Bicep resource definition
The workspaces resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Synapse/workspaces resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Synapse/workspaces@2021-06-01' = {
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
location: 'string'
name: 'string'
properties: {
azureADOnlyAuthentication: bool
cspWorkspaceAdminProperties: {
initialWorkspaceAdminObjectId: 'string'
}
defaultDataLakeStorage: {
accountUrl: 'string'
createManagedPrivateEndpoint: bool
filesystem: 'string'
resourceId: 'string'
}
encryption: {
cmk: {
kekIdentity: {
userAssignedIdentity: 'string'
useSystemAssignedIdentity: any(...)
}
key: {
keyVaultUrl: 'string'
name: 'string'
}
}
}
managedResourceGroupName: 'string'
managedVirtualNetwork: 'string'
managedVirtualNetworkSettings: {
allowedAadTenantIdsForLinking: [
'string'
]
linkedAccessCheckOnTargetResource: bool
preventDataExfiltration: bool
}
privateEndpointConnections: [
{
properties: {
privateEndpoint: {}
privateLinkServiceConnectionState: {
description: 'string'
status: 'string'
}
}
}
]
publicNetworkAccess: 'string'
purviewConfiguration: {
purviewResourceId: 'string'
}
sqlAdministratorLogin: 'string'
sqlAdministratorLoginPassword: 'string'
trustedServiceBypassEnabled: bool
virtualNetworkProfile: {
computeSubnetId: 'string'
}
workspaceRepositoryConfiguration: {
accountName: 'string'
collaborationBranch: 'string'
hostName: 'string'
lastCommitId: 'string'
projectName: 'string'
repositoryName: 'string'
rootFolder: 'string'
tenantId: 'string'
type: 'string'
}
}
tags: {
{customized property}: 'string'
}
}
Property Values
CspWorkspaceAdminProperties
Name |
Description |
Value |
initialWorkspaceAdminObjectId |
AAD object ID of initial workspace admin |
string |
CustomerManagedKeyDetails
DataLakeStorageAccountDetails
Name |
Description |
Value |
accountUrl |
Account URL |
string |
createManagedPrivateEndpoint |
Create managed private endpoint to this storage account or not |
bool |
filesystem |
Filesystem name |
string |
resourceId |
ARM resource Id of this storage account |
string |
EncryptionDetails
KekIdentityProperties
Name |
Description |
Value |
userAssignedIdentity |
User assigned identity resource Id |
string |
useSystemAssignedIdentity |
Boolean specifying whether to use system assigned identity or not |
any |
ManagedIdentity
Name |
Description |
Value |
type |
The type of managed identity for the workspace |
'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' |
userAssignedIdentities |
The user assigned managed identities. |
UserAssignedManagedIdentities |
ManagedVirtualNetworkSettings
Name |
Description |
Value |
allowedAadTenantIdsForLinking |
Allowed Aad Tenant Ids For Linking |
string[] |
linkedAccessCheckOnTargetResource |
Linked Access Check On Target Resource |
bool |
preventDataExfiltration |
Prevent Data Exfiltration |
bool |
Microsoft.Synapse/workspaces
Name |
Description |
Value |
identity |
Identity of the workspace |
ManagedIdentity |
location |
The geo-location where the resource lives |
string (required) |
name |
The resource name |
string (required) |
properties |
Workspace resource properties |
WorkspaceProperties |
tags |
Resource tags |
Dictionary of tag names and values. See Tags in templates |
PrivateEndpoint
PrivateEndpointConnection
PrivateEndpointConnectionProperties
PrivateLinkServiceConnectionState
Name |
Description |
Value |
description |
The private link service connection description. |
string |
status |
The private link service connection status. |
string |
PurviewConfiguration
Name |
Description |
Value |
purviewResourceId |
Purview Resource ID |
string |
UserAssignedManagedIdentities
UserAssignedManagedIdentity
VirtualNetworkProfile
Name |
Description |
Value |
computeSubnetId |
Subnet ID used for computes in workspace |
string |
WorkspaceKeyDetails
Name |
Description |
Value |
keyVaultUrl |
Workspace Key sub-resource key vault url |
string |
name |
Workspace Key sub-resource name |
string |
WorkspaceProperties
