Microsoft.Search searchServices

Bicep resource definition

The searchServices resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Search/searchServices resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Search/searchServices@2024-03-01-preview' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  sku: {
    name: 'string'
  }
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  properties: {
    authOptions: {
      aadOrApiKey: {
        aadAuthFailureMode: 'string'
      }
      apiKeyOnly: any()
    }
    disabledDataExfiltrationOptions: 'All'
    disableLocalAuth: bool
    encryptionWithCmk: {
      enforcement: 'string'
    }
    hostingMode: 'string'
    networkRuleSet: {
      bypass: 'string'
      ipRules: [
        {
          value: 'string'
        }
      ]
    }
    partitionCount: int
    publicNetworkAccess: 'string'
    replicaCount: int
    semanticSearch: 'string'
  }
}

Property values

searchServices

Name Description Value
name The resource name string (required)
location The geo-location where the resource lives string (required)
tags Resource tags. Dictionary of tag names and values. See Tags in templates
sku The SKU of the search service, which determines price tier and capacity limits. This property is required when creating a new search service. Sku
identity The identity of the resource. Identity
properties Properties of the search service. SearchServiceProperties

Identity

Name Description Value
type The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an identity created by the system and a set of user assigned identities. The type 'None' will remove all identities from the service. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource IDs in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. UserAssignedManagedIdentities

UserAssignedManagedIdentities

Name Description Value
{customized property} UserAssignedManagedIdentity

UserAssignedManagedIdentity

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

SearchServiceProperties

Name Description Value
authOptions Defines the options for how the data plane API of a search service authenticates requests. This cannot be set if 'disableLocalAuth' is set to true. DataPlaneAuthOptions
disabledDataExfiltrationOptions A list of data exfiltration scenarios that are explicitly disallowed for the search service. Currently, the only supported value is 'All' to disable all possible data export scenarios with more fine grained controls planned for the future. String array containing any of:
'All'
disableLocalAuth When set to true, calls to the search service will not be permitted to utilize API keys for authentication. This cannot be set to true if 'dataPlaneAuthOptions' are defined. bool
encryptionWithCmk Specifies any policy regarding encryption of resources (such as indexes) using customer manager keys within a search service. EncryptionWithCmk
hostingMode Applicable only for the standard3 SKU. You can set this property to enable up to 3 high density partitions that allow up to 1000 indexes, which is much higher than the maximum indexes allowed for any other SKU. For the standard3 SKU, the value is either 'default' or 'highDensity'. For all other SKUs, this value must be 'default'. 'default'
'highDensity'
networkRuleSet Network specific rules that determine how the Azure AI Search service may be reached. NetworkRuleSet
partitionCount The number of partitions in the search service; if specified, it can be 1, 2, 3, 4, 6, or 12. Values greater than 1 are only valid for standard SKUs. For 'standard3' services with hostingMode set to 'highDensity', the allowed values are between 1 and 3. int

Constraints:
Min value = 1
Max value = 12
publicNetworkAccess This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. 'disabled'
'enabled'
replicaCount The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU. int

Constraints:
Min value = 1
Max value = 12
semanticSearch Sets options that control the availability of semantic search. This configuration is only possible for certain Azure AI Search SKUs in certain locations. 'disabled'
'free'
'standard'

DataPlaneAuthOptions

Name Description Value
aadOrApiKey Indicates that either the API key or an access token from a Microsoft Entra ID tenant can be used for authentication. DataPlaneAadOrApiKeyAuthOption
apiKeyOnly Indicates that only the API key can be used for authentication. For Bicep, you can use the any() function.

DataPlaneAadOrApiKeyAuthOption

Name Description Value
aadAuthFailureMode Describes what response the data plane API of a search service would send for requests that failed authentication. 'http401WithBearerChallenge'
'http403'

EncryptionWithCmk

Name Description Value
enforcement Describes how a search service should enforce compliance if it finds objects that aren't encrypted with the customer-managed key. 'Disabled'
'Enabled'
'Unspecified'

NetworkRuleSet

Name Description Value
bypass Possible origins of inbound traffic that can bypass the rules defined in the 'ipRules' section. 'AzurePortal'
'None'
ipRules A list of IP restriction rules that defines the inbound network(s) with allowing access to the search service endpoint. At the meantime, all other public IP networks are blocked by the firewall. These restriction rules are applied only when the 'publicNetworkAccess' of the search service is 'enabled'; otherwise, traffic over public interface is not allowed even with any public IP rules, and private endpoint connections would be the exclusive access method. IpRule[]

