microsoft · Roopan-Microsoft · Jul 7, 2025 · Jul 3, 2025 · Jul 4, 2025 · Jul 4, 2025
@@ -10,14 +10,16 @@ By default this template will use the environment name as the prefix to prevent
 | -------------------------------------- | ------- | ---------------- | ---------------------------------------------------------------------------------------------------- |
 | `AZURE_ENV_NAME`                       | string  | `azdtemp`        | Used as a prefix for all resource names to ensure uniqueness across environments.                    |
 | `AZURE_LOCATION`                       | string  | `eastus2`      | Location of the Azure resources. Controls where the infrastructure will be deployed.                 |
-| `AZURE_AISERVICE_LOCATION`                       | string  | `japaneast`      | Set the Azure AI Service Location.                 |
 | `AZURE_ENV_MODEL_DEPLOYMENT_TYPE`      | string  | `GlobalStandard` | Change the Model Deployment Type (allowed values: Standard, GlobalStandard).                         |
 | `AZURE_ENV_MODEL_NAME`                 | string  | `gpt-4o`         | Set the Model Name (allowed values: gpt-4o).                                                         |
 | `AZURE_ENV_MODEL_VERSION`              | string  | `2024-08-06`     | Set the Azure model version (allowed values: 2024-08-06)    |
 | `AZURE_ENV_MODEL_CAPACITY`             | integer | `200`            | Set the Model Capacity (choose a number based on available GPT model capacity in your subscription). |
 | `AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID` | string  | `<Existing Workspace Id>`     | Set this if you want to reuse an existing Log Analytics Workspace instead of creating a new one.     |
 | `AZURE_ENV_IMAGETAG`                   | string  | `latest`         | Set the Image tag Like (allowed values: latest, dev, hotfix)    |
 | `AZURE_ENV_JUMPBOX_SIZE`                   | string  | `Standard_DS2_v2`         | Specifies the size of the Jumpbox Virtual Machine. Set a custom value if `enablePrivateNetworking` is `true`.    |
+| `AZURE_ENV_JUMPBOX_ADMIN_USERNAME`     | string  | `JumpboxAdminUser`          | Specifies the administrator username for the Jumpbox Virtual Machine.      |
+| `AZURE_ENV_JUMPBOX_ADMIN_PASSWORD`     | string  | `JumpboxAdminP@ssw0rd1234!` | Specifies the administrator password for the Jumpbox Virtual Machine.      |
+| `AZURE_ENV_COSMOS_SECONDARY_LOCATION`  | string  | *(not set by default)*      | Specifies the secondary region for Cosmos DB. Required if `enableRedundancy` is `true`. |
 ---
 
 ## How to Set a Parameter

@@ -40,13 +40,15 @@ When you start the deployment, most parameters will have **default values**, but
 |----------------------------------|------------------------------------------------------------------------------------------------------|----------------------------|
 | **Azure Region**                 | The region where resources will be created.                                                         | East US                   |
 | **Resource Prefix**              | Prefix for all resources created by this template. This prefix will be used to create unique names for all resources. The prefix must be unique within the resource group. | azdtemp                   |
-| **AI Location**                  | Location for all AI services resources. This location can be different from the resource group location. | japaneast                 |
 | **Capacity**                     | Configure capacity for **gpt-4o**.                                                                   | 200                        |
 | **Model Deployment Type**        | Change the Model Deployment Type (allowed values: Standard, GlobalStandard).                        | GlobalStandard             |
 | **Model Name**                   | Set the Model Name (allowed values: gpt-4o).                                                        | gpt-4o                     |
 | **Model Version**                | Set the Azure model version (allowed values: 2024-08-06).                                           | 2024-08-06                 |
 | **Image Tag**                    | Set the Image tag (allowed values: latest, dev, hotfix).                                            | latest                     |
 | **Existing Log analytics workspace** | To reuse the existing Log analytics workspace Id.                                                | `<Existing Workspace Id>` |
+| **Jumpbox Admin Username**         | Specifies the administrator username for the Jumpbox Virtual Machine.                             | `JumpboxAdminUser`         |
+| **Jumpbox Admin Password**         | Specifies the administrator password for the Jumpbox Virtual Machine.                             | `JumpboxAdminP@ssw0rd1234!` |
+| **Cosmos DB Secondary Location**   | Specifies the secondary region for Cosmos DB. Set this if redundancy (`enableRedundancy`) is enabled. | `<Secondary Region>`        |
 
 
 This accelerator can be configured to  use authentication. 

