Share via

Azure - Lock Resource Group without breaking backups of VM in the resource group

Shelly R 11 Reputation points
2020-09-02T17:08:57.417+00:00

I have one subscription, with one resource group, and essentially within that resource group is everything related to a VM that is being used as one of our main production web servers. So now that everything is configured and running, I want to put a Delete/DoNotDelete lock to make sure that nothing associated with this new web server can be accidentally deleted. But I read that if you do that at the Resource Group level, that it can break the backup processes associated with the VM. So how do I accomplish this lock without breaking anything? Does it mean that I will be forced to set the lock at each individual resource? Or is there a way to set it at the RSG level and exclude the backup resources? Or do I need to move the backup resources to another RSG - is that even possible since it is associated with my VM? Anyway, it should be pretty straight forward except for this potential very detrimental pitfall if I break all of the backups in the process. Help!

Azure Backup
Azure Backup
An Azure backup service that provides built-in management at scale.
1,280 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SadiqhAhmed-MSFT 46,036 Reputation points Microsoft Employee
    2020-09-03T18:50:10.38+00:00

    @Shelly R This scenario is covered in this article: VM Managed Disks, Resource Locks, and Failed Backup Snapshot Cleanups

    Originally, when you enabled Azure Backup for a VM, it would create the (hidden) RestorePointCollections objects within the Resource Group where the VM itself was contained.

    That created the issue with the whole Resource Lock scenario. So, the Azure Backup team changed that behavior, and now we have a separate resource group different than the resource group of the VM to store restore point collections.

    And so, my current understanding is, you should be able to apply Resource Locks to the VM/its Resource Group, as long as you don’t apply it on the Resource Group that is auto-created to store the Restore Point Collections.

    Hope that clarifies. Please let us know if there are any questions you may have.

    ------------------------------------------------------------------------------------------------------------------------------

    Please do not forget to "Accept the answer" and "Up-Vote" wherever the information provided helps you to help others in the community.

    2 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.