From 549917db2ae29680e96dc9bff3d77ad86aaedc20 Mon Sep 17 00:00:00 2001 From: Pavan-Microsoft Date: Mon, 20 Apr 2026 20:04:24 +0530 Subject: [PATCH 1/3] Update Bicep modules and resource versions across the infrastructure - Updated resource group tags API version from 2021-04-01 to 2025-04-01. - Updated AVM telemetry resource API version from 2024-03-01 to 2025-04-01. - Upgraded managed identity module version from 0.4.2 to 0.5.0. - Updated existing Log Analytics workspace API version from 2020-08-01 to 2025-07-01. - Upgraded Log Analytics workspace module version from 0.12.0 to 0.15.0. - Updated Application Insights module version from 0.7.0 to 0.7.1. - Upgraded private DNS zones module version from 0.8.0 to 0.8.1. - Updated Bastion Host module version from 0.8.0 to 0.8.2. - Upgraded maintenance configuration module version from 0.3.2 to 0.4.0. - Updated Windows VM data collection rules module version from 0.8.0 to 0.11.0. - Upgraded virtual machine module version from 0.20.0 to 0.22.0. - Updated Cognitive Services account API version from 2025-07-01-preview to 2026-03-01. - Upgraded Cognitive Services deployments API version from 2024-10-01 to 2026-03-01. - Updated private endpoint module version from 0.11.1 to 0.12.0. - Updated Azure Container Registry API version from 2023-07-01 to 2025-11-01. - Upgraded managed environment module version from 0.11.3 to 0.13.1. - Updated container app backend module version from 0.19.0 to 0.22.0. - Upgraded container app frontend module version from 0.19.0 to 0.22.0. - Updated various imports in AI Foundry modules to use avm-common-types version 0.7.0. - Updated Key Vault export module API version from 2025-05-01 to 2026-02-01. - Upgraded Cosmos DB module version from 0.18.0 to 0.19.0. - Updated storage account module version from 0.28.0 to 0.32.0. - Upgraded network security group module version from 0.5.2 to 0.5.3. - Updated virtual network module version from 0.7.1 to 0.8.0. --- infra/main.bicep | 72 +- infra/main.json | 3724 +++++++++++------ infra/main_custom.bicep | 34 +- infra/modules/ai-foundry/ai-services.bicep | 16 +- infra/modules/ai-foundry/aifoundry.bicep | 50 +- infra/modules/ai-foundry/dependencies.bicep | 20 +- infra/modules/ai-foundry/keyVaultExport.bicep | 8 +- infra/modules/ai-foundry/project.bicep | 6 +- infra/modules/cosmosDb.bicep | 6 +- infra/modules/keyVault.bicep | 2 +- infra/modules/storageAccount.bicep | 4 +- infra/modules/virtualNetwork.bicep | 4 +- infra/samples/network-subnet-design.bicep | 2 +- infra/samples/network/bastionHost.bicep | 6 +- infra/samples/network/jumpbox.bicep | 6 +- infra/samples/network/virtualNetwork.bicep | 4 +- 16 files changed, 2445 insertions(+), 1519 deletions(-) diff --git a/infra/main.bicep b/infra/main.bicep index 8933fb94..57fe519d 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -118,9 +118,6 @@ param existingFoundryProjectResourceId string = '' @description('Optional. Use this parameter to use an existing Log Analytics workspace resource ID. Defaults to empty string.') param existingLogAnalyticsWorkspaceId string = '' -@description('Optional. AI model deployments array for quota validation scripts. Not used directly by the template.') -param aiModelDeployments array = [] - var existingTags = resourceGroup().tags ?? {} var allTags = union( @@ -159,7 +156,7 @@ param createdBy string = contains(deployer(), 'userPrincipalName')? split(deploy // ========== Resource Group Tag ========== // -resource resourceGroupTags 'Microsoft.Resources/tags@2021-04-01' = { +resource resourceGroupTags 'Microsoft.Resources/tags@2025-04-01' = { name: 'default' properties: { tags: union( @@ -175,7 +172,7 @@ resource resourceGroupTags 'Microsoft.Resources/tags@2021-04-01' = { } #disable-next-line no-deployments-resources -resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { +resource avmTelemetry 'Microsoft.Resources/deployments@2025-04-01' = if (enableTelemetry) { name: take( '46d3xbcp.ptn.sa-modernizeyourcode.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}', 64 @@ -196,7 +193,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT } } -module appIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.2' = { +module appIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.5.0' = { name: take('avm.res.managed-identity.user-assigned-identity.${solutionSuffix}', 64) params: { name: 'id-${solutionSuffix}' @@ -212,13 +209,13 @@ var existingLawSubscription = useExistingLogAnalytics ? split(existingLogAnalyti var existingLawResourceGroup = useExistingLogAnalytics ? split(existingLogAnalyticsWorkspaceId, '/')[4] : '' var existingLawName = useExistingLogAnalytics ? split(existingLogAnalyticsWorkspaceId, '/')[8] : '' -resource existingLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' existing = if (useExistingLogAnalytics) { +resource existingLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2025-07-01' existing = if (useExistingLogAnalytics) { name: existingLawName scope: resourceGroup(existingLawSubscription, existingLawResourceGroup) } // Deploy new Log Analytics workspace only if required and not using existing -module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.12.0' = if ((enableMonitoring || enablePrivateNetworking) && !useExistingLogAnalytics) { +module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.15.0' = if ((enableMonitoring || enablePrivateNetworking) && !useExistingLogAnalytics) { name: take('avm.res.operational-insights.workspace.${solutionSuffix}', 64) params: { name: 'log-${solutionSuffix}' @@ -229,7 +226,7 @@ module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0 tags: allTags enableTelemetry: enableTelemetry // WAF aligned configuration for Redundancy - dailyQuotaGb: enableRedundancy ? 10 : null //WAF recommendation: 10 GB per day is a good starting point for most workloads + dailyQuotaGb: enableRedundancy ? '10' : null //WAF recommendation: 10 GB per day is a good starting point for most workloads replication: enableRedundancy ? { enabled: true @@ -278,11 +275,9 @@ module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0 // Log Analytics workspace ID, customer ID, and shared key (existing or new) var logAnalyticsWorkspaceResourceId = useExistingLogAnalytics ? existingLogAnalyticsWorkspaceId : logAnalyticsWorkspace!.outputs.resourceId -var LogAnalyticsPrimarySharedKey string = useExistingLogAnalytics? existingLogAnalyticsWorkspace.listKeys().primarySharedKey : logAnalyticsWorkspace.outputs.primarySharedKey -var LogAnalyticsWorkspaceId = useExistingLogAnalytics? existingLogAnalyticsWorkspace.properties.customerId : logAnalyticsWorkspace!.outputs.logAnalyticsWorkspaceId var logAnalyticsWorkspaceName = useExistingLogAnalytics ? existingLawName : logAnalyticsWorkspace!.outputs.name -module applicationInsights 'br/public:avm/res/insights/component:0.7.0' = if (enableMonitoring) { +module applicationInsights 'br/public:avm/res/insights/component:0.7.1' = if (enableMonitoring) { name: take('avm.res.insights.component.${solutionSuffix}', 64) params: { name: 'appi-${solutionSuffix}' @@ -303,11 +298,11 @@ module applicationInsights 'br/public:avm/res/insights/component:0.7.0' = if (en // ========== Data Collection Endpoint (DCE) ========== // // Required for Azure Monitor Private Link - provides private ingestion and configuration endpoints // Per: https://learn.microsoft.com/en-us/azure/azure-monitor/fundamentals/private-link-configure -module dataCollectionEndpoint 'br/public:avm/res/insights/data-collection-endpoint:0.5.0' = if (enablePrivateNetworking && enableMonitoring) { +module dataCollectionEndpoint 'br/public:avm/res/insights/data-collection-endpoint:0.5.1' = if (enablePrivateNetworking && enableMonitoring) { name: take('avm.res.insights.data-collection-endpoint.${solutionSuffix}', 64) params: { name: 'dce-${solutionSuffix}' - location: location + location: dataCollectionRulesLocation kind: 'Windows' publicNetworkAccess: 'Disabled' tags: allTags @@ -366,7 +361,7 @@ var dnsZoneIndex = { // - Excludes AI-related zones when using with an existing Foundry project // =================================================== @batchSize(5) -module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.8.0' = [ +module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.8.1' = [ for (zone, i) in privateDnsZones: if (enablePrivateNetworking) { name: take('avm.res.network.private-dns-zone.${split(zone, '.')[1]}.${solutionSuffix}', 64) params: { @@ -388,7 +383,7 @@ module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.8.0' = [ // Step 2: Connect Azure Monitor resources (LAW, Application Insights, DCE) to the AMPLS // Step 3: Connect AMPLS to a private endpoint with required DNS zones // Per: https://learn.microsoft.com/en-us/azure/azure-monitor/fundamentals/private-link-configure -module azureMonitorPrivateLinkScope 'br/public:avm/res/insights/private-link-scope:0.6.0' = if (enablePrivateNetworking) { +module azureMonitorPrivateLinkScope 'br/public:avm/res/insights/private-link-scope:0.7.2' = if (enablePrivateNetworking) { name: take('avm.res.insights.private-link-scope.${solutionSuffix}', 64) #disable-next-line no-unnecessary-dependson dependsOn: [logAnalyticsWorkspace, applicationInsights, dataCollectionEndpoint, virtualNetwork] @@ -455,7 +450,7 @@ module azureMonitorPrivateLinkScope 'br/public:avm/res/insights/private-link-sco // Azure Bastion Host var bastionHostName = 'bas-${solutionSuffix}' -module bastionHost 'br/public:avm/res/network/bastion-host:0.8.0' = if (enablePrivateNetworking) { +module bastionHost 'br/public:avm/res/network/bastion-host:0.8.2' = if (enablePrivateNetworking) { name: take('avm.res.network.bastion-host.${bastionHostName}', 64) params: { name: bastionHostName @@ -478,14 +473,14 @@ module bastionHost 'br/public:avm/res/network/bastion-host:0.8.0' = if (enablePr enableTelemetry: enableTelemetry publicIPAddressObject: { name: 'pip-${bastionHostName}' - zones: [] + availabilityZones: [] } } } // ========== Jumpbox Virtual machine ========== // var maintenanceConfigurationResourceName = 'mc-${solutionSuffix}' -module maintenanceConfiguration 'br/public:avm/res/maintenance/maintenance-configuration:0.3.2' = if (enablePrivateNetworking) { +module maintenanceConfiguration 'br/public:avm/res/maintenance/maintenance-configuration:0.4.0' = if (enablePrivateNetworking) { name: take('avm.res.compute.virtual-machine.${maintenanceConfigurationResourceName}', 64) params: { name: maintenanceConfigurationResourceName @@ -525,7 +520,7 @@ var dataCollectionRulesResourceName = 'dcr-${solutionSuffix}' var dataCollectionRulesLocation = useExistingLogAnalytics ? existingLogAnalyticsWorkspace!.location : logAnalyticsWorkspace!.outputs.location -module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-rule:0.8.0' = if (enablePrivateNetworking && enableMonitoring) { +module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-rule:0.11.0' = if (enablePrivateNetworking && enableMonitoring) { name: take('avm.res.insights.data-collection-rule.${dataCollectionRulesResourceName}', 64) params: { name: dataCollectionRulesResourceName @@ -630,7 +625,7 @@ module proximityPlacementGroup 'br/public:avm/res/compute/proximity-placement-gr var virtualMachineResourceName = take('vm-${solutionSuffix}', 15) -module virtualMachine 'br/public:avm/res/compute/virtual-machine:0.20.0' = if (enablePrivateNetworking) { +module virtualMachine 'br/public:avm/res/compute/virtual-machine:0.22.0' = if (enablePrivateNetworking) { name: take('avm.res.compute.virtual-machine.${virtualMachineResourceName}', 64) params: { name: virtualMachineResourceName @@ -639,7 +634,7 @@ module virtualMachine 'br/public:avm/res/compute/virtual-machine:0.20.0' = if (e enableTelemetry: enableTelemetry computerName: take(virtualMachineResourceName, 15) osType: 'Windows' - vmSize: !empty(vmSize) ? vmSize : 'Standard_D2s_v5' + vmSize: !empty(vmSize) ? vmSize! : 'Standard_D2s_v5' adminUsername: !empty(vmAdminUsername) ? vmAdminUsername : 'JumpboxAdminUser' adminPassword: !empty(vmAdminPassword) ? vmAdminPassword : 'JumpboxAdminP@ssw0rd1234!' managedIdentities: { @@ -647,10 +642,10 @@ module virtualMachine 'br/public:avm/res/compute/virtual-machine:0.20.0' = if (e } patchMode: 'AutomaticByPlatform' bypassPlatformSafetyChecksOnUserSchedule: true - maintenanceConfigurationResourceId: maintenanceConfiguration.outputs.resourceId + maintenanceConfigurationResourceId: maintenanceConfiguration!.outputs.resourceId enableAutomaticUpdates: true encryptionAtHost: false - proximityPlacementGroupResourceId: proximityPlacementGroup.outputs.resourceId + proximityPlacementGroupResourceId: proximityPlacementGroup!.outputs.resourceId availabilityZone: enableRedundancy ? 1 : -1 imageReference: { publisher: 'microsoft-dsvm' @@ -716,7 +711,7 @@ module virtualMachine 'br/public:avm/res/compute/virtual-machine:0.20.0' = if (e ? { dataCollectionRuleAssociations: [ { - dataCollectionRuleResourceId: windowsVmDataCollectionRules.outputs.resourceId + dataCollectionRuleResourceId: windowsVmDataCollectionRules!.outputs.resourceId name: 'send-${logAnalyticsWorkspaceName}' } ] @@ -747,11 +742,9 @@ module aiServices 'modules/ai-foundry/aifoundry.bicep' = { privateNetworking: null // Private endpoint is handled by the standalone aiFoundryPrivateEndpoint module existingFoundryProjectResourceId: existingFoundryProjectResourceId disableLocalAuth: true //Should be set to true for WAF aligned configuration - customSubDomainName: 'aif-${solutionSuffix}' apiProperties: { //staticsEnabled: false } - allowProjectManagement: true managedIdentities: { systemAssigned: true } @@ -786,7 +779,7 @@ module aiServices 'modules/ai-foundry/aifoundry.bicep' = { var aiFoundryAiServicesResourceName = 'aif-${solutionSuffix}' var useExistingAiFoundryAiProject = !empty(existingFoundryProjectResourceId) -module aiFoundryPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.8.1' = if (enablePrivateNetworking && !useExistingAiFoundryAiProject) { +module aiFoundryPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.12.0' = if (enablePrivateNetworking && !useExistingAiFoundryAiProject) { name: take('pep-${aiFoundryAiServicesResourceName}-deployment', 64) params: { name: 'pep-${aiFoundryAiServicesResourceName}' @@ -914,7 +907,7 @@ module cosmosDb 'modules/cosmosDb.bicep' = { var containerAppsEnvironmentName = 'cae-${solutionSuffix}' -module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.11.3' = { +module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.13.1' = { name: take('avm.res.app.managed-environment.${solutionSuffix}', 64) #disable-next-line no-unnecessary-dependson dependsOn: [applicationInsights, logAnalyticsWorkspace, virtualNetwork] // required due to optional flags that could change dependency @@ -930,16 +923,17 @@ module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.11. appIdentity.outputs.resourceId ] } - appInsightsConnectionString: enableMonitoring ? applicationInsights.outputs.connectionString : null + appInsightsConnectionString: enableMonitoring ? applicationInsights!.outputs.connectionString : null appLogsConfiguration: enableMonitoring ? { destination: 'log-analytics' + logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId logAnalyticsConfiguration: { - customerId: LogAnalyticsWorkspaceId - sharedKey: LogAnalyticsPrimarySharedKey + customerId: useExistingLogAnalytics ? existingLogAnalyticsWorkspace!.properties.customerId : logAnalyticsWorkspace!.outputs.logAnalyticsWorkspaceId + sharedKey: useExistingLogAnalytics ? existingLogAnalyticsWorkspace!.listKeys().primarySharedKey : logAnalyticsWorkspace.outputs.primarySharedKey } } - : {} + : null workloadProfiles: enablePrivateNetworking ? [ // NOTE: workload profiles are required for private networking @@ -954,7 +948,7 @@ module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.11. } } -module containerAppBackend 'br/public:avm/res/app/container-app:0.19.0' = { +module containerAppBackend 'br/public:avm/res/app/container-app:0.22.0' = { name: take('avm.res.app.container-app.backend.${solutionSuffix}', 64) #disable-next-line no-unnecessary-dependson dependsOn: [applicationInsights] // required due to optional flags that could change dependency @@ -1083,11 +1077,11 @@ module containerAppBackend 'br/public:avm/res/app/container-app:0.19.0' = { ? [ { name: 'APPLICATIONINSIGHTS_INSTRUMENTATION_KEY' - value: applicationInsights.outputs.instrumentationKey + value: applicationInsights!.outputs.instrumentationKey } { name: 'APPLICATIONINSIGHTS_CONNECTION_STRING' - value: applicationInsights.outputs.connectionString + value: applicationInsights!.outputs.connectionString } ] : [] @@ -1135,7 +1129,7 @@ module containerAppBackend 'br/public:avm/res/app/container-app:0.19.0' = { } } -module containerAppFrontend 'br/public:avm/res/app/container-app:0.19.0' = { +module containerAppFrontend 'br/public:avm/res/app/container-app:0.22.0' = { name: take('avm.res.app.container-app.frontend.${solutionSuffix}', 64) params: { name: take('ca-frontend-${solutionSuffix}', 32) @@ -1194,7 +1188,7 @@ output resourceGroupName string = resourceGroup().name output WEB_APP_URL string = 'https://${containerAppFrontend.outputs.fqdn}' output COSMOSDB_ENDPOINT string = cosmosDb.outputs.endpoint output AZURE_BLOB_ACCOUNT_NAME string = storageAccount.outputs.name -output AZURE_BLOB_ENDPOINT string = 'https://${storageAccount.outputs.name}.blob.core.windows.net/' +output AZURE_BLOB_ENDPOINT string = 'https://${storageAccount.outputs.name}.blob.${environment().suffixes.storage}/' output AZURE_AI_AGENT_PROJECT_NAME string = aiServices.outputs.aiProjectInfo.name output AZURE_AI_AGENT_ENDPOINT string = aiServices.outputs.aiProjectInfo.apiEndpoint output AZURE_AI_AGENT_PROJECT_CONNECTION_STRING string = aiServices.outputs.aiProjectInfo.apiEndpoint @@ -1208,7 +1202,7 @@ output COSMOSDB_DATABASE string = cosmosDb.outputs.databaseName output COSMOSDB_BATCH_CONTAINER string = cosmosDb.outputs.containerNames.batch output COSMOSDB_FILE_CONTAINER string = cosmosDb.outputs.containerNames.file output COSMOSDB_LOG_CONTAINER string = cosmosDb.outputs.containerNames.log -output APPLICATIONINSIGHTS_CONNECTION_STRING string = enableMonitoring ? applicationInsights.outputs.connectionString : '' +output APPLICATIONINSIGHTS_CONNECTION_STRING string = enableMonitoring ? applicationInsights!.outputs.connectionString : '' output MIGRATOR_AGENT_MODEL_DEPLOY string = modelDeployment.name output PICKER_AGENT_MODEL_DEPLOY string = modelDeployment.name output FIXER_AGENT_MODEL_DEPLOY string = modelDeployment.name diff --git a/infra/main.json b/infra/main.json index 2eb52454..c2042a41 100644 --- a/infra/main.json +++ b/infra/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.40.2.10011", - "templateHash": "13589960712112840698" + "version": "0.42.1.51946", + "templateHash": "3984182123932774684" }, "name": "Modernize Your Code Solution Accelerator", "description": "CSA CTO Gold Standard Solution Accelerator for Modernize Your Code. \r\n" @@ -275,7 +275,7 @@ "resources": { "resourceGroupTags": { "type": "Microsoft.Resources/tags", - "apiVersion": "2021-04-01", + "apiVersion": "2025-04-01", "name": "default", "properties": { "tags": "[union(variables('existingTags'), variables('allTags'), createObject('TemplateName', 'Code Modernization', 'Type', if(parameters('enablePrivateNetworking'), 'WAF', 'Non-WAF'), 'CreatedBy', parameters('createdBy')))]" @@ -284,7 +284,7 @@ "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", + "apiVersion": "2025-04-01", "name": "[take(format('46d3xbcp.ptn.sa-modernizeyourcode.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4)), 64)]", "properties": { "mode": "Incremental", @@ -305,7 +305,7 @@ "condition": "[variables('useExistingLogAnalytics')]", "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2020-08-01", + "apiVersion": "2025-07-01", "subscriptionId": "[variables('existingLawSubscription')]", "resourceGroup": "[variables('existingLawResourceGroup')]", "name": "[variables('existingLawName')]" @@ -340,8 +340,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "4802029174070596736" + "version": "0.39.26.7824", + "templateHash": "7591858083424858339" }, "name": "User Assigned Identities", "description": "This module deploys a User Assigned Identity." @@ -553,6 +553,17 @@ "metadata": { "description": "Optional. Enable/Disable usage telemetry for module." } + }, + "isolationScope": { + "type": "string", + "nullable": true, + "allowedValues": [ + "None", + "Regional" + ], + "metadata": { + "description": "Optional. Enum to configure regional restrictions on identity assignment, as necessary. Allowed values: \"None\", \"Regional\"." + } } }, "variables": { @@ -578,7 +589,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.managedidentity-userassignedidentity.{0}.{1}', replace('0.4.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.managedidentity-userassignedidentity.{0}.{1}', replace('0.5.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -599,7 +610,8 @@ "apiVersion": "2024-11-30", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]" + "tags": "[parameters('tags')]", + "properties": "[if(not(equals(parameters('isolationScope'), null())), createObject('isolationScope', parameters('isolationScope')), createObject())]" }, "userAssignedIdentity_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", @@ -646,7 +658,7 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2025-04-01", - "name": "[format('{0}-UserMSI-FederatedIdentityCred-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-UserMSI-FederatedIdentityCred-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -675,8 +687,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "8235783049087377232" + "version": "0.39.26.7824", + "templateHash": "1387931959101373036" }, "name": "User Assigned Identity Federated Identity Credential", "description": "This module deploys a User Assigned Identity Federated Identity Credential." @@ -836,7 +848,7 @@ "enableTelemetry": { "value": "[parameters('enableTelemetry')]" }, - "dailyQuotaGb": "[if(parameters('enableRedundancy'), createObject('value', 10), createObject('value', null()))]", + "dailyQuotaGb": "[if(parameters('enableRedundancy'), createObject('value', '10'), createObject('value', null()))]", "replication": "[if(parameters('enableRedundancy'), createObject('value', createObject('enabled', true(), 'location', variables('replicaLocation'))), createObject('value', null()))]", "publicNetworkAccessForIngestion": "[if(parameters('enablePrivateNetworking'), createObject('value', 'Disabled'), createObject('value', 'Enabled'))]", "publicNetworkAccessForQuery": "[if(parameters('enablePrivateNetworking'), createObject('value', 'Disabled'), createObject('value', 'Enabled'))]", @@ -849,8 +861,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "1749032521457140145" + "version": "0.39.26.7824", + "templateHash": "14099489006827800075" }, "name": "Log Analytics Workspaces", "description": "This module deploys a Log Analytics Workspace." @@ -1041,21 +1053,21 @@ "name": { "type": "string", "metadata": { - "description": "Required. Name of the linked service." + "description": "Required. Name of the linked service. E.g., 'Automation' for an automation account, or 'Cluster' for a Log Analytics Cluster." } }, "resourceId": { "type": "string", "nullable": true, "metadata": { - "description": "Optional. The resource id of the resource that will be linked to the workspace. This should be used for linking resources which require read access." + "description": "Optional. The resource id of the resource that will be linked to the workspace. This should be used for linking resources which require read access (e.g., Automation Accounts)." } }, "writeAccessResourceId": { "type": "string", "nullable": true, "metadata": { - "description": "Optional. The resource id of the resource that will be linked to the workspace. This should be used for linking resources which require write access." + "description": "Optional. The resource id of the resource that will be linked to the workspace. This should be used for linking resources which require write access (e.g., Log Analytics Clusters)." } } }, @@ -1291,7 +1303,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.OperationalInsights/workspaces/dataSources@2025-02-01#properties/tags" + "source": "Microsoft.OperationalInsights/workspaces/dataSources@2025-07-01#properties/tags" }, "description": "Optional. Tags to configure in the resource." }, @@ -1343,15 +1355,19 @@ "retentionInDays": { "type": "int", "nullable": true, + "minValue": 4, + "maxValue": 730, "metadata": { - "description": "Optional. The retention in days for the table." + "description": "Optional. The retention in days for the table. Don't provide to use the default workspace retention." } }, "totalRetentionInDays": { "type": "int", "nullable": true, + "minValue": 4, + "maxValue": 2555, "metadata": { - "description": "Optional. The total retention in days for the table." + "description": "Optional. The total retention in days for the table. Don't provide use the default table retention." } }, "roleAssignments": { @@ -1544,12 +1560,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -1577,7 +1600,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -1684,7 +1707,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -1832,7 +1855,7 @@ "Standard" ], "metadata": { - "description": "Optional. The name of the SKU." + "description": "Optional. The name of the SKU. Must be 'LACluster' to be linked to a Log Analytics cluster." } }, "skuCapacityReservationLevel": { @@ -1941,11 +1964,17 @@ } }, "dailyQuotaGb": { - "type": "int", - "defaultValue": -1, - "minValue": -1, + "type": "string", + "defaultValue": "-1", "metadata": { - "description": "Optional. The workspace daily quota for ingestion." + "description": "Optional. The workspace daily quota for ingestion in GB. Supports decimal values. Example: '0.5' for 0.5 GB, '2' for 2 GB. Default is '-1' (no limit)." + } + }, + "defaultDataCollectionRuleResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The resource ID of the default Data Collection Rule to use for this workspace. Note: the default DCR is not applicable on workspace creation and the workspace must be listed as a destination in the DCR." } }, "publicNetworkAccessForIngestion": { @@ -1953,7 +1982,8 @@ "defaultValue": "Enabled", "allowedValues": [ "Enabled", - "Disabled" + "Disabled", + "SecuredByPerimeter" ], "metadata": { "description": "Optional. The network access type for accessing Log Analytics ingestion." @@ -1964,7 +1994,8 @@ "defaultValue": "Enabled", "allowedValues": [ "Enabled", - "Disabled" + "Disabled", + "SecuredByPerimeter" ], "metadata": { "description": "Optional. The network access type for accessing Log Analytics query." @@ -2029,7 +2060,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.OperationalInsights/workspaces@2025-02-01#properties/tags" + "source": "Microsoft.OperationalInsights/workspaces@2025-07-01#properties/tags" }, "description": "Optional. Tags of the resource." }, @@ -2073,7 +2104,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.operationalinsights-workspace.{0}.{1}', replace('0.12.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.operationalinsights-workspace.{0}.{1}', replace('0.15.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -2091,7 +2122,7 @@ }, "logAnalyticsWorkspace": { "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -2109,12 +2140,13 @@ }, "retentionInDays": "[parameters('dataRetention')]", "workspaceCapping": { - "dailyQuotaGb": "[parameters('dailyQuotaGb')]" + "dailyQuotaGb": "[json(parameters('dailyQuotaGb'))]" }, "publicNetworkAccessForIngestion": "[parameters('publicNetworkAccessForIngestion')]", "publicNetworkAccessForQuery": "[parameters('publicNetworkAccessForQuery')]", "forceCmkForQuery": "[parameters('forceCmkForQuery')]", - "replication": "[parameters('replication')]" + "replication": "[parameters('replication')]", + "defaultDataCollectionRuleResourceId": "[parameters('defaultDataCollectionRuleResourceId')]" }, "identity": "[variables('identity')]" }, @@ -2162,7 +2194,7 @@ "logAnalyticsWorkspace_sentinelOnboarding": { "condition": "[and(not(empty(filter(coalesce(parameters('gallerySolutions'), createArray()), lambda('item', startsWith(lambdaVariables('item').name, 'SecurityInsights'))))), parameters('onboardWorkspaceToSentinel'))]", "type": "Microsoft.SecurityInsights/onboardingStates", - "apiVersion": "2024-03-01", + "apiVersion": "2025-09-01", "scope": "[format('Microsoft.OperationalInsights/workspaces/{0}', parameters('name'))]", "name": "default", "properties": {}, @@ -2178,7 +2210,7 @@ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "logAnalyticsWorkspace" @@ -2212,8 +2244,8 @@ "count": "[length(coalesce(parameters('storageInsightsConfigs'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-StorageInsightsConfig-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-StorageInsightsConfig-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2240,8 +2272,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "1306323182548882150" + "version": "0.39.26.7824", + "templateHash": "140290971998938797" }, "name": "Log Analytics Workspace Storage Insight Configs", "description": "This module deploys a Log Analytics Workspace Storage Insight Config." @@ -2290,7 +2322,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.OperationalInsights/workspaces/storageInsightConfigs@2025-02-01#properties/tags" + "source": "Microsoft.OperationalInsights/workspaces/storageInsightConfigs@2025-07-01#properties/tags" }, "description": "Optional. Tags to configure in the resource." }, @@ -2301,18 +2333,18 @@ "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[last(split(parameters('storageAccountResourceId'), '/'))]" }, "workspace": { "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('logAnalyticsWorkspaceName')]" }, "storageinsightconfig": { "type": "Microsoft.OperationalInsights/workspaces/storageInsightConfigs", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), parameters('name'))]", "tags": "[parameters('tags')]", "properties": { @@ -2320,7 +2352,7 @@ "tables": "[parameters('tables')]", "storageAccount": { "id": "[parameters('storageAccountResourceId')]", - "key": "[listKeys('storageAccount', '2024-01-01').keys[0].value]" + "key": "[listKeys('storageAccount', '2025-06-01').keys[0].value]" } } } @@ -2360,8 +2392,8 @@ "count": "[length(coalesce(parameters('linkedServices'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-LinkedService-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-LinkedService-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2388,8 +2420,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "5230241501765697269" + "version": "0.39.26.7824", + "templateHash": "14482465616812596213" }, "name": "Log Analytics Workspace Linked Services", "description": "This module deploys a Log Analytics Workspace Linked Service." @@ -2425,7 +2457,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.OperationalInsights/workspaces/linkedServices@2025-02-01#properties/tags" + "source": "Microsoft.OperationalInsights/workspaces/linkedServices@2025-07-01#properties/tags" }, "description": "Optional. Tags to configure in the resource." }, @@ -2436,12 +2468,12 @@ "workspace": { "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('logAnalyticsWorkspaceName')]" }, "linkedService": { "type": "Microsoft.OperationalInsights/workspaces/linkedServices", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), parameters('name'))]", "tags": "[parameters('tags')]", "properties": { @@ -2485,8 +2517,8 @@ "count": "[length(coalesce(parameters('linkedStorageAccounts'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-LinkedStorageAccount-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-LinkedStorageAccount-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2510,8 +2542,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "10372135754202496594" + "version": "0.39.26.7824", + "templateHash": "14864721709229272590" }, "name": "Log Analytics Workspace Linked Storage Accounts", "description": "This module deploys a Log Analytics Workspace Linked Storage Account." @@ -2550,12 +2582,12 @@ "workspace": { "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('logAnalyticsWorkspaceName')]" }, "linkedStorageAccount": { "type": "Microsoft.OperationalInsights/workspaces/linkedStorageAccounts", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), parameters('name'))]", "properties": { "storageAccountIds": "[parameters('storageAccountIds')]" @@ -2597,8 +2629,8 @@ "count": "[length(coalesce(parameters('savedSearches'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-SavedSearch-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-SavedSearch-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2609,7 +2641,7 @@ "value": "[parameters('name')]" }, "name": { - "value": "[format('{0}{1}', coalesce(parameters('savedSearches'), createArray())[copyIndex()].name, uniqueString(deployment().name))]" + "value": "[format('{0}{1}', coalesce(parameters('savedSearches'), createArray())[copyIndex()].name, uniqueString(subscription().id, resourceGroup().id))]" }, "etag": { "value": "[tryGet(coalesce(parameters('savedSearches'), createArray())[copyIndex()], 'etag')]" @@ -2643,8 +2675,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "9015459905306126128" + "version": "0.39.26.7824", + "templateHash": "17904092372918022238" }, "name": "Log Analytics Workspace Saved Searches", "description": "This module deploys a Log Analytics Workspace Saved Search." @@ -2684,7 +2716,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.OperationalInsights/workspaces/savedSearches@2025-02-01#properties/properties/properties/tags" + "source": "Microsoft.OperationalInsights/workspaces/savedSearches@2025-07-01#properties/properties/properties/tags" }, "description": "Optional. Tags to configure in the resource." }, @@ -2723,12 +2755,12 @@ "workspace": { "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('logAnalyticsWorkspaceName')]" }, "savedSearch": { "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), parameters('name'))]", "properties": { "etag": "[parameters('etag')]", @@ -2778,8 +2810,8 @@ "count": "[length(coalesce(parameters('dataExports'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-DataExport-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-DataExport-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2809,8 +2841,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "8586520532175356447" + "version": "0.39.26.7824", + "templateHash": "17943947755417749524" }, "name": "Log Analytics Workspace Data Exports", "description": "This module deploys a Log Analytics Workspace Data Export." @@ -2892,12 +2924,12 @@ "workspace": { "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('workspaceName')]" }, "dataExport": { "type": "Microsoft.OperationalInsights/workspaces/dataExports", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[format('{0}/{1}', parameters('workspaceName'), parameters('name'))]", "properties": { "destination": "[parameters('destination')]", @@ -2941,8 +2973,8 @@ "count": "[length(coalesce(parameters('dataSources'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-DataSource-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-DataSource-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3002,8 +3034,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "8336916453932906250" + "version": "0.39.26.7824", + "templateHash": "15360290236166491819" }, "name": "Log Analytics Workspace Datasources", "description": "This module deploys a Log Analytics Workspace Data Source." @@ -3042,7 +3074,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.OperationalInsights/workspaces/dataSources@2025-02-01#properties/tags" + "source": "Microsoft.OperationalInsights/workspaces/dataSources@2025-07-01#properties/tags" }, "description": "Optional. Tags to configure in the resource." }, @@ -3130,12 +3162,12 @@ "workspace": { "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('logAnalyticsWorkspaceName')]" }, "dataSource": { "type": "Microsoft.OperationalInsights/workspaces/dataSources", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), parameters('name'))]", "kind": "[parameters('kind')]", "tags": "[parameters('tags')]", @@ -3189,8 +3221,8 @@ "count": "[length(coalesce(parameters('tables'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-Table-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-Table-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3232,8 +3264,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "315390662258960765" + "version": "0.39.26.7824", + "templateHash": "18383178824663161801" }, "name": "Log Analytics Workspace Tables", "description": "This module deploys a Log Analytics Workspace Table." @@ -3517,11 +3549,11 @@ }, "retentionInDays": { "type": "int", - "defaultValue": -1, - "minValue": -1, + "nullable": true, + "minValue": 4, "maxValue": 730, "metadata": { - "description": "Optional. The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention." + "description": "Optional. The table retention in days, between 4 and 730. Don't provide to use the default workspace retention." } }, "schema": { @@ -3540,11 +3572,11 @@ }, "totalRetentionInDays": { "type": "int", - "defaultValue": -1, - "minValue": -1, + "nullable": true, + "minValue": 4, "maxValue": 2555, "metadata": { - "description": "Optional. The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention." + "description": "Optional. The table total retention in days, between 4 and 2555. Don't provide use the default table retention." } }, "roleAssignments": { @@ -3582,20 +3614,20 @@ "workspace": { "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('workspaceName')]" }, "table": { "type": "Microsoft.OperationalInsights/workspaces/tables", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[format('{0}/{1}', parameters('workspaceName'), parameters('name'))]", "properties": { "plan": "[parameters('plan')]", "restoredLogs": "[parameters('restoredLogs')]", - "retentionInDays": "[parameters('retentionInDays')]", + "retentionInDays": "[coalesce(parameters('retentionInDays'), -1)]", "schema": "[parameters('schema')]", "searchResults": "[parameters('searchResults')]", - "totalRetentionInDays": "[parameters('totalRetentionInDays')]" + "totalRetentionInDays": "[coalesce(parameters('totalRetentionInDays'), -1)]" } }, "table_roleAssignments": { @@ -3657,8 +3689,8 @@ }, "condition": "[not(empty(parameters('gallerySolutions')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-Solution-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-Solution-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3873,7 +3905,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('logAnalyticsWorkspace', '2025-02-01', 'full').location]" + "value": "[reference('logAnalyticsWorkspace', '2025-07-01', 'full').location]" }, "systemAssignedMIPrincipalId": { "type": "string", @@ -3881,21 +3913,21 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('logAnalyticsWorkspace', '2025-02-01', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('logAnalyticsWorkspace', '2025-07-01', 'full'), 'identity'), 'principalId')]" }, "primarySharedKey": { "type": "securestring", "metadata": { "description": "The primary shared key of the log analytics workspace." }, - "value": "[listKeys('logAnalyticsWorkspace', '2025-02-01').primarySharedKey]" + "value": "[listKeys('logAnalyticsWorkspace', '2025-07-01').primarySharedKey]" }, "secondarySharedKey": { "type": "securestring", "metadata": { "description": "The secondary shared key of the log analytics workspace." }, - "value": "[listKeys('logAnalyticsWorkspace', '2025-02-01').secondarySharedKey]" + "value": "[listKeys('logAnalyticsWorkspace', '2025-07-01').secondarySharedKey]" } } } @@ -3947,8 +3979,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "13842668180838264807" + "version": "0.39.26.7824", + "templateHash": "17358780145253914698" }, "name": "Application Insights", "description": "This component deploys an Application Insights instance." @@ -4358,7 +4390,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/components@2020-10-01#properties/tags" + "source": "Microsoft.Insights/components@2020-02-02#properties/tags" }, "description": "Optional. Tags of the resource." }, @@ -4407,7 +4439,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.insights-component.{0}.{1}', replace('0.7.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.insights-component.{0}.{1}', replace('0.7.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -4547,8 +4579,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "9567302051678045750" + "version": "0.39.26.7824", + "templateHash": "5059808225314360251" }, "name": "Application Insights Linked Storage Account", "description": "This component deploys an Application Insights Linked Storage Account." @@ -4678,9 +4710,7 @@ "name": { "value": "[format('dce-{0}', variables('solutionSuffix'))]" }, - "location": { - "value": "[parameters('location')]" - }, + "location": "[if(variables('useExistingLogAnalytics'), createObject('value', reference('existingLogAnalyticsWorkspace', '2025-07-01', 'full').location), createObject('value', reference('logAnalyticsWorkspace').outputs.location.value))]", "kind": { "value": "Windows" }, @@ -4701,12 +4731,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "2803753346410103560" + "version": "0.38.33.27573", + "templateHash": "13839755435418109557" }, "name": "Data Collection Endpoints", - "description": "This module deploys a Data Collection Endpoint.", - "owner": "Azure/module-maintainers" + "description": "This module deploys a Data Collection Endpoint." }, "definitions": { "lockType": { @@ -4730,12 +4759,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.3.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" } } }, @@ -4885,10 +4921,13 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Insights/dataCollectionEndpoints@2023-03-11#properties/tags" + }, "description": "Optional. Resource tags." - } + }, + "nullable": true } }, "variables": { @@ -4912,7 +4951,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.insights-datacollectionendpoint.{0}.{1}', replace('0.5.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.insights-datacollectionendpoint.{0}.{1}', replace('0.5.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -4950,7 +4989,7 @@ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "dataCollectionEndpoint" @@ -5010,7 +5049,11 @@ } } } - } + }, + "dependsOn": [ + "existingLogAnalyticsWorkspace", + "logAnalyticsWorkspace" + ] }, "virtualNetwork": { "condition": "[parameters('enablePrivateNetworking')]", @@ -5052,8 +5095,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.40.2.10011", - "templateHash": "4892991135758906801" + "version": "0.42.1.51946", + "templateHash": "15922750226218572834" } }, "definitions": { @@ -5477,8 +5520,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.5.1644", - "templateHash": "11959948740766233645" + "version": "0.41.2.15936", + "templateHash": "7311263652424030280" }, "name": "Network Security Groups", "description": "This module deploys a Network security Group (NSG)." @@ -5737,7 +5780,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if only logs are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -5774,7 +5817,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -5849,7 +5892,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -5916,7 +5959,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Network/networkSecurityGroups@2024-07-01#properties/tags" + "source": "Microsoft.Network/networkSecurityGroups@2025-05-01#properties/tags" }, "description": "Optional. Tags of the NSG resource." }, @@ -5952,7 +5995,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-networksecuritygroup.{0}.{1}', replace('0.5.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-networksecuritygroup.{0}.{1}', replace('0.5.3', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -5970,7 +6013,7 @@ }, "networkSecurityGroup": { "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2023-11-01", + "apiVersion": "2025-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -6008,7 +6051,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -6025,7 +6068,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -6057,7 +6100,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/networkSecurityGroups', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -6100,7 +6143,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('networkSecurityGroup', '2023-11-01', 'full').location]" + "value": "[reference('networkSecurityGroup', '2025-05-01', 'full').location]" } } } @@ -6168,8 +6211,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "2664911502866882749" + "version": "0.41.2.15936", + "templateHash": "11272001757446231867" }, "name": "Virtual Networks", "description": "This module deploys a Virtual Network (vNet)." @@ -6835,6 +6878,17 @@ "metadata": { "description": "Optional. Indicates if VM protection is enabled for all the subnets in the virtual network." } + }, + "enablePrivateEndpointVNetPolicies": { + "type": "string", + "defaultValue": "Disabled", + "allowedValues": [ + "Basic", + "Disabled" + ], + "metadata": { + "description": "Optional. Enables high scale private endpoints for the virtual network. This is necessary if the virtual network requires more than 1000 private endpoints or is peered to virtual networks with a total of more than 4000 private endpoints." + } } }, "variables": { @@ -6860,7 +6914,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-virtualnetwork.{0}.{1}', replace('0.7.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-virtualnetwork.{0}.{1}', replace('0.8.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -6890,14 +6944,15 @@ "enableDdosProtection": "[not(empty(parameters('ddosProtectionPlanResourceId')))]", "encryption": "[if(equals(parameters('vnetEncryption'), true()), createObject('enabled', parameters('vnetEncryption'), 'enforcement', parameters('vnetEncryptionEnforcement')), null())]", "flowTimeoutInMinutes": "[if(not(equals(parameters('flowTimeoutInMinutes'), 0)), parameters('flowTimeoutInMinutes'), null())]", - "enableVmProtection": "[parameters('enableVmProtection')]" + "enableVmProtection": "[parameters('enableVmProtection')]", + "privateEndpointVNetPolicies": "[parameters('enablePrivateEndpointVNetPolicies')]" } }, "virtualNetwork_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -6914,7 +6969,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -6955,7 +7010,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -6978,8 +7033,8 @@ "batchSize": 1 }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-subnet-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-subnet-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -7048,8 +7103,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "4996741504223307485" + "version": "0.41.2.15936", + "templateHash": "13992200806189615656" }, "name": "Virtual Network Subnets", "description": "This module deploys a Virtual Network Subnet." @@ -7305,7 +7360,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-virtualnetworksubnet.{0}.{1}', replace('0.1.3', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.network-virtualnetworksubnet.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -7363,7 +7418,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/virtualNetworks/{0}/subnets/{1}', parameters('virtualNetworkName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -7435,8 +7490,8 @@ "count": "[length(coalesce(parameters('peerings'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-virtualNetworkPeering-local-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-virtualNetworkPeering-local-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -7474,8 +7529,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13145570087766698031" + "version": "0.41.2.15936", + "templateHash": "6939030350004475953" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering." @@ -7590,8 +7645,8 @@ }, "condition": "[coalesce(tryGet(coalesce(parameters('peerings'), createArray())[copyIndex()], 'remotePeeringEnabled'), false())]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-virtualNetworkPeering-remote-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-virtualNetworkPeering-remote-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "subscriptionId": "[split(coalesce(parameters('peerings'), createArray())[copyIndex()].remoteVirtualNetworkResourceId, '/')[2]]", "resourceGroup": "[split(coalesce(parameters('peerings'), createArray())[copyIndex()].remoteVirtualNetworkResourceId, '/')[4]]", "properties": { @@ -7631,8 +7686,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13145570087766698031" + "version": "0.41.2.15936", + "templateHash": "6939030350004475953" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering." @@ -7899,8 +7954,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "17921343070314002065" + "version": "0.41.2.15936", + "templateHash": "18337341331267624582" }, "name": "Private DNS Zones", "description": "This module deploys a Private DNS zone." @@ -8653,7 +8708,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-privatednszone.{0}.{1}', replace('0.8.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privatednszone.{0}.{1}', replace('0.8.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -8680,7 +8735,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -8697,7 +8752,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -8718,7 +8773,7 @@ "count": "[length(coalesce(parameters('a'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-ARecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -8755,8 +8810,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "12608084563401365743" + "version": "0.41.2.15936", + "templateHash": "7372385900111002873" }, "name": "Private DNS Zone A record", "description": "This module deploys a Private DNS Zone A record." @@ -8919,7 +8974,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszonea.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszonea.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -8958,7 +9013,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/A/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/A', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/A', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -9009,7 +9064,7 @@ "count": "[length(coalesce(parameters('aaaa'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-AAAARecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -9046,8 +9101,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "4881696097088567452" + "version": "0.41.2.15936", + "templateHash": "14405855828972373002" }, "name": "Private DNS Zone AAAA record", "description": "This module deploys a Private DNS Zone AAAA record." @@ -9210,7 +9265,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszoneaaaa.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszoneaaaa.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -9249,7 +9304,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/AAAA/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/AAAA', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/AAAA', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -9300,7 +9355,7 @@ "count": "[length(coalesce(parameters('cname'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-CNAMERecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -9337,8 +9392,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13307906270868460967" + "version": "0.41.2.15936", + "templateHash": "13818627461335065928" }, "name": "Private DNS Zone CNAME record", "description": "This module deploys a Private DNS Zone CNAME record." @@ -9501,7 +9556,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszonecname.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszonecname.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -9540,7 +9595,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/CNAME/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/CNAME', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/CNAME', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -9591,7 +9646,7 @@ "count": "[length(coalesce(parameters('mx'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-MXRecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -9628,8 +9683,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "7946896598573056688" + "version": "0.41.2.15936", + "templateHash": "2977624679479439942" }, "name": "Private DNS Zone MX record", "description": "This module deploys a Private DNS Zone MX record." @@ -9792,7 +9847,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszonemx.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszonemx.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -9831,7 +9886,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/MX/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/MX', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/MX', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -9882,7 +9937,7 @@ "count": "[length(coalesce(parameters('ptr'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-PTRRecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -9919,8 +9974,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "7627375510490151870" + "version": "0.41.2.15936", + "templateHash": "15286275176817336979" }, "name": "Private DNS Zone PTR record", "description": "This module deploys a Private DNS Zone PTR record." @@ -10083,7 +10138,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszoneptr.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszoneptr.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -10122,7 +10177,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/PTR/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/PTR', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/PTR', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -10173,7 +10228,7 @@ "count": "[length(coalesce(parameters('soa'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-SOARecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -10210,8 +10265,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "16709883266329935583" + "version": "0.41.2.15936", + "templateHash": "4837447718856535826" }, "name": "Private DNS Zone SOA record", "description": "This module deploys a Private DNS Zone SOA record." @@ -10374,7 +10429,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszonesoa.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszonesoa.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -10413,7 +10468,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/SOA/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/SOA', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/SOA', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -10464,7 +10519,7 @@ "count": "[length(coalesce(parameters('srv'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-SRVRecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -10501,8 +10556,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "8123422724272920495" + "version": "0.41.2.15936", + "templateHash": "15028912535488490265" }, "name": "Private DNS Zone SRV record", "description": "This module deploys a Private DNS Zone SRV record." @@ -10665,7 +10720,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszonesrv.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszonesrv.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -10704,7 +10759,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/SRV/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/SRV', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/SRV', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -10755,7 +10810,7 @@ "count": "[length(coalesce(parameters('txt'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-TXTRecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -10792,8 +10847,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "17170531000135004092" + "version": "0.41.2.15936", + "templateHash": "7641583415110009849" }, "name": "Private DNS Zone TXT record", "description": "This module deploys a Private DNS Zone TXT record." @@ -10956,7 +11011,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszonetxt.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszonetxt.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -10995,7 +11050,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/TXT/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/TXT', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/TXT', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -11046,7 +11101,7 @@ "count": "[length(coalesce(parameters('virtualNetworkLinks'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-VNetLink-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -11074,6 +11129,9 @@ }, "resolutionPolicy": { "value": "[tryGet(coalesce(parameters('virtualNetworkLinks'), createArray())[copyIndex()], 'resolutionPolicy')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -11083,13 +11141,20 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "517173107480898390" + "version": "0.41.2.15936", + "templateHash": "7392770862892927923" }, "name": "Private DNS Zone Virtual Network Link", "description": "This module deploys a Private DNS Zone Virtual Network Link." }, "parameters": { + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + }, "privateDnsZoneName": { "type": "string", "metadata": { @@ -11142,6 +11207,26 @@ } }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.nw-privdnszonevnetlink.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "privateDnsZone": { "existing": true, "type": "Microsoft.Network/privateDnsZones", @@ -11303,8 +11388,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "524476480902078754" + "version": "0.37.4.10188", + "templateHash": "16163163089833128804" }, "name": "Azure Monitor Private Link Scopes", "description": "This module deploys an Azure Monitor Private Link Scope." @@ -11463,6 +11548,43 @@ "description": "The access mode type." } }, + "_1.lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a lock.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + } + } + }, "_1.privateEndpointCustomDnsConfigType": { "type": "object", "properties": { @@ -11485,7 +11607,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -11527,7 +11649,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -11568,7 +11690,82 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + } + } + }, + "_1.roleAssignmentType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a role assignment.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -11593,12 +11790,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" } } }, @@ -11706,7 +11910,7 @@ } }, "lock": { - "$ref": "#/definitions/lockType", + "$ref": "#/definitions/_1.lockType", "nullable": true, "metadata": { "description": "Optional. Specify the type of lock." @@ -11715,7 +11919,7 @@ "roleAssignments": { "type": "array", "items": { - "$ref": "#/definitions/roleAssignmentType" + "$ref": "#/definitions/_1.roleAssignmentType" }, "nullable": true, "metadata": { @@ -11726,6 +11930,9 @@ "type": "object", "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2024-07-01#properties/tags" + }, "description": "Optional. Tags to be applied on all resources/Resource Groups in this deployment." } }, @@ -11740,7 +11947,7 @@ "metadata": { "description": "An AVM-aligned type for a private endpoint. To be used if the private endpoint's default service / groupId can be assumed (i.e., for services that only have one Private Endpoint type like 'vault' for key vault).", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -11902,6 +12109,7 @@ "input": "[union(coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')], createObject('roleDefinitionId', coalesce(tryGet(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName), if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName)))))]" } ], + "enableReferencedModulesTelemetry": false, "builtInRoleNames": { "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", @@ -11924,7 +12132,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.insights-privatelinkscope.{0}.{1}', replace('0.6.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.insights-privatelinkscope.{0}.{1}', replace('0.7.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -11958,7 +12166,7 @@ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "privateLinkScope" @@ -12016,8 +12224,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "18319290317274254807" + "version": "0.37.4.10188", + "templateHash": "6236743661973144147" }, "name": "Private Link Scope Scoped Resources", "description": "This module deploys a Private Link Scope Scoped Resource." @@ -12091,8 +12299,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-privateLinkScope-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", - "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), resourceGroup().id), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), resourceGroup().id), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -12108,7 +12316,7 @@ "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" }, "enableTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableTelemetry'), parameters('enableTelemetry'))]" + "value": "[variables('enableReferencedModulesTelemetry')]" }, "location": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" @@ -12895,11 +13103,11 @@ }, "dependsOn": [ "applicationInsights", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').monitor)]", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').oms)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').agentSvc)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').ods)]", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').agentSvc)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').monitor)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').oms)]", "dataCollectionEndpoint", "logAnalyticsWorkspace", "virtualNetwork" @@ -12951,7 +13159,7 @@ "publicIPAddressObject": { "value": { "name": "[format('pip-{0}', variables('bastionHostName'))]", - "zones": [] + "availabilityZones": [] } } }, @@ -12962,8 +13170,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "8154163068428418954" + "version": "0.39.26.7824", + "templateHash": "7741601918225805390" }, "name": "Bastion Hosts", "description": "This module deploys a Bastion Host." @@ -13157,7 +13365,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/public-ip-address:0.9.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/public-ip-address:0.10.0" } } }, @@ -13419,7 +13627,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/public-ip-address:0.9.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/public-ip-address:0.10.0" } } }, @@ -13441,7 +13649,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/public-ip-address:0.9.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/public-ip-address:0.10.0" } } }, @@ -13745,7 +13953,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-bastionhost.{0}.{1}', replace('0.8.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-bastionhost.{0}.{1}', replace('0.8.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -13763,7 +13971,7 @@ }, "azureBastion": { "type": "Microsoft.Network/bastionHosts", - "apiVersion": "2024-07-01", + "apiVersion": "2025-01-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[coalesce(parameters('tags'), createObject())]", @@ -13847,8 +14055,8 @@ "publicIPAddress": { "condition": "[and(and(empty(parameters('bastionSubnetPublicIpResourceId')), not(equals(parameters('skuName'), 'Developer'))), not(parameters('enablePrivateOnlyBastion')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-Bastion-PIP', uniqueString(deployment().name, parameters('location')))]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-Bastion-PIP', uniqueString(subscription().id, resourceGroup().id, parameters('location')))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -13914,8 +14122,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.177.2456", - "templateHash": "14921988046704902194" + "version": "0.39.26.7824", + "templateHash": "16564959277054027786" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address." @@ -14132,7 +14340,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -14157,12 +14365,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -14237,7 +14452,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } } @@ -14350,6 +14565,17 @@ "description": "Optional. The DDoS protection plan configuration associated with the public IP address." } }, + "deleteOption": { + "type": "string", + "nullable": true, + "allowedValues": [ + "Delete", + "Detach" + ], + "metadata": { + "description": "Optional. The delete option for the public IP address." + } + }, "location": { "type": "string", "defaultValue": "[resourceGroup().location]", @@ -14383,10 +14609,13 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/tags" + }, "description": "Optional. Tags of the resource." - } + }, + "nullable": true }, "diagnosticSettings": { "type": "array", @@ -14425,7 +14654,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-publicipaddress.{0}.{1}', replace('0.9.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-publicipaddress.{0}.{1}', replace('0.10.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -14443,7 +14672,7 @@ }, "publicIpAddress": { "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2024-05-01", + "apiVersion": "2025-01-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -14459,7 +14688,8 @@ "publicIPAllocationMethod": "[parameters('publicIPAllocationMethod')]", "publicIPPrefix": "[if(not(empty(parameters('publicIpPrefixResourceId'))), createObject('id', parameters('publicIpPrefixResourceId')), null())]", "idleTimeoutInMinutes": "[parameters('idleTimeoutInMinutes')]", - "ipTags": "[parameters('ipTags')]" + "ipTags": "[parameters('ipTags')]", + "deleteOption": "[parameters('deleteOption')]" } }, "publicIpAddress_lock": { @@ -14470,7 +14700,7 @@ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "publicIpAddress" @@ -14574,7 +14804,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('publicIpAddress', '2024-05-01', 'full').location]" + "value": "[reference('publicIpAddress', '2025-01-01', 'full').location]" } } } @@ -14608,7 +14838,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('azureBastion', '2024-07-01', 'full').location]" + "value": "[reference('azureBastion', '2025-01-01', 'full').location]" }, "ipConfAzureBastionSubnet": { "type": "object", @@ -14692,8 +14922,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "9651684292850651586" + "version": "0.41.2.15936", + "templateHash": "14895287194406877557" }, "name": "Maintenance Configurations", "description": "This module deploys a Maintenance Configuration." @@ -14732,7 +14962,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -14807,7 +15037,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -14852,18 +15082,13 @@ }, "maintenanceScope": { "type": "string", - "defaultValue": "Host", - "allowedValues": [ - "Host", - "OSImage", - "Extension", - "InGuestPatch", - "SQLDB", - "SQLManagedInstance" - ], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Maintenance/maintenanceConfigurations@2023-04-01#properties/properties/properties/maintenanceScope" + }, "description": "Optional. Gets or sets maintenanceScope of the configuration." - } + }, + "defaultValue": "Host" }, "maintenanceWindow": { "type": "object", @@ -14904,15 +15129,13 @@ }, "visibility": { "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "Custom", - "Public" - ], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Maintenance/maintenanceConfigurations@2023-04-01#properties/properties/properties/visibility" + }, "description": "Optional. Gets or sets the visibility of the configuration. The default value is 'Custom'." - } + }, + "nullable": true }, "installPatches": { "type": "object", @@ -14946,8 +15169,8 @@ "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.maintenance-maintenanceconfiguration.{0}.{1}', replace('0.3.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.maintenance-maintenanceconfiguration.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -14982,7 +15205,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Maintenance/maintenanceConfigurations/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Maintenance/maintenanceConfigurations', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -14999,7 +15222,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Maintenance/maintenanceConfigurations/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Maintenance/maintenanceConfigurations', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Maintenance/maintenanceConfigurations', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -15068,7 +15291,7 @@ "enableTelemetry": { "value": "[parameters('enableTelemetry')]" }, - "location": "[if(variables('useExistingLogAnalytics'), createObject('value', reference('existingLogAnalyticsWorkspace', '2020-08-01', 'full').location), createObject('value', reference('logAnalyticsWorkspace').outputs.location.value))]", + "location": "[if(variables('useExistingLogAnalytics'), createObject('value', reference('existingLogAnalyticsWorkspace', '2025-07-01', 'full').location), createObject('value', reference('logAnalyticsWorkspace').outputs.location.value))]", "dataCollectionRuleProperties": { "value": { "kind": "Windows", @@ -15160,8 +15383,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "8113567080988541838" + "version": "0.41.2.15936", + "templateHash": "2441324888126124697" }, "name": "Data Collection Rules", "description": "This module deploys a Data Collection Rule." @@ -15186,12 +15409,18 @@ }, "Direct": { "$ref": "#/definitions/directDcrPropertiesType" + }, + "WorkspaceTransforms": { + "$ref": "#/definitions/workspaceTransformsDcrPropertiesType" + }, + "PlatformTelemetry": { + "$ref": "#/definitions/platformTelemetryDcrPropertiesType" } } }, "metadata": { "__bicep_export!": true, - "description": "The type for data collection rule properties. Depending on the kind, the properties will be different." + "description": "Required. The type for data collection rule properties. Depending on the kind, the properties will be different." } }, "linuxDcrPropertiesType": { @@ -15203,14 +15432,14 @@ "Linux" ], "metadata": { - "description": "Required. The platform type specifies the type of resources this rule can apply to." + "description": "Required. The kind of the resource." } }, "dataSources": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/dataSources" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataSources" }, "description": "Required. Specification of data sources that will be collected." } @@ -15219,7 +15448,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/dataFlows" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataFlows" }, "description": "Required. The specification of data flows." } @@ -15228,7 +15457,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/destinations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations" }, "description": "Required. Specification of destinations that can be used in data flows." } @@ -15244,7 +15473,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/streamDeclarations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/streamDeclarations" }, "description": "Optional. Declaration of custom streams used in this rule." }, @@ -15271,14 +15500,14 @@ "Windows" ], "metadata": { - "description": "Required. The platform type specifies the type of resources this rule can apply to." + "description": "Required. The kind of the resource." } }, "dataSources": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/dataSources" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataSources" }, "description": "Required. Specification of data sources that will be collected." } @@ -15287,7 +15516,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/dataFlows" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataFlows" }, "description": "Required. The specification of data flows." } @@ -15296,7 +15525,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/destinations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations" }, "description": "Required. Specification of destinations that can be used in data flows." } @@ -15312,7 +15541,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/streamDeclarations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/streamDeclarations" }, "description": "Optional. Declaration of custom streams used in this rule." }, @@ -15339,14 +15568,14 @@ "All" ], "metadata": { - "description": "Required. The platform type specifies the type of resources this rule can apply to." + "description": "Required. The kind of the resource." } }, "dataSources": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/dataSources" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataSources" }, "description": "Required. Specification of data sources that will be collected." } @@ -15355,7 +15584,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/dataFlows" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataFlows" }, "description": "Required. The specification of data flows." } @@ -15364,7 +15593,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/destinations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations" }, "description": "Required. Specification of destinations that can be used in data flows." } @@ -15380,7 +15609,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/streamDeclarations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/streamDeclarations" }, "description": "Optional. Declaration of custom streams used in this rule." }, @@ -15407,7 +15636,7 @@ "AgentSettings" ], "metadata": { - "description": "Required. The platform type specifies the type of resources this rule can apply to." + "description": "Required. The kind of the resource." } }, "description": { @@ -15478,14 +15707,14 @@ "Direct" ], "metadata": { - "description": "Required. The platform type specifies the type of resources this rule can apply to." + "description": "Required. The kind of the resource." } }, "dataFlows": { "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/dataFlows" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataFlows" }, "description": "Required. The specification of data flows." } @@ -15494,7 +15723,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/destinations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations" }, "description": "Required. Specification of destinations that can be used in data flows." } @@ -15510,7 +15739,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/streamDeclarations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/streamDeclarations" }, "description": "Required. Declaration of custom streams used in this rule." } @@ -15527,6 +15756,136 @@ "description": "The type for the properties of the 'Direct' data collection rule." } }, + "workspaceTransformsDcrPropertiesType": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "allowedValues": [ + "WorkspaceTransforms" + ], + "metadata": { + "description": "Required. The kind of the resource." + } + }, + "dataFlows": { + "type": "array", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataFlows" + }, + "description": "Required. The specification of data flows. Should include a separate dataflow for each table that will have a transformation. Use a where clause in the query if only certain records should be transformed." + } + }, + "destinations": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations" + }, + "description": "Required. Specification of destinations that can be used in data flows. For WorkspaceTransforms, only one Log Analytics workspace destination is supported." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Description of the data collection rule." + } + } + }, + "metadata": { + "description": "The type for the properties of the 'WorkspaceTransforms' data collection rule." + } + }, + "platformTelemetryDcrPropertiesType": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "allowedValues": [ + "PlatformTelemetry" + ], + "metadata": { + "description": "Required. The kind of the resource." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Description of the data collection rule." + } + }, + "dataSources": { + "type": "object", + "properties": { + "platformTelemetry": { + "type": "array", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataSources/properties/platformTelemetry" + }, + "description": "Required. The list of platform telemetry configurations." + } + } + }, + "metadata": { + "description": "Required. Specification of data sources that will be collected." + } + }, + "destinations": { + "type": "object", + "properties": { + "logAnalytics": { + "type": "array", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations/properties/logAnalytics" + }, + "description": "Optional. The list of Log Analytics destinations." + }, + "nullable": true + }, + "storageAccounts": { + "type": "array", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations/properties/storageAccounts" + }, + "description": "Optional. The list of Storage Account destinations." + }, + "nullable": true + }, + "eventHubs": { + "type": "array", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations/properties/eventHubs" + }, + "description": "Optional. The list of Event Hub destinations." + }, + "nullable": true + } + }, + "metadata": { + "description": "Required. Specification of destinations. Choose a single destination type of either logAnalytics, storageAccounts, or eventHubs." + } + }, + "dataFlows": { + "type": "array", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataFlows" + }, + "description": "Required. The specification of data flows." + } + } + }, + "metadata": { + "description": "The type for the properties of the 'PlatformTelemetry' data collection rule." + } + }, "lockType": { "type": "object", "properties": { @@ -15560,7 +15919,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -15588,7 +15947,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -15663,7 +16022,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -15723,7 +16082,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/tags" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/tags" }, "description": "Optional. Resource tags." }, @@ -15747,15 +16106,15 @@ "Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" }, - "dataCollectionRulePropertiesUnion": "[union(createObject('description', tryGet(parameters('dataCollectionRuleProperties'), 'description')), if(or(or(equals(parameters('dataCollectionRuleProperties').kind, 'Linux'), equals(parameters('dataCollectionRuleProperties').kind, 'Windows')), equals(parameters('dataCollectionRuleProperties').kind, 'All')), createObject('dataSources', parameters('dataCollectionRuleProperties').dataSources), createObject()), if(or(or(or(equals(parameters('dataCollectionRuleProperties').kind, 'Linux'), equals(parameters('dataCollectionRuleProperties').kind, 'Windows')), equals(parameters('dataCollectionRuleProperties').kind, 'All')), equals(parameters('dataCollectionRuleProperties').kind, 'Direct')), createObject('dataFlows', parameters('dataCollectionRuleProperties').dataFlows, 'destinations', parameters('dataCollectionRuleProperties').destinations, 'dataCollectionEndpointId', tryGet(parameters('dataCollectionRuleProperties'), 'dataCollectionEndpointResourceId'), 'streamDeclarations', tryGet(parameters('dataCollectionRuleProperties'), 'streamDeclarations')), createObject()), if(equals(parameters('dataCollectionRuleProperties').kind, 'AgentSettings'), createObject('agentSettings', parameters('dataCollectionRuleProperties').agentSettings), createObject()))]", + "dataCollectionRulePropertiesUnion": "[union(createObject('description', tryGet(parameters('dataCollectionRuleProperties'), 'description')), if(contains(createArray('Linux', 'Windows', 'All', 'PlatformTelemetry'), parameters('dataCollectionRuleProperties').kind), createObject('dataSources', parameters('dataCollectionRuleProperties').dataSources), createObject()), if(contains(createArray('Linux', 'Windows', 'All', 'Direct', 'WorkspaceTransforms', 'PlatformTelemetry'), parameters('dataCollectionRuleProperties').kind), createObject('dataFlows', parameters('dataCollectionRuleProperties').dataFlows, 'destinations', parameters('dataCollectionRuleProperties').destinations), createObject()), if(contains(createArray('Linux', 'Windows', 'All', 'Direct', 'WorkspaceTransforms'), parameters('dataCollectionRuleProperties').kind), createObject('dataCollectionEndpointId', tryGet(parameters('dataCollectionRuleProperties'), 'dataCollectionEndpointResourceId'), 'streamDeclarations', tryGet(parameters('dataCollectionRuleProperties'), 'streamDeclarations')), createObject()), if(equals(parameters('dataCollectionRuleProperties').kind, 'AgentSettings'), createObject('agentSettings', parameters('dataCollectionRuleProperties').agentSettings), createObject()))]", "enableReferencedModulesTelemetry": false }, "resources": { "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.insights-datacollectionrule.{0}.{1}', replace('0.8.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.insights-datacollectionrule.{0}.{1}', replace('0.11.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -15774,7 +16133,7 @@ "dataCollectionRule": { "condition": "[not(equals(parameters('dataCollectionRuleProperties').kind, 'All'))]", "type": "Microsoft.Insights/dataCollectionRules", - "apiVersion": "2023-03-11", + "apiVersion": "2024-03-11", "name": "[parameters('name')]", "kind": "[parameters('dataCollectionRuleProperties').kind]", "location": "[parameters('location')]", @@ -15785,7 +16144,7 @@ "dataCollectionRuleAll": { "condition": "[equals(parameters('dataCollectionRuleProperties').kind, 'All')]", "type": "Microsoft.Insights/dataCollectionRules", - "apiVersion": "2023-03-11", + "apiVersion": "2024-03-11", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -15815,8 +16174,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "11414235132312545759" + "version": "0.41.2.15936", + "templateHash": "2876136109547890997" } }, "definitions": { @@ -15877,14 +16236,14 @@ "dataCollectionRule": { "existing": true, "type": "Microsoft.Insights/dataCollectionRules", - "apiVersion": "2023-03-11", + "apiVersion": "2024-03-11", "name": "[parameters('dataCollectionRuleName')]" }, "dataCollectionRule_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Insights/dataCollectionRules/{0}', parameters('dataCollectionRuleName'))]", + "scope": "[resourceId('Microsoft.Insights/dataCollectionRules', parameters('dataCollectionRuleName'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('dataCollectionRuleName')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -16185,7 +16544,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[if(equals(parameters('dataCollectionRuleProperties').kind, 'All'), reference('dataCollectionRuleAll', '2023-03-11', 'full').location, reference('dataCollectionRule', '2023-03-11', 'full').location)]" + "value": "[if(equals(parameters('dataCollectionRuleProperties').kind, 'All'), reference('dataCollectionRuleAll', '2024-03-11', 'full').location, reference('dataCollectionRule', '2024-03-11', 'full').location)]" }, "systemAssignedMIPrincipalId": { "type": "string", @@ -16193,13 +16552,13 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(equals(parameters('dataCollectionRuleProperties').kind, 'All'), tryGet(tryGet(if(equals(parameters('dataCollectionRuleProperties').kind, 'All'), reference('dataCollectionRuleAll', '2023-03-11', 'full'), null()), 'identity'), 'principalId'), tryGet(tryGet(if(not(equals(parameters('dataCollectionRuleProperties').kind, 'All')), reference('dataCollectionRule', '2023-03-11', 'full'), null()), 'identity'), 'principalId'))]" + "value": "[if(equals(parameters('dataCollectionRuleProperties').kind, 'All'), tryGet(tryGet(if(equals(parameters('dataCollectionRuleProperties').kind, 'All'), reference('dataCollectionRuleAll', '2024-03-11', 'full'), null()), 'identity'), 'principalId'), tryGet(tryGet(if(not(equals(parameters('dataCollectionRuleProperties').kind, 'All')), reference('dataCollectionRule', '2024-03-11', 'full'), null()), 'identity'), 'principalId'))]" }, "endpoints": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/endpoints", + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/endpoints", "output": true }, "description": "The endpoints of the dataCollectionRule, if created." @@ -16723,8 +17082,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "10754907249846822047" + "version": "0.41.2.15936", + "templateHash": "17174537341033050778" }, "name": "Virtual Machines", "description": "This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs." @@ -16827,6 +17186,13 @@ "metadata": { "description": "Optional. Specifies the customer managed disk encryption set resource id for the managed disk." } + }, + "resourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specifies the resource id of a pre-existing managed disk. If the disk should be created, this property should be empty." + } } }, "metadata": { @@ -16938,7 +17304,7 @@ "description": "Optional. Specifies the customer managed disk encryption set resource id for the managed disk." } }, - "id": { + "resourceId": { "type": "string", "nullable": true, "metadata": { @@ -16952,10 +17318,13 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Compute/disks@2025-01-02#properties/tags" + }, "description": "Optional. The tags of the public IP address. Valid only when creating a new managed disk." - } + }, + "nullable": true } }, "metadata": { @@ -17748,7 +18117,7 @@ "type": "object", "properties": { "backendAddressPool": { - "$ref": "#/definitions/subResourceType", + "$ref": "#/definitions/_1.subResourceType", "nullable": true, "metadata": { "description": "Optional. A reference to backendAddressPool resource." @@ -17776,7 +18145,7 @@ } }, "frontendIPConfiguration": { - "$ref": "#/definitions/subResourceType", + "$ref": "#/definitions/_1.subResourceType", "nullable": true, "metadata": { "description": "Optional. A reference to frontend IP addresses." @@ -17829,6 +18198,24 @@ } } }, + "_1.subResourceType": { + "type": "object", + "properties": { + "id": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the sub resource." + } + } + }, + "metadata": { + "description": "The type for the sub resource.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/network-interface:0.5.1" + } + } + }, "_1.virtualNetworkTapType": { "type": "object", "properties": { @@ -17967,7 +18354,241 @@ } } }, - "_3.publicIPConfigurationType": { + "_3.diagnosticSettingFullType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the diagnostic setting." + } + }, + "logCategoriesAndGroups": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here." + } + }, + "categoryGroup": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to `allLogs` to collect all logs." + } + }, + "enabled": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enable or disable the category explicitly. Default is `true`." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to `[]` to disable log collection." + } + }, + "metricCategories": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "metadata": { + "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to `AllMetrics` to collect all metrics." + } + }, + "enabled": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enable or disable the category explicitly. Default is `true`." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of metrics that will be streamed. \"allMetrics\" includes all possible metrics for the resource. Set to `[]` to disable metric collection." + } + }, + "logAnalyticsDestinationType": { + "type": "string", + "allowedValues": [ + "AzureDiagnostics", + "Dedicated" + ], + "nullable": true, + "metadata": { + "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type." + } + }, + "workspaceResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "storageAccountResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "eventHubAuthorizationRuleResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "eventHubName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "marketplacePartnerResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + } + } + }, + "_3.lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a lock.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + } + } + }, + "_3.roleAssignmentType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a role assignment.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + } + } + }, + "_4.publicIPConfigurationType": { "type": "object", "properties": { "name": { @@ -17987,7 +18608,7 @@ "diagnosticSettings": { "type": "array", "items": { - "$ref": "#/definitions/diagnosticSettingFullType" + "$ref": "#/definitions/_3.diagnosticSettingFullType" }, "nullable": true, "metadata": { @@ -18002,7 +18623,7 @@ } }, "lock": { - "$ref": "#/definitions/lockType", + "$ref": "#/definitions/_3.lockType", "nullable": true, "metadata": { "description": "Optional. The lock settings of the public IP address." @@ -18068,7 +18689,7 @@ "roleAssignments": { "type": "array", "items": { - "$ref": "#/definitions/roleAssignmentType" + "$ref": "#/definitions/_3.roleAssignmentType" }, "nullable": true, "metadata": { @@ -18262,7 +18883,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -18331,7 +18952,7 @@ } }, "gatewayLoadBalancer": { - "$ref": "#/definitions/subResourceType", + "$ref": "#/definitions/_1.subResourceType", "nullable": true, "metadata": { "description": "Optional. The gateway load balancer settings." @@ -18369,7 +18990,7 @@ } }, "pipConfiguration": { - "$ref": "#/definitions/_3.publicIPConfigurationType", + "$ref": "#/definitions/_4.publicIPConfigurationType", "nullable": true, "metadata": { "description": "Optional. The public IP address configuration." @@ -18378,7 +18999,7 @@ "diagnosticSettings": { "type": "array", "items": { - "$ref": "#/definitions/diagnosticSettingFullType" + "$ref": "#/definitions/_3.diagnosticSettingFullType" }, "nullable": true, "metadata": { @@ -18443,7 +19064,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -18471,7 +19092,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -18500,8 +19121,9 @@ } }, "metadata": { + "description": "The type for the network interface IP configuration output.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/network-interface:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/network-interface:0.5.3" } } }, @@ -18576,7 +19198,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -18594,7 +19216,7 @@ "metadata": { "description": "The type for the sub resource.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/network-interface:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/network-interface:0.5.3" } } } @@ -18628,15 +19250,13 @@ }, "securityType": { "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "ConfidentialVM", - "TrustedLaunch" - ], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Compute/virtualMachines@2025-04-01#properties/properties/properties/securityProfile/properties/securityType" + }, "description": "Optional. Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set." - } + }, + "nullable": true }, "secureBootEnabled": { "type": "bool", @@ -18653,10 +19273,14 @@ } }, "imageReference": { - "$ref": "#/definitions/imageReferenceType", + "type": "object", "metadata": { - "description": "Required. OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.Compute/virtualMachines@2025-04-01#properties/properties/properties/storageProfile/properties/imageReference" + }, + "description": "Conditional. OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. Required if not creating the VM from an existing os-disk via the `osDisk.managedDisk.resourceId` parameter." + }, + "nullable": true }, "plan": { "$ref": "#/definitions/planType", @@ -18697,15 +19321,16 @@ }, "adminUsername": { "type": "securestring", + "nullable": true, "metadata": { - "description": "Required. Administrator username." + "description": "Conditional. Administrator username. Required if no pre-existing OS-Disk is provided (osDisk.managedDisk.resourceId is not empty)." } }, "adminPassword": { "type": "securestring", "defaultValue": "", "metadata": { - "description": "Optional. When specifying a Windows Virtual Machine, this value should be passed." + "description": "Optional. When specifying a Windows Virtual Machine, and no pre-existing OS-Disk is provided (osDisk.managedDisk.resourceId is not empty), this value should be passed." } }, "userData": { @@ -19291,14 +19916,16 @@ "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", "VM Scanner Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd24ecba3-c1f4-40fa-a7bb-4588a071e8fd')]" - } + }, + "aadJoinSettings": "[coalesce(tryGet(parameters('extensionAadJoinConfig'), 'settings'), createObject())]", + "filteredAadJoinSettings": "[if(and(contains(variables('aadJoinSettings'), 'mdmId'), empty(variables('aadJoinSettings').mdmId)), reduce(items(variables('aadJoinSettings')), createObject(), lambda('cur', 'item', if(equals(lambdaVariables('item').key, 'mdmId'), lambdaVariables('cur'), union(lambdaVariables('cur'), createObject(format('{0}', lambdaVariables('item').key), lambdaVariables('item').value))))), variables('aadJoinSettings'))]" }, "resources": { "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.compute-virtualmachine.{0}.{1}', replace('0.20.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2024-07-01", + "name": "[format('46d3xbcp.res.compute-virtualmachine.{0}.{1}', replace('0.22.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -19319,25 +19946,25 @@ "name": "managedDataDisks", "count": "[length(coalesce(parameters('dataDisks'), createArray()))]" }, - "condition": "[empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()].managedDisk, 'id'))]", + "condition": "[and(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()].managedDisk, 'resourceId')), not(equals(coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'createOption'), 'Empty'), 'FromImage')))]", "type": "Microsoft.Compute/disks", - "apiVersion": "2024-03-02", + "apiVersion": "2025-01-02", "name": "[coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'name'), format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex(), 1), 2, '0')))]", "location": "[parameters('location')]", "sku": { "name": "[tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()].managedDisk, 'storageAccountType')]" }, "properties": { - "diskSizeGB": "[coalesce(parameters('dataDisks'), createArray())[copyIndex()].diskSizeGB]", + "diskSizeGB": "[tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'diskSizeGB')]", "creationData": { - "createOption": "[coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'createoption'), 'Empty')]" + "createOption": "[coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'createOption'), 'Empty')]" }, "diskIOPSReadWrite": "[tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'diskIOPSReadWrite')]", "diskMBpsReadWrite": "[tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'diskMBpsReadWrite')]", "publicNetworkAccess": "[parameters('publicNetworkAccess')]", "networkAccessPolicy": "[parameters('networkAccessPolicy')]" }, - "zones": "[if(and(not(equals(parameters('availabilityZone'), -1)), not(contains(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()].managedDisk, 'storageAccountType'), 'ZRS'))), array(string(parameters('availabilityZone'))), null())]", + "zones": "[if(and(not(equals(parameters('availabilityZone'), -1)), not(contains(coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()].managedDisk, 'storageAccountType'), ''), 'ZRS'))), array(string(parameters('availabilityZone'))), null())]", "tags": "[coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, "vm": { @@ -19361,30 +19988,28 @@ "count": "[length(coalesce(parameters('dataDisks'), createArray()))]", "input": { "lun": "[coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'lun'), copyIndex('dataDisks'))]", - "name": "[if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'id'))), last(split(coalesce(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk.id, ''), '/')), coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'name'), format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0'))))]", - "createOption": "[if(or(not(equals(if(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'id')), resourceId('Microsoft.Compute/disks', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'name'), format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0')))), null()), null())), not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'id')))), 'Attach', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'createoption'), 'Empty'))]", - "deleteOption": "[if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'id'))), 'Detach', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'deleteOption'), 'Delete'))]", - "caching": "[if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'id'))), 'None', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'caching'), 'ReadOnly'))]", - "managedDisk": { - "id": "[coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'id'), if(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'id')), resourceId('Microsoft.Compute/disks', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'name'), format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0')))), null()))]", - "diskEncryptionSet": "[if(contains(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'diskEncryptionSet'), createObject('id', coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk.diskEncryptionSet.id), null())]" - } + "name": "[if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'resourceId'))), last(split(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk.resourceId, '/')), coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'name'), format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0'))))]", + "createOption": "[if(equals(coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'createOption'), 'Empty'), 'FromImage'), 'FromImage', if(or(not(equals(if(and(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'resourceId')), not(equals(coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'createOption'), 'Empty'), 'FromImage'))), resourceId('Microsoft.Compute/disks', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'name'), format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0')))), null()), null())), not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'resourceId')))), 'Attach', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'createOption'), 'Empty')))]", + "deleteOption": "[if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'resourceId'))), 'Detach', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'deleteOption'), 'Delete'))]", + "caching": "[if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'resourceId'))), 'None', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'caching'), 'ReadOnly'))]", + "diskSizeGB": "[if(equals(coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'createOption'), 'Empty'), 'FromImage'), null(), tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'diskSizeGB'))]", + "managedDisk": "[if(equals(coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'createOption'), 'Empty'), 'FromImage'), createObject('storageAccountType', tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'storageAccountType'), 'diskEncryptionSet', if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'diskEncryptionSetResourceId'))), createObject('id', coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk.diskEncryptionSetResourceId), null())), createObject('id', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'resourceId'), if(and(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'resourceId')), not(equals(coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'createOption'), 'Empty'), 'FromImage'))), resourceId('Microsoft.Compute/disks', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'name'), format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0')))), null())), 'diskEncryptionSet', if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'diskEncryptionSetResourceId'))), createObject('id', coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk.diskEncryptionSetResourceId), null())))]" } } ], "imageReference": "[parameters('imageReference')]", "osDisk": { - "name": "[coalesce(tryGet(parameters('osDisk'), 'name'), format('{0}-disk-os-01', parameters('name')))]", - "createOption": "[coalesce(tryGet(parameters('osDisk'), 'createOption'), 'FromImage')]", - "deleteOption": "[coalesce(tryGet(parameters('osDisk'), 'deleteOption'), 'Delete')]", + "name": "[if(not(empty(tryGet(parameters('osDisk').managedDisk, 'resourceId'))), last(split(parameters('osDisk').managedDisk.resourceId, '/')), coalesce(tryGet(parameters('osDisk'), 'name'), format('{0}-disk-os-01', parameters('name'))))]", + "createOption": "[if(not(empty(tryGet(parameters('osDisk').managedDisk, 'resourceId'))), 'Attach', coalesce(tryGet(parameters('osDisk'), 'createOption'), 'FromImage'))]", + "osType": "[parameters('osType')]", + "deleteOption": "[if(not(empty(tryGet(parameters('osDisk').managedDisk, 'resourceId'))), 'Detach', coalesce(tryGet(parameters('osDisk'), 'deleteOption'), 'Delete'))]", "diffDiskSettings": "[if(empty(coalesce(tryGet(parameters('osDisk'), 'diffDiskSettings'), createObject())), null(), createObject('option', 'Local', 'placement', parameters('osDisk').diffDiskSettings.placement))]", "diskSizeGB": "[tryGet(parameters('osDisk'), 'diskSizeGB')]", - "caching": "[coalesce(tryGet(parameters('osDisk'), 'caching'), 'ReadOnly')]", + "caching": "[if(not(empty(tryGet(parameters('osDisk').managedDisk, 'resourceId'))), 'None', coalesce(tryGet(parameters('osDisk'), 'caching'), 'ReadOnly'))]", "managedDisk": { "storageAccountType": "[tryGet(parameters('osDisk').managedDisk, 'storageAccountType')]", - "diskEncryptionSet": { - "id": "[tryGet(parameters('osDisk').managedDisk, 'diskEncryptionSetResourceId')]" - } + "diskEncryptionSet": "[if(not(empty(tryGet(parameters('osDisk').managedDisk, 'diskEncryptionSetResourceId'))), createObject('id', tryGet(parameters('osDisk').managedDisk, 'diskEncryptionSetResourceId')), null())]", + "id": "[tryGet(parameters('osDisk').managedDisk, 'resourceId')]" } } }, @@ -19392,16 +20017,7 @@ "ultraSSDEnabled": "[parameters('ultraSSDEnabled')]", "hibernationEnabled": "[parameters('hibernationEnabled')]" }, - "osProfile": { - "computerName": "[parameters('computerName')]", - "adminUsername": "[parameters('adminUsername')]", - "adminPassword": "[parameters('adminPassword')]", - "customData": "[if(not(empty(parameters('customData'))), base64(parameters('customData')), null())]", - "windowsConfiguration": "[if(equals(parameters('osType'), 'Windows'), variables('windowsConfiguration'), null())]", - "linuxConfiguration": "[if(equals(parameters('osType'), 'Linux'), variables('linuxConfiguration'), null())]", - "secrets": "[parameters('certificatesToBeInstalled')]", - "allowExtensionOperations": "[parameters('allowExtensionOperations')]" - }, + "osProfile": "[if(empty(tryGet(parameters('osDisk').managedDisk, 'resourceId')), createObject('computerName', parameters('computerName'), 'adminUsername', parameters('adminUsername'), 'adminPassword', parameters('adminPassword'), 'customData', if(not(empty(parameters('customData'))), base64(parameters('customData')), null()), 'windowsConfiguration', if(equals(parameters('osType'), 'Windows'), variables('windowsConfiguration'), null()), 'linuxConfiguration', if(equals(parameters('osType'), 'Linux'), variables('linuxConfiguration'), null()), 'secrets', parameters('certificatesToBeInstalled'), 'allowExtensionOperations', parameters('allowExtensionOperations')), null())]", "networkProfile": { "copy": [ { @@ -19444,7 +20060,7 @@ "condition": "[not(empty(parameters('maintenanceConfigurationResourceId')))]", "type": "Microsoft.Maintenance/configurationAssignments", "apiVersion": "2023-04-01", - "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", "name": "[format('{0}assignment', parameters('name'))]", "location": "[parameters('location')]", "properties": { @@ -19459,7 +20075,7 @@ "condition": "[not(empty(parameters('configurationProfile')))]", "type": "Microsoft.Automanage/configurationProfileAssignments", "apiVersion": "2022-05-04", - "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", "name": "default", "properties": { "configurationProfile": "[parameters('configurationProfile')]" @@ -19474,6 +20090,7 @@ "apiVersion": "2018-09-15", "name": "[format('shutdown-computevm-{0}', parameters('name'))]", "location": "[parameters('location')]", + "tags": "[coalesce(tryGet(parameters('autoShutdownConfig'), 'tags'), parameters('tags'))]", "properties": { "status": "[coalesce(tryGet(parameters('autoShutdownConfig'), 'status'), 'Disabled')]", "targetResourceId": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", @@ -19495,8 +20112,8 @@ }, "condition": "[parameters('extensionMonitoringAgentConfig').enabled]", "type": "Microsoft.Insights/dataCollectionRuleAssociations", - "apiVersion": "2023-03-11", - "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "apiVersion": "2024-03-11", + "scope": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", "name": "[parameters('extensionMonitoringAgentConfig').dataCollectionRuleAssociations[copyIndex()].name]", "properties": { "dataCollectionRuleId": "[parameters('extensionMonitoringAgentConfig').dataCollectionRuleAssociations[copyIndex()].dataCollectionRuleResourceId]" @@ -19519,7 +20136,7 @@ "condition": "[not(empty(parameters('guestConfiguration')))]", "type": "Microsoft.GuestConfiguration/guestConfigurationAssignments", "apiVersion": "2024-04-05", - "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", "name": "[coalesce(tryGet(parameters('guestConfiguration'), 'name'), 'AzureWindowsBaseline')]", "location": "[parameters('location')]", "properties": { @@ -19534,7 +20151,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -19551,7 +20168,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -19572,7 +20189,7 @@ "count": "[length(parameters('nicConfigurations'))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-Nic-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -19625,8 +20242,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "774019590280042559" + "version": "0.41.2.15936", + "templateHash": "5982155361487304817" } }, "definitions": { @@ -20230,7 +20847,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -20434,7 +21051,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -20539,7 +21156,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -20691,7 +21308,7 @@ }, "condition": "[and(not(empty(tryGet(parameters('ipConfigurations')[copyIndex()], 'pipConfiguration'))), empty(tryGet(tryGet(parameters('ipConfigurations')[copyIndex()], 'pipConfiguration'), 'publicIPAddressResourceId')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-publicIP-{1}', deployment().name, copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -20758,106 +21375,13 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.177.2456", - "templateHash": "14921988046704902194" + "version": "0.39.26.7824", + "templateHash": "5349747633189946992" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address." }, "definitions": { - "dnsSettingsType": { - "type": "object", - "properties": { - "domainNameLabel": { - "type": "string", - "metadata": { - "description": "Required. The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system." - } - }, - "domainNameLabelScope": { - "type": "string", - "allowedValues": [ - "NoReuse", - "ResourceGroupReuse", - "SubscriptionReuse", - "TenantReuse" - ], - "nullable": true, - "metadata": { - "description": "Optional. The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN." - } - }, - "fqdn": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone." - } - }, - "reverseFqdn": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "ddosSettingsType": { - "type": "object", - "properties": { - "ddosProtectionPlan": { - "type": "object", - "properties": { - "id": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the DDOS protection plan associated with the public IP address." - } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. The DDoS protection plan associated with the public IP address." - } - }, - "protectionMode": { - "type": "string", - "allowedValues": [ - "Enabled" - ], - "metadata": { - "description": "Required. The DDoS protection policy customizations." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "ipTagType": { - "type": "object", - "properties": { - "ipTagType": { - "type": "string", - "metadata": { - "description": "Required. The IP tag type." - } - }, - "tag": { - "type": "string", - "metadata": { - "description": "Required. The IP tag." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, "diagnosticSettingFullType": { "type": "object", "properties": { @@ -20976,7 +21500,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -21001,12 +21525,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -21081,7 +21612,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } } @@ -21102,14 +21633,13 @@ }, "publicIPAllocationMethod": { "type": "string", - "defaultValue": "Static", - "allowedValues": [ - "Dynamic", - "Static" - ], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/properties/properties/publicIPAllocationMethod" + }, "description": "Optional. The public IP address allocation method." - } + }, + "defaultValue": "Static" }, "availabilityZones": { "type": "array", @@ -21132,31 +21662,33 @@ }, "publicIPAddressVersion": { "type": "string", - "defaultValue": "IPv4", - "allowedValues": [ - "IPv4", - "IPv6" - ], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/properties/properties/publicIPAddressVersion" + }, "description": "Optional. IP address version." - } + }, + "defaultValue": "IPv4" }, "dnsSettings": { - "$ref": "#/definitions/dnsSettingsType", - "nullable": true, + "type": "object", "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/properties/properties/dnsSettings" + }, "description": "Optional. The DNS settings of the public IP address." - } + }, + "nullable": true }, "ipTags": { "type": "array", - "items": { - "$ref": "#/definitions/ipTagType" - }, - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/properties/properties/ipTags" + }, "description": "Optional. The list of tags associated with the public IP address." - } + }, + "nullable": true }, "lock": { "$ref": "#/definitions/lockType", @@ -21167,32 +21699,43 @@ }, "skuName": { "type": "string", - "defaultValue": "Standard", - "allowedValues": [ - "Basic", - "Standard" - ], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/sku/properties/name" + }, "description": "Optional. Name of a public IP address SKU." - } + }, + "defaultValue": "Standard" }, "skuTier": { "type": "string", - "defaultValue": "Regional", - "allowedValues": [ - "Global", - "Regional" - ], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/sku/properties/tier" + }, "description": "Optional. Tier of a public IP address SKU." - } + }, + "defaultValue": "Regional" }, "ddosSettings": { - "$ref": "#/definitions/ddosSettingsType", - "nullable": true, + "type": "object", "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/properties/properties/ddosSettings" + }, "description": "Optional. The DDoS protection plan configuration associated with the public IP address." - } + }, + "nullable": true + }, + "deleteOption": { + "type": "string", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/properties/properties/deleteOption" + }, + "description": "Optional. The delete option for the public IP address." + }, + "nullable": true }, "location": { "type": "string", @@ -21227,10 +21770,13 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/tags" + }, "description": "Optional. Tags of the resource." - } + }, + "nullable": true }, "diagnosticSettings": { "type": "array", @@ -21269,7 +21815,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-publicipaddress.{0}.{1}', replace('0.9.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-publicipaddress.{0}.{1}', replace('0.12.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -21287,7 +21833,7 @@ }, "publicIpAddress": { "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2024-05-01", + "apiVersion": "2025-01-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -21303,7 +21849,8 @@ "publicIPAllocationMethod": "[parameters('publicIPAllocationMethod')]", "publicIPPrefix": "[if(not(empty(parameters('publicIpPrefixResourceId'))), createObject('id', parameters('publicIpPrefixResourceId')), null())]", "idleTimeoutInMinutes": "[parameters('idleTimeoutInMinutes')]", - "ipTags": "[parameters('ipTags')]" + "ipTags": "[parameters('ipTags')]", + "deleteOption": "[parameters('deleteOption')]" } }, "publicIpAddress_lock": { @@ -21314,7 +21861,7 @@ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "publicIpAddress" @@ -21418,7 +21965,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('publicIpAddress', '2024-05-01', 'full').location]" + "value": "[reference('publicIpAddress', '2025-01-01', 'full').location]" } } } @@ -21426,7 +21973,7 @@ }, "networkInterface": { "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-NetworkInterface', deployment().name)]", "properties": { "expressionEvaluationOptions": { @@ -21482,8 +22029,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.34.44.8038", - "templateHash": "10218370167882238860" + "version": "0.38.5.1644", + "templateHash": "272838238520810437" }, "name": "Network Interface", "description": "This module deploys a Network Interface." @@ -22054,12 +22601,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" } } }, @@ -22155,10 +22709,13 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/networkInterfaces@2024-07-01#properties/tags" + }, "description": "Optional. Resource tags." - } + }, + "nullable": true }, "enableTelemetry": { "type": "bool", @@ -22304,7 +22861,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-networkinterface.{0}.{1}', replace('0.5.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-networkinterface.{0}.{1}', replace('0.5.3', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -22369,7 +22926,7 @@ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "networkInterface" @@ -22509,7 +23066,7 @@ "vm_domainJoinExtension": { "condition": "[and(contains(parameters('extensionDomainJoinConfig'), 'enabled'), parameters('extensionDomainJoinConfig').enabled)]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-DomainJoin', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -22542,7 +23099,7 @@ "value": "[coalesce(tryGet(parameters('extensionDomainJoinConfig'), 'enableAutomaticUpgrade'), false())]" }, "settings": { - "value": "[parameters('extensionDomainJoinConfig').settings]" + "value": "[coalesce(tryGet(parameters('extensionDomainJoinConfig'), 'settings'), createObject('Name', tryGet(parameters('extensionDomainJoinConfig'), 'domainName'), 'OUPath', tryGet(parameters('extensionDomainJoinConfig'), 'ouPath'), 'User', tryGet(parameters('extensionDomainJoinConfig'), 'user'), 'Restart', tryGet(parameters('extensionDomainJoinConfig'), 'restart'), 'Options', tryGet(parameters('extensionDomainJoinConfig'), 'options')))]" }, "supressFailures": { "value": "[coalesce(tryGet(parameters('extensionDomainJoinConfig'), 'supressFailures'), false())]" @@ -22563,8 +23120,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -22745,7 +23302,7 @@ "vm_aadJoinExtension": { "condition": "[parameters('extensionAadJoinConfig').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-AADLogin', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -22775,9 +23332,7 @@ "enableAutomaticUpgrade": { "value": "[coalesce(tryGet(parameters('extensionAadJoinConfig'), 'enableAutomaticUpgrade'), false())]" }, - "settings": { - "value": "[coalesce(tryGet(parameters('extensionAadJoinConfig'), 'settings'), createObject())]" - }, + "settings": "[if(not(empty(variables('filteredAadJoinSettings'))), createObject('value', variables('filteredAadJoinSettings')), createObject('value', null()))]", "supressFailures": { "value": "[coalesce(tryGet(parameters('extensionAadJoinConfig'), 'supressFailures'), false())]" }, @@ -22792,8 +23347,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -22975,7 +23530,7 @@ "vm_microsoftAntiMalwareExtension": { "condition": "[parameters('extensionAntiMalwareConfig').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-MicrosoftAntiMalware', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -23024,8 +23579,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -23207,7 +23762,7 @@ "vm_azureMonitorAgentExtension": { "condition": "[parameters('extensionMonitoringAgentConfig').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-AzureMonitorAgent', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -23237,6 +23792,9 @@ "enableAutomaticUpgrade": { "value": "[coalesce(tryGet(parameters('extensionMonitoringAgentConfig'), 'enableAutomaticUpgrade'), false())]" }, + "settings": { + "value": "[coalesce(tryGet(parameters('extensionMonitoringAgentConfig'), 'settings'), createObject())]" + }, "supressFailures": { "value": "[coalesce(tryGet(parameters('extensionMonitoringAgentConfig'), 'supressFailures'), false())]" }, @@ -23251,8 +23809,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -23434,7 +23992,7 @@ "vm_dependencyAgentExtension": { "condition": "[parameters('extensionDependencyAgentConfig').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-DependencyAgent', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -23483,8 +24041,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -23666,7 +24224,7 @@ "vm_networkWatcherAgentExtension": { "condition": "[parameters('extensionNetworkWatcherAgentConfig').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-NetworkWatcherAgent', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -23710,8 +24268,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -23893,7 +24451,7 @@ "vm_desiredStateConfigurationExtension": { "condition": "[parameters('extensionDSCConfig').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-DesiredStateConfiguration', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -23945,8 +24503,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -24128,7 +24686,7 @@ "vm_customScriptExtension": { "condition": "[not(empty(parameters('extensionCustomScriptConfig')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-CustomScriptExtension', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -24185,8 +24743,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -24362,14 +24920,13 @@ }, "dependsOn": [ "cseIdentity", - "vm", - "vm_desiredStateConfigurationExtension" + "vm" ] }, "vm_azureDiskEncryptionExtension": { "condition": "[parameters('extensionAzureDiskEncryptionConfig').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-AzureDiskEncryption', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -24419,8 +24976,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -24602,7 +25159,7 @@ "vm_nvidiaGpuDriverWindowsExtension": { "condition": "[parameters('extensionNvidiaGpuDriverWindows').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-NvidiaGpuDriverWindows', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -24648,8 +25205,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -24831,7 +25388,7 @@ "vm_hostPoolRegistrationExtension": { "condition": "[parameters('extensionHostPoolRegistration').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-HostPoolRegistration', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -24869,12 +25426,20 @@ "configurationFunction": "[parameters('extensionHostPoolRegistration').configurationFunction]", "properties": { "hostPoolName": "[parameters('extensionHostPoolRegistration').hostPoolName]", - "registrationInfoToken": "[parameters('extensionHostPoolRegistration').registrationInfoToken]", "aadJoin": true - }, - "supressFailures": "[coalesce(tryGet(parameters('extensionHostPoolRegistration'), 'supressFailures'), false())]" + } } }, + "protectedSettings": { + "value": { + "properties": { + "registrationInfoToken": "[parameters('extensionHostPoolRegistration').registrationInfoToken]" + } + } + }, + "supressFailures": { + "value": "[coalesce(tryGet(parameters('extensionHostPoolRegistration'), 'supressFailures'), false())]" + }, "tags": { "value": "[coalesce(tryGet(parameters('extensionHostPoolRegistration'), 'tags'), parameters('tags'))]" } @@ -24886,8 +25451,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -25069,7 +25634,7 @@ "vm_azureGuestConfigurationExtension": { "condition": "[parameters('extensionGuestConfigurationExtension').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-GuestConfiguration', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -25120,8 +25685,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -25303,7 +25868,7 @@ "vm_backup": { "condition": "[not(empty(parameters('backupVaultName')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-Backup', uniqueString(deployment().name, parameters('location')))]", "resourceGroup": "[parameters('backupVaultResourceGroup')]", "properties": { @@ -25340,8 +25905,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13700395772485726477" + "version": "0.41.2.15936", + "templateHash": "17448691641471706096" }, "name": "Recovery Service Vaults Protection Container Protected Item", "description": "This module deploys a Recovery Services Vault Protection Container Protected Item." @@ -25554,15 +26119,9 @@ "disableLocalAuth": { "value": true }, - "customSubDomainName": { - "value": "[format('aif-{0}', variables('solutionSuffix'))]" - }, "apiProperties": { "value": {} }, - "allowProjectManagement": { - "value": true - }, "managedIdentities": { "value": { "systemAssigned": true @@ -25611,8 +26170,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.40.2.10011", - "templateHash": "665208465907096971" + "version": "0.42.1.51946", + "templateHash": "9292767591417947872" }, "name": "AI Services and Project Module", "description": "This module creates an AI Services resource and an AI Foundry project within it. It supports private networking, OpenAI deployments, and role assignments." @@ -25939,7 +26498,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -25981,7 +26540,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -26022,7 +26581,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -26051,7 +26610,7 @@ "metadata": { "description": "An AVM-aligned type for the output of the secret set via the secrets export feature.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -26117,7 +26676,7 @@ "metadata": { "description": "An AVM-aligned type for a customer-managed key. To be used if the resource type does not support auto-rotation of the customer-managed key.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -26239,7 +26798,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -26264,12 +26823,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -26297,7 +26863,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -26425,6 +26991,9 @@ "type": "object", "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2024-07-01#properties/tags" + }, "description": "Optional. Tags to be applied on all resources/Resource Groups in this deployment." } }, @@ -26439,7 +27008,7 @@ "metadata": { "description": "An AVM-aligned type for a private endpoint. To be used if the private endpoint's default service / groupId can be assumed (i.e., for services that only have one Private Endpoint type like 'vault' for key vault).", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -26514,7 +27083,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -26530,7 +27099,7 @@ "metadata": { "description": "A map of the exported secrets", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -26672,13 +27241,6 @@ "description": "Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set." } }, - "customSubDomainName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Conditional. Subdomain name used for token-based authentication. Required if 'networkAcls' or 'privateEndpoints' are set." - } - }, "networkAcls": { "type": "object", "nullable": true, @@ -26793,13 +27355,6 @@ "metadata": { "description": "Optional. Key vault reference and secret settings for the module's secrets export." } - }, - "allowProjectManagement": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Enable/Disable project management feature for AI Foundry." - } } }, "variables": { @@ -26824,7 +27379,7 @@ "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", + "apiVersion": "2025-04-01", "name": "[format('46d3xbcp.res.cognitiveservices-account.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", @@ -26845,7 +27400,7 @@ "condition": "[not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId')))]", "existing": true, "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2025-05-01", + "apiVersion": "2026-02-01", "subscriptionId": "[split(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '/')[2]]", "resourceGroup": "[split(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '/')[4]]", "name": "[last(split(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '/'))]" @@ -26862,7 +27417,7 @@ "cognitiveServiceNew": { "condition": "[not(variables('useExistingService'))]", "type": "Microsoft.CognitiveServices/accounts", - "apiVersion": "2025-07-01-preview", + "apiVersion": "2025-12-01", "name": "[parameters('name')]", "kind": "[parameters('kind')]", "identity": "[variables('identity')]", @@ -26896,7 +27451,7 @@ "condition": "[variables('useExistingService')]", "existing": true, "type": "Microsoft.CognitiveServices/accounts", - "apiVersion": "2025-04-01-preview", + "apiVersion": "2025-12-01", "subscriptionId": "[variables('existingCognitiveServiceDetails')[2]]", "resourceGroup": "[variables('existingCognitiveServiceDetails')[4]]", "name": "[variables('existingCognitiveServiceDetails')[8]]" @@ -26952,8 +27507,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.40.2.10011", - "templateHash": "7604365129625921085" + "version": "0.42.1.51946", + "templateHash": "17679330702241672588" } }, "definitions": { @@ -27194,7 +27749,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -27236,7 +27791,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -27277,7 +27832,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -27306,7 +27861,7 @@ "metadata": { "description": "An AVM-aligned type for the output of the secret set via the secrets export feature.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -27457,7 +28012,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -27482,12 +28037,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -27615,6 +28177,9 @@ "type": "object", "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2024-07-01#properties/tags" + }, "description": "Optional. Tags to be applied on all resources/Resource Groups in this deployment." } }, @@ -27629,7 +28194,7 @@ "metadata": { "description": "An AVM-aligned type for a private endpoint. To be used if the private endpoint's default service / groupId can be assumed (i.e., for services that only have one Private Endpoint type like 'vault' for key vault).", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -27704,7 +28269,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -27720,7 +28285,7 @@ "metadata": { "description": "A map of the exported secrets", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -27892,7 +28457,7 @@ "cognitiveService": { "existing": true, "type": "Microsoft.CognitiveServices/accounts", - "apiVersion": "2025-07-01-preview", + "apiVersion": "2025-12-01", "name": "[parameters('name')]" }, "cognitiveService_deployments": { @@ -27903,7 +28468,7 @@ "batchSize": 1 }, "type": "Microsoft.CognitiveServices/accounts/deployments", - "apiVersion": "2025-04-01-preview", + "apiVersion": "2026-03-01", "name": "[format('{0}/{1}', parameters('name'), coalesce(tryGet(coalesce(parameters('deployments'), createArray())[copyIndex()], 'name'), format('{0}-deployments', parameters('name'))))]", "properties": { "model": "[coalesce(parameters('deployments'), createArray())[copyIndex()].model]", @@ -28045,8 +28610,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.5.1644", - "templateHash": "16604612898799598358" + "version": "0.41.2.15936", + "templateHash": "18436885663402767850" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint." @@ -28110,7 +28675,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -28209,7 +28774,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -28248,12 +28813,22 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Network/privateEndpoints@2024-01-01#properties/properties/properties/ipConfigurations" + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipConfigurations" }, "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." }, "nullable": true }, + "ipVersionType": { + "type": "string", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipVersionType" + }, + "description": "Optional. Specifies the IP version type for the private IPs of the private endpoint. If not defined, this defaults to IPv4." + }, + "defaultValue": "IPv4" + }, "privateDnsZoneGroup": { "$ref": "#/definitions/privateDnsZoneGroupType", "nullable": true, @@ -28289,7 +28864,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Network/privateEndpoints@2024-01-01#properties/tags" + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/tags" }, "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." }, @@ -28299,7 +28874,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Network/privateEndpoints@2024-01-01#properties/properties/properties/customDnsConfigs" + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs" }, "description": "Optional. Custom DNS configurations." }, @@ -28309,7 +28884,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Network/privateEndpoints@2024-01-01#properties/properties/properties/manualPrivateLinkServiceConnections" + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/manualPrivateLinkServiceConnections" }, "description": "Conditional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource. Required if `privateLinkServiceConnections` is empty." }, @@ -28319,7 +28894,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Network/privateEndpoints@2024-01-01#properties/properties/properties/privateLinkServiceConnections" + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/privateLinkServiceConnections" }, "description": "Conditional. A grouping of information about the connection to the remote resource. Required if `manualPrivateLinkServiceConnections` is empty." }, @@ -28359,7 +28934,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2025-04-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.11.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.12.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -28377,7 +28952,7 @@ }, "privateEndpoint": { "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2024-10-01", + "apiVersion": "2025-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -28398,14 +28973,15 @@ "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", "subnet": { "id": "[parameters('subnetResourceId')]" - } + }, + "ipVersionType": "[parameters('ipVersionType')]" } }, "privateEndpoint_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -28422,7 +28998,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -28465,8 +29041,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.5.1644", - "templateHash": "24141742673128945" + "version": "0.41.2.15936", + "templateHash": "9935179114830442414" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group." @@ -28525,12 +29101,12 @@ "privateEndpoint": { "existing": true, "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2024-10-01", + "apiVersion": "2025-05-01", "name": "[parameters('privateEndpointName')]" }, "privateDnsZoneGroup": { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2024-10-01", + "apiVersion": "2025-05-01", "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", "properties": { "copy": [ @@ -28605,13 +29181,13 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('privateEndpoint', '2024-10-01', 'full').location]" + "value": "[reference('privateEndpoint', '2025-05-01', 'full').location]" }, "customDnsConfigs": { "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Network/privateEndpoints@2024-01-01#properties/properties/properties/customDnsConfigs", + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs", "output": true }, "description": "The custom DNS configurations of the private endpoint." @@ -28657,7 +29233,7 @@ "value": "[last(split(tryGet(parameters('secretsExportConfiguration'), 'keyVaultResourceId'), '/'))]" }, "secretsToSet": { - "value": "[union(createArray(), if(contains(parameters('secretsExportConfiguration'), 'accessKey1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey1Name'), 'value', listKeys('cognitiveService', '2025-07-01-preview').key1)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'accessKey2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey2Name'), 'value', listKeys('cognitiveService', '2025-07-01-preview').key2)), createArray()))]" + "value": "[union(createArray(), if(contains(parameters('secretsExportConfiguration'), 'accessKey1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey1Name'), 'value', listKeys('cognitiveService', '2025-12-01').key1)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'accessKey2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey2Name'), 'value', listKeys('cognitiveService', '2025-12-01').key2)), createArray()))]" } }, "template": { @@ -28667,8 +29243,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.40.2.10011", - "templateHash": "14939823368517410024" + "version": "0.42.1.51946", + "templateHash": "12801288885438838277" } }, "definitions": { @@ -28697,7 +29273,7 @@ "metadata": { "description": "An AVM-aligned type for the output of the secret set via the secrets export feature.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -28720,7 +29296,7 @@ "metadata": { "description": "An AVM-aligned type for the secret to set via the secrets export feature.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -28746,7 +29322,7 @@ "keyVault": { "existing": true, "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2025-05-01", + "apiVersion": "2026-02-01", "name": "[parameters('keyVaultName')]" }, "secrets": { @@ -28755,7 +29331,7 @@ "count": "[length(parameters('secretsToSet'))]" }, "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2025-05-01", + "apiVersion": "2026-02-01", "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('secretsToSet')[copyIndex()].name)]", "properties": { "value": "[parameters('secretsToSet')[copyIndex()].value]" @@ -28821,8 +29397,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.40.2.10011", - "templateHash": "13151306134286549002" + "version": "0.42.1.51946", + "templateHash": "6439859910553532577" } }, "definitions": { @@ -28905,13 +29481,13 @@ "cogServiceReference": { "existing": true, "type": "Microsoft.CognitiveServices/accounts", - "apiVersion": "2024-10-01", + "apiVersion": "2026-03-01", "name": "[parameters('aiServicesName')]" }, "aiProject": { "condition": "[not(variables('useExistingProject'))]", "type": "Microsoft.CognitiveServices/accounts/projects", - "apiVersion": "2025-07-01-preview", + "apiVersion": "2026-03-01", "name": "[format('{0}/{1}', parameters('aiServicesName'), parameters('name'))]", "tags": "[parameters('tags')]", "location": "[parameters('location')]", @@ -29039,8 +29615,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.40.2.10011", - "templateHash": "7604365129625921085" + "version": "0.42.1.51946", + "templateHash": "17679330702241672588" } }, "definitions": { @@ -29281,7 +29857,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -29323,7 +29899,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -29364,7 +29940,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -29393,7 +29969,7 @@ "metadata": { "description": "An AVM-aligned type for the output of the secret set via the secrets export feature.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -29544,7 +30120,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -29569,12 +30145,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -29702,6 +30285,9 @@ "type": "object", "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2024-07-01#properties/tags" + }, "description": "Optional. Tags to be applied on all resources/Resource Groups in this deployment." } }, @@ -29716,7 +30302,7 @@ "metadata": { "description": "An AVM-aligned type for a private endpoint. To be used if the private endpoint's default service / groupId can be assumed (i.e., for services that only have one Private Endpoint type like 'vault' for key vault).", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -29791,7 +30377,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -29807,7 +30393,7 @@ "metadata": { "description": "A map of the exported secrets", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -29979,7 +30565,7 @@ "cognitiveService": { "existing": true, "type": "Microsoft.CognitiveServices/accounts", - "apiVersion": "2025-07-01-preview", + "apiVersion": "2025-12-01", "name": "[parameters('name')]" }, "cognitiveService_deployments": { @@ -29990,7 +30576,7 @@ "batchSize": 1 }, "type": "Microsoft.CognitiveServices/accounts/deployments", - "apiVersion": "2025-04-01-preview", + "apiVersion": "2026-03-01", "name": "[format('{0}/{1}', parameters('name'), coalesce(tryGet(coalesce(parameters('deployments'), createArray())[copyIndex()], 'name'), format('{0}-deployments', parameters('name'))))]", "properties": { "model": "[coalesce(parameters('deployments'), createArray())[copyIndex()].model]", @@ -30132,8 +30718,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.5.1644", - "templateHash": "16604612898799598358" + "version": "0.41.2.15936", + "templateHash": "18436885663402767850" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint." @@ -30197,7 +30783,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -30296,7 +30882,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -30335,12 +30921,22 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Network/privateEndpoints@2024-01-01#properties/properties/properties/ipConfigurations" + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipConfigurations" }, "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." }, "nullable": true }, + "ipVersionType": { + "type": "string", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipVersionType" + }, + "description": "Optional. Specifies the IP version type for the private IPs of the private endpoint. If not defined, this defaults to IPv4." + }, + "defaultValue": "IPv4" + }, "privateDnsZoneGroup": { "$ref": "#/definitions/privateDnsZoneGroupType", "nullable": true, @@ -30376,7 +30972,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Network/privateEndpoints@2024-01-01#properties/tags" + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/tags" }, "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." }, @@ -30386,7 +30982,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Network/privateEndpoints@2024-01-01#properties/properties/properties/customDnsConfigs" + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs" }, "description": "Optional. Custom DNS configurations." }, @@ -30396,7 +30992,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Network/privateEndpoints@2024-01-01#properties/properties/properties/manualPrivateLinkServiceConnections" + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/manualPrivateLinkServiceConnections" }, "description": "Conditional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource. Required if `privateLinkServiceConnections` is empty." }, @@ -30406,7 +31002,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Network/privateEndpoints@2024-01-01#properties/properties/properties/privateLinkServiceConnections" + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/privateLinkServiceConnections" }, "description": "Conditional. A grouping of information about the connection to the remote resource. Required if `manualPrivateLinkServiceConnections` is empty." }, @@ -30446,7 +31042,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2025-04-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.11.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.12.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -30464,7 +31060,7 @@ }, "privateEndpoint": { "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2024-10-01", + "apiVersion": "2025-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -30485,14 +31081,15 @@ "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", "subnet": { "id": "[parameters('subnetResourceId')]" - } + }, + "ipVersionType": "[parameters('ipVersionType')]" } }, "privateEndpoint_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -30509,7 +31106,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -30552,8 +31149,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.5.1644", - "templateHash": "24141742673128945" + "version": "0.41.2.15936", + "templateHash": "9935179114830442414" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group." @@ -30612,12 +31209,12 @@ "privateEndpoint": { "existing": true, "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2024-10-01", + "apiVersion": "2025-05-01", "name": "[parameters('privateEndpointName')]" }, "privateDnsZoneGroup": { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2024-10-01", + "apiVersion": "2025-05-01", "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", "properties": { "copy": [ @@ -30692,13 +31289,13 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('privateEndpoint', '2024-10-01', 'full').location]" + "value": "[reference('privateEndpoint', '2025-05-01', 'full').location]" }, "customDnsConfigs": { "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Network/privateEndpoints@2024-01-01#properties/properties/properties/customDnsConfigs", + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs", "output": true }, "description": "The custom DNS configurations of the private endpoint." @@ -30744,7 +31341,7 @@ "value": "[last(split(tryGet(parameters('secretsExportConfiguration'), 'keyVaultResourceId'), '/'))]" }, "secretsToSet": { - "value": "[union(createArray(), if(contains(parameters('secretsExportConfiguration'), 'accessKey1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey1Name'), 'value', listKeys('cognitiveService', '2025-07-01-preview').key1)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'accessKey2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey2Name'), 'value', listKeys('cognitiveService', '2025-07-01-preview').key2)), createArray()))]" + "value": "[union(createArray(), if(contains(parameters('secretsExportConfiguration'), 'accessKey1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey1Name'), 'value', listKeys('cognitiveService', '2025-12-01').key1)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'accessKey2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey2Name'), 'value', listKeys('cognitiveService', '2025-12-01').key2)), createArray()))]" } }, "template": { @@ -30754,8 +31351,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.40.2.10011", - "templateHash": "14939823368517410024" + "version": "0.42.1.51946", + "templateHash": "12801288885438838277" } }, "definitions": { @@ -30784,7 +31381,7 @@ "metadata": { "description": "An AVM-aligned type for the output of the secret set via the secrets export feature.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -30807,7 +31404,7 @@ "metadata": { "description": "An AVM-aligned type for the secret to set via the secrets export feature.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -30833,7 +31430,7 @@ "keyVault": { "existing": true, "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2025-05-01", + "apiVersion": "2026-02-01", "name": "[parameters('keyVaultName')]" }, "secrets": { @@ -30842,7 +31439,7 @@ "count": "[length(parameters('secretsToSet'))]" }, "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2025-05-01", + "apiVersion": "2026-02-01", "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('secretsToSet')[copyIndex()].name)]", "properties": { "value": "[parameters('secretsToSet')[copyIndex()].value]" @@ -30908,8 +31505,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.40.2.10011", - "templateHash": "13151306134286549002" + "version": "0.42.1.51946", + "templateHash": "6439859910553532577" } }, "definitions": { @@ -30992,13 +31589,13 @@ "cogServiceReference": { "existing": true, "type": "Microsoft.CognitiveServices/accounts", - "apiVersion": "2024-10-01", + "apiVersion": "2026-03-01", "name": "[parameters('aiServicesName')]" }, "aiProject": { "condition": "[not(variables('useExistingProject'))]", "type": "Microsoft.CognitiveServices/accounts/projects", - "apiVersion": "2025-07-01-preview", + "apiVersion": "2026-03-01", "name": "[format('{0}/{1}', parameters('aiServicesName'), parameters('name'))]", "tags": "[parameters('tags')]", "location": "[parameters('location')]", @@ -31098,14 +31695,14 @@ "metadata": { "description": "The service endpoint of the cognitive services account." }, - "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting').endpoint, if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-04-01-preview', 'full'), reference('cognitiveServiceNew', '2025-07-01-preview', 'full')).properties.endpoint)]" + "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting').endpoint, reference('cognitiveServiceNew').endpoint)]" }, "endpoints": { "$ref": "#/definitions/endpointType", "metadata": { "description": "All endpoints available for the cognitive services account, types depends on the cognitive service kind." }, - "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting').endpoints, if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-04-01-preview', 'full'), reference('cognitiveServiceNew', '2025-07-01-preview', 'full')).properties.endpoints)]" + "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting').endpoints, reference('cognitiveServiceNew').endpoints)]" }, "systemAssignedMIPrincipalId": { "type": "string", @@ -31113,14 +31710,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-04-01-preview', 'full').identity.principalId, tryGet(tryGet(if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-04-01-preview', 'full'), reference('cognitiveServiceNew', '2025-07-01-preview', 'full')), 'identity'), 'principalId'))]" + "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-12-01', 'full').identity.principalId, tryGet(tryGet(if(not(variables('useExistingService')), reference('cognitiveServiceNew', '2025-12-01', 'full'), null()), 'identity'), 'principalId'))]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-04-01-preview', 'full').location, if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-04-01-preview', 'full'), reference('cognitiveServiceNew', '2025-07-01-preview', 'full')).location)]" + "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-12-01', 'full').location, reference('cognitiveServiceNew', '2025-12-01', 'full').location)]" }, "exportedSecrets": { "$ref": "#/definitions/secretsOutputType", @@ -31217,12 +31814,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "2541425927059591098" + "version": "0.41.2.15936", + "templateHash": "18436885663402767850" }, "name": "Private Endpoints", - "description": "This module deploys a Private Endpoint.", - "owner": "Azure/module-maintainers" + "description": "This module deploys a Private Endpoint." }, "definitions": { "privateDnsZoneGroupType": { @@ -31244,80 +31840,11 @@ "description": "Required. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." } } - } - }, - "roleAssignmentType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." - } - }, - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." - } - }, - "principalType": { - "type": "string", - "allowedValues": [ - "Device", - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." - } - }, - "conditionVersion": { - "type": "string", - "allowedValues": [ - "2.0" - ], - "nullable": true, - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Resource Id of the delegated managed identity resource." - } - } - } }, - "nullable": true + "metadata": { + "__bicep_export!": true, + "description": "The type of a private dns zone group." + } }, "lockType": { "type": "object", @@ -31340,165 +31867,21 @@ "metadata": { "description": "Optional. Specify the type of lock." } - } - }, - "nullable": true - }, - "ipConfigurationsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - } - }, - "nullable": true - }, - "manualPrivateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } - } - } - }, - "nullable": true - }, - "privateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." } } }, - "nullable": true - }, - "customDnsConfigType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. FQDN that resolves to private endpoint IP address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." - } - } + "metadata": { + "description": "An AVM-aligned type for a lock.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } - }, - "nullable": true + } }, "privateDnsZoneGroupConfigType": { "type": "object", @@ -31518,10 +31901,86 @@ } }, "metadata": { + "description": "The type of a private DNS zone group configuration.", "__bicep_imported_from!": { "sourceTemplate": "private-dns-zone-group/main.bicep" } } + }, + "roleAssignmentType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a role assignment.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" + } + } } }, "parameters": { @@ -31539,6 +31998,9 @@ }, "applicationSecurityGroupResourceIds": { "type": "array", + "items": { + "type": "string" + }, "nullable": true, "metadata": { "description": "Optional. Application security groups in which the private endpoint IP configuration is included." @@ -31552,10 +32014,24 @@ } }, "ipConfigurations": { - "$ref": "#/definitions/ipConfigurationsType", + "type": "array", "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipConfigurations" + }, "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." - } + }, + "nullable": true + }, + "ipVersionType": { + "type": "string", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipVersionType" + }, + "description": "Optional. Specifies the IP version type for the private IPs of the private endpoint. If not defined, this defaults to IPv4." + }, + "defaultValue": "IPv4" }, "privateDnsZoneGroup": { "$ref": "#/definitions/privateDnsZoneGroupType", @@ -31573,40 +32049,60 @@ }, "lock": { "$ref": "#/definitions/lockType", + "nullable": true, "metadata": { "description": "Optional. The lock settings of the service." } }, "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", + "type": "array", + "items": { + "$ref": "#/definitions/roleAssignmentType" + }, + "nullable": true, "metadata": { "description": "Optional. Array of role assignments to create." } }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/tags" + }, "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." - } + }, + "nullable": true }, "customDnsConfigs": { - "$ref": "#/definitions/customDnsConfigType", + "type": "array", "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs" + }, "description": "Optional. Custom DNS configurations." - } + }, + "nullable": true }, "manualPrivateLinkServiceConnections": { - "$ref": "#/definitions/manualPrivateLinkServiceConnectionsType", + "type": "array", "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/manualPrivateLinkServiceConnections" + }, + "description": "Conditional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource. Required if `privateLinkServiceConnections` is empty." + }, + "nullable": true }, "privateLinkServiceConnections": { - "$ref": "#/definitions/privateLinkServiceConnectionsType", + "type": "array", "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/privateLinkServiceConnections" + }, + "description": "Conditional. A grouping of information about the connection to the remote resource. Required if `manualPrivateLinkServiceConnections` is empty." + }, + "nullable": true }, "enableTelemetry": { "type": "bool", @@ -31641,8 +32137,8 @@ "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.8.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.12.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -31660,7 +32156,7 @@ }, "privateEndpoint": { "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-11-01", + "apiVersion": "2025-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -31681,18 +32177,19 @@ "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", "subnet": { "id": "[parameters('subnetResourceId')]" - } + }, + "ipVersionType": "[parameters('ipVersionType')]" } }, "privateEndpoint_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "privateEndpoint" @@ -31705,7 +32202,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -31723,7 +32220,7 @@ "privateEndpoint_privateDnsZoneGroup": { "condition": "[not(empty(parameters('privateDnsZoneGroup')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]", "properties": { "expressionEvaluationOptions": { @@ -31748,12 +32245,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "12329174801198479603" + "version": "0.41.2.15936", + "templateHash": "9935179114830442414" }, "name": "Private Endpoint Private DNS Zone Groups", - "description": "This module deploys a Private Endpoint Private DNS Zone Group.", - "owner": "Azure/module-maintainers" + "description": "This module deploys a Private Endpoint Private DNS Zone Group." }, "definitions": { "privateDnsZoneGroupConfigType": { @@ -31774,7 +32270,8 @@ } }, "metadata": { - "__bicep_export!": true + "__bicep_export!": true, + "description": "The type of a private DNS zone group configuration." } } }, @@ -31804,37 +32301,31 @@ } } }, - "variables": { - "copy": [ - { - "name": "privateDnsZoneConfigsVar", - "count": "[length(parameters('privateDnsZoneConfigs'))]", - "input": { - "name": "[coalesce(tryGet(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')], 'name'), last(split(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId, '/')))]", - "properties": { - "privateDnsZoneId": "[parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId]" - } - } - } - ] - }, "resources": { "privateEndpoint": { "existing": true, "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-11-01", + "apiVersion": "2025-05-01", "name": "[parameters('privateEndpointName')]" }, "privateDnsZoneGroup": { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2023-11-01", + "apiVersion": "2025-05-01", "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", "properties": { - "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigsVar')]" - }, - "dependsOn": [ - "privateEndpoint" - ] + "copy": [ + { + "name": "privateDnsZoneConfigs", + "count": "[length(parameters('privateDnsZoneConfigs'))]", + "input": { + "name": "[coalesce(tryGet(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')], 'name'), last(split(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')].privateDnsZoneResourceId, '/')))]", + "properties": { + "privateDnsZoneId": "[parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')].privateDnsZoneResourceId]" + } + } + } + ] + } } }, "outputs": { @@ -31894,28 +32385,36 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('privateEndpoint', '2023-11-01', 'full').location]" + "value": "[reference('privateEndpoint', '2025-05-01', 'full').location]" }, - "customDnsConfig": { - "$ref": "#/definitions/customDnsConfigType", + "customDnsConfigs": { + "type": "array", "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs", + "output": true + }, "description": "The custom DNS configurations of the private endpoint." }, "value": "[reference('privateEndpoint').customDnsConfigs]" }, - "networkInterfaceIds": { + "networkInterfaceResourceIds": { "type": "array", + "items": { + "type": "string" + }, "metadata": { - "description": "The IDs of the network interfaces associated with the private endpoint." + "description": "The resource IDs of the network interfaces associated with the private endpoint." }, - "value": "[reference('privateEndpoint').networkInterfaces]" + "value": "[map(reference('privateEndpoint').networkInterfaces, lambda('nic', lambdaVariables('nic').id))]" }, "groupId": { "type": "string", + "nullable": true, "metadata": { "description": "The group Id for the private endpoint Group." }, - "value": "[if(and(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), greater(length(tryGet(reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties, 'groupIds')), 0)), coalesce(tryGet(reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties, 'groupIds', 0), ''), if(and(not(empty(reference('privateEndpoint').privateLinkServiceConnections)), greater(length(tryGet(reference('privateEndpoint').privateLinkServiceConnections[0].properties, 'groupIds')), 0)), coalesce(tryGet(reference('privateEndpoint').privateLinkServiceConnections[0].properties, 'groupIds', 0), ''), ''))]" + "value": "[coalesce(tryGet(tryGet(tryGet(tryGet(reference('privateEndpoint'), 'manualPrivateLinkServiceConnections'), 0, 'properties'), 'groupIds'), 0), tryGet(tryGet(tryGet(tryGet(reference('privateEndpoint'), 'privateLinkServiceConnections'), 0, 'properties'), 'groupIds'), 0))]" } } } @@ -31980,8 +32479,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.40.2.10011", - "templateHash": "9525047811797133596" + "version": "0.42.1.51946", + "templateHash": "3598447245043879538" } }, "definitions": { @@ -32091,7 +32590,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -32267,8 +32766,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "1609510538398847306" + "version": "0.41.2.15936", + "templateHash": "1254456195180100771" }, "name": "Storage Accounts", "description": "This module deploys a Storage Account." @@ -32856,14 +33355,14 @@ "type": "bool", "nullable": true, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API." + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. Defaults to false." } }, "allowProtectedAppendWritesAll": { "type": "bool", "nullable": true, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive." + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive. Defaults to false." } } }, @@ -33536,6 +34035,22 @@ "description": "Optional. The maximum size of the share, in gigabytes. Must be greater than 0, and less than or equal to 5120 (5TB). For Large File Shares, the maximum size is 102400 (100TB)." } }, + "provisionedBandwidthMibps": { + "type": "int", + "nullable": true, + "maxValue": 10340, + "metadata": { + "description": "Optional. The provisioned bandwidth of the share, in mebibytes per second. Only applicable to FileStorage storage accounts (premium file shares). Must be between 0 and 10340." + } + }, + "provisionedIops": { + "type": "int", + "nullable": true, + "maxValue": 102400, + "metadata": { + "description": "Optional. The provisioned IOPS of the share. Only applicable to FileStorage storage accounts (premium file shares). Must be between 0 and 102400." + } + }, "roleAssignments": { "type": "array", "items": { @@ -34382,7 +34897,8 @@ "type": "string", "defaultValue": "TLS1_2", "allowedValues": [ - "TLS1_2" + "TLS1_2", + "TLS1_3" ], "metadata": { "description": "Optional. Set the minimum TLS version on request to storage. The TLS versions 1.0 and 1.1 are deprecated and not supported anymore." @@ -34476,7 +34992,8 @@ "nullable": true, "allowedValues": [ "Enabled", - "Disabled" + "Disabled", + "SecuredByPerimeter" ], "metadata": { "description": "Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set." @@ -34593,11 +35110,12 @@ "Storage Table Data Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76199698-9eea-4c19-bc75-cec21354c6b6')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" }, - "formattedManagementPolicies": "[union(coalesce(parameters('managementPolicyRules'), createArray()), if(and(and(not(empty(parameters('blobServices'))), coalesce(tryGet(parameters('blobServices'), 'isVersioningEnabled'), false())), not(equals(tryGet(parameters('blobServices'), 'versionDeletePolicyDays'), null()))), createArray(createObject('name', 'DeletePreviousVersions (auto-created)', 'enabled', true(), 'type', 'Lifecycle', 'definition', createObject('actions', createObject('version', createObject('delete', createObject('daysAfterCreationGreaterThan', parameters('blobServices').versionDeletePolicyDays))), 'filters', createObject('blobTypes', createArray('blockBlob', 'appendBlob'))))), createArray()))]" + "formattedManagementPolicies": "[union(coalesce(parameters('managementPolicyRules'), createArray()), if(and(and(not(empty(parameters('blobServices'))), coalesce(tryGet(parameters('blobServices'), 'isVersioningEnabled'), false())), not(equals(tryGet(parameters('blobServices'), 'versionDeletePolicyDays'), null()))), createArray(createObject('name', 'DeletePreviousVersions (auto-created)', 'enabled', true(), 'type', 'Lifecycle', 'definition', createObject('actions', createObject('version', createObject('delete', createObject('daysAfterCreationGreaterThan', parameters('blobServices').versionDeletePolicyDays))), 'filters', createObject('blobTypes', createArray('blockBlob', 'appendBlob'))))), createArray()))]", + "isHSMManagedCMK": "[equals(tryGet(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), ''), '/'), 7), 'managedHSMs')]" }, "resources": { "cMKKeyVault::cMKKey": { - "condition": "[and(not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'))), and(not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'))), not(empty(tryGet(parameters('customerManagedKey'), 'keyName')))))]", + "condition": "[and(and(not(variables('isHSMManagedCMK')), not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId')))), and(not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'))), not(empty(tryGet(parameters('customerManagedKey'), 'keyName')))))]", "existing": true, "type": "Microsoft.KeyVault/vaults/keys", "apiVersion": "2024-11-01", @@ -34609,7 +35127,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2025-04-01", - "name": "[format('46d3xbcp.res.storage-storageaccount.{0}.{1}', replace('0.28.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.storage-storageaccount.{0}.{1}', replace('0.32.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -34626,7 +35144,7 @@ } }, "cMKKeyVault": { - "condition": "[not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId')))]", + "condition": "[and(not(variables('isHSMManagedCMK')), not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'))))]", "existing": true, "type": "Microsoft.KeyVault/vaults", "apiVersion": "2025-05-01", @@ -34645,7 +35163,7 @@ }, "storageAccount": { "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2025-01-01", + "apiVersion": "2025-06-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "extendedLocation": "[if(not(empty(parameters('extendedLocationZone'))), createObject('name', parameters('extendedLocationZone'), 'type', 'EdgeZone'), null())]", @@ -34655,7 +35173,7 @@ }, "identity": "[variables('identity')]", "tags": "[parameters('tags')]", - "properties": "[shallowMerge(createArray(createObject('allowSharedKeyAccess', parameters('allowSharedKeyAccess'), 'defaultToOAuthAuthentication', parameters('defaultToOAuthAuthentication'), 'allowCrossTenantReplication', parameters('allowCrossTenantReplication'), 'allowedCopyScope', parameters('allowedCopyScope'), 'customDomain', createObject('name', parameters('customDomainName'), 'useSubDomainName', parameters('customDomainUseSubDomainName')), 'dnsEndpointType', parameters('dnsEndpointType'), 'isLocalUserEnabled', parameters('isLocalUserEnabled'), 'encryption', union(createObject('keySource', if(not(empty(parameters('customerManagedKey'))), 'Microsoft.Keyvault', 'Microsoft.Storage'), 'services', createObject('blob', if(variables('supportsBlobService'), createObject('enabled', true()), null()), 'file', if(variables('supportsFileService'), createObject('enabled', true()), null()), 'table', createObject('enabled', true(), 'keyType', parameters('keyType')), 'queue', createObject('enabled', true(), 'keyType', parameters('keyType'))), 'keyvaultproperties', if(not(empty(parameters('customerManagedKey'))), createObject('keyname', parameters('customerManagedKey').keyName, 'keyvaulturi', reference('cMKKeyVault').vaultUri, 'keyversion', if(not(empty(tryGet(parameters('customerManagedKey'), 'keyVersion'))), parameters('customerManagedKey').keyVersion, if(coalesce(tryGet(parameters('customerManagedKey'), 'autoRotationEnabled'), true()), null(), last(split(reference('cMKKeyVault::cMKKey').keyUriWithVersion, '/'))))), null()), 'identity', createObject('userAssignedIdentity', if(not(empty(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '/')[2], split(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '/')[4]), 'Microsoft.ManagedIdentity/userAssignedIdentities', last(split(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '/'))), null()))), if(parameters('requireInfrastructureEncryption'), createObject('requireInfrastructureEncryption', if(not(equals(parameters('kind'), 'Storage')), parameters('requireInfrastructureEncryption'), null())), createObject())), 'accessTier', if(and(not(equals(parameters('kind'), 'Storage')), not(equals(parameters('kind'), 'BlockBlobStorage'))), parameters('accessTier'), null()), 'sasPolicy', if(not(empty(parameters('sasExpirationPeriod'))), createObject('expirationAction', parameters('sasExpirationAction'), 'sasExpirationPeriod', parameters('sasExpirationPeriod')), null()), 'supportsHttpsTrafficOnly', parameters('supportsHttpsTrafficOnly'), 'isSftpEnabled', parameters('enableSftp'), 'isNfsV3Enabled', if(parameters('enableNfsV3'), parameters('enableNfsV3'), ''), 'largeFileSharesState', if(or(equals(parameters('skuName'), 'Standard_LRS'), equals(parameters('skuName'), 'Standard_ZRS')), parameters('largeFileSharesState'), null()), 'minimumTlsVersion', parameters('minimumTlsVersion'), 'networkAcls', if(not(empty(parameters('networkAcls'))), union(createObject('resourceAccessRules', tryGet(parameters('networkAcls'), 'resourceAccessRules'), 'defaultAction', coalesce(tryGet(parameters('networkAcls'), 'defaultAction'), 'Deny'), 'virtualNetworkRules', tryGet(parameters('networkAcls'), 'virtualNetworkRules'), 'ipRules', tryGet(parameters('networkAcls'), 'ipRules')), if(contains(parameters('networkAcls'), 'bypass'), createObject('bypass', tryGet(parameters('networkAcls'), 'bypass')), createObject())), createObject('bypass', 'AzureServices', 'defaultAction', 'Deny')), 'allowBlobPublicAccess', parameters('allowBlobPublicAccess'), 'publicNetworkAccess', if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(and(not(empty(parameters('privateEndpoints'))), empty(parameters('networkAcls'))), 'Disabled', null()))), if(not(empty(parameters('azureFilesIdentityBasedAuthentication'))), createObject('azureFilesIdentityBasedAuthentication', parameters('azureFilesIdentityBasedAuthentication')), createObject()), if(not(equals(parameters('enableHierarchicalNamespace'), null())), createObject('isHnsEnabled', parameters('enableHierarchicalNamespace')), createObject()), createObject('immutableStorageWithVersioning', parameters('immutableStorageWithVersioning'))))]", + "properties": "[shallowMerge(createArray(createObject('allowSharedKeyAccess', parameters('allowSharedKeyAccess'), 'defaultToOAuthAuthentication', parameters('defaultToOAuthAuthentication'), 'allowCrossTenantReplication', parameters('allowCrossTenantReplication'), 'allowedCopyScope', parameters('allowedCopyScope'), 'customDomain', createObject('name', parameters('customDomainName'), 'useSubDomainName', parameters('customDomainUseSubDomainName')), 'dnsEndpointType', parameters('dnsEndpointType'), 'isLocalUserEnabled', parameters('isLocalUserEnabled'), 'encryption', union(createObject('keySource', if(not(empty(parameters('customerManagedKey'))), 'Microsoft.Keyvault', 'Microsoft.Storage'), 'services', createObject('blob', if(variables('supportsBlobService'), createObject('enabled', true()), null()), 'file', if(variables('supportsFileService'), createObject('enabled', true()), null()), 'table', createObject('enabled', true(), 'keyType', parameters('keyType')), 'queue', createObject('enabled', true(), 'keyType', parameters('keyType'))), 'keyvaultproperties', if(not(empty(parameters('customerManagedKey'))), createObject('keyname', parameters('customerManagedKey').keyName, 'keyvaulturi', if(not(variables('isHSMManagedCMK')), reference('cMKKeyVault').vaultUri, format('https://{0}.managedhsm.azure.net/', last(split(parameters('customerManagedKey').keyVaultResourceId, '/')))), 'keyversion', if(not(empty(tryGet(parameters('customerManagedKey'), 'keyVersion'))), parameters('customerManagedKey').keyVersion, if(coalesce(tryGet(parameters('customerManagedKey'), 'autoRotationEnabled'), true()), null(), if(not(variables('isHSMManagedCMK')), last(split(reference('cMKKeyVault::cMKKey').keyUriWithVersion, '/')), fail('Managed HSM CMK encryption requires either specifying the ''keyVersion'' or omitting the ''autoRotationEnabled'' property. Setting ''autoRotationEnabled'' to false without a ''keyVersion'' is not allowed.'))))), null()), 'identity', createObject('userAssignedIdentity', if(not(empty(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '/')[2], split(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '/')[4]), 'Microsoft.ManagedIdentity/userAssignedIdentities', last(split(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '/'))), null()))), if(parameters('requireInfrastructureEncryption'), createObject('requireInfrastructureEncryption', if(not(equals(parameters('kind'), 'Storage')), parameters('requireInfrastructureEncryption'), null())), createObject())), 'accessTier', if(and(not(equals(parameters('kind'), 'Storage')), not(equals(parameters('kind'), 'BlockBlobStorage'))), parameters('accessTier'), null()), 'sasPolicy', if(not(empty(parameters('sasExpirationPeriod'))), createObject('expirationAction', parameters('sasExpirationAction'), 'sasExpirationPeriod', parameters('sasExpirationPeriod')), null()), 'supportsHttpsTrafficOnly', parameters('supportsHttpsTrafficOnly'), 'isSftpEnabled', parameters('enableSftp'), 'isNfsV3Enabled', if(parameters('enableNfsV3'), parameters('enableNfsV3'), ''), 'largeFileSharesState', if(or(equals(parameters('skuName'), 'Standard_LRS'), equals(parameters('skuName'), 'Standard_ZRS')), parameters('largeFileSharesState'), null()), 'minimumTlsVersion', parameters('minimumTlsVersion'), 'networkAcls', if(not(empty(parameters('networkAcls'))), union(createObject('resourceAccessRules', tryGet(parameters('networkAcls'), 'resourceAccessRules'), 'defaultAction', coalesce(tryGet(parameters('networkAcls'), 'defaultAction'), 'Deny'), 'virtualNetworkRules', tryGet(parameters('networkAcls'), 'virtualNetworkRules'), 'ipRules', tryGet(parameters('networkAcls'), 'ipRules')), if(contains(parameters('networkAcls'), 'bypass'), createObject('bypass', tryGet(parameters('networkAcls'), 'bypass')), createObject())), createObject('bypass', 'AzureServices', 'defaultAction', 'Deny')), 'allowBlobPublicAccess', parameters('allowBlobPublicAccess'), 'publicNetworkAccess', if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(and(not(empty(parameters('privateEndpoints'))), empty(parameters('networkAcls'))), 'Disabled', null()))), if(not(empty(parameters('azureFilesIdentityBasedAuthentication'))), createObject('azureFilesIdentityBasedAuthentication', parameters('azureFilesIdentityBasedAuthentication')), createObject()), if(not(equals(parameters('enableHierarchicalNamespace'), null())), createObject('isHnsEnabled', parameters('enableHierarchicalNamespace')), createObject()), createObject('immutableStorageWithVersioning', parameters('immutableStorageWithVersioning'))))]", "dependsOn": [ "cMKKeyVault", "cMKKeyVault::cMKKey" @@ -34668,7 +35186,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -34697,7 +35215,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -34714,7 +35232,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -35405,6 +35923,9 @@ }, "rules": { "value": "[variables('formattedManagementPolicies')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -35413,8 +35934,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "6960218931054567030" + "version": "0.41.2.15936", + "templateHash": "4000605059554016072" }, "name": "Storage Account Management Policies", "description": "This module deploys a Storage Account Management Policy." @@ -35431,16 +35952,43 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Storage/storageAccounts/managementPolicies@2024-01-01#properties/properties/properties/policy/properties/rules" + "source": "Microsoft.Storage/storageAccounts/managementPolicies@2025-06-01#properties/properties/properties/policy/properties/rules" }, "description": "Required. The Storage Account ManagementPolicies Rules." } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "resources": [ + { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.storage-mgmtpolicy.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, { "type": "Microsoft.Storage/storageAccounts/managementPolicies", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]", "properties": { "policy": { @@ -35516,6 +36064,9 @@ }, "sshAuthorizedKeys": { "value": "[tryGet(coalesce(parameters('localUsers'), createArray())[copyIndex()], 'sshAuthorizedKeys')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -35525,8 +36076,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "9436518181019837288" + "version": "0.41.2.15936", + "templateHash": "1801226901235196767" }, "name": "Storage Account Local Users", "description": "This module deploys a Storage Account Local User, which is used for SFTP authentication." @@ -35638,18 +36189,45 @@ "metadata": { "description": "Optional. The local user SSH authorized keys for SFTP." } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.storage-localuser.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[parameters('storageAccountName')]" }, "localUsers": { "type": "Microsoft.Storage/storageAccounts/localUsers", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('name'))]", "properties": { "hasSharedKey": "[parameters('hasSharedKey')]", @@ -35763,8 +36341,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "8062953820630056631" + "version": "0.41.2.15936", + "templateHash": "468225492069709453" }, "name": "Storage Account blob Services", "description": "This module deploys a Storage Account Blob Service." @@ -36055,14 +36633,14 @@ "type": "bool", "nullable": true, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API." + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. Defaults to false." } }, "allowProtectedAppendWritesAll": { "type": "bool", "nullable": true, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive." + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive. Defaults to false." } } }, @@ -36338,7 +36916,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}/blobServices/{1}', parameters('storageAccountName'), variables('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts/blobServices', parameters('storageAccountName'), variables('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', variables('name')))]", "properties": { "copy": [ @@ -36433,8 +37011,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "12049267755110696809" + "version": "0.41.2.15936", + "templateHash": "273904034769611992" }, "name": "Storage Account Blob Containers", "description": "This module deploys a Storage Account Blob Container." @@ -36454,14 +37032,14 @@ "type": "bool", "nullable": true, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API." + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. Defaults to false." } }, "allowProtectedAppendWritesAll": { "type": "bool", "nullable": true, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive." + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive. Defaults to false." } } }, @@ -36671,7 +37249,8 @@ "Storage Blob Data Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1')]", "Storage Blob Delegator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'db58b8e5-c6ad-4a2a-8342-4190687cbf4a')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" - } + }, + "enableReferencedModulesTelemetry": false }, "resources": { "storageAccount::blobServices": { @@ -36684,7 +37263,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.storage-blobcontainer.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.storage-blobcontainer.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -36727,7 +37306,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}/blobServices/{1}/containers/{2}', parameters('storageAccountName'), parameters('blobServiceName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', parameters('storageAccountName'), parameters('blobServiceName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', parameters('storageAccountName'), parameters('blobServiceName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -36767,6 +37346,9 @@ }, "allowProtectedAppendWritesAll": { "value": "[tryGet(parameters('immutabilityPolicy'), 'allowProtectedAppendWritesAll')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -36775,8 +37357,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "1872120962131123050" + "version": "0.41.2.15936", + "templateHash": "15304742179563677019" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy." @@ -36804,27 +37386,51 @@ }, "allowProtectedAppendWrites": { "type": "bool", - "defaultValue": true, + "defaultValue": false, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive." + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive. Defaults to false." } }, "allowProtectedAppendWritesAll": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive. Defaults to false." + } + }, + "enableTelemetry": { "type": "bool", "defaultValue": true, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive." + "description": "Optional. Enable/Disable usage telemetry for module." } } }, - "variables": { - "name": "default" - }, "resources": [ + { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.storage-containerimmutpolicy.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, { "type": "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies", "apiVersion": "2025-01-01", - "name": "[format('{0}/{1}/{2}/{3}', parameters('storageAccountName'), 'default', parameters('containerName'), variables('name'))]", + "name": "[format('{0}/{1}/{2}/{3}', parameters('storageAccountName'), 'default', parameters('containerName'), 'default')]", "properties": { "immutabilityPeriodSinceCreationInDays": "[parameters('immutabilityPeriodSinceCreationInDays')]", "allowProtectedAppendWrites": "[parameters('allowProtectedAppendWrites')]", @@ -36838,14 +37444,14 @@ "metadata": { "description": "The name of the deployed immutability policy." }, - "value": "[variables('name')]" + "value": "default" }, "resourceId": { "type": "string", "metadata": { "description": "The resource ID of the deployed immutability policy." }, - "value": "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies', parameters('storageAccountName'), 'default', parameters('containerName'), variables('name'))]" + "value": "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies', parameters('storageAccountName'), 'default', parameters('containerName'), 'default')]" }, "resourceGroupName": { "type": "string", @@ -36958,8 +37564,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "7372615490119026510" + "version": "0.41.2.15936", + "templateHash": "17583198711200998285" }, "name": "Storage Account File Share Services", "description": "This module deploys a Storage Account File Share Service." @@ -37077,6 +37683,22 @@ "description": "Optional. The maximum size of the share, in gigabytes. Must be greater than 0, and less than or equal to 5120 (5TB). For Large File Shares, the maximum size is 102400 (100TB)." } }, + "provisionedBandwidthMibps": { + "type": "int", + "nullable": true, + "maxValue": 10340, + "metadata": { + "description": "Optional. The provisioned bandwidth of the share, in mebibytes per second. Only applicable to FileStorage storage accounts (premium file shares). Must be between 0 and 10340." + } + }, + "provisionedIops": { + "type": "int", + "nullable": true, + "maxValue": 102400, + "metadata": { + "description": "Optional. The provisioned IOPS of the share. Only applicable to FileStorage storage accounts (premium file shares). Must be between 0 and 102400." + } + }, "roleAssignments": { "type": "array", "items": { @@ -37367,12 +37989,12 @@ "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[parameters('storageAccountName')]" }, "fileServices": { "type": "Microsoft.Storage/storageAccounts/fileServices", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('name'))]", "properties": { "cors": "[if(not(equals(parameters('corsRules'), null())), createObject('corsRules', parameters('corsRules')), null())]", @@ -37387,7 +38009,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}/fileServices/{1}', parameters('storageAccountName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts/fileServices', parameters('storageAccountName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -37445,7 +38067,7 @@ "value": "[coalesce(parameters('shares'), createArray())[copyIndex()].name]" }, "accessTier": { - "value": "[coalesce(tryGet(coalesce(parameters('shares'), createArray())[copyIndex()], 'accessTier'), if(equals(reference('storageAccount', '2024-01-01', 'full').kind, 'FileStorage'), 'Premium', 'TransactionOptimized'))]" + "value": "[coalesce(tryGet(coalesce(parameters('shares'), createArray())[copyIndex()], 'accessTier'), if(equals(reference('storageAccount', '2025-06-01', 'full').kind, 'FileStorage'), if(startsWith(reference('storageAccount', '2025-06-01', 'full').sku.name, 'PremiumV2_'), null(), 'Premium'), 'TransactionOptimized'))]" }, "enabledProtocols": { "value": "[tryGet(coalesce(parameters('shares'), createArray())[copyIndex()], 'enabledProtocols')]" @@ -37456,6 +38078,12 @@ "shareQuota": { "value": "[tryGet(coalesce(parameters('shares'), createArray())[copyIndex()], 'shareQuota')]" }, + "provisionedBandwidthMibps": { + "value": "[tryGet(coalesce(parameters('shares'), createArray())[copyIndex()], 'provisionedBandwidthMibps')]" + }, + "provisionedIops": { + "value": "[tryGet(coalesce(parameters('shares'), createArray())[copyIndex()], 'provisionedIops')]" + }, "roleAssignments": { "value": "[tryGet(coalesce(parameters('shares'), createArray())[copyIndex()], 'roleAssignments')]" }, @@ -37470,8 +38098,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "6443667442431835489" + "version": "0.41.2.15936", + "templateHash": "10353179772982843397" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share." @@ -37576,7 +38204,7 @@ }, "accessTier": { "type": "string", - "defaultValue": "TransactionOptimized", + "nullable": true, "allowedValues": [ "Premium", "Hot", @@ -37584,7 +38212,7 @@ "TransactionOptimized" ], "metadata": { - "description": "Conditional. Access tier for specific share. Required if the Storage Account kind is set to FileStorage (should be set to \"Premium\"). GpV2 account can choose between TransactionOptimized (default), Hot, and Cool." + "description": "Conditional. Access tier for specific share. Required if the Storage Account kind is set to FileStorage (should be set to \"Premium\"). GpV2 account can choose between TransactionOptimized, Hot, and Cool." } }, "shareQuota": { @@ -37617,6 +38245,24 @@ "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." } }, + "provisionedBandwidthMibps": { + "type": "int", + "nullable": true, + "minValue": 0, + "maxValue": 10340, + "metadata": { + "description": "Optional. The provisioned bandwidth of the share, in mebibytes per second. Only applicable to FileStorage storage accounts (premium file shares). Must be between 0 and 10340." + } + }, + "provisionedIops": { + "type": "int", + "nullable": true, + "minValue": 0, + "maxValue": 102400, + "metadata": { + "description": "Optional. The provisioned IOPS of the share. Only applicable to FileStorage storage accounts (premium file shares). Must be between 0 and 102400." + } + }, "enableTelemetry": { "type": "bool", "defaultValue": true, @@ -37662,14 +38308,14 @@ "storageAccount::fileService": { "existing": true, "type": "Microsoft.Storage/storageAccounts/fileServices", - "apiVersion": "2024-01-01", + "apiVersion": "2025-01-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('fileServicesName'))]" }, "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.storage-fileshare.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.storage-fileshare.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -37688,19 +38334,24 @@ "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-01-01", "name": "[parameters('storageAccountName')]" }, "fileShare": { "type": "Microsoft.Storage/storageAccounts/fileServices/shares", - "apiVersion": "2024-01-01", + "apiVersion": "2025-01-01", "name": "[format('{0}/{1}/{2}', parameters('storageAccountName'), parameters('fileServicesName'), parameters('name'))]", "properties": { "accessTier": "[parameters('accessTier')]", "shareQuota": "[parameters('shareQuota')]", "rootSquash": "[if(equals(parameters('enabledProtocols'), 'NFS'), parameters('rootSquash'), null())]", - "enabledProtocols": "[parameters('enabledProtocols')]" - } + "enabledProtocols": "[parameters('enabledProtocols')]", + "provisionedBandwidthMibps": "[if(equals(reference('storageAccount', '2025-01-01', 'full').kind, 'FileStorage'), parameters('provisionedBandwidthMibps'), null())]", + "provisionedIops": "[if(equals(reference('storageAccount', '2025-01-01', 'full').kind, 'FileStorage'), parameters('provisionedIops'), null())]" + }, + "dependsOn": [ + "storageAccount" + ] }, "fileShare_roleAssignments": { "copy": { @@ -37932,8 +38583,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "14320740623684459446" + "version": "0.41.2.15936", + "templateHash": "9644461291744477521" }, "name": "Storage Account Queue Services", "description": "This module deploys a Storage Account Queue Service." @@ -38272,18 +38923,19 @@ } }, "variables": { - "name": "default" + "name": "default", + "enableReferencedModulesTelemetry": false }, "resources": { "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[parameters('storageAccountName')]" }, "queueServices": { "type": "Microsoft.Storage/storageAccounts/queueServices", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), variables('name'))]", "properties": { "cors": "[if(not(equals(parameters('corsRules'), null())), createObject('corsRules', parameters('corsRules')), null())]" @@ -38296,7 +38948,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}/queueServices/{1}', parameters('storageAccountName'), variables('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts/queueServices', parameters('storageAccountName'), variables('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', variables('name')))]", "properties": { "copy": [ @@ -38355,6 +39007,9 @@ }, "roleAssignments": { "value": "[tryGet(coalesce(parameters('queues'), createArray())[copyIndex()], 'roleAssignments')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -38364,8 +39019,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "17820569818642693530" + "version": "0.41.2.15936", + "templateHash": "12812824360066955039" }, "name": "Storage Account Queues", "description": "This module deploys a Storage Account Queue." @@ -38480,6 +39135,13 @@ "metadata": { "description": "Optional. Array of role assignments to create." } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "variables": { @@ -38510,18 +39172,38 @@ "storageAccount::queueServices": { "existing": true, "type": "Microsoft.Storage/storageAccounts/queueServices", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]" }, + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.storage-queue.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[parameters('storageAccountName')]" }, "queue": { "type": "Microsoft.Storage/storageAccounts/queueServices/queues", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}/{2}', parameters('storageAccountName'), 'default', parameters('name'))]", "properties": { "metadata": "[parameters('metadata')]" @@ -38534,7 +39216,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}/queueServices/{1}/queues/{2}', parameters('storageAccountName'), 'default', parameters('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts/queueServices/queues', parameters('storageAccountName'), 'default', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Storage/storageAccounts/queueServices/queues', parameters('storageAccountName'), 'default', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -38637,8 +39319,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "15397070691540239144" + "version": "0.41.2.15936", + "templateHash": "10320403358700650147" }, "name": "Storage Account Table Services", "description": "This module deploys a Storage Account Table Service." @@ -38967,18 +39649,19 @@ } }, "variables": { - "name": "default" + "name": "default", + "enableReferencedModulesTelemetry": false }, "resources": { "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[parameters('storageAccountName')]" }, "tableServices": { "type": "Microsoft.Storage/storageAccounts/tableServices", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), variables('name'))]", "properties": { "cors": "[if(not(equals(parameters('corsRules'), null())), createObject('corsRules', parameters('corsRules')), null())]" @@ -38991,7 +39674,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}/tableServices/{1}', parameters('storageAccountName'), variables('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts/tableServices', parameters('storageAccountName'), variables('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', variables('name')))]", "properties": { "copy": [ @@ -39047,6 +39730,9 @@ }, "roleAssignments": { "value": "[tryGet(coalesce(parameters('tables'), createArray())[copyIndex()], 'roleAssignments')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -39056,8 +39742,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "2494851345252564065" + "version": "0.41.2.15936", + "templateHash": "11362260974696477885" }, "name": "Storage Account Table", "description": "This module deploys a Storage Account Table." @@ -39162,6 +39848,13 @@ "metadata": { "description": "Required. Name of the table." } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "variables": { @@ -39190,18 +39883,38 @@ "storageAccount::tableServices": { "existing": true, "type": "Microsoft.Storage/storageAccounts/tableServices", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]" }, + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.storage-table.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[parameters('storageAccountName')]" }, "table": { "type": "Microsoft.Storage/storageAccounts/tableServices/tables", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}/{2}', parameters('storageAccountName'), 'default', parameters('name'))]" }, "table_roleAssignments": { @@ -39211,7 +39924,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}/tableServices/{1}/tables/{2}', parameters('storageAccountName'), 'default', parameters('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts/tableServices/tables', parameters('storageAccountName'), 'default', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Storage/storageAccounts/tableServices/tables', parameters('storageAccountName'), 'default', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -39300,7 +40013,7 @@ "value": "[last(split(tryGet(parameters('secretsExportConfiguration'), 'keyVaultResourceId'), '/'))]" }, "secretsToSet": { - "value": "[union(createArray(), if(contains(parameters('secretsExportConfiguration'), 'accessKey1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey1Name'), 'value', listKeys('storageAccount', '2025-01-01').keys[0].value)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'connectionString1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'connectionString1Name'), 'value', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-01-01').keys[0].value, environment().suffixes.storage))), createArray()), if(contains(parameters('secretsExportConfiguration'), 'accessKey2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey2Name'), 'value', listKeys('storageAccount', '2025-01-01').keys[1].value)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'connectionString2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'connectionString2Name'), 'value', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-01-01').keys[1].value, environment().suffixes.storage))), createArray()))]" + "value": "[union(createArray(), if(contains(parameters('secretsExportConfiguration'), 'accessKey1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey1Name'), 'value', listKeys('storageAccount', '2025-06-01').keys[0].value)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'connectionString1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'connectionString1Name'), 'value', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-06-01').keys[0].value, environment().suffixes.storage))), createArray()), if(contains(parameters('secretsExportConfiguration'), 'accessKey2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey2Name'), 'value', listKeys('storageAccount', '2025-06-01').keys[1].value)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'connectionString2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'connectionString2Name'), 'value', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-06-01').keys[1].value, environment().suffixes.storage))), createArray()))]" } }, "template": { @@ -39310,8 +40023,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "15162266628501794465" + "version": "0.41.2.15936", + "templateHash": "13227497656004178962" } }, "definitions": { @@ -39464,8 +40177,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "7981342209922290627" + "version": "0.41.2.15936", + "templateHash": "1894366578172550759" }, "name": "Storage Account Object Replication Policy", "description": "This module deploys a Storage Account Object Replication Policy for both the source account and destination account." @@ -39618,8 +40331,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "13231340475360081313" + "version": "0.41.2.15936", + "templateHash": "14995722372031126283" }, "name": "Storage Account Object Replication Policy", "description": "This module deploys a Storage Account Object Replication Policy for a provided storage account." @@ -39835,8 +40548,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "13231340475360081313" + "version": "0.41.2.15936", + "templateHash": "14995722372031126283" }, "name": "Storage Account Object Replication Policy", "description": "This module deploys a Storage Account Object Replication Policy for a provided storage account." @@ -40080,14 +40793,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('storageAccount', '2025-01-01', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('storageAccount', '2025-06-01', 'full'), 'identity'), 'principalId')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('storageAccount', '2025-01-01', 'full').location]" + "value": "[reference('storageAccount', '2025-06-01', 'full').location]" }, "serviceEndpoints": { "type": "object", @@ -40127,28 +40840,28 @@ "metadata": { "description": "The primary access key of the storage account." }, - "value": "[listKeys('storageAccount', '2025-01-01').keys[0].value]" + "value": "[listKeys('storageAccount', '2025-06-01').keys[0].value]" }, "secondaryAccessKey": { "type": "securestring", "metadata": { "description": "The secondary access key of the storage account." }, - "value": "[listKeys('storageAccount', '2025-01-01').keys[1].value]" + "value": "[listKeys('storageAccount', '2025-06-01').keys[1].value]" }, "primaryConnectionString": { "type": "securestring", "metadata": { "description": "The primary connection string of the storage account." }, - "value": "[format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-01-01').keys[0].value, environment().suffixes.storage)]" + "value": "[format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-06-01').keys[0].value, environment().suffixes.storage)]" }, "secondaryConnectionString": { "type": "securestring", "metadata": { "description": "The secondary connection string of the storage account." }, - "value": "[format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-01-01').keys[1].value, environment().suffixes.storage)]" + "value": "[format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-06-01').keys[1].value, environment().suffixes.storage)]" } } } @@ -40175,8 +40888,8 @@ }, "dependsOn": [ "appIdentity", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageFile)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageFile)]", "logAnalyticsWorkspace", "virtualNetwork" ] @@ -40225,8 +40938,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.40.2.10011", - "templateHash": "9495092499292590311" + "version": "0.42.1.51946", + "templateHash": "18406833646069425594" } }, "definitions": { @@ -40406,7 +41119,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -44088,8 +44801,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.40.2.10011", - "templateHash": "17583156542522410309" + "version": "0.42.1.51946", + "templateHash": "14534421541012182178" } }, "definitions": { @@ -44194,7 +44907,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -44281,7 +44994,7 @@ "sqlContributorRoleDefinition": { "existing": true, "type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions", - "apiVersion": "2024-11-15", + "apiVersion": "2025-11-01-preview", "name": "[format('{0}/00000000-0000-0000-0000-000000000002', parameters('name'))]" }, "cosmosAccount": { @@ -44395,8 +45108,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "11889744396543212232" + "version": "0.40.2.10011", + "templateHash": "1772014800591596213" }, "name": "Azure Cosmos DB account", "description": "This module deploys an Azure Cosmos DB account. The API used for the account is determined by the child resources that are deployed." @@ -45086,7 +45799,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -45128,7 +45841,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -45169,7 +45882,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -45479,6 +46192,29 @@ } } }, + "customerManagedKeyAndVaultOnlyType": { + "type": "object", + "properties": { + "keyVaultResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of a key vault to reference a customer managed key for encryption from." + } + }, + "keyName": { + "type": "string", + "metadata": { + "description": "Required. The name of the customer managed key to use for encryption." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a customer-managed key. To be used if only the key vault & key may be specified.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" + } + } + }, "diagnosticSettingFullType": { "type": "object", "properties": { @@ -45597,7 +46333,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -45681,7 +46417,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -45709,7 +46445,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -45885,7 +46621,7 @@ "metadata": { "description": "An AVM-aligned type for a private endpoint. To be used if the private endpoint's default service / groupId can NOT be assumed (i.e., for services that have more than one subresource, like Storage Account with Blob (blob, table, queue, file, ...).", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -45960,7 +46696,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -46405,6 +47141,13 @@ "metadata": { "description": "Optional. The default identity for accessing key vault used in features like customer managed keys. Use `FirstPartyIdentity` to use the tenant-level CosmosDB enterprise application. The default identity needs to be explicitly set by the users." } + }, + "customerManagedKey": { + "$ref": "#/definitions/customerManagedKeyAndVaultOnlyType", + "nullable": true, + "metadata": { + "description": "Optional. The customer managed key definition. If specified, the parameter `defaultIdentity` must be configured as well." + } } }, "variables": { @@ -46417,7 +47160,7 @@ ], "enableReferencedModulesTelemetry": false, "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(variables('formattedUserAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(variables('formattedUserAssignedIdentities'))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInControlPlaneRoleNames": { "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", "Cosmos DB Account Reader Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fbdf93bf-df7d-467e-a4d2-9458aa1360c8')]", @@ -46429,14 +47172,24 @@ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", "Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" - } + }, + "isHSMManagedCMK": "[equals(tryGet(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), ''), '/'), 7), 'managedHSMs')]" }, "resources": { + "cMKKeyVault::cMKKey": { + "condition": "[and(and(not(empty(parameters('customerManagedKey'))), not(variables('isHSMManagedCMK'))), and(not(empty(parameters('customerManagedKey'))), not(variables('isHSMManagedCMK'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2024-11-01", + "subscriptionId": "[split(parameters('customerManagedKey').keyVaultResourceId, '/')[2]]", + "resourceGroup": "[split(parameters('customerManagedKey').keyVaultResourceId, '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('customerManagedKey').keyVaultResourceId, '/')), parameters('customerManagedKey').keyName)]" + }, "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-07-01", - "name": "[format('46d3xbcp.res.documentdb-databaseaccount.{0}.{1}', replace('0.18.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.documentdb-databaseaccount.{0}.{1}', replace('0.19.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -46452,6 +47205,15 @@ } } }, + "cMKKeyVault": { + "condition": "[and(not(empty(parameters('customerManagedKey'))), not(variables('isHSMManagedCMK')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2024-11-01", + "subscriptionId": "[split(parameters('customerManagedKey').keyVaultResourceId, '/')[2]]", + "resourceGroup": "[split(parameters('customerManagedKey').keyVaultResourceId, '/')[4]]", + "name": "[last(split(parameters('customerManagedKey').keyVaultResourceId, '/'))]" + }, "databaseAccount": { "type": "Microsoft.DocumentDB/databaseAccounts", "apiVersion": "2025-04-15", @@ -46460,13 +47222,16 @@ "tags": "[parameters('tags')]", "identity": "[variables('identity')]", "kind": "[if(not(empty(parameters('mongodbDatabases'))), 'MongoDB', 'GlobalDocumentDB')]", - "properties": "[shallowMerge(createArray(createObject('enableBurstCapacity', if(not(contains(coalesce(parameters('capabilitiesToAdd'), createArray()), 'EnableServerless')), parameters('enableBurstCapacity'), false()), 'analyticalStorageConfiguration', parameters('analyticalStorageConfiguration'), 'defaultIdentity', if(and(not(empty(parameters('defaultIdentity'))), not(equals(tryGet(parameters('defaultIdentity'), 'name'), 'UserAssignedIdentity'))), parameters('defaultIdentity').name, format('UserAssignedIdentity={0}', tryGet(parameters('defaultIdentity'), 'resourceId'))), 'enablePartitionMerge', parameters('enablePartitionMerge'), 'enablePerRegionPerPartitionAutoscale', parameters('enablePerRegionPerPartitionAutoscale'), 'databaseAccountOfferType', parameters('databaseAccountOfferType'), 'backupPolicy', shallowMerge(createArray(createObject('type', parameters('backupPolicyType')), if(equals(parameters('backupPolicyType'), 'Continuous'), createObject('continuousModeProperties', createObject('tier', parameters('backupPolicyContinuousTier'))), createObject()), if(equals(parameters('backupPolicyType'), 'Periodic'), createObject('periodicModeProperties', createObject('backupIntervalInMinutes', parameters('backupIntervalInMinutes'), 'backupRetentionIntervalInHours', parameters('backupRetentionIntervalInHours'), 'backupStorageRedundancy', parameters('backupStorageRedundancy'))), createObject()))), 'capabilities', map(coalesce(parameters('capabilitiesToAdd'), createArray()), lambda('capability', createObject('name', lambdaVariables('capability'))))), if(not(empty(parameters('cors'))), createObject('cors', parameters('cors')), createObject()), if(contains(coalesce(parameters('capabilitiesToAdd'), createArray()), 'EnableCassandra'), createObject('connectorOffer', if(parameters('enableCassandraConnector'), 'Small', null()), 'enableCassandraConnector', parameters('enableCassandraConnector')), createObject()), createObject('minimalTlsVersion', parameters('minimumTlsVersion'), 'capacity', createObject('totalThroughputLimit', parameters('totalThroughputLimit')), 'publicNetworkAccess', coalesce(tryGet(parameters('networkRestrictions'), 'publicNetworkAccess'), 'Disabled')), if(or(or(or(or(not(empty(parameters('sqlDatabases'))), not(empty(parameters('mongodbDatabases')))), not(empty(parameters('gremlinDatabases')))), not(empty(parameters('tables')))), not(empty(parameters('cassandraKeyspaces')))), createObject('consistencyPolicy', shallowMerge(createArray(createObject('defaultConsistencyLevel', parameters('defaultConsistencyLevel')), if(equals(parameters('defaultConsistencyLevel'), 'BoundedStaleness'), createObject('maxStalenessPrefix', parameters('maxStalenessPrefix'), 'maxIntervalInSeconds', parameters('maxIntervalInSeconds')), createObject()))), 'enableMultipleWriteLocations', parameters('enableMultipleWriteLocations'), 'locations', if(not(empty(parameters('failoverLocations'))), map(parameters('failoverLocations'), lambda('failoverLocation', createObject('failoverPriority', lambdaVariables('failoverLocation').failoverPriority, 'locationName', lambdaVariables('failoverLocation').locationName, 'isZoneRedundant', coalesce(tryGet(lambdaVariables('failoverLocation'), 'isZoneRedundant'), true())))), createArray(createObject('failoverPriority', 0, 'locationName', parameters('location'), 'isZoneRedundant', parameters('zoneRedundant')))), 'ipRules', map(coalesce(tryGet(parameters('networkRestrictions'), 'ipRules'), createArray()), lambda('ipRule', createObject('ipAddressOrRange', lambdaVariables('ipRule')))), 'virtualNetworkRules', map(coalesce(tryGet(parameters('networkRestrictions'), 'virtualNetworkRules'), createArray()), lambda('rule', createObject('id', lambdaVariables('rule').subnetResourceId, 'ignoreMissingVNetServiceEndpoint', false()))), 'networkAclBypass', coalesce(tryGet(parameters('networkRestrictions'), 'networkAclBypass'), 'None'), 'networkAclBypassResourceIds', tryGet(parameters('networkRestrictions'), 'networkAclBypassResourceIds'), 'isVirtualNetworkFilterEnabled', or(not(empty(tryGet(parameters('networkRestrictions'), 'ipRules'))), not(empty(tryGet(parameters('networkRestrictions'), 'virtualNetworkRules')))), 'enableFreeTier', parameters('enableFreeTier'), 'enableAutomaticFailover', parameters('enableAutomaticFailover'), 'enableAnalyticalStorage', parameters('enableAnalyticalStorage')), createObject()), if(or(or(not(empty(parameters('mongodbDatabases'))), not(empty(parameters('gremlinDatabases')))), not(empty(parameters('cassandraKeyspaces')))), createObject('disableLocalAuth', false(), 'disableKeyBasedMetadataWriteAccess', false()), createObject('disableLocalAuth', parameters('disableLocalAuthentication'), 'disableKeyBasedMetadataWriteAccess', parameters('disableKeyBasedMetadataWriteAccess'))), if(not(empty(parameters('mongodbDatabases'))), createObject('apiProperties', createObject('serverVersion', parameters('serverVersion'))), createObject())))]" + "properties": "[shallowMerge(createArray(createObject('enableBurstCapacity', if(not(contains(coalesce(parameters('capabilitiesToAdd'), createArray()), 'EnableServerless')), parameters('enableBurstCapacity'), false()), 'databaseAccountOfferType', parameters('databaseAccountOfferType'), 'analyticalStorageConfiguration', parameters('analyticalStorageConfiguration'), 'defaultIdentity', if(and(not(empty(parameters('defaultIdentity'))), not(equals(tryGet(parameters('defaultIdentity'), 'name'), 'UserAssignedIdentity'))), parameters('defaultIdentity').name, format('UserAssignedIdentity={0}', tryGet(parameters('defaultIdentity'), 'resourceId'))), 'keyVaultKeyUri', if(not(empty(parameters('customerManagedKey'))), if(not(variables('isHSMManagedCMK')), format('{0}', reference('cMKKeyVault::cMKKey').keyUri), format('https://{0}.managedhsm.azure.net/keys/{1}', last(split(parameters('customerManagedKey').keyVaultResourceId, '/')), parameters('customerManagedKey').keyName)), null()), 'enablePartitionMerge', parameters('enablePartitionMerge'), 'enablePerRegionPerPartitionAutoscale', parameters('enablePerRegionPerPartitionAutoscale'), 'backupPolicy', shallowMerge(createArray(createObject('type', parameters('backupPolicyType')), if(equals(parameters('backupPolicyType'), 'Continuous'), createObject('continuousModeProperties', createObject('tier', parameters('backupPolicyContinuousTier'))), createObject()), if(equals(parameters('backupPolicyType'), 'Periodic'), createObject('periodicModeProperties', createObject('backupIntervalInMinutes', parameters('backupIntervalInMinutes'), 'backupRetentionIntervalInHours', parameters('backupRetentionIntervalInHours'), 'backupStorageRedundancy', parameters('backupStorageRedundancy'))), createObject()))), 'capabilities', map(coalesce(parameters('capabilitiesToAdd'), createArray()), lambda('capability', createObject('name', lambdaVariables('capability'))))), if(not(empty(parameters('cors'))), createObject('cors', parameters('cors')), createObject()), if(contains(coalesce(parameters('capabilitiesToAdd'), createArray()), 'EnableCassandra'), createObject('connectorOffer', if(parameters('enableCassandraConnector'), 'Small', null()), 'enableCassandraConnector', parameters('enableCassandraConnector')), createObject()), createObject('minimalTlsVersion', parameters('minimumTlsVersion'), 'capacity', createObject('totalThroughputLimit', parameters('totalThroughputLimit')), 'publicNetworkAccess', coalesce(tryGet(parameters('networkRestrictions'), 'publicNetworkAccess'), 'Disabled'), 'locations', if(not(empty(parameters('failoverLocations'))), map(parameters('failoverLocations'), lambda('failoverLocation', createObject('failoverPriority', lambdaVariables('failoverLocation').failoverPriority, 'locationName', lambdaVariables('failoverLocation').locationName, 'isZoneRedundant', coalesce(tryGet(lambdaVariables('failoverLocation'), 'isZoneRedundant'), true())))), createArray(createObject('failoverPriority', 0, 'locationName', parameters('location'), 'isZoneRedundant', parameters('zoneRedundant'))))), if(or(or(or(or(not(empty(parameters('sqlDatabases'))), not(empty(parameters('mongodbDatabases')))), not(empty(parameters('gremlinDatabases')))), not(empty(parameters('tables')))), not(empty(parameters('cassandraKeyspaces')))), createObject('consistencyPolicy', shallowMerge(createArray(createObject('defaultConsistencyLevel', parameters('defaultConsistencyLevel')), if(equals(parameters('defaultConsistencyLevel'), 'BoundedStaleness'), createObject('maxStalenessPrefix', parameters('maxStalenessPrefix'), 'maxIntervalInSeconds', parameters('maxIntervalInSeconds')), createObject()))), 'enableMultipleWriteLocations', parameters('enableMultipleWriteLocations'), 'ipRules', map(coalesce(tryGet(parameters('networkRestrictions'), 'ipRules'), createArray()), lambda('ipRule', createObject('ipAddressOrRange', lambdaVariables('ipRule')))), 'virtualNetworkRules', map(coalesce(tryGet(parameters('networkRestrictions'), 'virtualNetworkRules'), createArray()), lambda('rule', createObject('id', lambdaVariables('rule').subnetResourceId, 'ignoreMissingVNetServiceEndpoint', false()))), 'networkAclBypass', coalesce(tryGet(parameters('networkRestrictions'), 'networkAclBypass'), 'None'), 'networkAclBypassResourceIds', tryGet(parameters('networkRestrictions'), 'networkAclBypassResourceIds'), 'isVirtualNetworkFilterEnabled', or(not(empty(tryGet(parameters('networkRestrictions'), 'ipRules'))), not(empty(tryGet(parameters('networkRestrictions'), 'virtualNetworkRules')))), 'enableFreeTier', parameters('enableFreeTier'), 'enableAutomaticFailover', parameters('enableAutomaticFailover'), 'enableAnalyticalStorage', parameters('enableAnalyticalStorage')), createObject()), if(or(or(not(empty(parameters('mongodbDatabases'))), not(empty(parameters('gremlinDatabases')))), not(empty(parameters('cassandraKeyspaces')))), createObject('disableLocalAuth', false(), 'disableKeyBasedMetadataWriteAccess', false()), createObject('disableLocalAuth', parameters('disableLocalAuthentication'), 'disableKeyBasedMetadataWriteAccess', parameters('disableKeyBasedMetadataWriteAccess'))), if(not(empty(parameters('mongodbDatabases'))), createObject('apiProperties', createObject('serverVersion', parameters('serverVersion'))), createObject())))]", + "dependsOn": [ + "cMKKeyVault::cMKKey" + ] }, "databaseAccount_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.DocumentDB/databaseAccounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -46483,7 +47248,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.DocumentDB/databaseAccounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -46524,7 +47289,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.DocumentDB/databaseAccounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -46576,8 +47341,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "1549250134356326406" + "version": "0.40.2.10011", + "templateHash": "3972888645334640168" }, "name": "DocumentDB Database Account SQL Databases", "description": "This module deploys a SQL Database in a CosmosDB Account." @@ -46832,8 +47597,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "1005439058963058082" + "version": "0.40.2.10011", + "templateHash": "4781880351108045502" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account." @@ -47100,8 +47865,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "8600771348637416058" + "version": "0.40.2.10011", + "templateHash": "8514367433037227852" }, "name": "DocumentDB Database Account SQL Role Definitions.", "description": "This module deploys a SQL Role Definision in a CosmosDB Account." @@ -47277,8 +48042,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "17007224102611744259" + "version": "0.40.2.10011", + "templateHash": "11817543900771838380" }, "name": "DocumentDB Database Account SQL Role Assignments.", "description": "This module deploys a SQL Role Assignment in a CosmosDB Account." @@ -47476,8 +48241,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "17007224102611744259" + "version": "0.40.2.10011", + "templateHash": "11817543900771838380" }, "name": "DocumentDB Database Account SQL Role Assignments.", "description": "This module deploys a SQL Role Assignment in a CosmosDB Account." @@ -47643,8 +48408,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "17859939500809924517" + "version": "0.40.2.10011", + "templateHash": "10787709019875067397" }, "name": "DocumentDB Database Account Cassandra Role Definitions.", "description": "This module deploys a Cassandra Role Definition in a CosmosDB Account." @@ -47800,8 +48565,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "552115240340341941" + "version": "0.40.2.10011", + "templateHash": "14764024820910071147" }, "name": "DocumentDB Database Account Cassandra Role Assignments.", "description": "This module deploys a Cassandra Role Assignment in a CosmosDB Account." @@ -47954,8 +48719,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "552115240340341941" + "version": "0.40.2.10011", + "templateHash": "14764024820910071147" }, "name": "DocumentDB Database Account Cassandra Role Assignments.", "description": "This module deploys a Cassandra Role Assignment in a CosmosDB Account." @@ -48083,8 +48848,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "7289795303297936310" + "version": "0.40.2.10011", + "templateHash": "13897098552792121791" }, "name": "DocumentDB Database Account MongoDB Databases", "description": "This module deploys a MongoDB Database within a CosmosDB Account." @@ -48243,8 +49008,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "4317369978166598876" + "version": "0.40.2.10011", + "templateHash": "16151461445994734468" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection." @@ -48408,8 +49173,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "14708982296215631776" + "version": "0.40.2.10011", + "templateHash": "11959636451300474346" }, "name": "DocumentDB Database Account Gremlin Databases", "description": "This module deploys a Gremlin Database within a CosmosDB Account." @@ -48568,8 +49333,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "15097132107382000570" + "version": "0.40.2.10011", + "templateHash": "10487122333182352122" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph." @@ -48749,8 +49514,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "11768488776074268398" + "version": "0.40.2.10011", + "templateHash": "1787500858429182824" }, "name": "Azure Cosmos DB account tables", "description": "This module deploys a table within an Azure Cosmos DB Account." @@ -48888,8 +49653,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "63327155428300562" + "version": "0.40.2.10011", + "templateHash": "15257396763463366586" }, "name": "DocumentDB Database Account Cassandra Keyspaces", "description": "This module deploys a Cassandra Keyspace within a CosmosDB Account." @@ -49132,8 +49897,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "785607874724829202" + "version": "0.40.2.10011", + "templateHash": "15998065591386988132" }, "name": "DocumentDB Database Account Cassandra Keyspaces Tables", "description": "This module deploys a Cassandra Table within a Cassandra Keyspace in a CosmosDB Account." @@ -49309,8 +50074,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "14021794949328228224" + "version": "0.40.2.10011", + "templateHash": "6617803098467821091" }, "name": "DocumentDB Database Account Cassandra Keyspaces Views", "description": "This module deploys a Cassandra View (Materialized View) within a Cassandra Keyspace in a CosmosDB Account." @@ -50331,7 +51096,7 @@ } }, "appInsightsConnectionString": "[if(parameters('enableMonitoring'), createObject('value', reference('applicationInsights').outputs.connectionString.value), createObject('value', null()))]", - "appLogsConfiguration": "[if(parameters('enableMonitoring'), createObject('value', createObject('destination', 'log-analytics', 'logAnalyticsConfiguration', createObject('customerId', if(variables('useExistingLogAnalytics'), reference('existingLogAnalyticsWorkspace').customerId, reference('logAnalyticsWorkspace').outputs.logAnalyticsWorkspaceId.value), 'sharedKey', if(variables('useExistingLogAnalytics'), listKeys('existingLogAnalyticsWorkspace', '2020-08-01').primarySharedKey, listOutputsWithSecureValues('logAnalyticsWorkspace', '2025-04-01').primarySharedKey)))), createObject('value', createObject()))]", + "appLogsConfiguration": "[if(parameters('enableMonitoring'), createObject('value', createObject('destination', 'log-analytics', 'logAnalyticsWorkspaceResourceId', if(variables('useExistingLogAnalytics'), parameters('existingLogAnalyticsWorkspaceId'), reference('logAnalyticsWorkspace').outputs.resourceId.value), 'logAnalyticsConfiguration', createObject('customerId', if(variables('useExistingLogAnalytics'), reference('existingLogAnalyticsWorkspace').customerId, reference('logAnalyticsWorkspace').outputs.logAnalyticsWorkspaceId.value), 'sharedKey', if(variables('useExistingLogAnalytics'), listKeys('existingLogAnalyticsWorkspace', '2025-07-01').primarySharedKey, listOutputsWithSecureValues('logAnalyticsWorkspace', '2025-04-01').primarySharedKey)))), createObject('value', null()))]", "workloadProfiles": "[if(parameters('enablePrivateNetworking'), createObject('value', createArray(createObject('name', 'Consumption', 'workloadProfileType', 'Consumption'))), createObject('value', createArray()))]", "tags": { "value": "[variables('allTags')]" @@ -50347,8 +51112,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "1345160196550942789" + "version": "0.41.2.15936", + "templateHash": "16720885128976229647" }, "name": "App ManagedEnvironments", "description": "This module deploys an App Managed Environment (also known as a Container App Environment)." @@ -50383,7 +51148,7 @@ } }, "certificatePassword": { - "type": "string", + "type": "securestring", "nullable": true, "metadata": { "description": "Optional. The password of the certificate." @@ -50395,6 +51160,23 @@ "metadata": { "description": "Optional. A key vault reference." } + }, + "location": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The location for the resource." + } + }, + "tags": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments/certificates@2025-10-02-preview#properties/tags" + }, + "description": "Optional. Tags of the resource." + }, + "nullable": true } }, "metadata": { @@ -50431,7 +51213,7 @@ "description": "Required. Storage account name." } }, - "shareName": { + "name": { "type": "string", "metadata": { "description": "Required. File share name." @@ -50444,45 +51226,61 @@ } }, "appLogsConfigurationType": { + "type": "object", + "discriminator": { + "propertyName": "destination", + "mapping": { + "azure-monitor": { + "$ref": "#/definitions/appLogsConfigurationMonitorType" + }, + "log-analytics": { + "$ref": "#/definitions/appLogsConfigurationLawType" + } + } + }, + "metadata": { + "__bicep_export!": true, + "description": "The type for the App Logs Configuration." + } + }, + "appLogsConfigurationMonitorType": { "type": "object", "properties": { "destination": { "type": "string", "allowedValues": [ - "azure-monitor", - "log-analytics", - "none" + "azure-monitor" ], - "nullable": true, "metadata": { - "description": "Optional. The destination of the logs." + "description": "Required. The destination of the logs." + } + } + }, + "metadata": { + "description": "The type for the App Logs Configuration if using azure-monitor." + } + }, + "appLogsConfigurationLawType": { + "type": "object", + "properties": { + "destination": { + "type": "string", + "allowedValues": [ + "log-analytics" + ], + "metadata": { + "description": "Required. The destination of the logs." } }, - "logAnalyticsConfiguration": { - "type": "object", - "properties": { - "customerId": { - "type": "string", - "metadata": { - "description": "Required. The Log Analytics Workspace ID." - } - }, - "sharedKey": { - "type": "securestring", - "metadata": { - "description": "Required. The shared key of the Log Analytics workspace." - } - } - }, - "nullable": true, + "logAnalyticsWorkspaceResourceId": { + "type": "string", "metadata": { - "description": "Conditional. The Log Analytics configuration. Required if `destination` is `log-analytics`." + "description": "Required. Existing Log Analytics Workspace resource ID." } } }, "metadata": { - "__bicep_export!": true, - "description": "The type for the App Logs Configuration." + "description": "The type for the App Logs Configuration if using log-analytics." } }, "certificateKeyVaultPropertiesType": { @@ -50667,7 +51465,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/managedEnvironments@2024-10-02-preview#properties/tags" + "source": "Microsoft.App/managedEnvironments@2025-10-02-preview#properties/tags" }, "description": "Optional. Tags of the resource." }, @@ -50704,6 +51502,46 @@ "description": "Optional. Application Insights connection string." } }, + "daprConfiguration": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments@2025-10-02-preview#properties/properties/properties/daprConfiguration" + }, + "description": "Optional. The configuration of Dapr component." + }, + "nullable": true + }, + "ingressConfiguration": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments@2025-10-02-preview#properties/properties/properties/ingressConfiguration" + }, + "description": "Optional. Ingress configuration for the Managed Environment." + }, + "nullable": true + }, + "kedaConfiguration": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments@2025-10-02-preview#properties/properties/properties/kedaConfiguration" + }, + "description": "Optional. The configuration of Keda component." + }, + "nullable": true + }, + "peerAuthentication": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments@2025-10-02-preview#properties/properties/properties/peerAuthentication" + }, + "description": "Optional. Peer authentication settings for the Managed Environment." + }, + "nullable": true + }, "daprAIConnectionString": { "type": "securestring", "defaultValue": "", @@ -50727,7 +51565,7 @@ }, "infrastructureSubnetResourceId": { "type": "string", - "defaultValue": "", + "nullable": true, "metadata": { "description": "Conditional. Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if \"internal\" is set to true. Required if zoneRedundant is set to true to make the resource WAF compliant." } @@ -50736,7 +51574,7 @@ "type": "bool", "defaultValue": false, "metadata": { - "description": "Conditional. Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then \"infrastructureSubnetId\" must be provided. Required if zoneRedundant is set to true to make the resource WAF compliant." + "description": "Conditional. Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then \"infrastructureSubnetResourceId\" must be provided. Required if zoneRedundant is set to true to make the resource WAF compliant." } }, "platformReservedCidr": { @@ -50787,7 +51625,7 @@ }, "certificateValue": { "type": "securestring", - "defaultValue": "", + "nullable": true, "metadata": { "description": "Optional. Certificate to use for the custom domain. PFX or PEM." } @@ -50808,17 +51646,23 @@ }, "openTelemetryConfiguration": { "type": "object", - "defaultValue": {}, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments@2025-02-02-preview#properties/properties/properties/openTelemetryConfiguration" + }, "description": "Optional. Open Telemetry configuration." - } + }, + "nullable": true }, "workloadProfiles": { "type": "array", - "defaultValue": [], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments@2025-10-02-preview#properties/properties/properties/workloadProfiles" + }, "description": "Conditional. Workload profiles configured for the Managed Environment. Required if zoneRedundant is set to true to make the resource WAF compliant." - } + }, + "nullable": true }, "infrastructureResourceGroupName": { "type": "string", @@ -50861,7 +51705,7 @@ } ], "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(variables('formattedUserAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(variables('formattedUserAssignedIdentities'))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInRoleNames": { "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", @@ -50871,27 +51715,11 @@ } }, "resources": { - "managedEnvironment::storage": { - "copy": { - "name": "managedEnvironment::storage", - "count": "[length(coalesce(parameters('storages'), createArray()))]" - }, - "type": "Microsoft.App/managedEnvironments/storages", - "apiVersion": "2024-10-02-preview", - "name": "[format('{0}/{1}', parameters('name'), coalesce(parameters('storages'), createArray())[copyIndex()].shareName)]", - "properties": { - "nfsAzureFile": "[if(equals(coalesce(parameters('storages'), createArray())[copyIndex()].kind, 'NFS'), createObject('accessMode', coalesce(parameters('storages'), createArray())[copyIndex()].accessMode, 'server', format('{0}.file.{1}', coalesce(parameters('storages'), createArray())[copyIndex()].storageAccountName, environment().suffixes.storage), 'shareName', format('/{0}/{1}', coalesce(parameters('storages'), createArray())[copyIndex()].storageAccountName, coalesce(parameters('storages'), createArray())[copyIndex()].shareName)), null())]", - "azureFile": "[if(equals(coalesce(parameters('storages'), createArray())[copyIndex()].kind, 'SMB'), createObject('accessMode', coalesce(parameters('storages'), createArray())[copyIndex()].accessMode, 'accountName', coalesce(parameters('storages'), createArray())[copyIndex()].storageAccountName, 'accountKey', listkeys(resourceId('Microsoft.Storage/storageAccounts', coalesce(parameters('storages'), createArray())[copyIndex()].storageAccountName), '2023-01-01').keys[0].value, 'shareName', coalesce(parameters('storages'), createArray())[copyIndex()].shareName), null())]" - }, - "dependsOn": [ - "managedEnvironment" - ] - }, "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-11-01", - "name": "[format('46d3xbcp.res.app-managedenvironment.{0}.{1}', replace('0.11.3', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.app-managedenvironment.{0}.{1}', replace('0.13.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -50907,9 +51735,18 @@ } } }, + "logAnalyticsWorkspace": { + "condition": "[not(empty(tryGet(parameters('appLogsConfiguration'), 'logAnalyticsWorkspaceResourceId')))]", + "existing": true, + "type": "Microsoft.OperationalInsights/workspaces", + "apiVersion": "2025-02-01", + "subscriptionId": "[split(tryGet(parameters('appLogsConfiguration'), 'logAnalyticsWorkspaceResourceId'), '/')[2]]", + "resourceGroup": "[split(tryGet(parameters('appLogsConfiguration'), 'logAnalyticsWorkspaceResourceId'), '/')[4]]", + "name": "[last(split(tryGet(parameters('appLogsConfiguration'), 'logAnalyticsWorkspaceResourceId'), '/'))]" + }, "managedEnvironment": { "type": "Microsoft.App/managedEnvironments", - "apiVersion": "2024-10-02-preview", + "apiVersion": "2025-10-02-preview", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -50918,16 +51755,20 @@ "appInsightsConfiguration": { "connectionString": "[parameters('appInsightsConnectionString')]" }, - "appLogsConfiguration": "[parameters('appLogsConfiguration')]", + "daprConfiguration": "[parameters('daprConfiguration')]", + "ingressConfiguration": "[parameters('ingressConfiguration')]", + "kedaConfiguration": "[parameters('kedaConfiguration')]", + "peerAuthentication": "[parameters('peerAuthentication')]", + "appLogsConfiguration": "[if(not(empty(parameters('appLogsConfiguration'))), shallowMerge(createArray(createObject('destination', parameters('appLogsConfiguration').destination), if(not(empty(tryGet(parameters('appLogsConfiguration'), 'logAnalyticsWorkspaceResourceId'))), createObject('logAnalyticsConfiguration', createObject('customerId', reference('logAnalyticsWorkspace').customerId, 'sharedKey', listKeys('logAnalyticsWorkspace', '2025-02-01').primarySharedKey)), createObject()))), null())]", "daprAIConnectionString": "[parameters('daprAIConnectionString')]", "daprAIInstrumentationKey": "[parameters('daprAIInstrumentationKey')]", "customDomainConfiguration": { "certificatePassword": "[parameters('certificatePassword')]", - "certificateValue": "[if(not(empty(parameters('certificateValue'))), parameters('certificateValue'), null())]", + "certificateValue": "[parameters('certificateValue')]", "dnsSuffix": "[parameters('dnsSuffix')]", "certificateKeyVaultProperties": "[if(not(empty(tryGet(parameters('certificate'), 'certificateKeyVaultProperties'))), createObject('identity', tryGet(parameters('certificate'), 'certificateKeyVaultProperties', 'identityResourceId'), 'keyVaultUrl', tryGet(parameters('certificate'), 'certificateKeyVaultProperties', 'keyVaultUrl')), null())]" }, - "openTelemetryConfiguration": "[if(not(empty(parameters('openTelemetryConfiguration'))), parameters('openTelemetryConfiguration'), null())]", + "openTelemetryConfiguration": "[parameters('openTelemetryConfiguration')]", "peerTrafficConfiguration": { "encryption": { "enabled": "[parameters('peerTrafficEncryption')]" @@ -50936,15 +51777,18 @@ "publicNetworkAccess": "[parameters('publicNetworkAccess')]", "vnetConfiguration": { "internal": "[parameters('internal')]", - "infrastructureSubnetId": "[if(not(empty(parameters('infrastructureSubnetResourceId'))), parameters('infrastructureSubnetResourceId'), null())]", + "infrastructureSubnetId": "[parameters('infrastructureSubnetResourceId')]", "dockerBridgeCidr": "[if(not(empty(parameters('infrastructureSubnetResourceId'))), parameters('dockerBridgeCidr'), null())]", "platformReservedCidr": "[if(and(empty(parameters('workloadProfiles')), not(empty(parameters('infrastructureSubnetResourceId')))), parameters('platformReservedCidr'), null())]", "platformReservedDnsIP": "[if(and(empty(parameters('workloadProfiles')), not(empty(parameters('infrastructureSubnetResourceId')))), parameters('platformReservedDnsIP'), null())]" }, - "workloadProfiles": "[if(not(empty(parameters('workloadProfiles'))), parameters('workloadProfiles'), null())]", + "workloadProfiles": "[parameters('workloadProfiles')]", "zoneRedundant": "[parameters('zoneRedundant')]", "infrastructureResourceGroup": "[parameters('infrastructureResourceGroupName')]" - } + }, + "dependsOn": [ + "logAnalyticsWorkspace" + ] }, "managedEnvironment_roleAssignments": { "copy": { @@ -50953,7 +51797,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.App/managedEnvironments/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/managedEnvironments', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.App/managedEnvironments', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -50972,7 +51816,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.App/managedEnvironments/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/managedEnvironments', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -50982,10 +51826,135 @@ "managedEnvironment" ] }, + "managedEnvironment_storage": { + "copy": { + "name": "managedEnvironment_storage", + "count": "[length(coalesce(parameters('storages'), createArray()))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('{0}-Managed-Environment-Storage-{1}', uniqueString(deployment().name), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[coalesce(parameters('storages'), createArray())[copyIndex()].name]" + }, + "managedEnvironmentName": { + "value": "[parameters('name')]" + }, + "kind": { + "value": "[coalesce(parameters('storages'), createArray())[copyIndex()].kind]" + }, + "accessMode": { + "value": "[coalesce(parameters('storages'), createArray())[copyIndex()].accessMode]" + }, + "storageAccountName": { + "value": "[coalesce(parameters('storages'), createArray())[copyIndex()].storageAccountName]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.41.2.15936", + "templateHash": "12148192527952992187" + }, + "name": "App ManagedEnvironments Certificates", + "description": "This module deploys a App Managed Environment Certificate." + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the file share." + } + }, + "managedEnvironmentName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent app managed environment. Required if the template is used in a standalone deployment." + } + }, + "accessMode": { + "type": "string", + "metadata": { + "description": "Required. The access mode for the storage." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "NFS", + "SMB" + ], + "metadata": { + "description": "Required. Type of storage: \"SMB\" or \"NFS\"." + } + }, + "storageAccountName": { + "type": "string", + "metadata": { + "description": "Required. Storage account name." + } + } + }, + "resources": { + "managedEnvironment": { + "existing": true, + "type": "Microsoft.App/managedEnvironments", + "apiVersion": "2025-10-02-preview", + "name": "[parameters('managedEnvironmentName')]" + }, + "storage": { + "type": "Microsoft.App/managedEnvironments/storages", + "apiVersion": "2025-10-02-preview", + "name": "[format('{0}/{1}', parameters('managedEnvironmentName'), parameters('name'))]", + "properties": { + "nfsAzureFile": "[if(equals(parameters('kind'), 'NFS'), createObject('accessMode', parameters('accessMode'), 'server', format('{0}.file.{1}', parameters('storageAccountName'), environment().suffixes.storage), 'shareName', format('/{0}/{1}', parameters('storageAccountName'), parameters('name'))), null())]", + "azureFile": "[if(equals(parameters('kind'), 'SMB'), createObject('accessMode', parameters('accessMode'), 'accountName', parameters('storageAccountName'), 'accountKey', listkeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2025-01-01').keys[0].value, 'shareName', parameters('name')), null())]" + } + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the file share." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the file share." + }, + "value": "[resourceId('Microsoft.App/managedEnvironments/storages', parameters('managedEnvironmentName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the file share was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "managedEnvironment" + ] + }, "managedEnvironment_certificate": { "condition": "[not(empty(parameters('certificate')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-Managed-Environment-Certificate', uniqueString(deployment().name))]", "properties": { "expressionEvaluationOptions": { @@ -51010,6 +51979,12 @@ }, "certificatePassword": { "value": "[tryGet(parameters('certificate'), 'certificatePassword')]" + }, + "location": { + "value": "[tryGet(parameters('certificate'), 'location')]" + }, + "tags": { + "value": "[tryGet(parameters('certificate'), 'tags')]" } }, "template": { @@ -51019,8 +51994,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13507794255589178049" + "version": "0.41.2.15936", + "templateHash": "3685452564310390968" }, "name": "App ManagedEnvironments Certificates", "description": "This module deploys a App Managed Environment Certificate." @@ -51102,22 +52077,25 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments/certificates@2025-10-02-preview#properties/tags" + }, "description": "Optional. Tags of the resource." - } + }, + "nullable": true } }, "resources": { "managedEnvironment": { "existing": true, "type": "Microsoft.App/managedEnvironments", - "apiVersion": "2024-10-02-preview", + "apiVersion": "2025-10-02-preview", "name": "[parameters('managedEnvironmentName')]" }, "managedEnvironmentCertificate": { "type": "Microsoft.App/managedEnvironments/certificates", - "apiVersion": "2024-10-02-preview", + "apiVersion": "2025-10-02-preview", "name": "[format('{0}/{1}', parameters('managedEnvironmentName'), parameters('name'))]", "location": "[parameters('location')]", "properties": { @@ -51147,7 +52125,7 @@ "resourceGroupName": { "type": "string", "metadata": { - "description": "The resource group the batch account was deployed into." + "description": "The resource group the certificate was deployed into." }, "value": "[resourceGroup().name]" } @@ -51172,7 +52150,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('managedEnvironment', '2024-10-02-preview', 'full').location]" + "value": "[reference('managedEnvironment', '2025-10-02-preview', 'full').location]" }, "name": { "type": "string", @@ -51194,7 +52172,7 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('managedEnvironment', '2024-10-02-preview', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('managedEnvironment', '2025-10-02-preview', 'full'), 'identity'), 'principalId')]" }, "defaultDomain": { "type": "string", @@ -51295,8 +52273,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "7056981135113238663" + "version": "0.42.1.51946", + "templateHash": "14994565436716579607" }, "name": "Container Apps", "description": "This module deploys a Container App." @@ -51776,7 +52754,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -51786,7 +52764,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -51796,7 +52774,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -51806,7 +52784,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -51816,7 +52794,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -51826,7 +52804,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, @@ -51923,7 +52901,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if only metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -51960,7 +52938,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -51988,7 +52966,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -52063,7 +53041,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } } @@ -52155,7 +53133,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/service" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/service" }, "description": "Optional. Dev ContainerApp service type." }, @@ -52240,7 +53218,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/tags" + "source": "Microsoft.App/containerApps@2026-01-01#properties/tags" }, "description": "Optional. Tags of the resource." }, @@ -52250,7 +53228,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/registries" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/registries" }, "description": "Optional. Collection of private container registry credentials for containers used by the Container app." }, @@ -52284,7 +53262,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/customDomains" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/customDomains" }, "description": "Optional. Custom domain bindings for Container App hostnames." }, @@ -52301,45 +53279,27 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" }, "description": "Optional. Rules to restrict incoming IP address." }, "nullable": true }, - "trafficLabel": { - "type": "string", - "defaultValue": "label-1", - "metadata": { - "description": "Optional. Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes." - } - }, - "trafficLatestRevision": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Indicates that the traffic weight belongs to a latest stable revision." - } - }, - "trafficRevisionName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a revision." - } - }, - "trafficWeight": { - "type": "int", - "defaultValue": 100, + "traffic": { + "type": "array", "metadata": { - "description": "Optional. Traffic weight assigned to a revision." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/traffic" + }, + "description": "Optional. Traffic weight configuration for routing traffic across revisions. Each entry specifies a revision (or latest) and its traffic percentage. Supports blue-green and canary deployment patterns." + }, + "nullable": true }, "dapr": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/dapr" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/dapr" }, "description": "Optional. Dapr configuration for the Container App." }, @@ -52349,7 +53309,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/identitySettings" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/identitySettings" }, "description": "Optional. Settings for Managed Identities that are assigned to the Container App. If a Managed Identity is not specified here, default settings will be used." }, @@ -52366,7 +53326,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/runtime" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/runtime" }, "description": "Optional. Runtime configuration for the Container App." }, @@ -52376,7 +53336,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/containers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/containers" }, "description": "Required. List of container definitions for the Container App." } @@ -52392,7 +53352,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/initContainers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/initContainers" }, "description": "Optional. List of specialized containers that run before app containers." }, @@ -52419,7 +53379,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/volumes" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/volumes" }, "description": "Optional. List of volume definitions for the Container App." }, @@ -52459,7 +53419,7 @@ } ], "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(variables('formattedUserAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(variables('formattedUserAssignedIdentities'))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInRoleNames": { "ContainerApp Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b')]", "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", @@ -52473,8 +53433,8 @@ "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.19.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.22.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -52492,7 +53452,7 @@ }, "containerApp": { "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('name')]", "tags": "[parameters('tags')]", "kind": "[parameters('kind')]", @@ -52504,22 +53464,22 @@ "template": { "containers": "[parameters('containers')]", "terminationGracePeriodSeconds": "[parameters('terminationGracePeriodSeconds')]", - "initContainers": "[if(not(empty(parameters('initContainersTemplate'))), parameters('initContainersTemplate'), null())]", + "initContainers": "[parameters('initContainersTemplate')]", "revisionSuffix": "[parameters('revisionSuffix')]", "scale": "[parameters('scaleSettings')]", - "serviceBinds": "[if(and(parameters('includeAddOns'), not(empty(parameters('serviceBinds')))), parameters('serviceBinds'), null())]", - "volumes": "[if(not(empty(parameters('volumes'))), parameters('volumes'), null())]" + "serviceBinds": "[if(parameters('includeAddOns'), parameters('serviceBinds'), null())]", + "volumes": "[parameters('volumes')]" }, "configuration": { "activeRevisionsMode": "[parameters('activeRevisionsMode')]", - "dapr": "[if(not(empty(parameters('dapr'))), parameters('dapr'), null())]", - "identitySettings": "[if(not(empty(parameters('identitySettings'))), parameters('identitySettings'), null())]", - "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', if(not(empty(parameters('customDomains'))), parameters('customDomains'), null()), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', if(not(empty(parameters('ipSecurityRestrictions'))), parameters('ipSecurityRestrictions'), null()), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), createArray(createObject('label', parameters('trafficLabel'), 'latestRevision', parameters('trafficLatestRevision'), 'revisionName', parameters('trafficRevisionName'), 'weight', parameters('trafficWeight'))), null()), 'transport', parameters('ingressTransport')))]", - "service": "[if(and(parameters('includeAddOns'), not(empty(parameters('service')))), parameters('service'), null())]", + "dapr": "[parameters('dapr')]", + "identitySettings": "[parameters('identitySettings')]", + "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', parameters('customDomains'), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', parameters('ipSecurityRestrictions'), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('traffic'), null()), 'transport', parameters('ingressTransport')))]", + "service": "[if(parameters('includeAddOns'), parameters('service'), null())]", "maxInactiveRevisions": "[parameters('maxInactiveRevisions')]", - "registries": "[if(not(empty(parameters('registries'))), parameters('registries'), null())]", + "registries": "[parameters('registries')]", "secrets": "[parameters('secrets')]", - "runtime": "[if(not(empty(parameters('runtime'))), parameters('runtime'), null())]" + "runtime": "[parameters('runtime')]" } } }, @@ -52527,7 +53487,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -52544,7 +53504,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.App/containerApps', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -52566,7 +53526,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -52631,8 +53591,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "12480411243596309951" + "version": "0.42.1.51946", + "templateHash": "12173377941230147433" }, "name": "Container App Auth Configs", "description": "This module deploys Container App Auth Configs." @@ -52648,7 +53608,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -52658,7 +53618,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -52668,7 +53628,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -52678,7 +53638,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -52688,7 +53648,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -52698,7 +53658,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, @@ -52709,12 +53669,12 @@ "containerApp": { "existing": true, "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('containerAppName')]" }, "containerAppAuthConfigs": { "type": "Microsoft.App/containerApps/authConfigs", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[format('{0}/{1}', parameters('containerAppName'), 'current')]", "properties": { "encryptionSettings": "[parameters('encryptionSettings')]", @@ -52791,14 +53751,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('containerApp', '2025-02-02-preview', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('containerApp', '2026-01-01', 'full'), 'identity'), 'principalId')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('containerApp', '2025-02-02-preview', 'full').location]" + "value": "[reference('containerApp', '2026-01-01', 'full').location]" } } } @@ -52887,8 +53847,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "7056981135113238663" + "version": "0.42.1.51946", + "templateHash": "14994565436716579607" }, "name": "Container Apps", "description": "This module deploys a Container App." @@ -53368,7 +54328,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -53378,7 +54338,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -53388,7 +54348,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -53398,7 +54358,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -53408,7 +54368,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -53418,7 +54378,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, @@ -53515,7 +54475,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if only metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -53552,7 +54512,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -53580,7 +54540,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -53655,7 +54615,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } } @@ -53747,7 +54707,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/service" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/service" }, "description": "Optional. Dev ContainerApp service type." }, @@ -53832,7 +54792,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/tags" + "source": "Microsoft.App/containerApps@2026-01-01#properties/tags" }, "description": "Optional. Tags of the resource." }, @@ -53842,7 +54802,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/registries" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/registries" }, "description": "Optional. Collection of private container registry credentials for containers used by the Container app." }, @@ -53876,7 +54836,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/customDomains" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/customDomains" }, "description": "Optional. Custom domain bindings for Container App hostnames." }, @@ -53893,45 +54853,27 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" }, "description": "Optional. Rules to restrict incoming IP address." }, "nullable": true }, - "trafficLabel": { - "type": "string", - "defaultValue": "label-1", - "metadata": { - "description": "Optional. Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes." - } - }, - "trafficLatestRevision": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Indicates that the traffic weight belongs to a latest stable revision." - } - }, - "trafficRevisionName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a revision." - } - }, - "trafficWeight": { - "type": "int", - "defaultValue": 100, + "traffic": { + "type": "array", "metadata": { - "description": "Optional. Traffic weight assigned to a revision." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/traffic" + }, + "description": "Optional. Traffic weight configuration for routing traffic across revisions. Each entry specifies a revision (or latest) and its traffic percentage. Supports blue-green and canary deployment patterns." + }, + "nullable": true }, "dapr": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/dapr" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/dapr" }, "description": "Optional. Dapr configuration for the Container App." }, @@ -53941,7 +54883,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/identitySettings" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/identitySettings" }, "description": "Optional. Settings for Managed Identities that are assigned to the Container App. If a Managed Identity is not specified here, default settings will be used." }, @@ -53958,7 +54900,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/runtime" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/runtime" }, "description": "Optional. Runtime configuration for the Container App." }, @@ -53968,7 +54910,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/containers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/containers" }, "description": "Required. List of container definitions for the Container App." } @@ -53984,7 +54926,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/initContainers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/initContainers" }, "description": "Optional. List of specialized containers that run before app containers." }, @@ -54011,7 +54953,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/volumes" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/volumes" }, "description": "Optional. List of volume definitions for the Container App." }, @@ -54051,7 +54993,7 @@ } ], "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(variables('formattedUserAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(variables('formattedUserAssignedIdentities'))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInRoleNames": { "ContainerApp Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b')]", "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", @@ -54065,8 +55007,8 @@ "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.19.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.22.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -54084,7 +55026,7 @@ }, "containerApp": { "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('name')]", "tags": "[parameters('tags')]", "kind": "[parameters('kind')]", @@ -54096,22 +55038,22 @@ "template": { "containers": "[parameters('containers')]", "terminationGracePeriodSeconds": "[parameters('terminationGracePeriodSeconds')]", - "initContainers": "[if(not(empty(parameters('initContainersTemplate'))), parameters('initContainersTemplate'), null())]", + "initContainers": "[parameters('initContainersTemplate')]", "revisionSuffix": "[parameters('revisionSuffix')]", "scale": "[parameters('scaleSettings')]", - "serviceBinds": "[if(and(parameters('includeAddOns'), not(empty(parameters('serviceBinds')))), parameters('serviceBinds'), null())]", - "volumes": "[if(not(empty(parameters('volumes'))), parameters('volumes'), null())]" + "serviceBinds": "[if(parameters('includeAddOns'), parameters('serviceBinds'), null())]", + "volumes": "[parameters('volumes')]" }, "configuration": { "activeRevisionsMode": "[parameters('activeRevisionsMode')]", - "dapr": "[if(not(empty(parameters('dapr'))), parameters('dapr'), null())]", - "identitySettings": "[if(not(empty(parameters('identitySettings'))), parameters('identitySettings'), null())]", - "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', if(not(empty(parameters('customDomains'))), parameters('customDomains'), null()), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', if(not(empty(parameters('ipSecurityRestrictions'))), parameters('ipSecurityRestrictions'), null()), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), createArray(createObject('label', parameters('trafficLabel'), 'latestRevision', parameters('trafficLatestRevision'), 'revisionName', parameters('trafficRevisionName'), 'weight', parameters('trafficWeight'))), null()), 'transport', parameters('ingressTransport')))]", - "service": "[if(and(parameters('includeAddOns'), not(empty(parameters('service')))), parameters('service'), null())]", + "dapr": "[parameters('dapr')]", + "identitySettings": "[parameters('identitySettings')]", + "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', parameters('customDomains'), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', parameters('ipSecurityRestrictions'), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('traffic'), null()), 'transport', parameters('ingressTransport')))]", + "service": "[if(parameters('includeAddOns'), parameters('service'), null())]", "maxInactiveRevisions": "[parameters('maxInactiveRevisions')]", - "registries": "[if(not(empty(parameters('registries'))), parameters('registries'), null())]", + "registries": "[parameters('registries')]", "secrets": "[parameters('secrets')]", - "runtime": "[if(not(empty(parameters('runtime'))), parameters('runtime'), null())]" + "runtime": "[parameters('runtime')]" } } }, @@ -54119,7 +55061,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -54136,7 +55078,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.App/containerApps', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -54158,7 +55100,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -54223,8 +55165,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "12480411243596309951" + "version": "0.42.1.51946", + "templateHash": "12173377941230147433" }, "name": "Container App Auth Configs", "description": "This module deploys Container App Auth Configs." @@ -54240,7 +55182,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -54250,7 +55192,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -54260,7 +55202,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -54270,7 +55212,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -54280,7 +55222,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -54290,7 +55232,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, @@ -54301,12 +55243,12 @@ "containerApp": { "existing": true, "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('containerAppName')]" }, "containerAppAuthConfigs": { "type": "Microsoft.App/containerApps/authConfigs", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[format('{0}/{1}', parameters('containerAppName'), 'current')]", "properties": { "encryptionSettings": "[parameters('encryptionSettings')]", @@ -54383,14 +55325,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('containerApp', '2025-02-02-preview', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('containerApp', '2026-01-01', 'full'), 'identity'), 'principalId')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('containerApp', '2025-02-02-preview', 'full').location]" + "value": "[reference('containerApp', '2026-01-01', 'full').location]" } } } @@ -54424,7 +55366,7 @@ }, "AZURE_BLOB_ENDPOINT": { "type": "string", - "value": "[format('https://{0}.blob.core.windows.net/', reference('storageAccount').outputs.name.value)]" + "value": "[format('https://{0}.blob.{1}/', reference('storageAccount').outputs.name.value, environment().suffixes.storage)]" }, "AZURE_AI_AGENT_PROJECT_NAME": { "type": "string", diff --git a/infra/main_custom.bicep b/infra/main_custom.bicep index 398378fd..7bbb40bf 100644 --- a/infra/main_custom.bicep +++ b/infra/main_custom.bicep @@ -167,7 +167,7 @@ var resourceGroupTagsValue = union( ) // ========== Resource Group Tag ========== // -resource resourceGroupTags 'Microsoft.Resources/tags@2021-04-01' = { +resource resourceGroupTags 'Microsoft.Resources/tags@2025-04-01' = { name: 'default' properties: { tags: resourceGroupTagsValue @@ -175,7 +175,7 @@ resource resourceGroupTags 'Microsoft.Resources/tags@2021-04-01' = { } #disable-next-line no-deployments-resources -resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { +resource avmTelemetry 'Microsoft.Resources/deployments@2025-04-01' = if (enableTelemetry) { name: take( '46d3xbcp.ptn.sa-modernizeyourcode.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}', 64 @@ -196,7 +196,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT } } -module appIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.2' = { +module appIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.5.0' = { name: take('avm.res.managed-identity.user-assigned-identity.${solutionSuffix}', 64) params: { name: 'id-${solutionSuffix}' @@ -212,13 +212,13 @@ var existingLawSubscription = useExistingLogAnalytics ? split(existingLogAnalyti var existingLawResourceGroup = useExistingLogAnalytics ? split(existingLogAnalyticsWorkspaceId, '/')[4] : '' var existingLawName = useExistingLogAnalytics ? split(existingLogAnalyticsWorkspaceId, '/')[8] : '' -resource existingLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' existing = if (useExistingLogAnalytics) { +resource existingLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2025-07-01' existing = if (useExistingLogAnalytics) { name: existingLawName scope: resourceGroup(existingLawSubscription, existingLawResourceGroup) } // Deploy new Log Analytics workspace only if required and not using existing -module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.12.0' = if ((enableMonitoring || enablePrivateNetworking) && !useExistingLogAnalytics) { +module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.15.0' = if ((enableMonitoring || enablePrivateNetworking) && !useExistingLogAnalytics) { name: take('avm.res.operational-insights.workspace.${solutionSuffix}', 64) params: { name: 'log-${solutionSuffix}' @@ -282,7 +282,7 @@ var LogAnalyticsPrimarySharedKey string = useExistingLogAnalytics? existingLogAn var LogAnalyticsWorkspaceId = useExistingLogAnalytics? existingLogAnalyticsWorkspace.properties.customerId : logAnalyticsWorkspace!.outputs.logAnalyticsWorkspaceId var logAnalyticsWorkspaceName = useExistingLogAnalytics ? existingLawName : logAnalyticsWorkspace!.outputs.name -module applicationInsights 'br/public:avm/res/insights/component:0.7.0' = if (enableMonitoring) { +module applicationInsights 'br/public:avm/res/insights/component:0.7.1' = if (enableMonitoring) { name: take('avm.res.insights.component.${solutionSuffix}', 64) params: { name: 'appi-${solutionSuffix}' @@ -341,7 +341,7 @@ var dnsZoneIndex = { // - Excludes AI-related zones when using with an existing Foundry project // =================================================== @batchSize(5) -module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.8.0' = [ +module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.8.1' = [ for (zone, i) in privateDnsZones: if (enablePrivateNetworking) { name: take('avm.res.network.private-dns-zone.${split(zone, '.')[1]}.${solutionSuffix}', 64) params: { @@ -360,7 +360,7 @@ module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.8.0' = [ // Azure Bastion Host var bastionHostName = 'bas-${solutionSuffix}' -module bastionHost 'br/public:avm/res/network/bastion-host:0.8.0' = if (enablePrivateNetworking) { +module bastionHost 'br/public:avm/res/network/bastion-host:0.8.2' = if (enablePrivateNetworking) { name: take('avm.res.network.bastion-host.${bastionHostName}', 64) params: { name: bastionHostName @@ -390,7 +390,7 @@ module bastionHost 'br/public:avm/res/network/bastion-host:0.8.0' = if (enablePr // ========== Jumpbox Virtual machine ========== // var maintenanceConfigurationResourceName = 'mc-${solutionSuffix}' -module maintenanceConfiguration 'br/public:avm/res/maintenance/maintenance-configuration:0.3.2' = if (enablePrivateNetworking) { +module maintenanceConfiguration 'br/public:avm/res/maintenance/maintenance-configuration:0.4.0' = if (enablePrivateNetworking) { name: take('avm.res.compute.virtual-machine.${maintenanceConfigurationResourceName}', 64) params: { name: maintenanceConfigurationResourceName @@ -430,7 +430,7 @@ var dataCollectionRulesResourceName = 'dcr-${solutionSuffix}' var dataCollectionRulesLocation = useExistingLogAnalytics ? existingLogAnalyticsWorkspace!.location : logAnalyticsWorkspace!.outputs.location -module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-rule:0.8.0' = if (enablePrivateNetworking && enableMonitoring) { +module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-rule:0.11.0' = if (enablePrivateNetworking && enableMonitoring) { name: take('avm.res.insights.data-collection-rule.${dataCollectionRulesResourceName}', 64) params: { name: dataCollectionRulesResourceName @@ -556,7 +556,7 @@ module proximityPlacementGroup 'br/public:avm/res/compute/proximity-placement-gr var virtualMachineResourceName = take('vm-jumpbox-${solutionSuffix}', 15) -module virtualMachine 'br/public:avm/res/compute/virtual-machine:0.20.0' = if (enablePrivateNetworking) { +module virtualMachine 'br/public:avm/res/compute/virtual-machine:0.22.0' = if (enablePrivateNetworking) { name: take('avm.res.compute.virtual-machine.${virtualMachineResourceName}', 64) params: { name: virtualMachineResourceName @@ -673,11 +673,9 @@ module aiServices 'modules/ai-foundry/aifoundry.bicep' = { privateNetworking: null // Private endpoint is handled by the standalone aiFoundryPrivateEndpoint module existingFoundryProjectResourceId: existingFoundryProjectResourceId disableLocalAuth: true //Should be set to true for WAF aligned configuration - customSubDomainName: 'aif-${solutionSuffix}' apiProperties: { //staticsEnabled: false } - allowProjectManagement: true managedIdentities: { systemAssigned: true } @@ -712,7 +710,7 @@ module aiServices 'modules/ai-foundry/aifoundry.bicep' = { var aiFoundryAiServicesResourceName = 'aif-${solutionSuffix}' var useExistingAiFoundryAiProject = !empty(existingFoundryProjectResourceId) -module aiFoundryPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.8.1' = if (enablePrivateNetworking && !useExistingAiFoundryAiProject) { +module aiFoundryPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.12.0' = if (enablePrivateNetworking && !useExistingAiFoundryAiProject) { name: take('pep-${aiFoundryAiServicesResourceName}-deployment', 64) params: { name: 'pep-${aiFoundryAiServicesResourceName}' @@ -788,7 +786,7 @@ module storageAccount 'modules/storageAccount.bicep' = { } // Azure Container Registry for azd container deployments -resource containerRegistry 'Microsoft.ContainerRegistry/registries@2023-07-01' = { +resource containerRegistry 'Microsoft.ContainerRegistry/registries@2025-11-01' = { name: take('acrreg${solutionSuffix}', 50) location: location sku: { @@ -863,7 +861,7 @@ module cosmosDb 'modules/cosmosDb.bicep' = { var containerAppsEnvironmentName = 'cae-${solutionSuffix}' -module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.11.3' = { +module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.13.1' = { name: take('avm.res.app.managed-environment.${solutionSuffix}', 64) #disable-next-line no-unnecessary-dependson dependsOn: [applicationInsights, logAnalyticsWorkspace, virtualNetwork] // required due to optional flags that could change dependency @@ -903,7 +901,7 @@ module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.11. } } -module containerAppBackend 'br/public:avm/res/app/container-app:0.19.0' = { +module containerAppBackend 'br/public:avm/res/app/container-app:0.22.0' = { name: take('avm.res.app.container-app.backend.${solutionSuffix}', 64) #disable-next-line no-unnecessary-dependson dependsOn: [applicationInsights] // required due to optional flags that could change dependency @@ -1088,7 +1086,7 @@ module containerAppBackend 'br/public:avm/res/app/container-app:0.19.0' = { } } -module containerAppFrontend 'br/public:avm/res/app/container-app:0.19.0' = { +module containerAppFrontend 'br/public:avm/res/app/container-app:0.22.0' = { name: take('avm.res.app.container-app.frontend.${solutionSuffix}', 64) params: { name: take('ca-frontend-${solutionSuffix}', 32) diff --git a/infra/modules/ai-foundry/ai-services.bicep b/infra/modules/ai-foundry/ai-services.bicep index c0b161bd..7067171b 100644 --- a/infra/modules/ai-foundry/ai-services.bicep +++ b/infra/modules/ai-foundry/ai-services.bicep @@ -1,5 +1,5 @@ // This module is here solely to provide network injection for Cognitive Services. -// The AVM Module 'br/public:avm/res/cognitive-services/account:0.11.0' does not support that feature as of version 0.11.0 +// The AVM Module 'br/public:avm/res/cognitive-services/account:0.14.2' does not support that feature as of version 0.11.0 metadata name = 'Cognitive Services' metadata description = 'This module deploys a Cognitive Service.' @@ -60,7 +60,7 @@ param sku string = 'S0' @description('Optional. Location for all Resources.') param location string = resourceGroup().location -import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. The diagnostic settings of the service.') param diagnosticSettings diagnosticSettingFullType[]? @@ -80,11 +80,11 @@ param networkAcls object? @description('Optional. The network injection subnet resource Id for the Cognitive Services account. This allows to use the AI Services account with a virtual network.') param networkInjectionSubnetResourceId string? -import { privateEndpointSingleServiceType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { privateEndpointSingleServiceType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints privateEndpointSingleServiceType[]? -import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. Array of role assignments to create.') param roleAssignments roleAssignmentType[]? @@ -116,7 +116,7 @@ param restrictOutboundNetworkAccess bool = true @description('Optional. The storage accounts for this resource.') param userOwnedStorage array? -import { managedIdentityAllType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { managedIdentityAllType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. The managed identity definition for this resource.') param managedIdentities managedIdentityAllType? @@ -260,7 +260,7 @@ var formattedRoleAssignments = [ }) ] -resource cognitiveService 'Microsoft.CognitiveServices/accounts@2025-07-01-preview' = { +resource cognitiveService 'Microsoft.CognitiveServices/accounts@2026-03-01' = { name: name kind: kind identity: identity @@ -306,7 +306,7 @@ resource cognitiveService 'Microsoft.CognitiveServices/accounts@2025-07-01-previ } @batchSize(1) -resource cognitiveService_deployments 'Microsoft.CognitiveServices/accounts/deployments@2024-10-01' = [ +resource cognitiveService_deployments 'Microsoft.CognitiveServices/accounts/deployments@2026-03-01' = [ for (deployment, index) in (deployments ?? []): { parent: cognitiveService name: deployment.?name ?? '${name}-deployments' @@ -355,7 +355,7 @@ resource cognitiveService_diagnosticSettings 'Microsoft.Insights/diagnosticSetti } ] -module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.11.1' = [ +module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.12.0' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: take('${uniqueString(deployment().name, location)}-cognitiveService-PrivateEndpoint-${index}', 64) scope: resourceGroup( diff --git a/infra/modules/ai-foundry/aifoundry.bicep b/infra/modules/ai-foundry/aifoundry.bicep index 77b35262..a390e504 100644 --- a/infra/modules/ai-foundry/aifoundry.bicep +++ b/infra/modules/ai-foundry/aifoundry.bicep @@ -65,14 +65,14 @@ param existingFoundryProjectResourceId string = '' @description('Optional. Specifies the OpenAI deployments to create.') param deployments deploymentType[]? -import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. Array of role assignments to create.') param roleAssignments roleAssignmentType[] = [] @description('Optional. Values to establish private networking for the AI Services resource.') param privateNetworking aiServicesPrivateNetworkingType? -import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. The diagnostic settings of the service.') param diagnosticSettings diagnosticSettingFullType[]? @@ -83,17 +83,14 @@ param diagnosticSettings diagnosticSettingFullType[]? ]) param publicNetworkAccess string? -@description('Conditional. Subdomain name used for token-based authentication. Required if \'networkAcls\' or \'privateEndpoints\' are set.') -param customSubDomainName string? - @description('Optional. A collection of rules governing the accessibility from specific network locations.') param networkAcls object? -import { privateEndpointSingleServiceType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { privateEndpointSingleServiceType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints privateEndpointSingleServiceType[]? -import { lockType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { lockType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. The lock settings of the service.') param lock lockType? @@ -109,7 +106,7 @@ param apiProperties object? @description('Optional. Allow only Azure AD authentication. Should be enabled for security reasons.') param disableLocalAuth bool = true -import { customerManagedKeyType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { customerManagedKeyType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. The customer managed key definition.') param customerManagedKey customerManagedKeyType? @@ -129,7 +126,7 @@ param restrictOutboundNetworkAccess bool = true @description('Optional. The storage accounts for this resource.') param userOwnedStorage array? -import { managedIdentityAllType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { managedIdentityAllType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. The managed identity definition for this resource.') param managedIdentities managedIdentityAllType? @@ -139,9 +136,6 @@ param enableTelemetry bool = true @description('Optional. Key vault reference and secret settings for the module\'s secrets export.') param secretsExportConfiguration secretsExportConfigurationType? -@description('Optional. Enable/Disable project management feature for AI Foundry.') -param allowProjectManagement bool? - var formattedUserAssignedIdentities = reduce( map((managedIdentities.?userAssignedResourceIds ?? []), (id) => { '${id}': {} }), {}, @@ -158,7 +152,7 @@ var identity = !empty(managedIdentities) : null #disable-next-line no-deployments-resources -resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { +resource avmTelemetry 'Microsoft.Resources/deployments@2025-04-01' = if (enableTelemetry) { name: '46d3xbcp.res.cognitiveservices-account.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' properties: { mode: 'Incremental' @@ -176,7 +170,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT } } -resource cMKKeyVault 'Microsoft.KeyVault/vaults@2025-05-01' existing = if (!empty(customerManagedKey.?keyVaultResourceId)) { +resource cMKKeyVault 'Microsoft.KeyVault/vaults@2026-02-01' existing = if (!empty(customerManagedKey.?keyVaultResourceId)) { name: last(split(customerManagedKey.?keyVaultResourceId!, '/')) scope: resourceGroup( split(customerManagedKey.?keyVaultResourceId!, '/')[2], @@ -208,7 +202,7 @@ var aiServicesPrivateDnsZoneResourceId = privateNetworking != null ? privateNetworking.?aiServicesPrivateDnsZoneResourceId ?? '' : '' -resource cognitiveServiceNew 'Microsoft.CognitiveServices/accounts@2025-07-01-preview' = if(!useExistingService) { +resource cognitiveServiceNew 'Microsoft.CognitiveServices/accounts@2025-12-01' = if(!useExistingService) { name: name kind: kind identity: identity @@ -238,13 +232,13 @@ resource cognitiveServiceNew 'Microsoft.CognitiveServices/accounts@2025-07-01-pr keySource: 'Microsoft.KeyVault' keyVaultProperties: { identityClientId: !empty(customerManagedKey.?userAssignedIdentityResourceId ?? '') - ? cMKUserAssignedIdentity.properties.clientId + ? cMKUserAssignedIdentity!.properties.clientId : null - keyVaultUri: cMKKeyVault.properties.vaultUri + keyVaultUri: cMKKeyVault!.properties.vaultUri keyName: customerManagedKey!.keyName keyVersion: !empty(customerManagedKey.?keyVersion ?? '') ? customerManagedKey!.?keyVersion - : last(split(cMKKeyVault::cMKKey.properties.keyUriWithVersion, '/')) + : last(split(cMKKeyVault::cMKKey!.properties.keyUriWithVersion, '/')) } } : null @@ -258,7 +252,7 @@ resource cognitiveServiceNew 'Microsoft.CognitiveServices/accounts@2025-07-01-pr var existingCognitiveServiceDetails = split(existingFoundryProjectResourceId, '/') -resource cognitiveServiceExisting 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' existing = if(useExistingService) { +resource cognitiveServiceExisting 'Microsoft.CognitiveServices/accounts@2025-12-01' existing = if(useExistingService) { name: existingCognitiveServiceDetails[8] scope: resourceGroup(existingCognitiveServiceDetails[2], existingCognitiveServiceDetails[4]) } @@ -397,8 +391,6 @@ module existing_cognitive_service_dependencies './dependencies.bicep' = if(useEx // } // } -var cognitiveService = useExistingService ? cognitiveServiceExisting : cognitiveServiceNew - @description('The name of the cognitive services account.') output name string = useExistingService ? cognitiveServiceExisting.name : cognitiveServiceNew.name @@ -412,26 +404,26 @@ output subscriptionId string = useExistingService ? existingCognitiveServiceDet output resourceGroupName string = useExistingService ? existingCognitiveServiceDetails[4] : resourceGroup().name @description('The service endpoint of the cognitive services account.') -output endpoint string = useExistingService ? cognitiveServiceExisting.properties.endpoint : cognitiveService.properties.endpoint +output endpoint string = useExistingService ? cognitiveServiceExisting!.properties.endpoint : cognitiveServiceNew!.properties.endpoint @description('All endpoints available for the cognitive services account, types depends on the cognitive service kind.') -output endpoints endpointType = useExistingService ? cognitiveServiceExisting.properties.endpoints : cognitiveService.properties.endpoints +output endpoints endpointType = useExistingService ? cognitiveServiceExisting!.properties.endpoints : cognitiveServiceNew!.properties.endpoints @description('The principal ID of the system assigned identity.') -output systemAssignedMIPrincipalId string? = useExistingService ? cognitiveServiceExisting.identity.principalId : cognitiveService.?identity.?principalId +output systemAssignedMIPrincipalId string? = useExistingService ? cognitiveServiceExisting!.identity.principalId : cognitiveServiceNew!.?identity.?principalId @description('The location the resource was deployed into.') -output location string = useExistingService ? cognitiveServiceExisting.location : cognitiveService.location +output location string = useExistingService ? cognitiveServiceExisting!.location : cognitiveServiceNew!.location -import { secretsOutputType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { secretsOutputType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('A hashtable of references to the secrets exported to the provided Key Vault. The key of each reference is each secret\'s name.') -output exportedSecrets secretsOutputType = useExistingService ? existing_cognitive_service_dependencies.outputs.exportedSecrets : cognitive_service_dependencies.outputs.exportedSecrets +output exportedSecrets secretsOutputType = useExistingService ? existing_cognitive_service_dependencies!.outputs.exportedSecrets : cognitive_service_dependencies!.outputs.exportedSecrets @description('The private endpoints of the congitive services account.') -output privateEndpoints privateEndpointOutputType[] = useExistingService ? existing_cognitive_service_dependencies.outputs.privateEndpoints : cognitive_service_dependencies.outputs.privateEndpoints +output privateEndpoints privateEndpointOutputType[] = useExistingService ? existing_cognitive_service_dependencies!.outputs.privateEndpoints : cognitive_service_dependencies!.outputs.privateEndpoints import { aiProjectOutputType } from './project.bicep' -output aiProjectInfo aiProjectOutputType = useExistingService ? existing_cognitive_service_dependencies.outputs.aiProjectInfo : cognitive_service_dependencies.outputs.aiProjectInfo +output aiProjectInfo aiProjectOutputType = useExistingService ? existing_cognitive_service_dependencies!.outputs.aiProjectInfo : cognitive_service_dependencies!.outputs.aiProjectInfo @export() @description('A custom AVM-aligned type for a role assignment for AI Services and Project.') diff --git a/infra/modules/ai-foundry/dependencies.bicep b/infra/modules/ai-foundry/dependencies.bicep index 0d28aa1a..5c6ce342 100644 --- a/infra/modules/ai-foundry/dependencies.bicep +++ b/infra/modules/ai-foundry/dependencies.bicep @@ -35,19 +35,19 @@ param deployments deploymentType[]? @description('Optional. Key vault reference and secret settings for the module\'s secrets export.') param secretsExportConfiguration secretsExportConfigurationType? -import { privateEndpointSingleServiceType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { privateEndpointSingleServiceType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints privateEndpointSingleServiceType[]? -import { lockType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { lockType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. The lock settings of the service.') param lock lockType? -import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. Array of role assignments to create.') param roleAssignments roleAssignmentType[]? -import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. The diagnostic settings of the service.') param diagnosticSettings diagnosticSettingFullType[]? @@ -187,12 +187,12 @@ var formattedRoleAssignments = [ var enableReferencedModulesTelemetry = false -resource cognitiveService 'Microsoft.CognitiveServices/accounts@2025-07-01-preview' existing = { +resource cognitiveService 'Microsoft.CognitiveServices/accounts@2025-12-01' existing = { name: name } @batchSize(1) -resource cognitiveService_deployments 'Microsoft.CognitiveServices/accounts/deployments@2025-04-01-preview' = [ +resource cognitiveService_deployments 'Microsoft.CognitiveServices/accounts/deployments@2026-03-01' = [ for (deployment, index) in (deployments ?? []): { parent: cognitiveService name: deployment.?name ?? '${name}-deployments' @@ -254,7 +254,7 @@ resource cognitiveService_diagnosticSettings 'Microsoft.Insights/diagnosticSetti } ] -module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.11.1' = [ +module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.12.0' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-cognitiveService-PrivateEndpoint-${index}' scope: resourceGroup( @@ -367,10 +367,10 @@ module aiProject 'project.bicep' = if(!empty(projectName) || !empty(azureExistin } } -import { secretsOutputType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { secretsOutputType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('A hashtable of references to the secrets exported to the provided Key Vault. The key of each reference is each secret\'s name.') output exportedSecrets secretsOutputType = (secretsExportConfiguration != null) - ? toObject(secretsExport.outputs.secretsSet, secret => last(split(secret.secretResourceId, '/')), secret => secret) + ? toObject(secretsExport!.outputs.secretsSet, secret => last(split(secret.secretResourceId, '/')), secret => secret) : {} @description('The private endpoints of the congitive services account.') @@ -385,7 +385,7 @@ output privateEndpoints privateEndpointOutputType[] = [ ] import { aiProjectOutputType } from './project.bicep' -output aiProjectInfo aiProjectOutputType = aiProject.outputs.aiProjectInfo +output aiProjectInfo aiProjectOutputType = aiProject!.outputs.aiProjectInfo // ================ // // Definitions // diff --git a/infra/modules/ai-foundry/keyVaultExport.bicep b/infra/modules/ai-foundry/keyVaultExport.bicep index 44597e56..fff5db46 100644 --- a/infra/modules/ai-foundry/keyVaultExport.bicep +++ b/infra/modules/ai-foundry/keyVaultExport.bicep @@ -5,7 +5,7 @@ @description('Required. The name of the Key Vault to set the ecrets in.') param keyVaultName string -import { secretToSetType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { secretToSetType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Required. The secrets to set in the Key Vault.') param secretsToSet secretToSetType[] @@ -13,11 +13,11 @@ param secretsToSet secretToSetType[] // Resources // // ============= // -resource keyVault 'Microsoft.KeyVault/vaults@2025-05-01' existing = { +resource keyVault 'Microsoft.KeyVault/vaults@2026-02-01' existing = { name: keyVaultName } -resource secrets 'Microsoft.KeyVault/vaults/secrets@2025-05-01' = [ +resource secrets 'Microsoft.KeyVault/vaults/secrets@2026-02-01' = [ for secret in secretsToSet: { name: secret.name parent: keyVault @@ -31,7 +31,7 @@ resource secrets 'Microsoft.KeyVault/vaults/secrets@2025-05-01' = [ // Outputs // // =========== // -import { secretSetOutputType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { secretSetOutputType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('The references to the secrets exported to the provided Key Vault.') output secretsSet secretSetOutputType[] = [ #disable-next-line outputs-should-not-contain-secrets // Only returning the references, not a secret value diff --git a/infra/modules/ai-foundry/project.bicep b/infra/modules/ai-foundry/project.bicep index b4e9e4c3..c8f434ba 100644 --- a/infra/modules/ai-foundry/project.bicep +++ b/infra/modules/ai-foundry/project.bicep @@ -22,12 +22,12 @@ var existingProjName = useExistingProject ? last(split(azureExistingAIProjectRes var existingProjEndpoint = useExistingProject ? format('https://{0}.services.ai.azure.com/api/projects/{1}', aiServicesName, existingProjName) : '' // Reference to cognitive service in current resource group for new projects -resource cogServiceReference 'Microsoft.CognitiveServices/accounts@2024-10-01' existing = { +resource cogServiceReference 'Microsoft.CognitiveServices/accounts@2026-03-01' existing = { name: aiServicesName } // Create new AI project only if not reusing existing one -resource aiProject 'Microsoft.CognitiveServices/accounts/projects@2025-07-01-preview' = if(!useExistingProject) { +resource aiProject 'Microsoft.CognitiveServices/accounts/projects@2026-03-01' = if(!useExistingProject) { parent: cogServiceReference name: name tags: tags @@ -45,7 +45,7 @@ resource aiProject 'Microsoft.CognitiveServices/accounts/projects@2025-07-01-pre output aiProjectInfo aiProjectOutputType = { name: useExistingProject ? existingProjName : aiProject.name resourceId: useExistingProject ? azureExistingAIProjectResourceId : aiProject.id - apiEndpoint: useExistingProject ? existingProjEndpoint : aiProject.properties.endpoints['AI Foundry API'] + apiEndpoint: useExistingProject ? existingProjEndpoint : aiProject!.properties.endpoints['AI Foundry API'] } @export() diff --git a/infra/modules/cosmosDb.bicep b/infra/modules/cosmosDb.bicep index a6cde78e..4ae5b733 100644 --- a/infra/modules/cosmosDb.bicep +++ b/infra/modules/cosmosDb.bicep @@ -23,7 +23,7 @@ import { resourcePrivateNetworkingType } from 'customTypes.bicep' @description('Optional. Values to establish private networking for the Cosmos DB resource.') param privateNetworking resourcePrivateNetworkingType? -import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. Array of role assignments to create.') param roleAssignments roleAssignmentType[]? @@ -34,7 +34,7 @@ var privateDnsZoneResourceId = privateNetworking != null ? privateNetworking.?privateDnsZoneResourceId ?? '' : '' -resource sqlContributorRoleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2024-11-15' existing = { +resource sqlContributorRoleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2025-11-01-preview' existing = { name: '${name}/00000000-0000-0000-0000-000000000002' } @@ -43,7 +43,7 @@ var batchContainerName = 'cmsabatch' var fileContainerName = 'cmsafile' var logContainerName = 'cmsalog' -module cosmosAccount 'br/public:avm/res/document-db/database-account:0.18.0' = { +module cosmosAccount 'br/public:avm/res/document-db/database-account:0.19.0' = { name: take('avm.res.document-db.database-account.${name}', 64) params: { name: name diff --git a/infra/modules/keyVault.bicep b/infra/modules/keyVault.bicep index 6a92ff14..a683482b 100644 --- a/infra/modules/keyVault.bicep +++ b/infra/modules/keyVault.bicep @@ -21,7 +21,7 @@ import { resourcePrivateNetworkingType } from 'customTypes.bicep' @description('Optional. Values to establish private networking for the Key Vault resource.') param privateNetworking resourcePrivateNetworkingType? -import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. Array of role assignments to create.') param roleAssignments roleAssignmentType[]? diff --git a/infra/modules/storageAccount.bicep b/infra/modules/storageAccount.bicep index f6b35314..b6c25f76 100644 --- a/infra/modules/storageAccount.bicep +++ b/infra/modules/storageAccount.bicep @@ -26,7 +26,7 @@ param logAnalyticsWorkspaceResourceId string? @description('Optional. Values to establish private networking for the Storage Account.') param privateNetworking storageAccountPrivateNetworkingType? -import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. Array of role assignments to create.') param roleAssignments roleAssignmentType[]? @@ -43,7 +43,7 @@ var filePrivateDnsZoneResourceId = privateNetworking != null ? privateNetworking.?filePrivateDnsZoneResourceId ?? '' : '' -module storageAccount 'br/public:avm/res/storage/storage-account:0.28.0' = { +module storageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = { name: take('avm.res.storage.storage-account.${name}', 64) #disable-next-line no-unnecessary-dependson params: { diff --git a/infra/modules/virtualNetwork.bicep b/infra/modules/virtualNetwork.bicep index 82b158f6..e5a6829f 100644 --- a/infra/modules/virtualNetwork.bicep +++ b/infra/modules/virtualNetwork.bicep @@ -211,7 +211,7 @@ param resourceSuffix string // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/network-security-group @batchSize(1) -module nsgs 'br/public:avm/res/network/network-security-group:0.5.2' = [ +module nsgs 'br/public:avm/res/network/network-security-group:0.5.3' = [ for (subnet, i) in subnets: if (!empty(subnet.?networkSecurityGroup)) { name: take('avm.res.network.network-security-group.${subnet.?networkSecurityGroup.name}.${resourceSuffix}', 64) params: { @@ -228,7 +228,7 @@ module nsgs 'br/public:avm/res/network/network-security-group:0.5.2' = [ // using AVM Virtual Network module // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/virtual-network -module virtualNetwork 'br/public:avm/res/network/virtual-network:0.7.1' = { +module virtualNetwork 'br/public:avm/res/network/virtual-network:0.8.0' = { name: take('avm.res.network.virtual-network.${name}', 64) params: { name: name diff --git a/infra/samples/network-subnet-design.bicep b/infra/samples/network-subnet-design.bicep index 63c90c39..0615be60 100644 --- a/infra/samples/network-subnet-design.bicep +++ b/infra/samples/network-subnet-design.bicep @@ -309,7 +309,7 @@ param subnets subnetType[] = [ // /******************************************************************************************************************/ // Create Log Analytics Workspace for monitoring and diagnostics // /******************************************************************************************************************/ -module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.11.2' = { +module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.15.0' = { name: take('log-analytics-${resourcesName}-deployment', 64) params: { name: 'log-${resourcesName}' diff --git a/infra/samples/network/bastionHost.bicep b/infra/samples/network/bastionHost.bicep index cc1987e5..2935aace 100644 --- a/infra/samples/network/bastionHost.bicep +++ b/infra/samples/network/bastionHost.bicep @@ -30,7 +30,7 @@ param subnet subnetType? // 1. Create AzureBastionSubnet NSG // using AVM Network Security Group module // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/network-security-group -module nsg 'br/public:avm/res/network/network-security-group:0.5.1' = if (!empty(subnet)) { +module nsg 'br/public:avm/res/network/network-security-group:0.5.3' = if (!empty(subnet)) { name: '${vnetName}-${subnet.?networkSecurityGroup.name}' params: { name: '${subnet.?networkSecurityGroup.name}-${vnetName}' @@ -43,7 +43,7 @@ module nsg 'br/public:avm/res/network/network-security-group:0.5.1' = if (!empty // 2. Create Azure Bastion Host using AVM Subnet Module with special config for Azure Bastion Subnet // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/virtual-network/subnet -module bastionSubnet 'br/public:avm/res/network/virtual-network/subnet:0.1.2' = if (!empty(subnet)) { +module bastionSubnet 'br/public:avm/res/network/virtual-network/subnet:0.1.3' = if (!empty(subnet)) { name: take('bastionSubnet-${vnetName}', 64) params: { virtualNetworkName: vnetName @@ -57,7 +57,7 @@ module bastionSubnet 'br/public:avm/res/network/virtual-network/subnet:0.1.2' = // 3. Create Azure Bastion Host in AzureBastionsubnetSubnet using AVM Bastion Host module // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/bastion-host -module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = { +module bastionHost 'br/public:avm/res/network/bastion-host:0.8.2' = { name: take('bastionHost-${vnetName}-${name}', 64) params: { name: name diff --git a/infra/samples/network/jumpbox.bicep b/infra/samples/network/jumpbox.bicep index 29f7d3e2..bf1083c1 100644 --- a/infra/samples/network/jumpbox.bicep +++ b/infra/samples/network/jumpbox.bicep @@ -37,7 +37,7 @@ param enableTelemetry bool = true // 1. Create Jumpbox NSG // using AVM Network Security Group module // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/network-security-group -module nsg 'br/public:avm/res/network/network-security-group:0.5.1' = if (!empty(subnet)) { +module nsg 'br/public:avm/res/network/network-security-group:0.5.3' = if (!empty(subnet)) { name: '${vnetName}-${subnet.?networkSecurityGroup.name}' params: { name: '${subnet.?networkSecurityGroup.name}-${vnetName}' @@ -51,7 +51,7 @@ module nsg 'br/public:avm/res/network/network-security-group:0.5.1' = if (!empty // 2. Create Jumpbox subnet as part of the existing VNet // using AVM Virtual Network Subnet module // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/virtual-network/subnet -module subnetResource 'br/public:avm/res/network/virtual-network/subnet:0.1.2' = if (!empty(subnet)) { +module subnetResource 'br/public:avm/res/network/virtual-network/subnet:0.1.3' = if (!empty(subnet)) { name: subnet.?name ?? '${vnetName}-jumpbox-subnet' params: { virtualNetworkName: vnetName @@ -67,7 +67,7 @@ module subnetResource 'br/public:avm/res/network/virtual-network/subnet:0.1.2' = // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/compute/virtual-machine var vmName = take(name, 15) // Shorten VM name to 15 characters to avoid Azure limits -module vm 'br/public:avm/res/compute/virtual-machine:0.15.0' = { +module vm 'br/public:avm/res/compute/virtual-machine:0.22.0' = { name: take('${vmName}-jumpbox', 64) params: { name: vmName diff --git a/infra/samples/network/virtualNetwork.bicep b/infra/samples/network/virtualNetwork.bicep index 6b502974..6bd5dcb9 100644 --- a/infra/samples/network/virtualNetwork.bicep +++ b/infra/samples/network/virtualNetwork.bicep @@ -27,7 +27,7 @@ param enableTelemetry bool = true // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/network-security-group @batchSize(1) -module nsgs 'br/public:avm/res/network/network-security-group:0.5.1' = [ +module nsgs 'br/public:avm/res/network/network-security-group:0.5.3' = [ for (subnet, i) in subnets: if (!empty(subnet.?networkSecurityGroup)) { name: take('${name}-${subnet.?networkSecurityGroup.name}-networksecuritygroup', 64) params: { @@ -44,7 +44,7 @@ module nsgs 'br/public:avm/res/network/network-security-group:0.5.1' = [ // using AVM Virtual Network module // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/virtual-network -module virtualNetwork 'br/public:avm/res/network/virtual-network:0.7.0' = { +module virtualNetwork 'br/public:avm/res/network/virtual-network:0.8.0' = { name: take('${name}-virtualNetwork', 64) params: { name: name From d8d1bbd83656629a3b23415a9a1c0faf2d6d49f9 Mon Sep 17 00:00:00 2001 From: Pavan-Microsoft Date: Mon, 20 Apr 2026 21:02:25 +0530 Subject: [PATCH 2/3] Refactor Bicep modules for improved configuration and output handling --- infra/main_custom.bicep | 40 +++++++++++++++------------------------- 1 file changed, 15 insertions(+), 25 deletions(-) diff --git a/infra/main_custom.bicep b/infra/main_custom.bicep index 7bbb40bf..446c84ca 100644 --- a/infra/main_custom.bicep +++ b/infra/main_custom.bicep @@ -229,7 +229,7 @@ module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0 tags: allTags enableTelemetry: enableTelemetry // WAF aligned configuration for Redundancy - dailyQuotaGb: enableRedundancy ? 10 : null //WAF recommendation: 10 GB per day is a good starting point for most workloads + dailyQuotaGb: enableRedundancy ? '10' : null //WAF recommendation: 10 GB per day is a good starting point for most workloads replication: enableRedundancy ? { enabled: true @@ -278,8 +278,6 @@ module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0 // Log Analytics workspace ID, customer ID, and shared key (existing or new) var logAnalyticsWorkspaceResourceId = useExistingLogAnalytics ? existingLogAnalyticsWorkspaceId : logAnalyticsWorkspace!.outputs.resourceId -var LogAnalyticsPrimarySharedKey string = useExistingLogAnalytics? existingLogAnalyticsWorkspace.listKeys().primarySharedKey : logAnalyticsWorkspace.outputs.primarySharedKey -var LogAnalyticsWorkspaceId = useExistingLogAnalytics? existingLogAnalyticsWorkspace.properties.customerId : logAnalyticsWorkspace!.outputs.logAnalyticsWorkspaceId var logAnalyticsWorkspaceName = useExistingLogAnalytics ? existingLawName : logAnalyticsWorkspace!.outputs.name module applicationInsights 'br/public:avm/res/insights/component:0.7.1' = if (enableMonitoring) { @@ -383,7 +381,7 @@ module bastionHost 'br/public:avm/res/network/bastion-host:0.8.2' = if (enablePr enableTelemetry: enableTelemetry publicIPAddressObject: { name: 'pip-${bastionHostName}' - zones: [] + availabilityZones: [] } } } @@ -503,15 +501,6 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection- streams: [ 'Microsoft-WindowsEvent' ] - eventLogName: 'Security' - eventTypes: [ - { - eventType: 'Audit Success' - } - { - eventType: 'Audit Failure' - } - ] xPathQueries: [ 'Security!*[System[(EventID=4624 or EventID=4625)]]' ] @@ -565,7 +554,7 @@ module virtualMachine 'br/public:avm/res/compute/virtual-machine:0.22.0' = if (e enableTelemetry: enableTelemetry computerName: take(virtualMachineResourceName, 15) osType: 'Windows' - vmSize: !empty(vmSize) ? vmSize : 'Standard_D2s_v5' + vmSize: !empty(vmSize) ? vmSize! : 'Standard_D2s_v5' adminUsername: !empty(vmAdminUsername) ? vmAdminUsername : 'JumpboxAdminUser' adminPassword: !empty(vmAdminPassword) ? vmAdminPassword : 'JumpboxAdminP@ssw0rd1234!' managedIdentities: { @@ -573,10 +562,10 @@ module virtualMachine 'br/public:avm/res/compute/virtual-machine:0.22.0' = if (e } patchMode: 'AutomaticByPlatform' bypassPlatformSafetyChecksOnUserSchedule: true - maintenanceConfigurationResourceId: maintenanceConfiguration.outputs.resourceId + maintenanceConfigurationResourceId: maintenanceConfiguration!.outputs.resourceId enableAutomaticUpdates: true encryptionAtHost: false - proximityPlacementGroupResourceId: proximityPlacementGroup.outputs.resourceId + proximityPlacementGroupResourceId: proximityPlacementGroup!.outputs.resourceId availabilityZone: enableRedundancy ? 1 : -1 imageReference: { publisher: 'microsoft-dsvm' @@ -642,7 +631,7 @@ module virtualMachine 'br/public:avm/res/compute/virtual-machine:0.22.0' = if (e ? { dataCollectionRuleAssociations: [ { - dataCollectionRuleResourceId: windowsVmDataCollectionRules.outputs.resourceId + dataCollectionRuleResourceId: windowsVmDataCollectionRules!.outputs.resourceId name: 'send-${logAnalyticsWorkspaceName}' } ] @@ -877,16 +866,17 @@ module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.13. appIdentity.outputs.resourceId ] } - appInsightsConnectionString: enableMonitoring ? applicationInsights.outputs.connectionString : null + appInsightsConnectionString: enableMonitoring ? applicationInsights!.outputs.connectionString : null appLogsConfiguration: enableMonitoring ? { destination: 'log-analytics' logAnalyticsConfiguration: { - customerId: LogAnalyticsWorkspaceId - sharedKey: LogAnalyticsPrimarySharedKey + customerId: useExistingLogAnalytics ? existingLogAnalyticsWorkspace.properties.customerId : logAnalyticsWorkspace.outputs.logAnalyticsWorkspaceId + sharedKey: useExistingLogAnalytics ? existingLogAnalyticsWorkspace.listKeys().primarySharedKey : logAnalyticsWorkspace.outputs.primarySharedKey } + logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId } - : {} + : null workloadProfiles: enablePrivateNetworking ? [ // NOTE: workload profiles are required for private networking @@ -1032,11 +1022,11 @@ module containerAppBackend 'br/public:avm/res/app/container-app:0.22.0' = { ? [ { name: 'APPLICATIONINSIGHTS_INSTRUMENTATION_KEY' - value: applicationInsights.outputs.instrumentationKey + value: applicationInsights!.outputs.instrumentationKey } { name: 'APPLICATIONINSIGHTS_CONNECTION_STRING' - value: applicationInsights.outputs.connectionString + value: applicationInsights!.outputs.connectionString } ] : [] @@ -1153,7 +1143,7 @@ output resourceGroupName string = resourceGroup().name output WEB_APP_URL string = 'https://${containerAppFrontend.outputs.fqdn}' output COSMOSDB_ENDPOINT string = cosmosDb.outputs.endpoint output AZURE_BLOB_ACCOUNT_NAME string = storageAccount.outputs.name -output AZURE_BLOB_ENDPOINT string = 'https://${storageAccount.outputs.name}.blob.core.windows.net/' +output AZURE_BLOB_ENDPOINT string = 'https://${storageAccount.outputs.name}.blob.${environment().suffixes.storage}/' output AZURE_CONTAINER_REGISTRY_ENDPOINT string = containerRegistry.properties.loginServer output AZURE_AI_AGENT_PROJECT_NAME string = aiServices.outputs.aiProjectInfo.name output AZURE_AI_AGENT_ENDPOINT string = aiServices.outputs.aiProjectInfo.apiEndpoint @@ -1167,7 +1157,7 @@ output COSMOSDB_DATABASE string = cosmosDb.outputs.databaseName output COSMOSDB_BATCH_CONTAINER string = cosmosDb.outputs.containerNames.batch output COSMOSDB_FILE_CONTAINER string = cosmosDb.outputs.containerNames.file output COSMOSDB_LOG_CONTAINER string = cosmosDb.outputs.containerNames.log -output APPLICATIONINSIGHTS_CONNECTION_STRING string = enableMonitoring ? applicationInsights.outputs.connectionString : '' +output APPLICATIONINSIGHTS_CONNECTION_STRING string = enableMonitoring ? applicationInsights!.outputs.connectionString : '' output MIGRATOR_AGENT_MODEL_DEPLOY string = modelDeployment.name output PICKER_AGENT_MODEL_DEPLOY string = modelDeployment.name output FIXER_AGENT_MODEL_DEPLOY string = modelDeployment.name From 734757b1eadcc63cec898119f88649b91d4c35ad Mon Sep 17 00:00:00 2001 From: Pavan-Microsoft Date: Mon, 20 Apr 2026 21:15:18 +0530 Subject: [PATCH 3/3] Remove aiModelDeployments parameter from main.parameters.json and main.waf.parameters.json; update AVM module version comment in ai-services.bicep; fix availabilityZones property in bastionHost.bicep --- infra/main.parameters.json | 15 --------------- infra/main.waf.parameters.json | 15 --------------- infra/modules/ai-foundry/ai-services.bicep | 2 +- infra/samples/network/bastionHost.bicep | 2 +- 4 files changed, 2 insertions(+), 32 deletions(-) diff --git a/infra/main.parameters.json b/infra/main.parameters.json index ca5d1cd2..2d38a529 100644 --- a/infra/main.parameters.json +++ b/infra/main.parameters.json @@ -46,21 +46,6 @@ }, "vmAdminPassword": { "value": "${AZURE_ENV_VM_ADMIN_PASSWORD}" - }, - "aiModelDeployments": { - "value": [ - { - "name": "${AZURE_ENV_GPT_MODEL_NAME}", - "model": { - "name": "${AZURE_ENV_GPT_MODEL_NAME}", - "version": "${AZURE_ENV_GPT_MODEL_VERSION}" - }, - "sku": { - "name": "${AZURE_ENV_MODEL_DEPLOYMENT_TYPE}", - "capacity": "${AZURE_ENV_GPT_MODEL_CAPACITY}" - } - } - ] } } } \ No newline at end of file diff --git a/infra/main.waf.parameters.json b/infra/main.waf.parameters.json index e5ac4968..7d9f2f32 100644 --- a/infra/main.waf.parameters.json +++ b/infra/main.waf.parameters.json @@ -55,21 +55,6 @@ }, "enableScalability": { "value": true - }, - "aiModelDeployments": { - "value": [ - { - "name": "${AZURE_ENV_GPT_MODEL_NAME}", - "model": { - "name": "${AZURE_ENV_GPT_MODEL_NAME}", - "version": "${AZURE_ENV_GPT_MODEL_VERSION}" - }, - "sku": { - "name": "${AZURE_ENV_MODEL_DEPLOYMENT_TYPE}", - "capacity": "${AZURE_ENV_GPT_MODEL_CAPACITY}" - } - } - ] } } } \ No newline at end of file diff --git a/infra/modules/ai-foundry/ai-services.bicep b/infra/modules/ai-foundry/ai-services.bicep index 7067171b..1cbb2a51 100644 --- a/infra/modules/ai-foundry/ai-services.bicep +++ b/infra/modules/ai-foundry/ai-services.bicep @@ -1,5 +1,5 @@ // This module is here solely to provide network injection for Cognitive Services. -// The AVM Module 'br/public:avm/res/cognitive-services/account:0.14.2' does not support that feature as of version 0.11.0 +// The AVM Module 'br/public:avm/res/cognitive-services/account:0.14.2' does not support that feature as of version 0.14.2 metadata name = 'Cognitive Services' metadata description = 'This module deploys a Cognitive Service.' diff --git a/infra/samples/network/bastionHost.bicep b/infra/samples/network/bastionHost.bicep index 2935aace..3f144f70 100644 --- a/infra/samples/network/bastionHost.bicep +++ b/infra/samples/network/bastionHost.bicep @@ -80,7 +80,7 @@ module bastionHost 'br/public:avm/res/network/bastion-host:0.8.2' = { enableTelemetry: enableTelemetry publicIPAddressObject: { name: 'pip-${name}' - zones: [] + availabilityZones: [] } } dependsOn: [