-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "adminUsername": {
- "value": "scaleSetAdmin"
- },
- "imageReference": {
- "value": {
- "offer": "0001-com-ubuntu-server-jammy",
- "publisher": "Canonical",
- "sku": "22_04-lts-gen2",
- "version": "latest"
- }
- },
- "name": {
- "value": "cvmsslinmin001"
- },
- "osDisk": {
- "value": {
- "createOption": "fromImage",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- }
- },
- "osType": {
- "value": "Linux"
- },
- "skuName": {
- "value": "Standard_B12ms"
- },
- // Non-required parameters
- "disablePasswordAuthentication": {
- "value": true
- },
- "enableDefaultTelemetry": {
- "value": "
-
-### Example 2: _Linux.Ssecmk_
-
-via Bicep module
-
-```bicep
-module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-cvmsslcmk'
- params: {
- // Required parameters
- adminUsername: 'scaleSetAdmin'
- imageReference: {
- offer: '0001-com-ubuntu-server-jammy'
- publisher: 'Canonical'
- sku: '22_04-lts-gen2'
- version: 'latest'
- }
- name: 'cvmsslcmk001'
- osDisk: {
- createOption: 'fromImage'
- diskSizeGB: '128'
- managedDisk: {
- diskEncryptionSet: {
- id: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "adminUsername": {
- "value": "scaleSetAdmin"
- },
- "imageReference": {
- "value": {
- "offer": "0001-com-ubuntu-server-jammy",
- "publisher": "Canonical",
- "sku": "22_04-lts-gen2",
- "version": "latest"
- }
- },
- "name": {
- "value": "cvmsslcmk001"
- },
- "osDisk": {
- "value": {
- "createOption": "fromImage",
- "diskSizeGB": "128",
- "managedDisk": {
- "diskEncryptionSet": {
- "id": "
-
-### Example 3: _Linux_
-
-via Bicep module
-
-```bicep
-module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-cvmsslin'
- params: {
- // Required parameters
- adminUsername: 'scaleSetAdmin'
- imageReference: {
- offer: '0001-com-ubuntu-server-jammy'
- publisher: 'Canonical'
- sku: '22_04-lts-gen2'
- version: 'latest'
- }
- name: 'cvmsslin001'
- osDisk: {
- createOption: 'fromImage'
- diskSizeGB: '128'
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- }
- }
- osType: 'Linux'
- skuName: 'Standard_B12ms'
- // Non-required parameters
- availabilityZones: [
- '2'
- ]
- bootDiagnosticStorageAccountName: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "adminUsername": {
- "value": "scaleSetAdmin"
- },
- "imageReference": {
- "value": {
- "offer": "0001-com-ubuntu-server-jammy",
- "publisher": "Canonical",
- "sku": "22_04-lts-gen2",
- "version": "latest"
- }
- },
- "name": {
- "value": "cvmsslin001"
- },
- "osDisk": {
- "value": {
- "createOption": "fromImage",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- }
- },
- "osType": {
- "value": "Linux"
- },
- "skuName": {
- "value": "Standard_B12ms"
- },
- // Non-required parameters
- "availabilityZones": {
- "value": [
- "2"
- ]
- },
- "bootDiagnosticStorageAccountName": {
- "value": "
-
-### Example 4: _Windows.Min_
-
-via Bicep module
-
-```bicep
-module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-cvmsswinmin'
- params: {
- // Required parameters
- adminUsername: 'localAdminUser'
- imageReference: {
- offer: 'WindowsServer'
- publisher: 'MicrosoftWindowsServer'
- sku: '2022-datacenter-azure-edition'
- version: 'latest'
- }
- name: 'cvmsswinmin001'
- osDisk: {
- createOption: 'fromImage'
- diskSizeGB: '128'
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- }
- }
- osType: 'Windows'
- skuName: 'Standard_B12ms'
- // Non-required parameters
- adminPassword: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "adminUsername": {
- "value": "localAdminUser"
- },
- "imageReference": {
- "value": {
- "offer": "WindowsServer",
- "publisher": "MicrosoftWindowsServer",
- "sku": "2022-datacenter-azure-edition",
- "version": "latest"
- }
- },
- "name": {
- "value": "cvmsswinmin001"
- },
- "osDisk": {
- "value": {
- "createOption": "fromImage",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- }
- },
- "osType": {
- "value": "Windows"
- },
- "skuName": {
- "value": "Standard_B12ms"
- },
- // Non-required parameters
- "adminPassword": {
- "value": "
-
-### Example 5: _Windows_
-
-via Bicep module
-
-```bicep
-module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-cvmsswin'
- params: {
- // Required parameters
- adminUsername: 'localAdminUser'
- imageReference: {
- offer: 'WindowsServer'
- publisher: 'MicrosoftWindowsServer'
- sku: '2022-datacenter-azure-edition'
- version: 'latest'
- }
- name: 'cvmsswin001'
- osDisk: {
- createOption: 'fromImage'
- diskSizeGB: '128'
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- }
- }
- osType: 'Windows'
