Merge pull request #54012 from Rob-Barefoot/fundlp4m2

Initial commit: guided-project-organize-resources-tags-locks

Author: Carolyn135

learn-pr/wwl-azure/guided-project-organize-resources-tags-locks/1-introduction.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.guided-project-organize-resources-tags-locks.introduction
+title: Introduction
+metadata:
+  title: Introduction
+  description: "Introduction"
+  ms.date: 03/25/2026
+  author: wwlpublish
+  ms.author: robbarefoot
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 2
+content: |
+  [!include[](includes/1-introduction.md)]

learn-pr/wwl-azure/guided-project-organize-resources-tags-locks/2-exercise-create-resources-apply-tags.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.guided-project-organize-resources-tags-locks.exercise-create-resources-apply-tags
+title: Exercise - Create resources and apply tags
+metadata:
+  title: Exercise - Create resources and apply tags
+  description: "Exercise - Create resources and apply tags"
+  ms.date: 03/25/2026
+  author: wwlpublish
+  ms.author: robbarefoot
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 7
+content: |
+  [!include[](includes/2-exercise-create-resources-apply-tags.md)]

learn-pr/wwl-azure/guided-project-organize-resources-tags-locks/3-exercise-apply-resource-locks.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.guided-project-organize-resources-tags-locks.exercise-apply-resource-locks
+title: Exercise - Apply resource locks
+metadata:
+  title: Exercise - Apply resource locks
+  description: "Exercise - Apply resource locks"
+  ms.date: 03/25/2026
+  author: wwlpublish
+  ms.author: robbarefoot
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 7
+content: |
+  [!include[](includes/3-exercise-apply-resource-locks.md)]

learn-pr/wwl-azure/guided-project-organize-resources-tags-locks/4-exercise-test-lock-enforcement.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.guided-project-organize-resources-tags-locks.exercise-test-lock-enforcement
+title: Exercise - Test lock enforcement
+metadata:
+  title: Exercise - Test lock enforcement
+  description: "Exercise - Test lock enforcement"
+  ms.date: 03/25/2026
+  author: wwlpublish
+  ms.author: robbarefoot
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 6
+content: |
+  [!include[](includes/4-exercise-test-lock-enforcement.md)]

learn-pr/wwl-azure/guided-project-organize-resources-tags-locks/5-validate-success.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.guided-project-organize-resources-tags-locks.validate-success
+title: Validate success
+metadata:
+  title: Validate success
+  description: "Validate success"
+  ms.date: 03/25/2026
+  author: wwlpublish
+  ms.author: robbarefoot
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 2
+content: |
+  [!include[](includes/5-validate-success.md)]

learn-pr/wwl-azure/guided-project-organize-resources-tags-locks/6-clean-up-resources.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.guided-project-organize-resources-tags-locks.clean-up-resources
+title: Clean up resources
+metadata:
+  title: Clean up resources
+  description: "Clean up resources"
+  ms.date: 03/25/2026
+  author: wwlpublish
+  ms.author: robbarefoot
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 5
+content: |
+  [!include[](includes/6-clean-up-resources.md)]

learn-pr/wwl-azure/guided-project-organize-resources-tags-locks/7-knowledge-check.yml

@@ -0,0 +1,51 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.guided-project-organize-resources-tags-locks.knowledge-check
+title: Knowledge check
+metadata:
+  title: Knowledge check
+  description: "Knowledge check"
+  ms.date: 03/29/2026
+  author: wwlpublish
+  ms.author: robbarefoot
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 5
+content: |
+  [!include[](includes/7-knowledge-check.md)]
+quiz:
+  title: "Check your knowledge"
+  questions:
+  - content: "What is the primary purpose of applying resource tags in Azure?"
+    choices:
+    - content: "To restrict who can access a resource"
+      isCorrect: false
+      explanation: "Access control is managed through RBAC role assignments, not tags."
+    - content: "To organize resources for cost tracking and management"
+      isCorrect: true
+      explanation: "Tags are key-value pairs that help you categorize resources for cost allocation, automation, and operational management."
+    - content: "To prevent resources from being deleted"
+      isCorrect: false
+      explanation: "Resource locks prevent deletion, not tags."
+  - content: "What does a read-only resource lock prevent?"
+    choices:
+    - content: "Only deletion of the resource"
+      isCorrect: false
+      explanation: "A delete lock prevents only deletion. A read-only lock is more restrictive."
+    - content: "Modifications and deletion of the resource"
+      isCorrect: true
+      explanation: "A read-only lock prevents both changes and deletion. You can view the resource but cannot modify or delete it."
+    - content: "All access to the resource including viewing"
+      isCorrect: false
+      explanation: "A read-only lock still allows you to view the resource. It blocks modifications and deletion only."
+  - content: "What must you do before you can delete a resource that has a delete lock?"
+    choices:
+    - content: "Disable the lock temporarily using Azure Policy"
+      isCorrect: false
+      explanation: "Locks are not managed through Azure Policy. You must remove the lock directly."
+    - content: "Contact Azure Support to override the lock"
+      isCorrect: false
+      explanation: "Lock removal does not require Azure Support. Authorized users can remove locks directly."
+    - content: "Remove the lock first"
+      isCorrect: true
+      explanation: "You must explicitly remove a delete lock before you can delete the resource. This is a deliberate safeguard against accidental deletion."

