Microsoft.Resources deployments

Bicep resource definition

The deployments resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Remarks

For Bicep, consider using modules instead of this resource type.

Resource format

To create a Microsoft.Resources/deployments resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Resources/deployments@2024-03-01' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  scope: 'string'
  properties: {
    debugSetting: {
      detailLevel: 'string'
    }
    expressionEvaluationOptions: {
      scope: 'string'
    }
    mode: 'string'
    onErrorDeployment: {
      deploymentName: 'string'
      type: 'string'
    }
    parameters: {
      {customized property}: {
        reference: {
          keyVault: {
            id: 'string'
          }
          secretName: 'string'
          secretVersion: 'string'
        }
        value: any()
      }
    }
    parametersLink: {
      contentVersion: 'string'
      uri: 'string'
    }
    template: any()
    templateLink: {
      contentVersion: 'string'
      id: 'string'
      queryString: 'string'
      relativePath: 'string'
      uri: 'string'
    }
  }
  resourceGroup: 'string'
  subscriptionId: 'string'
}

Property values

deployments

Name Description Value
name The resource name string (required)

Character limit: 1-64

Valid characters:
Alphanumerics, underscores, parentheses, hyphens, and periods.
location The location to store the deployment data. string
tags Deployment tags Dictionary of tag names and values. See Tags in templates
scope In tenant and management group deployments, provide the management group ID to target. Use the format Microsoft.Management/managementGroups/{managementGroupID}. string
properties The deployment properties. DeploymentPropertiesOrDeploymentPropertiesExtended (required)
resourceGroup The name of the resource group to deploy to. If not provided, uses the resource group of the deployment operation. string
subscriptionId The ID of the subscription to deploy to. If not provided, uses the subscription of the deployment operation. string

DeploymentPropertiesOrDeploymentPropertiesExtended

Name Description Value
debugSetting The debug setting of the deployment. DebugSetting
expressionEvaluationOptions Specifies whether template expressions are evaluated within the scope of the parent template or nested template. Only applicable to nested templates. If not specified, default value is outer. ExpressionEvaluationOptions
mode The mode that is used to deploy resources. This value can be either Incremental or Complete. In Incremental mode, resources are deployed without deleting existing resources that are not included in the template. In Complete mode, resources are deployed and existing resources in the resource group that are not included in the template are deleted. Be careful when using Complete mode as you may unintentionally delete resources. 'Complete'
'Incremental' (required)
onErrorDeployment The deployment on error behavior. OnErrorDeploymentOrOnErrorDeploymentExtended
parameters Name and value pairs that define the deployment parameters for the template. You use this element when you want to provide the parameter values directly in the request rather than link to an existing parameter file. Use either the parametersLink property or the parameters property, but not both. It can be a JObject or a well formed JSON string. DeploymentPropertiesParameters
parametersLink The URI of parameters file. You use this element to link to an existing parameters file. Use either the parametersLink property or the parameters property, but not both. ParametersLink
template The template content. You use this element when you want to pass the template syntax directly in the request rather than link to an existing template. It can be a JObject or well-formed JSON string. Use either the templateLink property or the template property, but not both. For Bicep, you can use the any() function.
templateLink The URI of the template. Use either the templateLink property or the template property, but not both. TemplateLink

DebugSetting

Name Description Value
detailLevel Specifies the type of information to log for debugging. The permitted values are none, requestContent, responseContent, or both requestContent and responseContent separated by a comma. The default is none. When setting this value, carefully consider the type of information you are passing in during deployment. By logging information about the request or response, you could potentially expose sensitive data that is retrieved through the deployment operations. string

ExpressionEvaluationOptions

Name Description Value
scope The scope to be used for evaluation of parameters, variables and functions in a nested template. 'Inner'
'NotSpecified'
'Outer'

OnErrorDeploymentOrOnErrorDeploymentExtended

Name Description Value
deploymentName The deployment to be used on error case. string
type The deployment on error behavior type. Possible values are LastSuccessful and SpecificDeployment. 'LastSuccessful'
'SpecificDeployment'

DeploymentPropertiesParameters

Name Description Value
{customized property} DeploymentParameter

DeploymentParameter

Name Description Value
reference Azure Key Vault parameter reference. KeyVaultParameterReference
value Input value to the parameter . For Bicep, you can use the any() function.

KeyVaultParameterReference

Name Description Value
keyVault Azure Key Vault reference. KeyVaultReference (required)
secretName Azure Key Vault secret name. string (required)
secretVersion Azure Key Vault secret version. string

KeyVaultReference

Name Description Value
id Azure Key Vault resource id. string (required)
Name Description Value
contentVersion If included, must match the ContentVersion in the template. string
uri The URI of the parameters file. string (required)
Name Description Value
contentVersion If included, must match the ContentVersion in the template. string
id The resource id of a Template Spec. Use either the id or uri property, but not both. string
queryString The query string (for example, a SAS token) to be used with the templateLink URI. string
relativePath The relativePath property can be used to deploy a linked template at a location relative to the parent. If the parent template was linked with a TemplateSpec, this will reference an artifact in the TemplateSpec. If the parent was linked with a URI, the child deployment will be a combination of the parent and relativePath URIs string
uri The URI of the template to deploy. Use either the uri or id property, but not both. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Moesif API Analytics and Monetization

Deploy to Azure
The template will log API calls from Azure API Management to Moesif API analytics and monetization platform
Creates a Container App and Environment with Registry

Deploy to Azure
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a Dapr microservices app using Container Apps

