Azure-Resources-Management-Lock-Enabled

Severity: High

Description: This control ensures that resource locks are set for mission critical Azure resource groups. These locks sit outside of the Role Based Access Controls (RBAC) hierarchy and, when applied, will place restrictions on the resource for all users. These are very useful when you have an important resource in your subscription that users should not be able to delete or change and can help prevent accidental and malicious changes or deletion.

Remediation Steps:

Perform following to update resource group lock:

1. LoLogin to Azure Portal using https://portal.azure.com.

2. Go to Resource Groups.

3. Click on Locks, for each mission critical resource group.

4. Click on Add.

5. Set lock name and description, Select the type Delete or Read-Only.

Important:

Reference:

• https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

• https://docs.microsoft.com/en-us/azure/architecture/cloud-adoption/appendix/azure-scaffold#azure-resource-locks