Navigating the Azure Cloud: Key Considerations for Strengthening Infrastructure Security with Azure Locks

Aug 28, 2023 Azure Locks Azure

Share on:

In today’s world, making sure your cloud infrastructure is secured is important. As you migrate to the cloud, the need to protect sensitive data, prevent accidental changes, and maintain compliance becomes increasingly crucial. One powerful tool in your arsenal to achieve this is Azure Locks. In this blog post, we will explore what Azure Locks are, why they are important, and how you can effectively utilize them to enhance the security of your Azure resources.

Table of Contents

What are Azure Locks?

Azure Locks are a feature provided by Microsoft Azure that allow you to prevent the accidental or intentional modification or deletion of critical resources within your subscription. Essentially, Azure Locks put a safeguard in place that helps to maintain the integrity and availability of your infrastructure components.

Learn more at Lock your resources to protect your infrastructure

Why should I use Azure Locks?

Azure Locks help prevent the accidental or intentional deletion of resources. Unfortunately, mistakes happen and sometimes a simple accidental deletion of a resource can lead to sever disruptions in an environment. It some cases, there can be a shared resource that is needed to become available and you.

Types of Azure Locks

Azure Locks come in two types:

Delete Locks: These locks prevent the deletion of a resource. They are especially useful for safeguarding critical resources that should never be deleted, such as key virtual machines, databases, or storage accounts.
Read-Only Locks: These locks prevent any modification to the resource, including both configuration changes and deletions. They are useful when you want to ensure that a resource remains in a specific state without any alterations.

Just remember, it is very important to make sure the right security is in place to make sure someone else cannot remove the lock you are enforcing on an item.

Implementing Azure Locks

Implementing Azure Locks is a straightforward process:

Using the Azure Portal:
- Navigate to the Azure Portal.
- Find the resource you want to lock.
- In the resource’s settings, look for the “Locks” option.
- Add a new lock, specifying its type and a description.
Using Azure PowerShell:
- Utilize the New-AzResourceLock cmdlet to create a lock.
- Specify the resource, lock type (Delete or Read-Only), and a lock name.
Using Azure CLI:
- Use the az lock create command.
- Specify the resource ID, lock type, and lock name.

Once a delete lock is applied, when a user tries to delete they will recieve the following error.

What is a Use Case to Use Azure Locks

A use case I regularly recommend is using Azure Locks to secure the Pure Cloud Block Store (CBS). CBS is a software defined solution that encompasses many components such as CosmosDB, Keyvault, Virtual Machines and Managed Disks. With many systems relying on this critical resource utiliing an Azure Lock to prevent accidental deletion of modification is ideal.

As we can see in the below example I put an Azure Lock on the resource group.

The resources in that resource group inherited the lock and can not be modified or deleted.

Conclusion

Azure Locks provide a robust mechanism for bolstering the security of your cloud infrastructure. By preventing accidental or unauthorized changes, you can maintain compliance, reduce the risk of costly disruptions, and foster a more secure collaborative environment. Whether you’re protecting critical virtual machines or safeguarding compliance-sensitive data, Azure Locks are an essential tool in your Azure security toolbox. Take advantage of them to provide an additional layer of protection and peace of mind for your organization’s cloud resources.