it is set to “Resource Group”
Now if you try to delete the resource group you will get a similar message like what you received for Resources
When the lock is set to “Resource Group”, if you try to delete any resources under that group you will receive following error.
Overall, this locking feature is extremely useful for Portal to lock a resource, a resources group or even a subscription to prevent other users from accidentally deleting or modifying critical resources.
Hope this helps