Deploy to Azure
Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps

Deploy to Azure
Create a Dapr pub-sub servicebus app using Container Apps.
Server managed by Desired State Configuration service

Deploy to Azure
This template provides an example of how to deliver a virtual machine and and Automation account to manage the machine, in a single deployment
Create alert rule for azure business continuity items

Deploy to Azure
This templates creates an alert rule and user assigned MSI. It also assigns the MSI reader access to the subscription so that the alert rule has access to query the required protected items and latest recovery point details.
Redis cluster on Ubuntu VMs

Deploy to Azure
This template creates a Redis cluster on Ubuntu virtual machine images, configures persistence and applies well known optimizations and proven practices
Front Door Premium with App Service origin and Private Link

Deploy to Azure
This template creates a Front Door Premium and an App Service, and uses a private endpoint for Front Door to send traffic to the application.
Front Door Premium with blob origin and Private Link

Deploy to Azure
This template creates a Front Door Premium and an Azure Storage blob container, and uses a private endpoint for Front Door to send traffic to the storage account.
Front Door Premium with VM and Private Link service

Deploy to Azure
This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM.
Front Door Standard/Premium with API Management origin

Deploy to Azure
This template creates a Front Door Premium and an API Management instance, and uses an NSG and global API Management policy to validate that traffic has come through the Front Door origin.
Front Door Standard/Premium with Application Gateway origin

Deploy to Azure
This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin.
Front Door with Container Instances and Application Gateway

Deploy to Azure
This template creates a Front Door Standard/Premium with a container group and Application Gateway.
Front Door Standard/Premium with Azure Functions origin

Deploy to Azure
This template creates a Front Door Standard/Premium, an Azure Functions app, and configures the function app to validate that traffic has come through the Front Door origin.
Front Door Standard/Premium with static website origin

Deploy to Azure
This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website.
Creates an encrypted managed disk from an encrypted VHD

Deploy to Azure
This template allows you to create an encrypted managed disk using an existing encrypted VHD and encryption settings.
Disable encryption on a running Windows VM

Deploy to Azure
This template disables encryption on a running windows vm
Enable encryption on a running Windows VM & AAD

Deploy to Azure
This template enables encryption on a running windows vm using AAD client cert thumbprint. The certificate should have been deployed to the VM earlier
GlassFish on SUSE

Deploy to Azure
This template deploys a load balanced GlassFish (v3 or v4) cluster, consisting of a user defined number of SUSE (OpenSUSE or SLES) VMs.
Deploy multiple VM Scale Sets of Linux VMs

Deploy to Azure
This template allows you to deploy multiple VM Scale Sets of Linux VMs.
Deploy multiple VM Scale Sets of Windows VMs

Deploy to Azure
This template allows you to deploy multiple VM Scale Sets of Windows VMs.
Deploy a simple Linux VM and update private IP to static

Deploy to Azure
This template allows you to deploy a simple Linux VM using Ubuntu from the marketplace. This will deploy a VNET, Subnet, and an A1 size VM in the resource group location with a dynamically assigned IP address and then convert it to static IP.
Use output from a Custom Script Extension during Deployment

Deploy to Azure
This is useful to the VM's compute to perform some task during deployment that Azure Resource Manager does not provide. The output of that compute (script) can then be leveraged elsewhere in the deployment. This is useful if the compute resource is needed in the deployment (e.g. a jumpbox, DC, etc), a bit wasteful if it is not.
Deploy a Linux or Windows VM with MSI

Deploy to Azure
This template allows you to deploy a Linux or Windows VM with a Managed Service Identity.
Linux VM with MSI Accessing Storage

Deploy to Azure
This template deploys a linux VM with a system assigned managed identity that has access to a storage account in a different resource group.
SQL Server 2014 SP2 Enterprise with Auto Backup

Deploy to Azure
This template will create a SQL Server 2014 SP2 Enterprise edition with Auto Backup feature enabled
SQL Server 2014 SP1 Enterprise with Azure Key Vault

Deploy to Azure
This template will create a SQL Server 2014 SP1 Enterprise edition with Azure Key Vault Integration feature enabled.
Virus attack on Virtual Machines Scenario

Deploy to Azure
This will deploy 2 virtual machines, OMS and other network resources. One virtual machine without endpoint protection and other with enpoint protection installed. Perform the virus attack by following the guidlines and execute the scenario for mitigation and prevention of a virus attack.
Create a data management gateway and install on an Azure VM

Deploy to Azure
This template deploys a virtual machine and creates a workable data management gateway
Self-host Integration Runtime on Azure VMs

Deploy to Azure
This template creates a selfhost integration runtime and registers it on Azure virtual machines
VM Scale Set Configuration managed by Azure Automation

Deploy to Azure
Deploy a VM Scale Set where virtual machines are deployed as registered nodes in the Azure Automation Desired State Configuration service, and node configuration is guaranteed consistency after deployment. NOTE: Required prerequisites Registration Key and Registration URL are available only after successful creation of an Azure Automation Account for Azure Automation DSC.
VMSS Flexible Orchestration Mode Quickstart Linux

Deploy to Azure
This template deploys a simple VM Scale Set with instances behind an Azure Load Balancer. The VM Scale set is in Flexible Orchestration Mode. Use the os parameter to choose Linux (Ubuntu) or Windows (Windows Server Datacenter 2019) deployment. NOTE: This quickstart template enables network access to VM management ports (SSH, RDP) from any internet address, and should not be used for production deployments.
Deploy a Linux or Windows VMSS with MSI

