Microsoft.Authorization locks

The locks resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource.

Valid deployment scopes for the locks resource are:

  • Subscription
  • Resource Group

Template format

To create a Microsoft.Authorization/locks resource, add the following Bicep or JSON to your template.

resource symbolicname 'Microsoft.Authorization/locks@2020-05-01' = {
  name: 'string'
  scope: resourceName
  properties: {
    notes: 'string'
    owners: [
      {
        applicationId: 'string'
      }
    ]
  }
}

Property values

locks

Name Description Value
type The resource type

For Bicep, set this value in the resource declaration.
'Microsoft.Authorization/locks'
apiVersion The resource api version

For Bicep, set this value in the resource declaration.
'2020-05-01'
name The resource name string (required)
scope Use when creating an extension resource at a scope that is different than the deployment scope.

For Bicep, set this property to the symbolic name of the resource to apply the extension resource.

For JSON, set the value to the full name of the resource to apply the extension resource to.
Resource name
properties The lock properties. ManagementLockProperties (required)

ManagementLockProperties

Name Description Value
notes Notes about the lock. Maximum of 512 characters. string
owners The owners of the lock. ManagementLockOwner[]

ManagementLockOwner

Name Description Value
applicationId The application ID of the lock owner. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create Key Vault with logging enabled

Deploy to Azure
This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources.
Create a resourceGroup, apply a lock and RBAC

Deploy to Azure
This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId. Currently, this template cannot be deployed via the Azure Portal.