- skuName: 'Standard_B12ms'
- // Non-required parameters
- adminPassword: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "adminUsername": {
- "value": "localAdminUser"
- },
- "imageReference": {
- "value": {
- "offer": "WindowsServer",
- "publisher": "MicrosoftWindowsServer",
- "sku": "2022-datacenter-azure-edition",
- "version": "latest"
- }
- },
- "name": {
- "value": "cvmsswin001"
- },
- "osDisk": {
- "value": {
- "createOption": "fromImage",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS"
- }
- }
- },
- "osType": {
- "value": "Windows"
- },
- "skuName": {
- "value": "Standard_B12ms"
- },
- // Non-required parameters
- "adminPassword": {
- "value": "
-
-
-## Parameters
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`adminUsername`](#parameter-adminusername) | securestring | Administrator username. |
-| [`imageReference`](#parameter-imagereference) | object | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. |
-| [`name`](#parameter-name) | string | Name of the VMSS. |
-| [`nicConfigurations`](#parameter-nicconfigurations) | array | Configures NICs and PIPs. |
-| [`osDisk`](#parameter-osdisk) | object | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. |
-| [`osType`](#parameter-ostype) | string | The chosen OS type. |
-| [`skuName`](#parameter-skuname) | string | The SKU size of the VMs. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`additionalUnattendContent`](#parameter-additionalunattendcontent) | array | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. |
-| [`adminPassword`](#parameter-adminpassword) | securestring | When specifying a Windows Virtual Machine, this value should be passed. |
-| [`automaticRepairsPolicyEnabled`](#parameter-automaticrepairspolicyenabled) | bool | Specifies whether automatic repairs should be enabled on the virtual machine scale set. |
-| [`availabilityZones`](#parameter-availabilityzones) | array | The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. |
-| [`bootDiagnosticStorageAccountName`](#parameter-bootdiagnosticstorageaccountname) | string | Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided. |
-| [`bootDiagnosticStorageAccountUri`](#parameter-bootdiagnosticstorageaccounturi) | string | Storage account boot diagnostic base URI. |
-| [`customData`](#parameter-customdata) | string | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. |
-| [`dataDisks`](#parameter-datadisks) | array | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. |
-| [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. |
-| [`disableAutomaticRollback`](#parameter-disableautomaticrollback) | bool | Whether OS image rollback feature should be disabled. |
-| [`disablePasswordAuthentication`](#parameter-disablepasswordauthentication) | bool | Specifies whether password authentication should be disabled. |
-| [`doNotRunExtensionsOnOverprovisionedVMs`](#parameter-donotrunextensionsonoverprovisionedvms) | bool | When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. |
-| [`enableAutomaticOSUpgrade`](#parameter-enableautomaticosupgrade) | bool | Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true. |
-| [`enableAutomaticUpdates`](#parameter-enableautomaticupdates) | bool | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
-| [`enableEvictionPolicy`](#parameter-enableevictionpolicy) | bool | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. |
-| [`encryptionAtHost`](#parameter-encryptionathost) | bool | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets. |
-| [`extensionAntiMalwareConfig`](#parameter-extensionantimalwareconfig) | object | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. |
-| [`extensionAzureDiskEncryptionConfig`](#parameter-extensionazurediskencryptionconfig) | object | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. |
-| [`extensionCustomScriptConfig`](#parameter-extensioncustomscriptconfig) | object | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. |
-| [`extensionDependencyAgentConfig`](#parameter-extensiondependencyagentconfig) | object | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
-| [`extensionDomainJoinConfig`](#parameter-extensiondomainjoinconfig) | object | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. |
-| [`extensionDomainJoinPassword`](#parameter-extensiondomainjoinpassword) | securestring | Required if name is specified. Password of the user specified in user parameter. |
-| [`extensionDSCConfig`](#parameter-extensiondscconfig) | object | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. |
