There are 2 types of lock resources in Azure.
- Delete – Obviously you can’t delete but you can read / modify a resource, this applies to authorised users.
- ReadOnly – Authorised users can read a resource but they cannot edit or delete it.
For this blog post I create a delete lock on one of my SQL Databases.
My overly simplistic advice: lock any production resource which you wouldn’t want accidentally deleted. It won’t prevent a malicious user from doing something catastrophic, but it can prevent the “Oops, I meant to click the thing above this” class of mistake.