Hi everyone,
I’ve just launched a new blog post over on my blog that I wanted to share here.
Whilst normally I cross-post the content for ease of reading, this blog post got a bit long and complex in structure, so it took some formatting within my blog to make it easier to use. So instead of sharing the blog word for word here, I’d like to introduce it, and provide the link to the content!
What’s the blog post about?
The blog post is focused on the ‘Resource Lock’ functionality available within Microsoft Azure. To summarise the feature in a sentence, it’s the ability to place resources under either a ‘read-only’ or ‘delete prevention’ status within Microsoft Azure from a resource management perspective.
To put this into a Veeam-appropriate context. If you created a Storage Account that you would consume for your backups, such as a capacity tier extent, you could deploy a resource lock to prevent accidental or malicious deletion of the Storage Account at the Azure level, without impacting the ability to read/write to the actual objects within the Storage Account.
After providing detail on the resource lock functionality, and configuration considerations such as inheritance and RBAC, I shift gears and transition to talking about observability. Meaning that I provide insights into how to create and trigger alarms if someone attempts to remove your resource lock, and supporting triggers that help notify any attempts to circumvent the monitoring, this is all driven by the native Azure tool ‘Azure Monitor’.
The implementation examples include both Azure CLI and Azure Portal workflows, so you can work in the space most comfortable to you.
Where can I find the blog post?
It’s available at: https://micoolpaul.com/2023/06/26/microsoft-azure-resource-locks-alerts-a-what-how-and-why-guide/
And I welcome any feedback and/or comments via this post or on the blog post, whichever you prefer!
Thanks in advance for reading!
