Forum Discussion
How to prevent changes to the Firewalls and virtual network section for resources?
Hi to prevent changes on any resources you have to define an IAM strategy for your resources
Giving Owner role to those who need full access
Giving Contributor role to those who need to modify resources
Giving Reader role for those who need to read only
Giving Custom roles for specific needs
Giving role tied to resource for specific operations ( Virtual machine contributor for example )
You may know that roles are inherited from subscription and resource group so you need to consider that and finally create a map to be able to retrieve who have access to which and then revoke if necessary.
Once you have done that you can add read only lock at the resource group level so only people with right access will be able to remove them(That's why i suggest to identify those people above) . This lock will prevent any changes on any resource in resource group scope .