Time
23 hours 16 minutes
Difficulty
Intermediate
CEU/CPE
23

Video Transcription

00:00
Hello and welcome back to Sire Aires. Microsoft Azure Administrator A Z 103 course. I'm your instructor, Will Carlson. And this is Episode 10 Locking and moving Resource is
00:10
in today's episode. We're going to discuss how you lock a resource, what the lock types are and why you might want to do that.
00:16
We're also gonna discuss the process, and some of the potential batches of moving resource is between different resource groups or subscriptions.
00:25
You get started, we're gonna jump right into portal as usual,
00:28
and we're gonna go ahead and click in here at the resource group level.
00:32
I'm gonna click on my I T resource group
00:35
and then I'm gonna go down here to the locks blade.
00:39
You can see that this resource currently has no locks, but we're gonna go ahead and add a lot to this resource.
00:46
Give it a name
00:50
and then we're gonna select the lock type. And for our demo, I'm gonna select a delete walk. Now, clearly, there are two different lock types. Delete and read. Only delete is gonna prevent anything from being deleted. That the lock is applied to
01:03
and read only is going to be
01:04
you cannot edit anything within that lock.
01:10
Now, one thing to note about locks is that they apply to everybody. It does not matter what your role based access control looks like. It doesn't matter if you are the highest level entity within the azure ecosystem. A lock is going to apply to you.
01:23
Block applies to everybody. It's important to know
01:26
we're gonna sell a lot of selected elite block here. We're gonna select. Okay,
01:33
Now, that lock has been applied. So I'm gonna go back out to the overview of this resource group.
01:38
I'm gonna click on this log analytics workspace, and I'm gonna try to delete it.
01:46
I'm gonna go ahead and select Yes, here.
01:49
And you can see that it's failed to allow me to delete that lock that resource within that resource group. And that points to another important factor of resource locks or locks. In general, they are inheritable.
02:02
So I've set this lock at the resource group level, and all of the Children resource is within that resource group are going to be locked as well. Another interesting component of resource locks, particularly the delete lock. Our If this resource lock is applied to a child resource so I could have applied this lock directly to the cyber re logs, log analytics workspace,
02:23
and if I tried to delete the resource group that contained that resource, it would also fail. So Azure is smart enough to prevent accidental deletion. Now that could be a bit of a pain when you're trying to delete a resource group, and for some reason you cannot. It's likely because there's a child resource in that group that is long, So check that out.
02:43
You'll notice
02:44
the error message that came up was also descriptive here, and it helped me figure out what was going on and what I needed to do to resolve that lock. So
02:53
this resource group has a delete lock on it. I cannot delete child resources, and if I go up here and tried to delete the resource group,
03:00
I ultimately will not be able to do this either.
03:05
And I can't believe the resource group, so that's the concept of lakhs. One other thing I call your attention to regarding Locks has to do with the read on Lee Lock, and
03:15
a number of functions here in Azure do require right privileges In fact, a number of them that you wouldn't think necessarily do so. If you put a read only lock on a resource group or a resource, and things are not behaving the way that you expect,
03:32
you can pretty much
03:34
go to that read only long. Turn it off. Things will work like you want. You can read more about that in the azure documentation. But be aware, read only locks can cause other problems that you don't anticipate.
03:46
It should be pretty straightforward if I wanted to lead a lot going to come here when I click on the three dots and we're gonna delete that lock. And now that walk is gone and I could delete whatever resources I wanted to within this resource group.
03:58
The next concept we're gonna talk about in this episode are is the concept of moving resource is around. And to talk about that, we're gonna go back on here resource groups
04:09
and I'm gonna click on this security resource group.
04:13
Oh, the virtual network that I wanted to have set up in here isn't here. So where is that virtual network?
04:20
Ah, somebody put the security Virgil network in the wrong resource group. So what do I do? How do I get that? Where I needed to go
04:29
in this case is relatively simple and
04:31
functionally moving. Resource is around. An azure is relatively simple as long as it's supported, and that's where the hang up is. But for illustration, if I click this security, the net
04:41
and click move, I could move it to another resource group or even to another subscription.
04:46
We're gonna move this to another resource group,
04:49
and I want to select the resource group where I want that to go.
04:53
We want that to go to the security resource group.
04:57
I understand that this is not gonna work
05:00
until it's all done, and that's an interesting point. So while you're moving a resource group, everything is locked or a resource rather why you're moving a resource. Everything is locked. Until that move is complete,
05:11
we're gonna head. Okay,
05:13
now, while this is going, one of the other things I want to talk about is the fact that not all resource is can be moved. Some resource is can be moved, but certain things have to be undone. I'm thinking about SSL certificates uncertain. Web APS can't be moved until SSL is disabled, and then you have to move the certificates and re enable it.
05:30
Moving Resource is with an azure can be its own
05:33
Siri's of processes and considerations. I highly recommend you look at the rather lengthy documentation about moving. Resource is within azure to give yourself an idea about what's possible and what some of the further hang ups are. But
05:47
like I said, functionally moving things and resource is with an azure is very straightforward. The devil in the details comes in what you can move, win and what you may have to turn off or disconnect before you can ultimately make that move.
06:01
In today's episode, we talked about how you can protect resource is or resource groups from anybody doing anything. So the concept of a lock and we discussed the read only locks and the delete locks and the potential gotchas around the read only locks.
06:17
We also discussed how simple it is functionally to move. Resource is around within the azure ecosystem, but the potential hang up there has to do with what can be moved when and where, and that will require a little bit of planning
06:31
up next, we're gonna talk about the concept of azure metrics and how they can help us. Keep thing. And I on things like CPU utilization and ingress egress traffic on a particular network, interface card or public. I pee in Azure.
06:45
Thanks so much for joining me today, and I look forward to the next episode.

Up Next

AZ-103 Microsoft Azure Administrator

This Microsoft Azure AZ-103 Certification training course teaches students to perform tasks like managing Azure subscriptions and resources, implementing and managing storage, deploying and managing virtual machines (VM) and networks, and managing identities!

Instructed By

Instructor Profile Image
Will Carlson
Director of IT and Cybersecurity
Senior Instructor