Protecting Azure Resources from Accidental Deletion

QUESTION:

You are the Azure admin for RedWidgetCo and you have deployed several resources, including a virtual machine, a storage account, and 3 virtual machines all to a single resource group. The storage account contains the hard drives of your virtual machines, which are connected to the virtual network.

What should you do to prevent accidental deletion of virtual machines or of any components that are required by the virtual machines?

Your choices are:

A. Configure RBAC for the entire resource group
B. Add a lock on the virtual machines
C. Add a lock on the entire resource group
D. Configure RBAC for all resources except the virtual machines

Show Me the Answer

The answer is C. Adding a lock on the entire resource group will ensure that no resources in the resource group can be deleted. The requirments called for protection of all resources required by the virtual machines so setting a lock on the VMs, alone, would not meet the requirement since the storage would be left unprotected. RBAC does not prohibit accidental deletion of resources.

Reference Material:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

Click here for my PREMIUM practice questions.

[collapse]

Thomas Mitchell

Tom is a 20+ year veteran of the IT industry and carries numerous Microsoft certifications, including the MCSE: Cloud Platform and Infrastructure certification. A Subject Matter Expert in Active Directory and Microsoft Exchange, Tom also possesses expert-level knowledge in several other IT disciplines, including Azure, Storage, and O365/Exchange Online. You can find Tom at his website, on LinkedIn, or on Facebook. Need to reach him by phone? Call 484-334-2790.