Share via

Resource group cannot be deleted because of Immutability settings

Thanos Chanias 40 Reputation points Microsoft Employee
2026-02-10T12:23:40.5533333+00:00

Our service is being deprecated and we would like to remove all resources we have on Azure and remove our subscription. However there is a resource group which has immutability settings on it and on its resources that won't allow us to delete them. I am not sure how those policies were set in the first place, but I don't think the intention was to be as strict on protecting the resources.

Is there anyway to bypass those policies?

"Failed to delete resource group <Resource Group>: Deletion of resource group <Resource Group> failed as resources with identifiers <Storage Account> could not be deleted. The provisioning state of the resource group will be rolled back. The tracking Id is <ID>. Please check audit logs for more details. (Code: ResourceGroupDeletionBlocked) <Storage Account> is protected from deletion.The container(s) <Containers List> have a locked immutability policy. (Code: AccountProtectedFromDeletion, Target: <Storage Account> is protected from deletion.The container(s) <Containers List> have a locked immutability policy. (Code: AccountProtectedFromDeletion, Target: <Storage Account> is protected from deletion.The container(s) <Containers List> have a locked immutability policy. (Code: AccountProtectedFromDeletion"

Azure DevOps
Answer accepted by question author
  1. Pravallika KV 11,110 Reputation points Microsoft External Staff Moderator
    2026-02-10T12:45:38.0933333+00:00

    Hi @Thanos Chanias ,

    Thanks for reaching out to Microsoft Q&A.

    Immutability settings prevent resources like storage accounts from being deleted, which is likely what you're encountering here.

    To delete the resource group and subscription, you must first remove the immutability protection applied to the storage account’s containers. When containers have a locked immutability policy, Azure prevents deletion of blobs, containers, and the storage account itself, which in turn blocks resource group deletion.

    Permissions: Make sure you have sufficient permissions to remove immutability settings (like being an Owner or User Access Administrator).

    Audit Logs: If you're unsure how these settings were applied, checking the audit logs in the Azure Portal can provide insights into changes made.

    Update:

    Thanks for the confirmation. Glad the issue is resolved.

    I am summarizing and posting the answer.

    Being a subscription or resource owner is not sufficient to delete blobs protected by immutability. You must explicitly grant yourself the Storage Blob Data Owner role on the storage account.

    Resolution:

    1. Assign Required Role
      • Go to the Storage Account in Azure Portal.
      • Open Access Control (IAM).
      • Grant yourself the Storage Blob Data Owner role.
      • Wait a few minutes for role assignment to propagate.
    2. Delete Blobs in Locked Containers
      • Navigate to Containers under the storage account.
      • For each container listed in the error:
      • Open the container.
      • Select all blobs (selecting at the first level is sufficient).
      • Delete the blobs.
      • If deletion is blocked due to immutability retention, ensure the retention period has expired (locked policies cannot be bypassed before expiry).
    3. Delete the Containers
      • After deleting all blobs, delete the container itself.
      • Repeat the process for each affected container.
    4. Ignore System Containers
      • System containers such as $logs do not need manual deletion.
      • They will be removed automatically when the storage account is deleted.
    5. Delete the Storage Account
      • Once all protected containers are removed, delete the Storage Account.
    6. Delete the Resource Group
      • After the storage account is deleted, retry deleting the Resource Group.
      • You should now be able to proceed without the ResourceGroupDeletionBlocked error.

    Hope this helps!

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-02-10T12:23:51.8333333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To delete a resource group that contains resources with immutability settings, you must first remove or modify those immutability settings. Immutability settings are designed to protect resources from deletion, and they cannot be bypassed directly. Here are the steps you can take:

    1. Identify Immutability Settings: Check which resources within the resource group have immutability settings applied. This can typically be done through the Azure portal or using Azure CLI/PowerShell commands.
    2. Remove Immutability Settings: For each resource that has immutability settings, you will need to disable or modify these settings. This usually involves using Azure PowerShell or the Azure CLI to change the immutability policy. For example, if you are dealing with blob storage, you may need to change the version-level WORM policies.
    3. Delete Resources: Once the immutability settings are removed, you should be able to delete the resources within the resource group.
    4. Delete Resource Group: After all resources have been deleted, you can then delete the resource group itself.

    If you are unsure how the immutability settings were set or need specific commands to remove them, you can refer to Azure documentation or consult with an Azure administrator for assistance.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.