@@ -129,6 +129,8 @@ var modelDeployment = {
   raiPolicyName: 'Microsoft.Default'
 }
 
+var abbrs = loadJsonContent('./abbreviations.json')
+
 #disable-next-line no-deployments-resources
 resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) {
   name: take(
@@ -154,7 +156,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT
 module appIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.1' = {
   name: take('identity-app-${resourcesName}-deployment', 64)
   params: {
-    name: 'id-app-${resourcesName}'
+    name: '${abbrs.security.managedIdentity}${resourcesName}'
     location: location
     tags: allTags
     enableTelemetry: enableTelemetry
@@ -176,7 +178,7 @@ resource existingLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces
 module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.11.2' = if ((enableMonitoring || enablePrivateNetworking) && !useExistingLogAnalytics) {
   name: take('log-analytics-${resourcesName}-deployment', 64)
   params: {
-    name: 'log-${resourcesName}'
+    name: '${abbrs.managementGovernance.logAnalyticsWorkspace}${resourcesName}'
     location: location
     skuName: 'PerGB2018'
     dataRetention: 30
@@ -194,7 +196,7 @@ var LogAnalyticsWorkspaceId = useExistingLogAnalytics? existingLogAnalyticsWorks
 module applicationInsights 'br/public:avm/res/insights/component:0.6.0' = if (enableMonitoring) {
   name: take('app-insights-${resourcesName}-deployment', 64)
   params: {
-    name: 'appi-${resourcesName}'
+    name: '${abbrs.managementGovernance.applicationInsights}${resourcesName}'
     location: location
     workspaceResourceId: logAnalyticsWorkspaceResourceId
     diagnosticSettings: [{ workspaceResourceId: logAnalyticsWorkspaceResourceId }]
@@ -223,12 +225,12 @@ module aiServices 'modules/ai-foundry/main.bicep' = {
   #disable-next-line no-unnecessary-dependson
   dependsOn: [logAnalyticsWorkspace, network] // required due to optional flags that could change dependency
   params: {
-    name: 'ais-${resourcesName}'
+    name: '${abbrs.ai.aiFoundry}${resourcesName}'
     location: aiDeploymentsLocation
     sku: 'S0'
     kind: 'AIServices'
     deployments: [modelDeployment]
-    projectName: 'proj-${resourcesName}'
+    projectName: '${abbrs.ai.aiFoundryProject}${resourcesName}'
     logAnalyticsWorkspaceResourceId: enableMonitoring ? logAnalyticsWorkspaceResourceId : ''
     privateNetworking: enablePrivateNetworking
       ? {
@@ -265,7 +267,7 @@ module storageAccount 'modules/storageAccount.bicep' = {
   #disable-next-line no-unnecessary-dependson
   dependsOn: [logAnalyticsWorkspace, network] // required due to optional flags that could change dependency
   params: {
-    name: take('st${resourcesName}', 24)
+    name: take('${abbrs.storage.storageAccount}${resourcesName}', 24)
     location: location
     tags: allTags
     skuName: enableRedundancy ? 'Standard_GZRS' : 'Standard_LRS'
@@ -300,7 +302,7 @@ module keyVault 'modules/keyVault.bicep' = {
   #disable-next-line no-unnecessary-dependson
   dependsOn: [logAnalyticsWorkspace, network] // required due to optional flags that could change dependency
   params: {
-    name: take('kv-${resourcesName}', 24)
+    name: take('${abbrs.security.keyVault}${resourcesName}', 24)
     location: location
     sku: 'standard'
     logAnalyticsWorkspaceResourceId: enableMonitoring ? logAnalyticsWorkspaceResourceId : ''
@@ -327,7 +329,7 @@ module cosmosDb 'modules/cosmosDb.bicep' = {
   #disable-next-line no-unnecessary-dependson
   dependsOn: [logAnalyticsWorkspace, network] // required due to optional flags that could change dependency
   params: {
-    name: take('cosmos-${resourcesName}', 44)
+    name: take('${abbrs.databases.cosmosDBDatabase}${resourcesName}', 44)
     location: location
     dataAccessIdentityPrincipalId: appIdentity.outputs.principalId
     logAnalyticsWorkspaceResourceId: enableMonitoring ? logAnalyticsWorkspaceResourceId : ''
@@ -344,7 +346,7 @@ module cosmosDb 'modules/cosmosDb.bicep' = {
   }
 }
 
