question

ChadWoodhead-9372 avatar image
0 Votes"
ChadWoodhead-9372 asked Grmacjon-MSFT answered

Is it possible to use Azure Policy to apply CanNotDelete locks at resource level?

I am trying to use Azure Policy to track compliance of resources with or without locks on and if a resource doesn't have a lock on, then apply the lock. I have been able to get Azure Policy to apply CanNotDelete locks at the ResourceGroup level, however I don't want to apply them at that level and instead want to apply them at the resource level (storage accounts, key vault, etc.). Is it possible to use Azure Policy as the method to apply locks at resource level?

azure-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Grmacjon-MSFT avatar image
0 Votes"
Grmacjon-MSFT answered

Hi @ChadWoodhead-9372 ,

Yes, it is possible to use Azure Policy as the method to apply locks at the resource level. Please read this documentation: Lock Resources to Prevent Unexpected Changes on how to do this in the Azure portal.

You can also use Azure PowerShell to accomplish this as well. To lock a resource, provide the name of the resource, its resource type, and its resource group name.

 New-AzResourceLock -LockLevel CanNotDelete -LockName LockSite -ResourceName examplesite -ResourceType Microsoft.Web/sites -ResourceGroupName exampleresourcegroup


Hope that helps. Please let us know if you have further questions

Thanks,
Grace


--If the reply is helpful, please Upvote and Accept as answer--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.