Deploy to Azure
This template allows you to deploy a Linux or Windows Virtual Machine Scale Set with a Managed Service Identity. That identity is then used to access Azure services.
On-demand SFTP Server using an existing storage account

Deploy to Azure
This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI).
Deploy a managed Kubernetes Cluster (AKS)

Deploy to Azure
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster.
Deploy a managed Kubernetes Cluster with AAD (AKS)

Deploy to Azure
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network and Azure AD Integeration. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster.
FinOps hub

Deploy to Azure
This template creates a new FinOps hub instance, including Data Lake storage and a Data Factory.
FinOps toolkit workbook

Deploy to Azure
This template creates a new Azure Monitor workbook for governance.
Extend Existing Azure Resources with Custom Providers

Deploy to Azure
This sample will go into detail on how to extend existing Azure resources and Resource Manager templates to add in custom workloads.
Deploy an Azure Databricks Workspace with PE,CMK all forms

Deploy to Azure
This template allows you to create an Azure Databricks workspace with PrivateEndpoint and managed services and CMK with DBFS encryption.
Deploy an Azure Databricks Workspace with all 3 forms of CMK

Deploy to Azure
This template allows you to create an Azure Databricks workspace with managed services and CMK with DBFS encryption.
Deploy an Azure Databricks WS with CMK for DBFS encryption

Deploy to Azure
This template allows you to create an Azure Databricks workspace with CMK for DBFS root encryption
Deploy an Azure Databricks Workspace with Managed Disks CMK

Deploy to Azure
This template allows you to create an Azure Databricks workspace with Managed Disks CMK.
Deploy Azure Databricks Workspace with Managed Services CMK

Deploy to Azure
This template allows you to create an Azure Databricks workspace with Managed Services CMK.
Create a new Datadog Organization

Deploy to Azure
This template creates a new Datadog - An Azure Native ISV Service resource and a Datadog organization to monitor resources in your subscription.
Use script extensions to install Mongo DB on Ubuntu VM

Deploy to Azure
This template deploys Configures and Installs Mongo DB on a Ubuntu Virtual Machine in two separate scripts. This template is a good example that showcases how to express dependencies between two scripts running on the same virtual machine. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface.
Create HA data management gateway and install on an Azure VMs

Deploy to Azure
This template deploys multiple virtual machines with workable HA data management gateway
Deploy Data Lake Store account with encryption(Key Vault)

Deploy to Azure
This template allows you to deploy an Azure Data Lake Store account with data encryption enabled. This account uses Azure Key Vault to manage the encryption key.
Performs ETL job using Azure services

Deploy to Azure
This template provides an example of how to perform analytics on the historic as well as real time streaming data stored in Azure Blob Storage. The data from the event hub is taken by the Azure Stream Analytics Job to perform transformation and the output is stored in Azure Blob Storage and is visualized in PowerBI. The analytics is applied on the historic data stored in Blob storage by Azure Data Analytics and the movement of extracted, transformed and published data and the orchestration is done by Data Factory. The published data is further visualized in PowerBI
Deploy Dev Box Service with built-in image

Deploy to Azure
This template provides a way to deploy an Dev Box service with built-in image.
Configure Dev Box service

Deploy to Azure
This template would create all Dev Box admin resources as per Dev Box quick start guide. You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box.
Azure Digital Twins with Function and Private Link service

Deploy to Azure
This template creates an Azure Digital Twins service configured with a Virtual Network connected Azure Function that can communicate through a Private Link Endpoint to Digital Twins. It also creates a Private DNS Zone to allow seamless hostname resolution of the Digital Twins Endpoint from the Virtual Network to the Private Endpoint internal subnet IP address. The hostname is stored as a setting to the Azure Function with name 'ADT_ENDPOINT'.
Azure Digital Twins with Time Data History Connection

Deploy to Azure
This template creates an Azure Digital Twins instance configured with a time series data history connection. In order to create a connection, other resources must be created such as an Event Hubs namespace, an event hub, Azure Data Explorer cluster, and a database. Data is sent to an event hub which eventually forwards the data to the Azure Data Explorer cluster. Data is stored in a database table in the cluster
HDInsight with custom Ambari + Hive Metastore DB in VNET

Deploy to Azure
This template allows you to create an HDInsight cluster in an existing virtual network with a new SQL DB that serves as both a custom Ambari DB and Hive Metastore. You must have an existing SQL Sever, storage account, and VNET.
Configure FHIR service to enable $import

Deploy to Azure
This template provisions FHIR service to enable $import for initial data loading
Create key vault, managed identity, and role assignment

Deploy to Azure
This template creates a key vault, managed identity, and role assignment.
Use KeyVault with a Dynamic resourceId

Deploy to Azure
This template creates a SQL Server and uses an admin password from Key Vault. The reference parameter for the Key Vault secret is created at deployment time using a nested template. This allows the user to simply pass parameter values to the template rather than create a reference parameter in the parameter file.
Azure Container Service (AKS) with Helm

Deploy to Azure
Deploy a managed cluster with Azure Container Service (AKS) with Helm
Run timer jobs that execute on a schedule using Logic Apps

Deploy to Azure
This template creates a pair of Logic Apps that allows you to create scheduled timer job instances.
User assigned identity role assignment template

Deploy to Azure
A template that creates role assignments of user assigned identity on resources that Azure Machine Learning workspace depends on
Azure Machine Learning end-to-end secure setup

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy)

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Create an Azure Machine Learning Sweep job

Deploy to Azure
This template creates an Azure Machine Learning Sweep job for hyperparameter tuning.
Create an Azure Machine Learning service workspace (vnet)

Deploy to Azure
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create an Azure Machine Learning service workspace (legacy)

Deploy to Azure
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create new ANF resource with SMB volume

Deploy to Azure
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol.
Application Gateway for a Web App with IP Restriction

Deploy to Azure
This template creates an application gateway in front of an Azure Web App with IP restriction enabled on the Web App.
Apply a NSG to an existing subnet

Deploy to Azure
This template applies a newly created NSG to an existing subnet
NSG Flow Logs with traffic analytics

Deploy to Azure
This template creates a NSG Flow log on an existing NSG with traffic analytics
Azure Virtual WAN Routing Intent and Policies

Deploy to Azure
This template provisions an Azure Virtual WAN with two hubs with Routing Intent and Policies feature enabled.
Add an NSG with Redis security rules to an existing subnet

Deploy to Azure
This template allows you to add an NSG with preconfigured Azure Redis Cache security rules to an existing subnet within a VNET. Deploy into the resource group of the existing VNET.
Build container images with ACR Tasks

Deploy to Azure
This template uses DeploymentScript to orchestrate ACR to build your container image from code repo.
Import Container Images into ACR

Deploy to Azure
This template leverages the Import ACR module from the bicep registry to import public container images into an Azure Container Registry.
Create Application Gateway with Certificates

Deploy to Azure
This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway.
Create ssh-keys and store in KeyVault

Deploy to Azure
This template uses the deploymentScript resource to generate ssh keys and stores the private key in keyVault.
Create and Deploy a templateSpec

Deploy to Azure
This sample creates and deploys a templateSpec resource within the same template. This is not a typical pattern just meant to show how the templateSpec and the deployment resources are meant to work together.
Create TemplateSpecs from Template Gallery Templates

Deploy to Azure
This sample contains a script to easily migrate template gallery templates to templateSpec resources. The template provide will deploy all templates that can be exported using the migration script.
Deploy SQL Always ON setup with existing SQL Virtual Machines

Deploy to Azure
Deploy SQL Always ON setup with existing SQL Virtual Machines. The virtual machines should already be joined to an existing domain and must be running enterprise version of SQL Server.
Azure Synapse Proof-of-Concept

Deploy to Azure
This template creates a proof of concept environment for Azure Synapse, including SQL Pools and optional Apache Spark Pools
Create an AppServicePlan and App in an ASEv3

Deploy to Azure
Create an AppServicePlan and App in an ASEv3
Create a Azure Native New Relic Resource

Deploy to Azure
This template sets up an 'Azure Native New Relic Service' to monitor resources in your Azure subscription.

ARM template resource definition

The deployments resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Remarks

For Bicep, consider using modules instead of this resource type.

Resource format

To create a Microsoft.Resources/deployments resource, add the following JSON to your template.

{
  "type": "Microsoft.Resources/deployments",
  "apiVersion": "2024-03-01",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "scope": "string",
  "properties": {
    "debugSetting": {
      "detailLevel": "string"
    },
    "expressionEvaluationOptions": {
      "scope": "string"
    },
    "mode": "string",
    "onErrorDeployment": {
      "deploymentName": "string",
      "type": "string"
    },
    "parameters": {
      "{customized property}": {
        "reference": {
          "keyVault": {
            "id": "string"
          },
          "secretName": "string",
          "secretVersion": "string"
        },
        "value": {}
      }
    },
    "parametersLink": {
      "contentVersion": "string",
      "uri": "string"
    },
    "template": {},
    "templateLink": {
      "contentVersion": "string",
      "id": "string",
      "queryString": "string",
      "relativePath": "string",
      "uri": "string"
    }
  },
  "resourceGroup": "string",
  "subscriptionId": "string"
}

Property values

deployments

Name Description Value
type The resource type 'Microsoft.Resources/deployments'
apiVersion The resource api version '2024-03-01'
name The resource name string (required)

Character limit: 1-64

Valid characters:
Alphanumerics, underscores, parentheses, hyphens, and periods.
location The location to store the deployment data. string
tags Deployment tags Dictionary of tag names and values. See Tags in templates
scope In tenant and management group deployments, provide the management group ID to target. Use the format Microsoft.Management/managementGroups/{managementGroupID}. string
properties The deployment properties. DeploymentPropertiesOrDeploymentPropertiesExtended (required)
resourceGroup The name of the resource group to deploy to. If not provided, uses the resource group of the deployment operation. string
subscriptionId The ID of the subscription to deploy to. If not provided, uses the subscription of the deployment operation. string

DeploymentPropertiesOrDeploymentPropertiesExtended

Name Description Value
debugSetting The debug setting of the deployment. DebugSetting
expressionEvaluationOptions Specifies whether template expressions are evaluated within the scope of the parent template or nested template. Only applicable to nested templates. If not specified, default value is outer. ExpressionEvaluationOptions
mode The mode that is used to deploy resources. This value can be either Incremental or Complete. In Incremental mode, resources are deployed without deleting existing resources that are not included in the template. In Complete mode, resources are deployed and existing resources in the resource group that are not included in the template are deleted. Be careful when using Complete mode as you may unintentionally delete resources. 'Complete'
'Incremental' (required)
onErrorDeployment The deployment on error behavior. OnErrorDeploymentOrOnErrorDeploymentExtended
parameters Name and value pairs that define the deployment parameters for the template. You use this element when you want to provide the parameter values directly in the request rather than link to an existing parameter file. Use either the parametersLink property or the parameters property, but not both. It can be a JObject or a well formed JSON string. DeploymentPropertiesParameters
parametersLink The URI of parameters file. You use this element to link to an existing parameters file. Use either the parametersLink property or the parameters property, but not both. ParametersLink
template The template content. You use this element when you want to pass the template syntax directly in the request rather than link to an existing template. It can be a JObject or well-formed JSON string. Use either the templateLink property or the template property, but not both.
templateLink The URI of the template. Use either the templateLink property or the template property, but not both. TemplateLink

DebugSetting

Name Description Value
detailLevel Specifies the type of information to log for debugging. The permitted values are none, requestContent, responseContent, or both requestContent and responseContent separated by a comma. The default is none. When setting this value, carefully consider the type of information you are passing in during deployment. By logging information about the request or response, you could potentially expose sensitive data that is retrieved through the deployment operations. string

ExpressionEvaluationOptions

Name Description Value
scope The scope to be used for evaluation of parameters, variables and functions in a nested template. 'Inner'
'NotSpecified'
'Outer'

OnErrorDeploymentOrOnErrorDeploymentExtended

Name Description Value
deploymentName The deployment to be used on error case. string
type The deployment on error behavior type. Possible values are LastSuccessful and SpecificDeployment. 'LastSuccessful'
'SpecificDeployment'

DeploymentPropertiesParameters

Name Description Value
{customized property} DeploymentParameter

DeploymentParameter

Name Description Value
reference Azure Key Vault parameter reference. KeyVaultParameterReference
value Input value to the parameter .

KeyVaultParameterReference

Name Description Value
keyVault Azure Key Vault reference. KeyVaultReference (required)
secretName Azure Key Vault secret name. string (required)
secretVersion Azure Key Vault secret version. string

KeyVaultReference

Name Description Value
id Azure Key Vault resource id. string (required)
Name Description Value
contentVersion If included, must match the ContentVersion in the template. string
uri The URI of the parameters file. string (required)
Name Description Value
contentVersion If included, must match the ContentVersion in the template. string
id The resource id of a Template Spec. Use either the id or uri property, but not both. string
queryString The query string (for example, a SAS token) to be used with the templateLink URI. string
relativePath The relativePath property can be used to deploy a linked template at a location relative to the parent. If the parent template was linked with a TemplateSpec, this will reference an artifact in the TemplateSpec. If the parent was linked with a URI, the child deployment will be a combination of the parent and relativePath URIs string
uri The URI of the template to deploy. Use either the uri or id property, but not both. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Moesif API Analytics and Monetization

Deploy to Azure
The template will log API calls from Azure API Management to Moesif API analytics and monetization platform
Creates a Container App and Environment with Registry

Deploy to Azure
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a Dapr microservices app using Container Apps

Deploy to Azure
Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps

Deploy to Azure
Create a Dapr pub-sub servicebus app using Container Apps.
Server managed by Desired State Configuration service

Deploy to Azure
This template provides an example of how to deliver a virtual machine and and Automation account to manage the machine, in a single deployment
Create alert rule for azure business continuity items

Deploy to Azure
This templates creates an alert rule and user assigned MSI. It also assigns the MSI reader access to the subscription so that the alert rule has access to query the required protected items and latest recovery point details.
Redis cluster on Ubuntu VMs

Deploy to Azure
This template creates a Redis cluster on Ubuntu virtual machine images, configures persistence and applies well known optimizations and proven practices
Front Door Premium with App Service origin and Private Link

Deploy to Azure
This template creates a Front Door Premium and an App Service, and uses a private endpoint for Front Door to send traffic to the application.
Front Door Premium with blob origin and Private Link

Deploy to Azure
This template creates a Front Door Premium and an Azure Storage blob container, and uses a private endpoint for Front Door to send traffic to the storage account.
Front Door Premium with VM and Private Link service

Deploy to Azure
This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM.
Front Door Standard/Premium with API Management origin

Deploy to Azure
This template creates a Front Door Premium and an API Management instance, and uses an NSG and global API Management policy to validate that traffic has come through the Front Door origin.
Front Door Standard/Premium with Application Gateway origin

Deploy to Azure
This template creates a Front Door Standard/Premium and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin.
Front Door with Container Instances and Application Gateway

Deploy to Azure
This template creates a Front Door Standard/Premium with a container group and Application Gateway.
Front Door Standard/Premium with Azure Functions origin

Deploy to Azure
This template creates a Front Door Standard/Premium, an Azure Functions app, and configures the function app to validate that traffic has come through the Front Door origin.
Front Door Standard/Premium with static website origin

Deploy to Azure
This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website.
Creates an encrypted managed disk from an encrypted VHD

Deploy to Azure
This template allows you to create an encrypted managed disk using an existing encrypted VHD and encryption settings.
Disable encryption on a running Windows VM

Deploy to Azure
This template disables encryption on a running windows vm
Enable encryption on a running Windows VM & AAD

Deploy to Azure
This template enables encryption on a running windows vm using AAD client cert thumbprint. The certificate should have been deployed to the VM earlier
GlassFish on SUSE

Deploy to Azure
This template deploys a load balanced GlassFish (v3 or v4) cluster, consisting of a user defined number of SUSE (OpenSUSE or SLES) VMs.
Deploy multiple VM Scale Sets of Linux VMs

