Azure resources can be locked down to prevent changes or deletions. Locks can be added on any Azure resource such as storage accounts, databases, Function Apps, and so on. The locks can help prevent accidental changes to your application.
The locks are of the following two types:
- Delete type. This will prevent the Azure resource from being deleted.
- ReadOnly type. This will prevent any changes to the Azure resource, meaning specifically, changes from the Azure management standpoint. For instance, if a storage account is locked, you won't be able to enable Storage Service Encryption (SSE) on the account, but you will be able to upload new documents to the storage account.
Locks are not meant to secure the resources against ...