AzPolicyAdvertizer

last sync: 2025-May-09 17:30:01 UTC

Resource Lock should be enabled

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy 5c91215f-8ca0-4ca3-8b56-a4a3ec336d8d (1.0.0) to Azure
Display name Resource Lock should be enabled
Id 5c91215f-8ca0-4ca3-8b56-a4a3ec336d8d
Version 1.0.0
Details on versioning
Category Backup
Microsoft Learn
Description With this policy: any resource that has the tag key LockLevel with the value CanNotDelete means authorized users can read and modify the resource, but they can t delete it.
Mode Indexed
Type Custom Community
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635
Rule aliases THEN-ExistenceCondition (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Authorization/locks/level Microsoft.Authorization locks properties.level True False
Microsoft.Authorization/locks/notes Microsoft.Authorization locks properties.notes True False
Rule resource types THEN-Deployment (1)
Microsoft.Authorization/locks
JSON
EPAC
Deploy policy 5c91215f-8ca0-4ca3-8b56-a4a3ec336d8d (1.0.0) to Azure