-| [`extensionMonitoringAgentConfig`](#parameter-extensionmonitoringagentconfig) | object | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
-| [`extensionNetworkWatcherAgentConfig`](#parameter-extensionnetworkwatcheragentconfig) | object | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
-| [`gracePeriod`](#parameter-graceperiod) | string | The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M). |
-| [`licenseType`](#parameter-licensetype) | string | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. |
-| [`location`](#parameter-location) | string | Location for all resources. |
-| [`lock`](#parameter-lock) | object | The lock settings of the service. |
-| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. |
-| [`maxBatchInstancePercent`](#parameter-maxbatchinstancepercent) | int | The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. |
-| [`maxPriceForLowPriorityVm`](#parameter-maxpriceforlowpriorityvm) | string | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. |
-| [`maxUnhealthyInstancePercent`](#parameter-maxunhealthyinstancepercent) | int | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. |
-| [`maxUnhealthyUpgradedInstancePercent`](#parameter-maxunhealthyupgradedinstancepercent) | int | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. |
-| [`monitoringWorkspaceId`](#parameter-monitoringworkspaceid) | string | Resource ID of the monitoring log analytics workspace. |
-| [`overprovision`](#parameter-overprovision) | bool | Specifies whether the Virtual Machine Scale Set should be overprovisioned. |
-| [`pauseTimeBetweenBatches`](#parameter-pausetimebetweenbatches) | string | The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. |
-| [`plan`](#parameter-plan) | object | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. |
-| [`provisionVMAgent`](#parameter-provisionvmagent) | bool | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
-| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | Resource ID of a proximity placement group. |
-| [`publicKeys`](#parameter-publickeys) | array | The list of SSH public keys used to authenticate with linux based VMs. |
-| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. |
-| [`sasTokenValidityLength`](#parameter-sastokenvaliditylength) | string | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. |
-| [`scaleInPolicy`](#parameter-scaleinpolicy) | object | Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in. |
-| [`scaleSetFaultDomain`](#parameter-scalesetfaultdomain) | int | Fault Domain count for each placement group. |
-| [`scheduledEventsProfile`](#parameter-scheduledeventsprofile) | object | Specifies Scheduled Event related configurations. |
-| [`secrets`](#parameter-secrets) | array | Specifies set of certificates that should be installed onto the virtual machines in the scale set. |
-| [`secureBootEnabled`](#parameter-securebootenabled) | bool | Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. |
-| [`securityType`](#parameter-securitytype) | string | Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings. |
-| [`singlePlacementGroup`](#parameter-singleplacementgroup) | bool | When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true. |
-| [`skuCapacity`](#parameter-skucapacity) | int | The initial instance count of scale set VMs. |
-| [`tags`](#parameter-tags) | object | Tags of the resource. |
-| [`timeZone`](#parameter-timezone) | string | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. |
-| [`ultraSSDEnabled`](#parameter-ultrassdenabled) | bool | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. |
-| [`upgradePolicyMode`](#parameter-upgradepolicymode) | string | Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling. |
-| [`vmNamePrefix`](#parameter-vmnameprefix) | string | Specifies the computer name prefix for all of the virtual machines in the scale set. |
-| [`vmPriority`](#parameter-vmpriority) | string | Specifies the priority for the virtual machine. |
-| [`vTpmEnabled`](#parameter-vtpmenabled) | bool | Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. |
-| [`winRM`](#parameter-winrm) | object | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. |
-| [`zoneBalance`](#parameter-zonebalance) | bool | Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. |
-
-**Generated parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. |
-
-### Parameter: `adminUsername`
-
-Administrator username.
-
-- Required: Yes
-- Type: securestring
-
-### Parameter: `imageReference`
-
-OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image.