learn-pr/wwl-azure/guided-project-organize-resources-tags-locks/8-summary.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.guided-project-organize-resources-tags-locks.summary
+title: Summary
+metadata:
+  title: Summary
+  description: "Summary"
+  ms.date: 03/25/2026
+  author: wwlpublish
+  ms.author: robbarefoot
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 2
+content: |
+  [!include[](includes/8-summary.md)]

learn-pr/wwl-azure/guided-project-organize-resources-tags-locks/includes/1-introduction.md

@@ -0,0 +1,39 @@
+This guided project focuses on organizing and protecting Azure resources using tags and locks.
+
+Tags are key-value pairs that you attach to resources and resource groups. They help you categorize resources for cost reporting, ownership tracking, and governance. Locks add a layer of protection that prevents accidental modification or deletion, even for users with full permissions.
+
+## Scenario
+
+Your development team is setting up a shared Azure environment and needs to keep resources organized and protected from accidental changes. You apply tags to track which department owns each resource, and then apply locks to prevent critical resources from being modified or deleted by mistake.
+
+- Exercise 1 - Create resources and apply organizational tags.
+- Exercise 2 - Apply resource locks to prevent accidental changes.
+- Exercise 3 - Test lock enforcement and confirm the full lock lifecycle.
+
+:::image type="content" source="../media/overview-architecture.png" alt-text="Diagram showing how tags and locks are applied to a resource group and storage accounts for organization and protection." border="false":::
+
+By the end of this project, you can organize resources with tags, filter resources by tag value, and protect resources using both delete and read-only locks.
+
+> [!NOTE]
+> This is a guided project module where you complete a project by following step-by-step instructions.
+
+## Skilling areas
+
+In this project, you practice skills in the following areas:
+
+**Apply and use resource tags**
++ Tag resource groups and individual resources with key-value pairs.
++ Apply different tag values to distinguish departments or environments.
++ Filter resources by tag in the portal.
+
+**Configure resource locks**
++ Apply a delete lock to prevent resource removal.
++ Apply a read-only lock to prevent modifications.
++ Understand how locks at different scopes interact.
+
+**Test and manage lock enforcement**
++ Verify that locked operations are blocked with appropriate error messages.
++ Remove locks and confirm that normal operations are restored.
+
+> [!IMPORTANT]
+> This project uses the Azure portal for every step. No prior Azure experience is required.

learn-pr/wwl-azure/guided-project-organize-resources-tags-locks/includes/2-exercise-create-resources-apply-tags.md