Deploy to Azure
This template allows you to deploy multiple VM Scale Sets of Linux VMs.
Deploy multiple VM Scale Sets of Windows VMs

Deploy to Azure
This template allows you to deploy multiple VM Scale Sets of Windows VMs.
Deploy a simple Linux VM and update private IP to static

Deploy to Azure
This template allows you to deploy a simple Linux VM using Ubuntu from the marketplace. This will deploy a VNET, Subnet, and an A1 size VM in the resource group location with a dynamically assigned IP address and then convert it to static IP.
Use output from a Custom Script Extension during Deployment

Deploy to Azure
This is useful to the VM's compute to perform some task during deployment that Azure Resource Manager does not provide. The output of that compute (script) can then be leveraged elsewhere in the deployment. This is useful if the compute resource is needed in the deployment (e.g. a jumpbox, DC, etc), a bit wasteful if it is not.
Deploy a Linux or Windows VM with MSI

Deploy to Azure
This template allows you to deploy a Linux or Windows VM with a Managed Service Identity.
Linux VM with MSI Accessing Storage

Deploy to Azure
This template deploys a linux VM with a system assigned managed identity that has access to a storage account in a different resource group.
SQL Server 2014 SP2 Enterprise with Auto Backup

Deploy to Azure
This template will create a SQL Server 2014 SP2 Enterprise edition with Auto Backup feature enabled
SQL Server 2014 SP1 Enterprise with Azure Key Vault

Deploy to Azure
This template will create a SQL Server 2014 SP1 Enterprise edition with Azure Key Vault Integration feature enabled.
Virus attack on Virtual Machines Scenario

Deploy to Azure
This will deploy 2 virtual machines, OMS and other network resources. One virtual machine without endpoint protection and other with enpoint protection installed. Perform the virus attack by following the guidlines and execute the scenario for mitigation and prevention of a virus attack.
Create a data management gateway and install on an Azure VM

Deploy to Azure
This template deploys a virtual machine and creates a workable data management gateway
Self-host Integration Runtime on Azure VMs

Deploy to Azure
This template creates a selfhost integration runtime and registers it on Azure virtual machines
VM Scale Set Configuration managed by Azure Automation

Deploy to Azure
Deploy a VM Scale Set where virtual machines are deployed as registered nodes in the Azure Automation Desired State Configuration service, and node configuration is guaranteed consistency after deployment. NOTE: Required prerequisites Registration Key and Registration URL are available only after successful creation of an Azure Automation Account for Azure Automation DSC.
VMSS Flexible Orchestration Mode Quickstart Linux

Deploy to Azure
This template deploys a simple VM Scale Set with instances behind an Azure Load Balancer. The VM Scale set is in Flexible Orchestration Mode. Use the os parameter to choose Linux (Ubuntu) or Windows (Windows Server Datacenter 2019) deployment. NOTE: This quickstart template enables network access to VM management ports (SSH, RDP) from any internet address, and should not be used for production deployments.
Deploy a Linux or Windows VMSS with MSI

Deploy to Azure
This template allows you to deploy a Linux or Windows Virtual Machine Scale Set with a Managed Service Identity. That identity is then used to access Azure services.
On-demand SFTP Server using an existing storage account

Deploy to Azure
This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI).
Deploy a managed Kubernetes Cluster (AKS)

Deploy to Azure
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster.
Deploy a managed Kubernetes Cluster with AAD (AKS)

Deploy to Azure
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network and Azure AD Integeration. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster.
FinOps hub

Deploy to Azure
This template creates a new FinOps hub instance, including Data Lake storage and a Data Factory.
FinOps toolkit workbook

Deploy to Azure
This template creates a new Azure Monitor workbook for governance.
Extend Existing Azure Resources with Custom Providers

Deploy to Azure
This sample will go into detail on how to extend existing Azure resources and Resource Manager templates to add in custom workloads.
Deploy an Azure Databricks Workspace with PE,CMK all forms

Deploy to Azure
This template allows you to create an Azure Databricks workspace with PrivateEndpoint and managed services and CMK with DBFS encryption.
Deploy an Azure Databricks Workspace with all 3 forms of CMK

Deploy to Azure
This template allows you to create an Azure Databricks workspace with managed services and CMK with DBFS encryption.
Deploy an Azure Databricks WS with CMK for DBFS encryption

Deploy to Azure
This template allows you to create an Azure Databricks workspace with CMK for DBFS root encryption
Deploy an Azure Databricks Workspace with Managed Disks CMK

Deploy to Azure
This template allows you to create an Azure Databricks workspace with Managed Disks CMK.
Deploy Azure Databricks Workspace with Managed Services CMK

Deploy to Azure
This template allows you to create an Azure Databricks workspace with Managed Services CMK.
Create a new Datadog Organization

Deploy to Azure
This template creates a new Datadog - An Azure Native ISV Service resource and a Datadog organization to monitor resources in your subscription.
Use script extensions to install Mongo DB on Ubuntu VM

Deploy to Azure
This template deploys Configures and Installs Mongo DB on a Ubuntu Virtual Machine in two separate scripts. This template is a good example that showcases how to express dependencies between two scripts running on the same virtual machine. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface.
Create HA data management gateway and install on an Azure VMs

Deploy to Azure
This template deploys multiple virtual machines with workable HA data management gateway
Deploy Data Lake Store account with encryption(Key Vault)

Deploy to Azure
This template allows you to deploy an Azure Data Lake Store account with data encryption enabled. This account uses Azure Key Vault to manage the encryption key.
Performs ETL job using Azure services

