Resource Locks

Question 1

What is an Azure Resource Lock?

Answer 1

Allows for the locking of a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources.

Question 2

Does an Azure Resource Lock override permissions the user might have?

Answer 2

Yes

Question 3

What are the two lock levels in the Azure portal you can set resources to?

Answer 3

Delete (CanNotDelete)

Read-only (ReadOnly)

Question 4

Unlike role-based access control, resource locks apply restrictions to what users and roles?

Answer 4

They apply restrictions across all users and roles.

Question 5

When you apply a lock at a parent scope, all resources within that scope inherit the same lock. However, do the resources you add later also inherit the lock from the parent?

Answer 5

Yes, Even resources you add later inherit the lock from the parent.

NOTE: The most restrictive lock in the inheritance takes precedence.

Question 6

Azure operations can be divided into two categories - control plane and data plane. Locks only apply to what operations?

Answer 6

Locks only apply to control plane operations.

Question 7

What would be a basic example of a PowerShell and Azure CLI command for creating new Resource Locks?

Answer 7

New-AzResourceLock -Locklevel <> -LockName <> -ResourceName <>

az lock create –name <> –lock-type <> –resource-group <>