-var containerAppsEnvironmentName = 'cae-${resourcesName}'
+var containerAppsEnvironmentName = '${abbrs.containers.containerAppsEnvironment}${resourcesName}'
 
 module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.11.2' = {
   name: take('container-env-${resourcesName}-deployment', 64)
@@ -391,7 +393,7 @@ module containerAppBackend 'br/public:avm/res/app/container-app:0.17.0' = {
   #disable-next-line no-unnecessary-dependson
   dependsOn: [applicationInsights] // required due to optional flags that could change dependency
   params: {
-    name: take('ca-${resourcesName}backend', 32)
+    name: take('${abbrs.containers.containerApp}backend-${resourcesName}', 32)
     location: location
     environmentResourceId: containerAppsEnvironment.outputs.resourceId
     managedIdentities: {
@@ -556,7 +558,7 @@ module containerAppBackend 'br/public:avm/res/app/container-app:0.17.0' = {
 module containerAppFrontend 'br/public:avm/res/app/container-app:0.17.0' = {
   name: take('container-app-frontend-${resourcesName}-deployment', 64)
   params: {
-    name: take('ca-${resourcesName}frontend', 32)
+    name: take('${abbrs.containers.containerApp}frontend-${resourcesName}', 32)
     location: location
     environmentResourceId: containerAppsEnvironment.outputs.resourceId
     managedIdentities: {

@@ -155,8 +155,8 @@ module cognitiveService 'ai-services.bicep' = {
     privateEndpoints: privateNetworking != null
       ? [
           {
-            name:'pep-${name}-aiservices' // private endpoint name
-            customNetworkInterfaceName: 'nic-${name}-aiservices'
+            name:'pep-${name}' // private endpoint name
+            customNetworkInterfaceName: 'nic-${name}'
             subnetResourceId: privateNetworking.?subnetResourceId ?? ''
             privateDnsZoneGroup: {
               privateDnsZoneGroupConfigs: [

@@ -97,6 +97,8 @@ module cosmosAccount 'br/public:avm/res/document-db/database-account:0.15.0' = {
     privateEndpoints: privateNetworking != null
       ? [
           {
+            name: 'pep-${name}'
+            customNetworkInterfaceName: 'nic-${name}'
             privateDnsZoneGroup: {
               privateDnsZoneGroupConfigs: [
                 {

@@ -78,6 +78,8 @@ module keyvault 'br/public:avm/res/key-vault/vault:0.12.1' = {
     privateEndpoints: privateNetworking != null
       ? [
           {
+            name: 'pep-${name}'
+            customNetworkInterfaceName: 'nic-${name}'
             privateDnsZoneGroup: {
               privateDnsZoneGroupConfigs: [
                 {

@@ -78,7 +78,7 @@ module network 'network/main.bicep' = {
         name: 'web'
         addressPrefixes: ['10.0.0.0/23'] // /23 (10.0.0.0 - 10.0.1.255), 512 addresses
         networkSecurityGroup: {
-          name: 'web-nsg'
+          name: 'nsg-web'
           securityRules: [
             {
               name: 'AllowHttpsInbound'
@@ -131,7 +131,7 @@ module network 'network/main.bicep' = {
       }
     ]
     bastionConfiguration: {
-      name: 'bastion-${resourcesName}'
+      name: 'bas-${resourcesName}'
       subnetAddressPrefixes: ['10.0.10.0/26']
     }
     jumpboxConfiguration: {
@@ -143,7 +143,7 @@ module network 'network/main.bicep' = {
         name: 'jumpbox'
         addressPrefixes: ['10.0.12.0/23'] // /23 (10.0.12.0 - 10.0.13.255), 512 addresses
         networkSecurityGroup: {
-          name: 'jumpbox-nsg'
+          name: 'nsg-jumbox'
           securityRules: [
             {
               name: 'AllowRdpFromBastion'