Deploy to Azure
This template provides an example of how to perform analytics on the historic as well as real time streaming data stored in Azure Blob Storage. The data from the event hub is taken by the Azure Stream Analytics Job to perform transformation and the output is stored in Azure Blob Storage and is visualized in PowerBI. The analytics is applied on the historic data stored in Blob storage by Azure Data Analytics and the movement of extracted, transformed and published data and the orchestration is done by Data Factory. The published data is further visualized in PowerBI
Deploy Dev Box Service with built-in image

Deploy to Azure
This template provides a way to deploy an Dev Box service with built-in image.
Configure Dev Box service

Deploy to Azure
This template would create all Dev Box admin resources as per Dev Box quick start guide. You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box.
Azure Digital Twins with Function and Private Link service

Deploy to Azure
This template creates an Azure Digital Twins service configured with a Virtual Network connected Azure Function that can communicate through a Private Link Endpoint to Digital Twins. It also creates a Private DNS Zone to allow seamless hostname resolution of the Digital Twins Endpoint from the Virtual Network to the Private Endpoint internal subnet IP address. The hostname is stored as a setting to the Azure Function with name 'ADT_ENDPOINT'.
Azure Digital Twins with Time Data History Connection

Deploy to Azure
This template creates an Azure Digital Twins instance configured with a time series data history connection. In order to create a connection, other resources must be created such as an Event Hubs namespace, an event hub, Azure Data Explorer cluster, and a database. Data is sent to an event hub which eventually forwards the data to the Azure Data Explorer cluster. Data is stored in a database table in the cluster
HDInsight with custom Ambari + Hive Metastore DB in VNET

Deploy to Azure
This template allows you to create an HDInsight cluster in an existing virtual network with a new SQL DB that serves as both a custom Ambari DB and Hive Metastore. You must have an existing SQL Sever, storage account, and VNET.
Configure FHIR service to enable $import

Deploy to Azure
This template provisions FHIR service to enable $import for initial data loading
Create key vault, managed identity, and role assignment

Deploy to Azure
This template creates a key vault, managed identity, and role assignment.
Use KeyVault with a Dynamic resourceId

Deploy to Azure
This template creates a SQL Server and uses an admin password from Key Vault. The reference parameter for the Key Vault secret is created at deployment time using a nested template. This allows the user to simply pass parameter values to the template rather than create a reference parameter in the parameter file.
Azure Container Service (AKS) with Helm

Deploy to Azure
Deploy a managed cluster with Azure Container Service (AKS) with Helm
Run timer jobs that execute on a schedule using Logic Apps

Deploy to Azure
This template creates a pair of Logic Apps that allows you to create scheduled timer job instances.
User assigned identity role assignment template

Deploy to Azure
A template that creates role assignments of user assigned identity on resources that Azure Machine Learning workspace depends on
Azure Machine Learning end-to-end secure setup

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy)

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Create an Azure Machine Learning Sweep job

Deploy to Azure
This template creates an Azure Machine Learning Sweep job for hyperparameter tuning.
Create an Azure Machine Learning service workspace (vnet)

Deploy to Azure
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create an Azure Machine Learning service workspace (legacy)

Deploy to Azure
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create new ANF resource with SMB volume

Deploy to Azure
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol.
Application Gateway for a Web App with IP Restriction

Deploy to Azure
This template creates an application gateway in front of an Azure Web App with IP restriction enabled on the Web App.
Apply a NSG to an existing subnet

Deploy to Azure
This template applies a newly created NSG to an existing subnet
NSG Flow Logs with traffic analytics

Deploy to Azure
This template creates a NSG Flow log on an existing NSG with traffic analytics
Azure Virtual WAN Routing Intent and Policies

Deploy to Azure
This template provisions an Azure Virtual WAN with two hubs with Routing Intent and Policies feature enabled.
Add an NSG with Redis security rules to an existing subnet

Deploy to Azure
This template allows you to add an NSG with preconfigured Azure Redis Cache security rules to an existing subnet within a VNET. Deploy into the resource group of the existing VNET.
Build container images with ACR Tasks

Deploy to Azure
This template uses DeploymentScript to orchestrate ACR to build your container image from code repo.
Import Container Images into ACR

Deploy to Azure
This template leverages the Import ACR module from the bicep registry to import public container images into an Azure Container Registry.
Create Application Gateway with Certificates

Deploy to Azure
This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway.
Create ssh-keys and store in KeyVault

Deploy to Azure
This template uses the deploymentScript resource to generate ssh keys and stores the private key in keyVault.
Create and Deploy a templateSpec

Deploy to Azure
This sample creates and deploys a templateSpec resource within the same template. This is not a typical pattern just meant to show how the templateSpec and the deployment resources are meant to work together.
Create TemplateSpecs from Template Gallery Templates

Deploy to Azure
This sample contains a script to easily migrate template gallery templates to templateSpec resources. The template provide will deploy all templates that can be exported using the migration script.
Deploy SQL Always ON setup with existing SQL Virtual Machines

Deploy to Azure
Deploy SQL Always ON setup with existing SQL Virtual Machines. The virtual machines should already be joined to an existing domain and must be running enterprise version of SQL Server.
Azure Synapse Proof-of-Concept

Deploy to Azure
This template creates a proof of concept environment for Azure Synapse, including SQL Pools and optional Apache Spark Pools
Create an AppServicePlan and App in an ASEv3

Deploy to Azure
Create an AppServicePlan and App in an ASEv3
Create a Azure Native New Relic Resource

Deploy to Azure
This template sets up an 'Azure Native New Relic Service' to monitor resources in your Azure subscription.