Name |
Description |
Value |
azureADOnlyAuthentication |
Enable or Disable AzureADOnlyAuthentication on All Workspace subresource |
bool |
cspWorkspaceAdminProperties |
Initial workspace AAD admin properties for a CSP subscription |
CspWorkspaceAdminProperties |
defaultDataLakeStorage |
Workspace default data lake storage account details |
DataLakeStorageAccountDetails |
encryption |
The encryption details of the workspace |
EncryptionDetails |
managedResourceGroupName |
Workspace managed resource group. The resource group name uniquely identifies the resource group within the user subscriptionId. The resource group name must be no longer than 90 characters long, and must be alphanumeric characters (Char.IsLetterOrDigit()) and '-', '_', '(', ')' and'.'. Note that the name cannot end with '.' |
string |
managedVirtualNetwork |
Setting this to 'default' will ensure that all compute for this workspace is in a virtual network managed on behalf of the user. |
string |
managedVirtualNetworkSettings |
Managed Virtual Network Settings |
ManagedVirtualNetworkSettings |
privateEndpointConnections |
Private endpoint connections to the workspace |
PrivateEndpointConnection[] |
publicNetworkAccess |
Enable or Disable public network access to workspace |
'Disabled' 'Enabled' |
purviewConfiguration |
Purview Configuration |
PurviewConfiguration |
sqlAdministratorLogin |
Login for workspace SQL active directory administrator |
string |
sqlAdministratorLoginPassword |
SQL administrator login password |
string |
trustedServiceBypassEnabled |
Is trustedServiceBypassEnabled for the workspace |
bool |
virtualNetworkProfile |
Virtual Network profile |
VirtualNetworkProfile |
workspaceRepositoryConfiguration |
Git integration settings |
WorkspaceRepositoryConfiguration |
WorkspaceRepositoryConfiguration
Name |
Description |
Value |
accountName |
Account name |
string |
collaborationBranch |
Collaboration branch |
string |
hostName |
GitHub Enterprise host name. For example: https://github.mydomain.com |
string |
lastCommitId |
The last commit ID |
string |
projectName |
VSTS project name |
string |
repositoryName |
Repository name |
string |
rootFolder |
Root folder to use in the repository |
string |
tenantId |
The VSTS tenant ID |
string
Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
type |
Type of workspace repositoryID configuration. Example WorkspaceVSTSConfiguration, WorkspaceGitHubConfiguration |
string |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
ARM template resource definition
The workspaces resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Synapse/workspaces resource, add the following JSON to your template.
{
"type": "Microsoft.Synapse/workspaces",
"apiVersion": "2021-06-01",
"name": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"location": "string",
"properties": {
"azureADOnlyAuthentication": "bool",
"cspWorkspaceAdminProperties": {
"initialWorkspaceAdminObjectId": "string"
},
"defaultDataLakeStorage": {
"accountUrl": "string",
"createManagedPrivateEndpoint": "bool",
"filesystem": "string",
"resourceId": "string"
},
"encryption": {
"cmk": {
"kekIdentity": {
"userAssignedIdentity": "string",
"useSystemAssignedIdentity": {}
},
"key": {
"keyVaultUrl": "string",
"name": "string"
}
}
},
"managedResourceGroupName": "string",
"managedVirtualNetwork": "string",
"managedVirtualNetworkSettings": {
"allowedAadTenantIdsForLinking": [ "string" ],
"linkedAccessCheckOnTargetResource": "bool",
"preventDataExfiltration": "bool"
},
"privateEndpointConnections": [
{
"properties": {
"privateEndpoint": {
},
"privateLinkServiceConnectionState": {
"description": "string",
"status": "string"
}
}
}
],
"publicNetworkAccess": "string",
"purviewConfiguration": {
"purviewResourceId": "string"
},
"sqlAdministratorLogin": "string",
"sqlAdministratorLoginPassword": "string",
"trustedServiceBypassEnabled": "bool",
"virtualNetworkProfile": {
"computeSubnetId": "string"
},
"workspaceRepositoryConfiguration": {
