Azure Blueprint allows Cloud Engineers to share infrastructure. They're collections of Azure resources that define the initial setup/configuration of an environment and, with locking, can be used to enforce this state over the longer term.

Blueprints are versioned, and can exist in either a draft or published state. They can be assigned at the subscription or management group level.


Locking prevents users from modifying the resources outside of the blueprint by creating deny role assignments against them:

  • Unlocked
  • Don't lock
  • Read only
  • Do not delete