The locks resource type is an extension resource, which means you can apply it to another resource.
Use the scope
property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.
Valid deployment scopes for the locks resource are:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Authorization/locks resource, add the following JSON to your template.
{
"type": "Microsoft.Authorization/locks",
"apiVersion": "2020-05-01",
"name": "string",
"scope": "string",
"properties": {
"level": "string",
"notes": "string",
"owners": [
{
"applicationId": "string"
}
]
}
}
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Authorization/locks' |
apiVersion | The resource api version | '2020-05-01' |
name | The resource name | string (required) Character limit: 1-90 Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For JSON, set the value to the full name of the resource to apply the extension resource to. |
properties | The properties of the lock. | ManagementLockProperties (required) |
Name | Description | Value |
---|---|---|
level | The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. | 'CanNotDelete' 'NotSpecified' 'ReadOnly' (required) |
notes | Notes about the lock. Maximum of 512 characters. | string |
owners | The owners of the lock. | ManagementLockOwner[] |
Name | Description | Value |
---|---|---|
applicationId | The application ID of the lock owner. | string |
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Azure Container Registry with Policies and Diagnostics |
Azure Container Registry with Policies and Diagnostics (bicep) |
Azure Data Factory with Git and managed vnet configuration |
This template creates Azure Data Factory with Git configuration and managed virtual network. |
Log Analytics workspace with solutions and data sources |
Deploys a Log Analytics workspace with specified solutions and data sources |
Create Key Vault with logging enabled |
This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources. |
Application Gateway with WAF and firewall policy |
This template creates an Application Gateway with WAF configured along with a firewall policy |
Create a Network Watcher |
This template creates a Network Watcher resource. |
Network Security Group with diagnostic logs |
This template creates a Network Security Group with diagnostic logs and a resource lock |
Route table with routes |
This template creates a Route Table with routes |
Virtual Network with diagnostic logs |
This template creates a Virtual Network with diagnostic logs and allows optional features to be added to each subnet |
Create Recovery Services Vault with backup policies |
This template creates a Recovery Services Vault with backup policies and configure optional features such system identity, backup storage type, cross region restore and diagnostics logs and a delete lock. |
Create a resourceGroup, apply a lock and RBAC |
This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId. Currently, this template cannot be deployed via the Azure Portal. |