Open In App

Resource Locks in Microsoft Azure

Last Updated : 17 Mar, 2023
Improve
Improve
Like Article
Like
Save
Share
Report

Pre-requisite: Microsoft Azure

Microsoft Azure is a powerful cloud computing platform that provides a wide range of tools and services for companies of all sizes. As businesses continue to use Azure services, it is crucial to make sure that crucial resources are shielded against unauthorized or unintentional alteration. Resource locks come into play here.

What are resource locks:

Azure uses resource locks as a defense against unintentional destruction or alteration of important resources. A locked resource can’t be deleted or changed until the lock is released. Any resource in an Azure subscription, including resource groups, virtual machines, storage accounts, and databases, can have a resource lock applied to it.

Why are Resource Locks Important:

For Azure’s important resources to be available and secure, resource locks are crucial. Without resource locks, unintentional resource deletion or change could lead to system outages, data loss, or security breaches. Resource locks add an extra degree of defense against mistakes made by people, flawed software, and malicious attacks.

There are two types of resource locks, that are offered by Azure: read-only locks and delete locks.

Read-Only Locks: A read-only lock allows read access but prevents any modification to a resource and deletion. Although still allowing authorized users to examine the resource, this kind of lock is important for preventing unintentional modifications to crucial resources.

Delete Locks: Can’t delete the resource but the authorized user can read and modify the resource. This kind of lock is helpful for preventing unintentional or unauthorized deletion of crucial resources.

Advantages and Disadvantages of Azure Resource Locks:

Advantages:

  1. Prevent accidental deletion: Resource locks’ main benefit is that they help in preventing the unintentional deletion or change of essential resources. Applying a lock can assist prevent accidental resource deletion or modification, which could lead to downtime or data loss.
  2. Granular control: You have granular control over which resources are locked and which are not by applying resource locks at the resource group or individual resource level. This enables you to apply various levels of security to various resources.
  3. Easy to implement: Resource locks can be implemented using the Azure portal, Azure CLI, or Azure PowerShell and are simple to apply.

Disadvantages

  1. Limits functionality: Implementing a resource lock may restrict a resource’s functionality. Applying a read-only lock, for instance, will prevent any alterations to a storage account, which may have an effect on the services that depend on it.
  2. Can be bypassed: Users with the right permissions can override resource locks, hence they shouldn’t be depended upon as a security measure.
  3. Limited control over sub-resources: Resource locks do not offer granular control over sub-resources, which results in limited control over such resources. For example, if you lock a virtual machine, it will also lock all the discs that are connected to it, which may not be what you want.

So now we know what are resource locks but, but How to Apply Resource Locks in Azure:

The Azure Portal, Azure CLI, Azure PowerShell, or Azure Resource Management (ARM) templates can all be used to apply resource locks.

Using Azure Portal to apply a resource lock:

  1. To lock a resource, navigate to it.
  2. Choose “Locks” from the menu on the left.

 

  • In order to create a new lock, click “Add.”
  • Give the lock a name and description, choose the lock type (read-only or delete), and then click “OK” to apply the lock

 

Using Azure CLI to apply a resource lock:

  1. Activate the Azure CLI.
  2. To create a new lock, use the “az lock create” command. Name, notes, lock type, and resource ID must all be specified.
  3. Apply the lock by running the command.
Resource lock using Azure CLI

 

Using Azure Powershell to apply a resource lock:

  1. Activate Azure PowerShell.
  2. To create a new lock, use the “New-AzResourceLock” cmdlet. Name, notes, lock type, and resource ID must all be specified.
  3. To apply the lock, use the cmdlet.
Resource lock using powershell

 

Pricing:

There is no direct cost associated with Azure resource locks. Azure offers the free functionality of resource locks, which lets you lock a resource or a resource group to stop unintentional deletion or change. The pricing of the resources that depend on a resource may change if you apply a resource lock to it, so keep that in mind. If you apply a read-only lock, for instance, to a storage account, it might prevent any modifications from being made to the account and have an effect on any services that depend on it. This may have an effect on how those services are used and billed.

Resource locks should not be used exclusively for security purposes and should not be considered a security feature as such itself. Resource locks are a tool that can be used to stop unintentional changes and can be helpful in preventing interruption to vital resources.


Like Article
Suggest improvement
Next
Microsoft Azure - Scaling Inventory Resources
Share your thoughts in the comments

Similar Reads

How to Add or Remove Locks From an Azure Resource?
Microsoft Azure - Add CanNotDelete Lock on Azure Resource Group via Portal
Microsoft Azure- Writing Queries and Creating Dashboards using Azure Resource Graph
Microsoft Azure - Enabling Resource Providers for Azure Subscription
Microsoft Azure - Count of Azure Resources using Resource Graph Query
Microsoft Azure - Check Resource Owner in Azure using KQL
Microsoft Azure - Graph Query to Get Properties of Azure VM Resource
Microsoft Azure - Using Azure Resource Manager
Microsoft Azure - Get Azure Subscription Details Using Resource Graph Query
Microsoft Azure - Get Unused App Service Plans and Resource Groups in Azure Portal
author
rishaw2k
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox