Please try to use Visual Studio Code and the Bicep Extension or the ARM extension to validate the invalid template and help you troubleshoot the issue. Please see here how the BICEP template starts with the word "resource".
About choosing a maintenance window for Azure SQL using ARM templates, that is not possible. You can only use the following options to configure that: Azure portal, PowerShell, Azure CLI, and REST API.
Please read this documentation to better understand what actions are needed before and after enable the AAD authentication only option. On the same documentation you will find an ARM template example.
On this documentation you will find how to configure a lock using ARM template or BICEP file.