"accountName": "string",
"collaborationBranch": "string",
"hostName": "string",
"lastCommitId": "string",
"projectName": "string",
"repositoryName": "string",
"rootFolder": "string",
"tenantId": "string",
"type": "string"
}
},
"tags": {
"{customized property}": "string"
}
}
Property Values
CspWorkspaceAdminProperties
Name |
Description |
Value |
initialWorkspaceAdminObjectId |
AAD object ID of initial workspace admin |
string |
CustomerManagedKeyDetails
DataLakeStorageAccountDetails
Name |
Description |
Value |
accountUrl |
Account URL |
string |
createManagedPrivateEndpoint |
Create managed private endpoint to this storage account or not |
bool |
filesystem |
Filesystem name |
string |
resourceId |
ARM resource Id of this storage account |
string |
EncryptionDetails
KekIdentityProperties
Name |
Description |
Value |
userAssignedIdentity |
User assigned identity resource Id |
string |
useSystemAssignedIdentity |
Boolean specifying whether to use system assigned identity or not |
any |
ManagedIdentity
Name |
Description |
Value |
type |
The type of managed identity for the workspace |
'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' |
userAssignedIdentities |
The user assigned managed identities. |
UserAssignedManagedIdentities |
ManagedVirtualNetworkSettings
Name |
Description |
Value |
allowedAadTenantIdsForLinking |
Allowed Aad Tenant Ids For Linking |
string[] |
linkedAccessCheckOnTargetResource |
Linked Access Check On Target Resource |
bool |
preventDataExfiltration |
Prevent Data Exfiltration |
bool |
Microsoft.Synapse/workspaces
Name |
Description |
Value |
apiVersion |
The api version |
'2021-06-01' |
identity |
Identity of the workspace |
ManagedIdentity |
location |
The geo-location where the resource lives |
string (required) |
name |
The resource name |
string (required) |
properties |
Workspace resource properties |
WorkspaceProperties |
tags |
Resource tags |
Dictionary of tag names and values. See Tags in templates |
type |
The resource type |
'Microsoft.Synapse/workspaces' |
PrivateEndpoint
PrivateEndpointConnection
PrivateEndpointConnectionProperties
PrivateLinkServiceConnectionState
Name |
Description |
Value |
description |
The private link service connection description. |
string |
status |
The private link service connection status. |
string |
PurviewConfiguration
Name |
Description |
Value |
purviewResourceId |
Purview Resource ID |
string |
UserAssignedManagedIdentities
UserAssignedManagedIdentity
VirtualNetworkProfile
Name |
Description |
Value |
computeSubnetId |
Subnet ID used for computes in workspace |
string |
WorkspaceKeyDetails
Name |
Description |
Value |
keyVaultUrl |
Workspace Key sub-resource key vault url |
string |
name |
Workspace Key sub-resource name |
string |
WorkspaceProperties
Name |
Description |
Value |
azureADOnlyAuthentication |
Enable or Disable AzureADOnlyAuthentication on All Workspace subresource |
bool |
cspWorkspaceAdminProperties |
Initial workspace AAD admin properties for a CSP subscription |
CspWorkspaceAdminProperties |
defaultDataLakeStorage |
Workspace default data lake storage account details |
DataLakeStorageAccountDetails |
encryption |
The encryption details of the workspace |
EncryptionDetails |
managedResourceGroupName |
Workspace managed resource group. The resource group name uniquely identifies the resource group within the user subscriptionId. The resource group name must be no longer than 90 characters long, and must be alphanumeric characters (Char.IsLetterOrDigit()) and '-', '_', '(', ')' and'.'. Note that the name cannot end with '.' |
string |
managedVirtualNetwork |
Setting this to 'default' will ensure that all compute for this workspace is in a virtual network managed on behalf of the user. |
string |
managedVirtualNetworkSettings |
Managed Virtual Network Settings |
ManagedVirtualNetworkSettings |
privateEndpointConnections |
Private endpoint connections to the workspace |
PrivateEndpointConnection[] |
publicNetworkAccess |
