---
names:
  full: Azure Storage Account uses Delete lock
  contextual: Storage Account uses Delete lock
description: "Azure Resource Manager CannotDelete (Delete) locks can prevent users from\
  \ accidentally or maliciously deleting a storage account. This feature ensures that\
  \ while the Storage account can still be modified or used, deletion of the Storage account\
  \ resource requires removal of the lock by a user with appropriate permissions.\
  \ This feature is a protective control for the availability of data. By ensuring that\
  \ a storage account or its parent resource group cannot be deleted without first removing\
  \ the lock, the risk of data loss is reduced."
impossible: true
type: BEST_PRACTICE
categories:
  - "SECURITY"
frameworkMappings:
  - "/frameworks/cis-azure-v5.0.0/09/03/09"
  - "/frameworks/cloudaware/resource-security/data-protection-and-recovery"