Q. If I have critical resources in Azure how can I stop them accidently being deleted by a user or administrator?
A. If a resource is deleted, it cannot be undeleted in Azure. Therefore, care should always be taken when deleting resources.
However, a new feature can help in stopping the accidental deletion of important resources: It is now possible to lock resources in Azure, and resources need to be unlocked before they can be deleted.
There is no graphic user interface. Instead PowerShell is used.
You must be in ARM mode to use the new lock capability (Switch-AzureMode -Name AzureResourceManager) and then the various AzureResourceLock cmdlets are used. Below is example PowerShell to create, view and remove locks on a ResourceGroup (which would then apply to all resources in the resource group). Locks can also be applied to resources such as a storage account.
Switch-AzureMode -Name AzureResourceManager New-AzureResourceLock -LockLevel CanNotDelete ` -LockName SpecialRGLock ` -LockNotes "Don't want to delete" -ResourceGroupName RGStorageEastUS Get-AzureResourceLock Remove-AzureResourceLock ` -LockName SpecialRGLock ` -ResourceGroupName RGStorageEastUS
Locks can also be created as part of a JSON template using the lock resource provider. Note that PowerShell only allows a lock level of CanNotDelete however ReadOnly is also available via the REST API.