Terraform (AzAPI provider) resource definition

The deployments resource type can be deployed with operations that target:

  • Resource groups
  • Subscriptions
  • Management groups
  • Tenants

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Resources/deployments resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Resources/deployments@2024-03-01"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  body = jsonencode({
    properties = {
      debugSetting = {
        detailLevel = "string"
      }
      expressionEvaluationOptions = {
        scope = "string"
      }
      mode = "string"
      onErrorDeployment = {
        deploymentName = "string"
        type = "string"
      }
      parameters = {
        {customized property} = {
          reference = {
            keyVault = {
              id = "string"
            }
            secretName = "string"
            secretVersion = "string"
          }
        }
      }
      parametersLink = {
        contentVersion = "string"
        uri = "string"
      }
      templateLink = {
        contentVersion = "string"
        id = "string"
        queryString = "string"
        relativePath = "string"
        uri = "string"
      }
    }
    resourceGroup = "string"
    subscriptionId = "string"
    scope = "string"
  })
}

Property values

deployments

Name Description Value
type The resource type "Microsoft.Resources/deployments@2024-03-01"
name The resource name string (required)

Character limit: 1-64

Valid characters:
Alphanumerics, underscores, parentheses, hyphens, and periods.
location The location to store the deployment data. string
parent_id To deploy to a resource group, use the ID of that resource group. To deploy to a subscription, use the ID of that subscription. To deploy to a management group, use the ID of that management group. To deploy to a tenant, use /. string (required)
tags Deployment tags Dictionary of tag names and values.
properties The deployment properties. DeploymentPropertiesOrDeploymentPropertiesExtended (required)
resourceGroup The name of the resource group to deploy to. If not provided, uses the resource group of the deployment operation. string
subscriptionId The ID of the subscription to deploy to. If not provided, uses the subscription of the deployment operation. string

DeploymentPropertiesOrDeploymentPropertiesExtended

Name Description Value
debugSetting The debug setting of the deployment. DebugSetting
expressionEvaluationOptions Specifies whether template expressions are evaluated within the scope of the parent template or nested template. Only applicable to nested templates. If not specified, default value is outer. ExpressionEvaluationOptions
mode The mode that is used to deploy resources. This value can be either Incremental or Complete. In Incremental mode, resources are deployed without deleting existing resources that are not included in the template. In Complete mode, resources are deployed and existing resources in the resource group that are not included in the template are deleted. Be careful when using Complete mode as you may unintentionally delete resources. "Complete"
"Incremental" (required)
onErrorDeployment The deployment on error behavior. OnErrorDeploymentOrOnErrorDeploymentExtended
parameters Name and value pairs that define the deployment parameters for the template. You use this element when you want to provide the parameter values directly in the request rather than link to an existing parameter file. Use either the parametersLink property or the parameters property, but not both. It can be a JObject or a well formed JSON string. DeploymentPropertiesParameters
parametersLink The URI of parameters file. You use this element to link to an existing parameters file. Use either the parametersLink property or the parameters property, but not both. ParametersLink
template The template content. You use this element when you want to pass the template syntax directly in the request rather than link to an existing template. It can be a JObject or well-formed JSON string. Use either the templateLink property or the template property, but not both.
templateLink The URI of the template. Use either the templateLink property or the template property, but not both. TemplateLink

DebugSetting

Name Description Value
detailLevel Specifies the type of information to log for debugging. The permitted values are none, requestContent, responseContent, or both requestContent and responseContent separated by a comma. The default is none. When setting this value, carefully consider the type of information you are passing in during deployment. By logging information about the request or response, you could potentially expose sensitive data that is retrieved through the deployment operations. string

ExpressionEvaluationOptions

Name Description Value
scope The scope to be used for evaluation of parameters, variables and functions in a nested template. "Inner"
"NotSpecified"
"Outer"

OnErrorDeploymentOrOnErrorDeploymentExtended

Name Description Value
deploymentName The deployment to be used on error case. string
type The deployment on error behavior type. Possible values are LastSuccessful and SpecificDeployment. "LastSuccessful"
"SpecificDeployment"

DeploymentPropertiesParameters

Name Description Value
{customized property} DeploymentParameter

DeploymentParameter

Name Description Value
reference Azure Key Vault parameter reference. KeyVaultParameterReference
value Input value to the parameter .

KeyVaultParameterReference

Name Description Value
keyVault Azure Key Vault reference. KeyVaultReference (required)
secretName Azure Key Vault secret name. string (required)
secretVersion Azure Key Vault secret version. string

KeyVaultReference

Name Description Value
id Azure Key Vault resource id. string (required)
Name Description Value
contentVersion If included, must match the ContentVersion in the template. string
uri The URI of the parameters file. string (required)
Name Description Value
contentVersion If included, must match the ContentVersion in the template. string
id The resource id of a Template Spec. Use either the id or uri property, but not both. string
queryString The query string (for example, a SAS token) to be used with the templateLink URI. string
relativePath The relativePath property can be used to deploy a linked template at a location relative to the parent. If the parent template was linked with a TemplateSpec, this will reference an artifact in the TemplateSpec. If the parent was linked with a URI, the child deployment will be a combination of the parent and relativePath URIs string
uri The URI of the template to deploy. Use either the uri or id property, but not both. string