IpRule

Name Description Value
value Value corresponding to a single IPv4 address (eg., 123.1.2.3) or an IP range in CIDR format (eg., 123.1.2.3/24) to be allowed. string

Sku

Name Description Value
name The SKU of the search service. Valid values include: 'free': Shared service. 'basic': Dedicated service with up to 3 replicas. 'standard': Dedicated service with up to 12 partitions and 12 replicas. 'standard2': Similar to standard, but with more capacity per search unit. 'standard3': The largest Standard offering with up to 12 partitions and 12 replicas (or up to 3 partitions with more indexes if you also set the hostingMode property to 'highDensity'). 'storage_optimized_l1': Supports 1TB per partition, up to 12 partitions. 'storage_optimized_l2': Supports 2TB per partition, up to 12 partitions.' 'basic'
'free'
'standard'
'standard2'
'standard3'
'storage_optimized_l1'
'storage_optimized_l2'

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Web App with a SQL Database, Azure Cosmos DB, Azure Search

Deploy to Azure
This template provisions a Web App, a SQL Database, Azure Cosmos DB, Azure Search and Application Insights.
Azure Cognitive Search service

Deploy to Azure
This template creates an Azure Cognitive Search service
Azure Cognitive Search service with private endpoint

Deploy to Azure
This template creates an Azure Cognitive Search service with a private endpoint.

ARM template resource definition

The searchServices resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Search/searchServices resource, add the following JSON to your template.

{
  "type": "Microsoft.Search/searchServices",
  "apiVersion": "2024-03-01-preview",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "sku": {
    "name": "string"
  },
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {}
    }
  },
  "properties": {
    "authOptions": {
      "aadOrApiKey": {
        "aadAuthFailureMode": "string"
      },
      "apiKeyOnly": {}
    },
    "disabledDataExfiltrationOptions": "All",
    "disableLocalAuth": "bool",
    "encryptionWithCmk": {
      "enforcement": "string"
    },
    "hostingMode": "string",
    "networkRuleSet": {
      "bypass": "string",
      "ipRules": [
        {
          "value": "string"
        }
      ]
    },
    "partitionCount": "int",
    "publicNetworkAccess": "string",
    "replicaCount": "int",
    "semanticSearch": "string"
  }
}

Property values

searchServices

Name Description Value
type The resource type 'Microsoft.Search/searchServices'
apiVersion The resource api version '2024-03-01-preview'
name The resource name string (required)
location The geo-location where the resource lives string (required)
tags Resource tags. Dictionary of tag names and values. See Tags in templates
sku The SKU of the search service, which determines price tier and capacity limits. This property is required when creating a new search service. Sku
identity The identity of the resource. Identity
properties Properties of the search service. SearchServiceProperties

Identity

Name Description Value
type The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an identity created by the system and a set of user assigned identities. The type 'None' will remove all identities from the service. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource IDs in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. UserAssignedManagedIdentities

UserAssignedManagedIdentities

Name Description Value
{customized property} UserAssignedManagedIdentity

UserAssignedManagedIdentity

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

SearchServiceProperties

Name Description Value
authOptions Defines the options for how the data plane API of a search service authenticates requests. This cannot be set if 'disableLocalAuth' is set to true. DataPlaneAuthOptions
disabledDataExfiltrationOptions A list of data exfiltration scenarios that are explicitly disallowed for the search service. Currently, the only supported value is 'All' to disable all possible data export scenarios with more fine grained controls planned for the future. String array containing any of:
'All'
disableLocalAuth When set to true, calls to the search service will not be permitted to utilize API keys for authentication. This cannot be set to true if 'dataPlaneAuthOptions' are defined. bool
encryptionWithCmk Specifies any policy regarding encryption of resources (such as indexes) using customer manager keys within a search service. EncryptionWithCmk
hostingMode Applicable only for the standard3 SKU. You can set this property to enable up to 3 high density partitions that allow up to 1000 indexes, which is much higher than the maximum indexes allowed for any other SKU. For the standard3 SKU, the value is either 'default' or 'highDensity'. For all other SKUs, this value must be 'default'. 'default'
'highDensity'
networkRuleSet Network specific rules that determine how the Azure AI Search service may be reached. NetworkRuleSet
partitionCount The number of partitions in the search service; if specified, it can be 1, 2, 3, 4, 6, or 12. Values greater than 1 are only valid for standard SKUs. For 'standard3' services with hostingMode set to 'highDensity', the allowed values are between 1 and 3. int

