Preventing Accidental Deletion of Azure Virtual Network | Microsoft AZ-500 Exam Guide

Prevent Accidental Deletion of VNET1: Step-by-Step Guide

Prev Question Next Question

Question

SIMULATION -

You need to prevent administrative users from accidentally deleting a virtual network named VNET1. The administrative users must be allowed to modify the settings of VNET1.

To complete this task, sign in to the Azure portal.

Explanations

See the explanation below.

Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as Azure subscription, resource group, or resource.

Note: In Azure, the term resource refers to an entity managed by Azure. For example, virtual machines, virtual networks, and storage accounts are all referred to as Azure resources.

1. In the Settings blade for virtual network VNET, select Locks.

2. To add a lock, select Add.

3. For Lock type select Delete lock, and click OK

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

Sure, I can provide a detailed explanation on how to prevent administrative users from accidentally deleting a virtual network while allowing them to modify the settings.

Here are the steps to achieve this in the Azure portal:

  1. Navigate to the virtual network you want to protect (in this case, VNET1) in the Azure portal.

  2. Click on the "Access control (IAM)" button on the left-hand side of the page.

  3. Click on the "+ Add" button at the top of the page to add a new role assignment.

  4. In the "Add role assignment" page, select the role you want to assign. In this case, we want to assign the "Network Contributor" role, which allows users to modify the settings of the virtual network.

  5. In the "Select" box, search for the user or group you want to assign the role to. Once you have selected the user or group, click on the "Add" button.

  6. Now, we need to modify the permissions of the "Network Contributor" role to prevent accidental deletion. To do this, click on the "Advanced" tab in the "Add role assignment" page.

  7. In the "Advanced" tab, set the "Delete" permission to "Deny". This will prevent users with the "Network Contributor" role from deleting the virtual network.

  8. Finally, click on the "Review + assign" button to review the changes and assign the role.

That's it! The administrative users with the "Network Contributor" role will now be able to modify the settings of the virtual network but will be prevented from accidentally deleting it.

Prev Question Next Question