Create and protect an Azure Resource from accidental deletion in an existing Resource Group

Lab Steps

Logging in to the Microsoft Azure Portal
Create and protect an Azure Resource from accidental deletion in an existing Resource Group
Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.


Azure Resource groups 

Resource groups are a fundamental element of the Azure platform. A resource group is a logical container for resources deployed on Azure. These resources are anything you create in an Azure subscription like VMs, Storage Accounts, Virtual Networks, or Load Balancers. All resources must be in a resource group. By default, all resources in a resource group, including the resource group itself, are not protected from accidental deletion, and can be deleted once created. 

In this Lab step, you will execute the following steps.

  • You will locate the existing Resource Group provided for the lab exercise
  • Create a resource in the Resource Group
  • Protect the Resource Group and the new Resource from accidental deletion. Finally, you will remove the protection and delete the Resource



  1. On the dashboard of the Azure Portal, select the menu icon on the top left.



2. Select 'Resource groups' from the list.



3. Select the Existing Resource Group  (it will have a similar name to that shown).


4. Select 'Create' in the Resource group window.

 5. Type 'Application Security' in the Search bar and select Application Security Group from the list. 



6. Select 'Create'.



7. In the Instance Details Name, type 'AppGroup1' and select the same region as the 'Resource group', then select 'Review + Create'.



 8. When validation has passed, select 'Create'.



9. Wait at the Deployment Overview blade until you see 'Your deployment is complete'. Then select 'Go To Resource'.



10. In the AppGroup1 blade Settings menu, select 'Locks' and then select '+ Add'.


Note: each resource can have individual 'Read' or 'Delete' locks allocated to it.

In the next step, you will allocate a Delete lock on the Resource group to protect all resources in the Resource Group.



11. Select 'Resource group' at the top of the page.


 12. Select '+ Add'.



 13. Type 'No Delete' for the Lock name (this is a label and can be anything you like), and in the Lock Type drop down list, select 'Delete' for the Lock Type, then select 'OK'.



 14. On the dashboard of the Azure Portal, select the menu icon on the top left and then select 'Resource groups' from the list.



15. Select the Resource group link to open the properties of the 'Resource Group'.


   16. From the 'Overview' pane, select the 'AppGroup1' link.



17. From the 'Overview' pane, select 'Delete', then select 'Yes'.

This will produce an error as the resource is now protected from deletion. Close the error by selecting 'X'.



18. Select 'Locks' from the settings menu.



19. View the 'Delete Lock' that has been inherited from the 'Resource Group'.


20. Select 'Resource group' from the top menu.

 21. Select 'Delete' to delete the lock on the resource.


22. Select the 'AppGroup1' link at the top of the blade.


23. Select 'Overview' in the 'AppGroup1' blade, then select 'Delete', and then select 'Yes'.

The resource will now be successfully deleted.



In this Lab Step, you created a resource in the provided resource group, you protected the resource group from accidental deletion, and tried unsuccessfully to delete the resource that you created. You then removed the protection and successfully deleted the resource.