Explanation:
You can configure a lock on a resource group to prevent the accidental deletion of the resource group. The lock applies to everyone, including globaladministrators. If you want to delete the resource group, the lock must be removed first.
As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting ormodifying critical resources. You can set the lock level to
CanNotDelete or
ReadOnly. In the portal, the locks are called
Delete and
Read-only respectively.
•
CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource.
•
ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorizedusers to the permissions granted by the
Reader role.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources