Configuring resource locks

Administrators can set locks on your Azure resources to prevent other users from deleting the resource or making any changes to it. You can set two different lock levels on your subscriptions, resource groups, or resources: 

• CanNotDelete: This level prevents authorized users from deleting the resource. They can still read and modify the resource.
• ReadOnly: Within this level, authorized users can read a resource, but they cannot delete or update it. This level is similar to assigning all authorized users to the reader role using RBAC.

To apply a lock on your resource group, you have to perform the following steps:

1. Navigate to the Azure portal by opening https://portal.azure.com.
2. In the left-hand menu, select Resource groups. Select the resource group that we created in the previous demonstration.

1. In the Resource Group overview blade, under Settings, select Locks:

1. On the next screen, click Add in the top menu to create a new lock for this resource. 

1. Add the following values:
   • Name: No-Deletion
   • Lock type: Delete:

1. Click on OK to create the lock.  

We have created a lock for this resource group to prevent authorized users from deleting it. In the next section, we are going to look at how we can move resources across different resource groups.