Can you give some examples of what you cannot do when you apply a read-only lock on an Azure resource group?
Experience Level: Junior
Tags: Azure CloudAzure Resource Manager
Answer
Read-only lock will prevent you from modifying any resources in the resource group.
Resource manager read-only locks usually apply only to operations that happen on the management plane. However, there are some exceptions to this - Read-only Locks can in some cases prevent access to the data plane, such example is Azure Storage.
As an example, for the resources in RG with read-only lock:
- You can't start/stop/restart a virtual machine because these operations require POST
- You can't create or delete a virtual machine
- You can't upload a blob to a storage account
- You can't list the keys in a storage account
- Visual Studio Server Explorer is prevented from displaying files for App Service because the interaction requires write access
Also when you put a lock to a subscription:
- Azure Advisor won't work because it is unable to store the results of its queries
Related Azure Cloud job interview questions
According to Microsoft Cloud Adoption Framework (CAF), what are the three specific terms related to Management phaze that can help improve conversations among business stakeholders?
Microsoft Cloud Adoption Framework (CAF) JuniorWhat are 6 key steps for establishing a management baseline according to Microsoft Cloud Adoption Framework (CAF)?
Microsoft Cloud Adoption Framework (CAF) JuniorWhat is management baseline according to Microsoft Cloud Adoption Framework (CAF)?
Microsoft Cloud Adoption Framework (CAF) JuniorWhat are the 5 disciplines of cloud governance according to Microsoft Cloud Adoption Framework (CAF)?
Microsoft Cloud Adoption Framework (CAF) JuniorIs Cloud Security Posture Management (CSPM) available for all Azure Subscriptions?
Microsoft Defender Junior