Constraints:
Min value = 1
Max value = 12
publicNetworkAccess This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. 'disabled'
'enabled'
replicaCount The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU. int

Constraints:
Min value = 1
Max value = 12
semanticSearch Sets options that control the availability of semantic search. This configuration is only possible for certain Azure AI Search SKUs in certain locations. 'disabled'
'free'
'standard'

DataPlaneAuthOptions

Name Description Value
aadOrApiKey Indicates that either the API key or an access token from a Microsoft Entra ID tenant can be used for authentication. DataPlaneAadOrApiKeyAuthOption
apiKeyOnly Indicates that only the API key can be used for authentication.

DataPlaneAadOrApiKeyAuthOption

Name Description Value
aadAuthFailureMode Describes what response the data plane API of a search service would send for requests that failed authentication. 'http401WithBearerChallenge'
'http403'

EncryptionWithCmk

Name Description Value
enforcement Describes how a search service should enforce compliance if it finds objects that aren't encrypted with the customer-managed key. 'Disabled'
'Enabled'
'Unspecified'

NetworkRuleSet

Name Description Value
bypass Possible origins of inbound traffic that can bypass the rules defined in the 'ipRules' section. 'AzurePortal'
'None'
ipRules A list of IP restriction rules that defines the inbound network(s) with allowing access to the search service endpoint. At the meantime, all other public IP networks are blocked by the firewall. These restriction rules are applied only when the 'publicNetworkAccess' of the search service is 'enabled'; otherwise, traffic over public interface is not allowed even with any public IP rules, and private endpoint connections would be the exclusive access method. IpRule[]

IpRule

Name Description Value
value Value corresponding to a single IPv4 address (eg., 123.1.2.3) or an IP range in CIDR format (eg., 123.1.2.3/24) to be allowed. string

Sku

Name Description Value
name The SKU of the search service. Valid values include: 'free': Shared service. 'basic': Dedicated service with up to 3 replicas. 'standard': Dedicated service with up to 12 partitions and 12 replicas. 'standard2': Similar to standard, but with more capacity per search unit. 'standard3': The largest Standard offering with up to 12 partitions and 12 replicas (or up to 3 partitions with more indexes if you also set the hostingMode property to 'highDensity'). 'storage_optimized_l1': Supports 1TB per partition, up to 12 partitions. 'storage_optimized_l2': Supports 2TB per partition, up to 12 partitions.' 'basic'
'free'
'standard'
'standard2'
'standard3'
'storage_optimized_l1'
'storage_optimized_l2'

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Web App with a SQL Database, Azure Cosmos DB, Azure Search

Deploy to Azure
This template provisions a Web App, a SQL Database, Azure Cosmos DB, Azure Search and Application Insights.
Azure Cognitive Search service

Deploy to Azure
This template creates an Azure Cognitive Search service
Azure Cognitive Search service with private endpoint

Deploy to Azure
This template creates an Azure Cognitive Search service with a private endpoint.

Terraform (AzAPI provider) resource definition

The searchServices resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Search/searchServices resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Search/searchServices@2024-03-01-preview"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  identity {
    type = "string"
    identity_ids = []
  }
  body = jsonencode({
    properties = {
      authOptions = {
        aadOrApiKey = {
          aadAuthFailureMode = "string"
        }
      }
      disabledDataExfiltrationOptions = "All"
      disableLocalAuth = bool
      encryptionWithCmk = {
        enforcement = "string"
      }
      hostingMode = "string"
      networkRuleSet = {
        bypass = "string"
        ipRules = [
          {
            value = "string"
          }
        ]
      }
      partitionCount = int
      publicNetworkAccess = "string"
      replicaCount = int
      semanticSearch = "string"
    }
    sku = {
      name = "string"
    }
  })
}

Property values

searchServices

Name Description Value
type The resource type "Microsoft.Search/searchServices@2024-03-01-preview"
name The resource name string (required)
location The geo-location where the resource lives string (required)
parent_id To deploy to a resource group, use the ID of that resource group. string (required)
tags Resource tags. Dictionary of tag names and values.
sku The SKU of the search service, which determines price tier and capacity limits. This property is required when creating a new search service. Sku
identity The identity of the resource. Identity
properties Properties of the search service. SearchServiceProperties

Identity

Name Description Value
type The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an identity created by the system and a set of user assigned identities. The type 'None' will remove all identities from the service. "SystemAssigned"
"SystemAssigned, UserAssigned"
"UserAssigned" (required)
identity_ids The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource IDs in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. Array of user identity IDs.

