Use Azure Locks

Everpure Cloud Dedicated for Azure

Audience
Public
Source Type
Documentation

Azure Resource Locks are a native feature designed to protect resources from accidental deletion or modification. They provide a layer of administrative control to prevent inadvertent actions that could lead to service disruption or data loss.

For a Everpure Cloud Dedicated Managed Application, resource locks serve as an important safeguard. A Everpure Cloud Dedicated deployment consists of a Managed Application resource containing multiple interconnected components, including virtual machines, managed disks, and network interfaces. An accidental modification or deletion of any of these individual components can compromise the entire array and impact dependent applications.

Setting Azure Locks from the Azure console

For that reason, setting a lock over the entire Everpure Cloud Dedicated Managed Application is recommended. To do so, first navigate to the Everpure Cloud Dedicated Managed Application resource and click on “Locks” in the left-hand navigation pane. Then click on “Add” button.

A new window where the lock is set opens. Fill-out the required fields. There are two types of locks available:
  • CanNotDelete means authorized users can read and modify a resource, but they can't delete it.
  • ReadOnly means authorized users can read a resource, but they can't delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides.

To create a lock preventing accidental deletion of the Everpure Cloud Dedicated managed application, select “Delete” lock type. Click “OK”.

Once created, the new lock will appear on the screen as shown below.

To confirm, go to the Everpure Cloud Dedicated managed application “Overview” screen, and try deleting the resource. This is done by clicking on “Delete” button and confirming the selection.

With the delete lock in place, an error message is displayed in the upper right corner of the screen. It informs the user Azure Failed to delete managed application and suggest lock must be removed first before trying to delete the resource again.

Summary

Azure Locks can be set via many different management methods, such as Bicep, Powershell, CLI, or Python. These are documented on Microsoft Learn site, along with information on lock inheritance, scope of locks, and other considerations - Lock your Azure resources to protect your infrastructure

Applying a lock, such as CanNotDelete, to the Everpure Cloud Dedicated Managed Application prevents its deletion by any user, regardless of their Azure RBAC permissions. To perform a legitimate destructive action, an administrator must first consciously and deliberately remove the lock. This procedure introduces an intentional administrative step that helps protect critical storage infrastructure, prevent outages, and enforce governance policies.