'Azure resource locks and policy remediation
I have a policy assigned to management group with remediation task.
Policy updates tags on resource group and resources if mandatory tags are missing or change.
There are Read Only locks set on resource groups and resources. Those locks prevent remediation task from completion, resulting in remediation task failing with error:
Failed to remediate resource: <resourceid> The 'PATCH' request failed with status code: 'Conflict'. Inner Error: 'The scope <scopeid> cannot perform write operation because following scope(s) are locked: <resourceid>
Please remove the lock and try again.', Correlation Id: <correlationid>
Identity assigned to remediation task has necessary permissions (Owner) to lift lock but it doesn't happen.
Is there a way to configure remediation task to remove lock on resource, perform remediation and set lock back?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|