Enable or Disable public network access to workspace |
'Disabled' 'Enabled' |
purviewConfiguration |
Purview Configuration |
PurviewConfiguration |
sqlAdministratorLogin |
Login for workspace SQL active directory administrator |
string |
sqlAdministratorLoginPassword |
SQL administrator login password |
string |
trustedServiceBypassEnabled |
Is trustedServiceBypassEnabled for the workspace |
bool |
virtualNetworkProfile |
Virtual Network profile |
VirtualNetworkProfile |
workspaceRepositoryConfiguration |
Git integration settings |
WorkspaceRepositoryConfiguration |
WorkspaceRepositoryConfiguration
Name |
Description |
Value |
accountName |
Account name |
string |
collaborationBranch |
Collaboration branch |
string |
hostName |
GitHub Enterprise host name. For example: https://github.mydomain.com |
string |
lastCommitId |
The last commit ID |
string |
projectName |
VSTS project name |
string |
repositoryName |
Repository name |
string |
rootFolder |
Root folder to use in the repository |
string |
tenantId |
The VSTS tenant ID |
string
Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
type |
Type of workspace repositoryID configuration. Example WorkspaceVSTSConfiguration, WorkspaceGitHubConfiguration |
string |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
Template |
Description |
Azure Synapse Proof-of-Concept
 |
This template creates a proof of concept environment for Azure Synapse, including SQL Pools and optional Apache Spark Pools |
The workspaces resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Synapse/workspaces resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Synapse/workspaces@2021-06-01"
name = "string"
parent_id = "string"
identity {
type = "string"
identity_ids = [
"string"
]
}
location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
azureADOnlyAuthentication = bool
cspWorkspaceAdminProperties = {
initialWorkspaceAdminObjectId = "string"
}
defaultDataLakeStorage = {
accountUrl = "string"
createManagedPrivateEndpoint = bool
filesystem = "string"
resourceId = "string"
}
encryption = {
cmk = {
kekIdentity = {
userAssignedIdentity = "string"
useSystemAssignedIdentity = ?
}
key = {
keyVaultUrl = "string"
name = "string"
}
}
}
managedResourceGroupName = "string"
managedVirtualNetwork = "string"
managedVirtualNetworkSettings = {
allowedAadTenantIdsForLinking = [
"string"
]
linkedAccessCheckOnTargetResource = bool
preventDataExfiltration = bool
}
privateEndpointConnections = [
{
properties = {
privateEndpoint = {
}
privateLinkServiceConnectionState = {
description = "string"
status = "string"
}
}
}
]
publicNetworkAccess = "string"
purviewConfiguration = {
purviewResourceId = "string"
}
sqlAdministratorLogin = "string"
sqlAdministratorLoginPassword = "string"
trustedServiceBypassEnabled = bool
virtualNetworkProfile = {
computeSubnetId = "string"
}
workspaceRepositoryConfiguration = {
accountName = "string"
collaborationBranch = "string"
hostName = "string"
lastCommitId = "string"
projectName = "string"
repositoryName = "string"
rootFolder = "string"
tenantId = "string"
type = "string"
}
}
}
}
Property Values
CspWorkspaceAdminProperties
Name |
Description |
Value |
initialWorkspaceAdminObjectId |
AAD object ID of initial workspace admin |
string |
CustomerManagedKeyDetails
DataLakeStorageAccountDetails
Name |
Description |
Value |
accountUrl |
Account URL |
string |
createManagedPrivateEndpoint |
Create managed private endpoint to this storage account or not |
bool |
filesystem |
Filesystem name |
string |
resourceId |
ARM resource Id of this storage account |
string |
EncryptionDetails
KekIdentityProperties
Name |
Description |
Value |
userAssignedIdentity |
User assigned identity resource Id |
string |
useSystemAssignedIdentity |
Boolean specifying whether to use system assigned identity or not |
any |
ManagedIdentity
Name |
Description |
Value |
type |
The type of managed identity for the workspace |
'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' |
userAssignedIdentities |
