chore: Update Bicep modules and resource versions across the infrastructure

[Pavan-Microsoft]

Purpose

This pull request updates the infra/main.bicep file with a range of improvements and dependency upgrades, focusing on modernizing resource definitions, updating module versions, and refining configuration logic for Azure infrastructure deployment. The main themes are module version upgrades for improved features and compatibility, parameter and property adjustments for correctness, and code clean-up for maintainability.

Module Version Upgrades and Dependency Updates:

• Updated multiple module versions (e.g., managed-identity, operational-insights/workspace, insights/component, private-dns-zone, bastion-host, virtual-machine, container-app, etc.) to their latest releases, ensuring access to new features, bug fixes, and improved compatibility. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]

Resource API Version and Property Adjustments:

• Upgraded resource API versions for Microsoft.Resources/tags, Microsoft.Resources/deployments, and Microsoft.OperationalInsights/workspaces to the latest supported versions, and updated related resource property references for compliance and future-proofing. [1] [2] [3]
• Changed Log Analytics workspace dailyQuotaGb property to a string value for compatibility with WAF recommendations.
• Replaced deprecated or incorrect property names (e.g., zones → availabilityZones in Bastion Host public IP configuration).

Configuration and Logic Improvements:

• Improved handling of nullable or optional outputs and parameters using the safe navigation operator (!) to prevent runtime errors when referencing module outputs. [1] [2] [3] [4]
• Refined logic for Log Analytics and Application Insights resource IDs, keys, and connection strings to ensure correct assignment based on whether existing resources are used. [1] [2]

Parameter and Output Clean-up:

• Removed unused parameters such as aiModelDeployments and unnecessary properties from AI Foundry module configuration for a cleaner and more maintainable template. [1] [2]
• Updated output values to use environment-specific suffixes and safe navigation for improved correctness (e.g., AZURE_BLOB_ENDPOINT). [1] [2]

General Code Maintenance:

• Improved conditional logic and default value handling throughout the template, such as using explicit nulls and updated ternary expressions for resource properties and parameters. [1] [2] [3]

These changes collectively modernize the infrastructure codebase, improve reliability, and ensure better alignment with Azure best practices.

Does this introduce a breaking change?

• Yes
• No

Golden Path Validation

• I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

• I have validated the deployment process successfully and all services are running as expected with this change.

[Copilot]

Pull request overview

This PR modernizes the Azure infrastructure Bicep templates by upgrading AVM module versions and several resource API versions, while also refining parameter/output handling to better support WAF/private-networking scenarios and multi-cloud suffix compatibility.

Changes:

• Upgraded numerous AVM modules (networking, monitoring, compute, container apps, storage, MI, etc.) and some ARM resource API versions.
• Refined template wiring and outputs (e.g., storage endpoint suffix, Bastion public IP zone property changes, non-null assertions for conditional modules).
• Cleaned up parameters and adjusted monitoring/logging configuration behaviors (e.g., LAW quota type change, container apps env log config changes).

Reviewed changes

Copilot reviewed 15 out of 16 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
infra/main.bicep	Primary infra template: module/API upgrades, monitoring/private networking refinements, output updates, parameter cleanup.
infra/main_custom.bicep	Custom main template: aligns many module/API upgrades with main template (but needs a Bastion param follow-up).
infra/modules/virtualNetwork.bicep	Updates AVM VNet/NSG module versions.
infra/modules/storageAccount.bicep	Updates storage account module + AVM common types import version.
infra/modules/keyVault.bicep	Updates AVM common types import version.
infra/modules/cosmosDb.bicep	Updates AVM common types import version, Cosmos module version, and SQL role definition API version.
infra/modules/ai-foundry/aifoundry.bicep	Updates common types imports, Cognitive Services API versions, and output/null-assertion handling; removes some parameters.
infra/modules/ai-foundry/dependencies.bicep	Updates common types imports, Cognitive Services/deployments API versions, private-endpoint module version, and output null assertions.
infra/modules/ai-foundry/project.bicep	Updates Cognitive Services/projects API versions and hardens conditional output access with non-null assertion.
infra/modules/ai-foundry/keyVaultExport.bicep	Updates common types imports and Key Vault API versions for vault/secrets.
infra/modules/ai-foundry/ai-services.bicep	Updates common types imports and Cognitive Services/deployments API versions; updates header comment (needs minor fix).
infra/samples/network/virtualNetwork.bicep	Updates sample AVM module versions for NSG and VNet.
infra/samples/network/jumpbox.bicep	Updates sample AVM module versions for NSG/subnet/VM.
infra/samples/network/bastionHost.bicep	Updates sample AVM module versions for NSG/subnet/Bastion (but needs a Bastion param follow-up).
infra/samples/network-subnet-design.bicep	Updates sample Log Analytics workspace module version.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.