Canarys | IT Services


Locking VMs and Resources Groups with Azure Resource Manager using Azure PowerShell


Hello Folks!

In this blog post we will be talking about locking down your Azure Resources with Azure Resource Manager. This tutorial might come handy to you when you want your resources to be safe from getting accidentally deleted. You can lock almost any type of resource using this method be it Virtual Machines, Web Apps, NICs, Resource Groups, etc. When locked, authorized users can still read and modify the resources, but they can’t delete the resources.


I will assume you have the following pre-requirements completed:

  1.  An Azure Subscription
  2. A VM created using Resource Manager in a Resource Group.
  3. Make sure you are either the owner of the Azure Subscription or you are the User Administrator.
  4. You have the Latest Azure PowerShell installed.

So let’s start.

Step 1: Login to your Azure Subscription

Open Azure PowerShell and login with your credentials.




Step 2: Find Your Resource Type

In this step we are trying to find the resource type of our particular resource. For this, run this cmdlet and find the parameter resource type in the output. As the parameter for the ‘–ResourceNameContains’ you can replace with the name of your own resource. In this example, it’s a VM with the name WinServerVM.



Copy down the value for resource type. In this case it is:


Paste down this value in the ‘-ResourceType’ parameter in the next step.

Step 3: Locking Down Your Resource

Run this cmdlet and replace the value of –ResourceType with the value of ResourceType parameter you obtained in the Previous Step.

New-AzureRmResourceLock -LockLevel CanNotDelete –LockName LockRmVM -ResourceGroupName CloudySingh-RG -ResourceName WinServerVM –ResourceType Microsoft.Compute/virtualMachines



Alt Text

Your resource is successfully locked. Let us try to delete this resource (VM here).

Failed to Delete the VM


You will receive this error.


Step 4: Unlocking Your Resource

You can unlock your resource anytime using this cmdlet.

Remove-AzureRmResourceLock -LockName LockRmVM -ResourceGroupName CloudySingh-RG -ResourceName WinServerVM -ResourceType Microsoft.Compute/virtualMachines


Locking Your Resource Groups

You can also lock the whole Resource Group using this cmdlet.

New-AzureRmResourceLock -LockLevel CanNotDelete -LockName LockRG -ResourceGroupName CloudySingh-RG


So, thank you friends. If you have any queries feel free to ask in the comments. You can also follow me on twitter @SinghCloudy.

For all latest blogs and news please follow @ecanarys

Thanks & Regards

Karanmeet Singh


Leave a Reply

Your email address will not be published. Required fields are marked *

Reach Us

With Canarys,
Let’s Plan. Grow. Strive. Succeed.