UserAssignedManagedIdentities

Name Description Value
{customized property} UserAssignedManagedIdentity

UserAssignedManagedIdentity

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

SearchServiceProperties

Name Description Value
authOptions Defines the options for how the data plane API of a search service authenticates requests. This cannot be set if 'disableLocalAuth' is set to true. DataPlaneAuthOptions
disabledDataExfiltrationOptions A list of data exfiltration scenarios that are explicitly disallowed for the search service. Currently, the only supported value is 'All' to disable all possible data export scenarios with more fine grained controls planned for the future. String array containing any of:
"All"
disableLocalAuth When set to true, calls to the search service will not be permitted to utilize API keys for authentication. This cannot be set to true if 'dataPlaneAuthOptions' are defined. bool
encryptionWithCmk Specifies any policy regarding encryption of resources (such as indexes) using customer manager keys within a search service. EncryptionWithCmk
hostingMode Applicable only for the standard3 SKU. You can set this property to enable up to 3 high density partitions that allow up to 1000 indexes, which is much higher than the maximum indexes allowed for any other SKU. For the standard3 SKU, the value is either 'default' or 'highDensity'. For all other SKUs, this value must be 'default'. "default"
"highDensity"
networkRuleSet Network specific rules that determine how the Azure AI Search service may be reached. NetworkRuleSet
partitionCount The number of partitions in the search service; if specified, it can be 1, 2, 3, 4, 6, or 12. Values greater than 1 are only valid for standard SKUs. For 'standard3' services with hostingMode set to 'highDensity', the allowed values are between 1 and 3. int

Constraints:
Min value = 1
Max value = 12
publicNetworkAccess This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. "disabled"
"enabled"
replicaCount The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU. int

Constraints:
Min value = 1
Max value = 12
semanticSearch Sets options that control the availability of semantic search. This configuration is only possible for certain Azure AI Search SKUs in certain locations. "disabled"
"free"
"standard"

DataPlaneAuthOptions

Name Description Value
aadOrApiKey Indicates that either the API key or an access token from a Microsoft Entra ID tenant can be used for authentication. DataPlaneAadOrApiKeyAuthOption
apiKeyOnly Indicates that only the API key can be used for authentication.

DataPlaneAadOrApiKeyAuthOption

Name Description Value
aadAuthFailureMode Describes what response the data plane API of a search service would send for requests that failed authentication. "http401WithBearerChallenge"
"http403"

EncryptionWithCmk

Name Description Value
enforcement Describes how a search service should enforce compliance if it finds objects that aren't encrypted with the customer-managed key. "Disabled"
"Enabled"
"Unspecified"

NetworkRuleSet

Name Description Value
bypass Possible origins of inbound traffic that can bypass the rules defined in the 'ipRules' section. "AzurePortal"
"None"
ipRules A list of IP restriction rules that defines the inbound network(s) with allowing access to the search service endpoint. At the meantime, all other public IP networks are blocked by the firewall. These restriction rules are applied only when the 'publicNetworkAccess' of the search service is 'enabled'; otherwise, traffic over public interface is not allowed even with any public IP rules, and private endpoint connections would be the exclusive access method. IpRule[]

IpRule

Name Description Value
value Value corresponding to a single IPv4 address (eg., 123.1.2.3) or an IP range in CIDR format (eg., 123.1.2.3/24) to be allowed. string

Sku

Name Description Value
name The SKU of the search service. Valid values include: 'free': Shared service. 'basic': Dedicated service with up to 3 replicas. 'standard': Dedicated service with up to 12 partitions and 12 replicas. 'standard2': Similar to standard, but with more capacity per search unit. 'standard3': The largest Standard offering with up to 12 partitions and 12 replicas (or up to 3 partitions with more indexes if you also set the hostingMode property to 'highDensity'). 'storage_optimized_l1': Supports 1TB per partition, up to 12 partitions. 'storage_optimized_l2': Supports 2TB per partition, up to 12 partitions.' "basic"
"free"
"standard"
"standard2"
"standard3"
"storage_optimized_l1"
"storage_optimized_l2"