@@ -0,0 +1,118 @@
+This guided project consists of the following exercises:
+
+ - **Create resources and apply tags**
+ - Apply resource locks
+ - Test lock enforcement
+
+In this exercise, you create a resource group with two storage accounts and apply organizational tags to each one. You then use tag-based filtering to see how tags help you find and organize resources across a growing environment.
+
+This exercise includes the following tasks:
+
+ - Prepare the environment
+ - Create a test storage account
+ - Tag the resource group
+ - Tag the storage account
+ - Create a second storage account with different tags
+ - Filter resources by tag
+
+**Outcome:** A resource group and storage account with consistent organizational tags applied.
+
+> [!TIP]
+> Pause after each major action and confirm the page status before moving on. This habit prevents compounding mistakes.
+
+## Task 1: Prepare the environment
+
+Set up your Azure environment before you begin. You create a resource group and a test resource to practice tagging and locking.
+
+> [!WARNING]
+> This project creates Azure resources that may incur charges. Complete the clean-up unit when you're done to avoid unintended expenses.
+
+1.  Sign in to the [Azure portal](https://portal.azure.com) with an account that has permissions to create and manage resources.
+2.  In the portal search bar, search for **Resource groups** and select **Resource groups**.
+3.  Select **+ Create**. Name the resource group **rg-gp-tags-locks**, choose your preferred region, and select **Review + create** then **Create**.
+
+## Task 2: Create a test storage account
+
+Create a low-cost storage account inside the resource group. This gives you a resource to tag and lock in the following exercises.
+
+1.  In the portal search bar, search for **Storage accounts** and select **Storage accounts**.
+2.  Select **+ Create**.
+3.  On the Basics tab, select **rg-gp-tags-locks** as the resource group.
+4.  For **Storage account name**, enter a globally unique name (for example, **stgptagslock** followed by your initials and a number).
+5.  For **Region**, use the same region as the resource group.
+6.  For **Preferred Storage Type**, select **Azure Blob Storage or Azure Data Lake Storage Gen 2**.
+7.  For **Performance**, select **Standard**.
+8.  For **Redundancy**, select **Locally-redundant storage (LRS)**.
+9.  Select **Review + create** and then select **Create**.
+10. When deployment finishes, select **Go to resource**.
+
+## Task 3: Tag the resource group
+
+Apply organizational tags to the resource group. Tags are key-value pairs that help you categorize resources, track costs by department or project, and enforce governance policies.
+
+1.  In the portal search bar, search for **Resource groups** and select **Resource groups**.
+2.  Select **rg-gp-tags-locks** from the list.
+3.  In the left menu, select **Tags**.
+3.  Add the tag **department** with the value **development**.
+4.  Add the tag **environment** with the value **test**.
+5.  Select **Apply**.
+6.  Confirm both tags appear in the tags list.
+
+> [!NOTE]
+> **Validation step:** Verify the resource group displays both tags (**department: development** and **environment: test**) before proceeding.
+
+> [!NOTE]
+> Each exercise includes validation steps like this one. Track your results as you go—you'll review them all in the validation unit at the end of this module.
+
+## Task 4: Tag the storage account
+
+Apply the same tags to the storage account. Tagging resources individually ensures accurate cost reporting even when multiple teams share a resource group.
+
+1.  Open the storage account you created.
+2.  In the left menu, select **Tags**.
+3.  Add the tag **department** with the value **development**.
+4.  Add the tag **environment** with the value **test**.
+5.  Select **Apply**.
+
+> [!NOTE]
+> **Validation step:** Confirm the storage account now shows both tags matching the resource group tags.
+
+## Task 5: Create a second storage account with different tags
+
+Create another resource and assign different tag values. Having resources with different tags demonstrates how tags enable filtering and cost allocation across teams.
+
+1.  In the portal search bar, search for **Storage accounts** and select **Storage accounts**.
+2.  Select **+ Create**.
+3.  On the Basics tab, select **rg-gp-tags-locks** as the resource group.
+4.  For **Storage account name**, enter a globally unique name (for example, **stgptagsops** followed by your initials and a number).
+5.  For **Region**, use the same region as the resource group.
+6.  For **Preferred Storage Type**, select **Azure Blob Storage or Azure Data Lake Storage Gen 2**.
+7.  For **Performance**, select **Standard**.
+8.  For **Redundancy**, select **Locally-redundant storage (LRS)**.
+9.  Select **Review + create** and then select **Create**.
+10. When deployment finishes, select **Go to resource**.
+11. In the left menu, select **Tags**.
+12. Add the tag **department** with the value **operations**.
+13. Add the tag **environment** with the value **test**.
+14. Select **Apply**.
+
+> [!NOTE]
+> **Validation step:** Verify the second storage account exists with **department: operations** and **environment: test** tags.
+
+## Task 6: Filter resources by tag
+
+Use tags to filter the resource list and see only the resources that belong to a specific department. This demonstrates the practical value of consistent tagging for managing resources at scale.
+
+1.  In the portal search bar, search for **Resource groups** and select **Resource groups**.
+2.  Select **rg-gp-tags-locks** from the list.
+3.  In the resource list, select **Add filter**.
+4.  In the **Filter** dropdown, scroll down to **Tags** and select the **department** tag.
+5.  In the **Operator** dropdown, select **Equals**.
+6.  Select the checkbox next to **development** and select **Apply**.
+7.  Confirm that only the **stgptagslock** storage account appears in the filtered list.
+8.  Select the **X** on the right side of the filter to clear it, then repeat the steps above but select the checkbox next to **operations** instead.
+9.  Confirm only the **stgptagsops** storage account appears.
+10. Select the **X** on the right side of the filter to clear it and show all resources again.
+
+> [!NOTE]
+> **Validation step:** Confirm filtering by **department** tag shows only the correct storage account for each department value.