@@ -62,6 +62,10 @@ module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = {
     ]
     tags: tags
     enableTelemetry: enableTelemetry
+    publicIPAddressObject: {
+      name: 'pip-${name}'
+      zones:[]
+    }
   }
 }
 

@@ -40,7 +40,7 @@ param enableTelemetry bool = true
 module nsg 'br/public:avm/res/network/network-security-group:0.5.1' = if (!empty(subnet)) {
   name: '${vnetName}-${subnet.?networkSecurityGroup.name}'
   params: {
-    name: '${vnetName}-${subnet.?networkSecurityGroup.name}'
+    name: '${subnet.?networkSecurityGroup.name}-${vnetName}'
     location: location
     securityRules: subnet.?networkSecurityGroup.securityRules
     tags: tags
@@ -76,7 +76,7 @@ module vm 'br/public:avm/res/compute/virtual-machine:0.15.0' = {
     adminUsername: username
     adminPassword: password
     tags: tags
-    zone: 2
+    zone: 0
     imageReference: {
       offer: 'WindowsServer'
       publisher: 'MicrosoftWindowsServer'
@@ -86,13 +86,14 @@ module vm 'br/public:avm/res/compute/virtual-machine:0.15.0' = {
     osType: 'Windows'
     osDisk: {
       managedDisk: {
+        name: 'osdisk-${vmName}'
         storageAccountType: 'Standard_LRS'
       }
     }
     encryptionAtHost: false // Some Azure subscriptions do not support encryption at host
     nicConfigurations: [
       {
-        name: '${vmName}-nic'
+        name: 'nic-${vmName}'
         ipConfigurations: [
           {
             name: 'ipconfig1'

@@ -30,7 +30,7 @@ param tags object = {}
 
 @description('Optional. Enable/Disable usage telemetry for module.')
 param enableTelemetry bool = true
-            
+
 // /****************************************************************************************************************************/
 // Networking - NSGs, VNET and Subnets. Each subnet has its own NSG
 // /****************************************************************************************************************************/
@@ -55,7 +55,7 @@ module virtualNetwork 'virtualNetwork.bicep' = {
 module bastionHost 'bastionHost.bicep' = if (!empty(bastionConfiguration)) {
   name: '${resourcesName}-bastionHost'
   params: {
-    name: bastionConfiguration.?name ?? 'bastion-${resourcesName}'
+    name: bastionConfiguration.?name ?? 'bas-${resourcesName}'
     vnetId: virtualNetwork.outputs.resourceId
     vnetName: virtualNetwork.outputs.name
     location: location

@@ -31,7 +31,7 @@ module nsgs 'br/public:avm/res/network/network-security-group:0.5.1' = [
   for (subnet, i) in subnets: if (!empty(subnet.?networkSecurityGroup)) {
     name: take('${name}-${subnet.?networkSecurityGroup.name}-networksecuritygroup', 64)
     params: {
-      name: '${name}-${subnet.?networkSecurityGroup.name}'
+      name: '${subnet.?networkSecurityGroup.name}-${name}'
       location: location
       securityRules: subnet.?networkSecurityGroup.securityRules
       tags: tags

@@ -103,6 +103,8 @@ module storageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {
     privateEndpoints: privateNetworking != null
       ? [
           {
+            name: 'pep-blob-${name}'
+            customNetworkInterfaceName: 'nic-blob-${name}'
             privateDnsZoneGroup: {
               privateDnsZoneGroupConfigs: [
                 {
@@ -114,6 +116,8 @@ module storageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {
             subnetResourceId: privateNetworking.?subnetResourceId ?? ''
           }
           {
+            name: 'pep-file-${name}'
+            customNetworkInterfaceName: 'nic-file-${name}'
             privateDnsZoneGroup: {
               privateDnsZoneGroupConfigs: [
                 {