The user assigned managed identities. |
UserAssignedManagedIdentities |
ManagedVirtualNetworkSettings
Name |
Description |
Value |
allowedAadTenantIdsForLinking |
Allowed Aad Tenant Ids For Linking |
string[] |
linkedAccessCheckOnTargetResource |
Linked Access Check On Target Resource |
bool |
preventDataExfiltration |
Prevent Data Exfiltration |
bool |
Microsoft.Synapse/workspaces
Name |
Description |
Value |
identity |
Identity of the workspace |
ManagedIdentity |
location |
The geo-location where the resource lives |
string (required) |
name |
The resource name |
string (required) |
properties |
Workspace resource properties |
WorkspaceProperties |
tags |
Resource tags |
Dictionary of tag names and values. |
type |
The resource type |
"Microsoft.Synapse/workspaces@2021-06-01" |
PrivateEndpoint
PrivateEndpointConnection
PrivateEndpointConnectionProperties
PrivateLinkServiceConnectionState
Name |
Description |
Value |
description |
The private link service connection description. |
string |
status |
The private link service connection status. |
string |
PurviewConfiguration
Name |
Description |
Value |
purviewResourceId |
Purview Resource ID |
string |
UserAssignedManagedIdentities
UserAssignedManagedIdentity
VirtualNetworkProfile
Name |
Description |
Value |
computeSubnetId |
Subnet ID used for computes in workspace |
string |
WorkspaceKeyDetails
Name |
Description |
Value |
keyVaultUrl |
Workspace Key sub-resource key vault url |
string |
name |
Workspace Key sub-resource name |
string |
WorkspaceProperties
Name |
Description |
Value |
azureADOnlyAuthentication |
Enable or Disable AzureADOnlyAuthentication on All Workspace subresource |
bool |
cspWorkspaceAdminProperties |
Initial workspace AAD admin properties for a CSP subscription |
CspWorkspaceAdminProperties |
defaultDataLakeStorage |
Workspace default data lake storage account details |
DataLakeStorageAccountDetails |
encryption |
The encryption details of the workspace |
EncryptionDetails |
managedResourceGroupName |
Workspace managed resource group. The resource group name uniquely identifies the resource group within the user subscriptionId. The resource group name must be no longer than 90 characters long, and must be alphanumeric characters (Char.IsLetterOrDigit()) and '-', '_', '(', ')' and'.'. Note that the name cannot end with '.' |
string |
managedVirtualNetwork |
Setting this to 'default' will ensure that all compute for this workspace is in a virtual network managed on behalf of the user. |
string |
managedVirtualNetworkSettings |
Managed Virtual Network Settings |
ManagedVirtualNetworkSettings |
privateEndpointConnections |
Private endpoint connections to the workspace |
PrivateEndpointConnection[] |
publicNetworkAccess |
Enable or Disable public network access to workspace |
'Disabled' 'Enabled' |
purviewConfiguration |
Purview Configuration |
PurviewConfiguration |
sqlAdministratorLogin |
Login for workspace SQL active directory administrator |
string |
sqlAdministratorLoginPassword |
SQL administrator login password |
string |
trustedServiceBypassEnabled |
Is trustedServiceBypassEnabled for the workspace |
bool |
virtualNetworkProfile |
Virtual Network profile |
VirtualNetworkProfile |
workspaceRepositoryConfiguration |
Git integration settings |
WorkspaceRepositoryConfiguration |
WorkspaceRepositoryConfiguration
Name |
Description |
Value |
accountName |
Account name |
string |
collaborationBranch |
Collaboration branch |
string |
hostName |
GitHub Enterprise host name. For example: https://github.mydomain.com |
string |
lastCommitId |
The last commit ID |
string |
projectName |
VSTS project name |
string |
repositoryName |
Repository name |
string |
rootFolder |
Root folder to use in the repository |
string |
tenantId |
The VSTS tenant ID |
string
Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ |
type |
Type of workspace repositoryID configuration. Example WorkspaceVSTSConfiguration, WorkspaceGitHubConfiguration |
string |