Microsoft.Authorization locks
Bicep resource definition
The locks resource type is an extension resource, which means you can apply it to another resource.
Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.
The locks resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
- Subscriptions - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/locks resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Authorization/locks@2020-05-01' = {
name: 'string'
scope: resourceSymbolicName
properties: {
level: 'string'
notes: 'string'
owners: [
{
applicationId: 'string'
}
]
}
}
Property values
locks
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) Character limit: 1-90 Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
| scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For Bicep, set this property to the symbolic name of the resource to apply the extension resource. |
| properties | The properties of the lock. | ManagementLockProperties (required) |
ManagementLockProperties
| Name | Description | Value |
|---|---|---|
| level | The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. | 'CanNotDelete' 'NotSpecified' 'ReadOnly' (required) |
| notes | Notes about the lock. Maximum of 512 characters. | string |
| owners | The owners of the lock. | ManagementLockOwner[] |
ManagementLockOwner
| Name | Description | Value |
|---|---|---|
| applicationId | The application ID of the lock owner. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Azure Container Registry with Policies and Diagnostics |
Azure Container Registry with Policies and Diagnostics (bicep) |
| Azure Data Factory with Git and managed vnet configuration |
This template creates Azure Data Factory with Git configuration and managed virtual network. |
| Log Analytics workspace with solutions and data sources |
Deploys a Log Analytics workspace with specified solutions and data sources |
| Create Key Vault with logging enabled |
This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources. |
| Application Gateway with WAF and firewall policy |
This template creates an Application Gateway with WAF configured along with a firewall policy |
| Create a Network Watcher |
This template creates a Network Watcher resource. |
| Network Security Group with diagnostic logs |
This template creates a Network Security Group with diagnostic logs and a resource lock |
| Route table with routes |
This template creates a Route Table with routes |
| Virtual Network with diagnostic logs |
This template creates a Virtual Network with diagnostic logs and allows optional features to be added to each subnet |
| Create Recovery Services Vault with backup policies |
This template creates a Recovery Services Vault with backup policies and configure optional features such system identity, backup storage type, cross region restore and diagnostics logs and a delete lock. |
| Create a resourceGroup, apply a lock and RBAC |
This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId. Currently, this template cannot be deployed via the Azure Portal. |
ARM template resource definition
The locks resource type is an extension resource, which means you can apply it to another resource.
Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.
The locks resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
- Subscriptions - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/locks resource, add the following JSON to your template.
{
"type": "Microsoft.Authorization/locks",
"apiVersion": "2020-05-01",
"name": "string",
"scope": "string",
"properties": {
"level": "string",
"notes": "string",
"owners": [
{
"applicationId": "string"
}
]
}
}
Property values
locks
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.Authorization/locks' |
| apiVersion | The resource api version | '2020-05-01' |
| name | The resource name | string (required) Character limit: 1-90 Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
| scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For JSON, set the value to the full name of the resource to apply the extension resource to. |
| properties | The properties of the lock. | ManagementLockProperties (required) |
ManagementLockProperties
| Name | Description | Value |
|---|---|---|
| level | The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. | 'CanNotDelete' 'NotSpecified' 'ReadOnly' (required) |
| notes | Notes about the lock. Maximum of 512 characters. | string |
| owners | The owners of the lock. | ManagementLockOwner[] |
ManagementLockOwner
| Name | Description | Value |
|---|---|---|
| applicationId | The application ID of the lock owner. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
| Azure Container Registry with Policies and Diagnostics |
Azure Container Registry with Policies and Diagnostics (bicep) |
| Azure Data Factory with Git and managed vnet configuration |
This template creates Azure Data Factory with Git configuration and managed virtual network. |
| Log Analytics workspace with solutions and data sources |
Deploys a Log Analytics workspace with specified solutions and data sources |
| Create Key Vault with logging enabled |
This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources. |
| Application Gateway with WAF and firewall policy |
This template creates an Application Gateway with WAF configured along with a firewall policy |
| Create a Network Watcher |
This template creates a Network Watcher resource. |
| Network Security Group with diagnostic logs |
This template creates a Network Security Group with diagnostic logs and a resource lock |
| Route table with routes |
This template creates a Route Table with routes |
| Virtual Network with diagnostic logs |
This template creates a Virtual Network with diagnostic logs and allows optional features to be added to each subnet |
| Create Recovery Services Vault with backup policies |
This template creates a Recovery Services Vault with backup policies and configure optional features such system identity, backup storage type, cross region restore and diagnostics logs and a delete lock. |
| Create a resourceGroup, apply a lock and RBAC |
This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId. Currently, this template cannot be deployed via the Azure Portal. |
Terraform (AzAPI provider) resource definition
The locks resource type is an extension resource, which means you can apply it to another resource.
Use the parent_id property on this resource to set the scope for this resource.
The locks resource type can be deployed with operations that target:
- Resource groups
- Subscriptions
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/locks resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Authorization/locks@2020-05-01"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
level = "string"
notes = "string"
owners = [
{
applicationId = "string"
}
]
}
})
}
Property values
locks
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.Authorization/locks@2020-05-01" |
| name | The resource name | string (required) Character limit: 1-90 Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| properties | The properties of the lock. | ManagementLockProperties (required) |
ManagementLockProperties
| Name | Description | Value |
|---|---|---|
| level | The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. | "CanNotDelete" "NotSpecified" "ReadOnly" (required) |
| notes | Notes about the lock. Maximum of 512 characters. | string |
| owners | The owners of the lock. | ManagementLockOwner[] |
ManagementLockOwner
| Name | Description | Value |
|---|---|---|
| applicationId | The application ID of the lock owner. | string |