-
-- Required: Yes
-- Type: object
-
-### Parameter: `name`
-
-Name of the VMSS.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `nicConfigurations`
-
-Configures NICs and PIPs.
-
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `osDisk`
-
-Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.
-
-- Required: Yes
-- Type: object
-
-### Parameter: `osType`
-
-The chosen OS type.
-
-- Required: Yes
-- Type: string
-- Allowed:
- ```Bicep
- [
- 'Linux'
- 'Windows'
- ]
- ```
-
-### Parameter: `skuName`
-
-The SKU size of the VMs.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `additionalUnattendContent`
-
-Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object.
-
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `adminPassword`
-
-When specifying a Windows Virtual Machine, this value should be passed.
-
-- Required: No
-- Type: securestring
-- Default: `''`
-
-### Parameter: `automaticRepairsPolicyEnabled`
-
-Specifies whether automatic repairs should be enabled on the virtual machine scale set.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `availabilityZones`
-
-The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set.
-
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `bootDiagnosticStorageAccountName`
-
-Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `bootDiagnosticStorageAccountUri`
-
-Storage account boot diagnostic base URI.
-
-- Required: No
-- Type: string
-- Default: `[format('.blob.{0}/', environment().suffixes.storage)]`
-
-### Parameter: `customData`
-
-Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `dataDisks`
-
-Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.
-
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `diagnosticSettings`
-
-The diagnostic settings of the service.
-
-- Required: No
-- Type: array
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. |
-| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. |
-| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. |
-| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-
-### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId`
-
-Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.eventHubName`
-
-Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.logAnalyticsDestinationType`
-
-A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.
-
-- Required: No
-- Type: string
-- Allowed:
- ```Bicep
- [
- 'AzureDiagnostics'
- 'Dedicated'
- ]
- ```
-
-### Parameter: `diagnosticSettings.marketplacePartnerResourceId`
-
-The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.metricCategories`
-
-The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
-
-- Required: No
-- Type: array
-
-### Parameter: `diagnosticSettings.name`
-
-The name of diagnostic setting.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.storageAccountResourceId`
-
-Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.workspaceResourceId`
-
-Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
-
-- Required: No
-- Type: string
-
-### Parameter: `disableAutomaticRollback`
-
-Whether OS image rollback feature should be disabled.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `disablePasswordAuthentication`
-
-Specifies whether password authentication should be disabled.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `doNotRunExtensionsOnOverprovisionedVMs`
-
-When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `enableAutomaticOSUpgrade`
-
-Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `enableAutomaticUpdates`
-
-Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning.
-
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via a Globally Unique Identifier (GUID).
-
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `enableEvictionPolicy`
-
-Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `encryptionAtHost`
-
-This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets.
-
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `extensionAntiMalwareConfig`
-
-The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- }
- ```
-
-### Parameter: `extensionAzureDiskEncryptionConfig`
-
-The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- }
- ```
-
-### Parameter: `extensionCustomScriptConfig`
-
-The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- fileData: []
- }
- ```
-
-### Parameter: `extensionDependencyAgentConfig`
-
-The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- }
- ```
-
-### Parameter: `extensionDomainJoinConfig`
-
-The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- }
- ```
-
-### Parameter: `extensionDomainJoinPassword`
-
-Required if name is specified. Password of the user specified in user parameter.
-
-- Required: No
-- Type: securestring
-- Default: `''`
-
-### Parameter: `extensionDSCConfig`
-
-The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- }
- ```
-
-### Parameter: `extensionMonitoringAgentConfig`
-
-The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- }
- ```
-
-### Parameter: `extensionNetworkWatcherAgentConfig`
-
-The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- }
- ```
-
-### Parameter: `gracePeriod`
-
-The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M).
-
-- Required: No
-- Type: string
-- Default: `'PT30M'`
-
-### Parameter: `licenseType`
-
-Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system.
-
-- Required: No
-- Type: string
-- Default: `''`
-- Allowed:
- ```Bicep
- [
- ''
- 'Windows_Client'
- 'Windows_Server'
- ]
- ```
-
-### Parameter: `location`
-
-Location for all resources.
-
-- Required: No
-- Type: string
-- Default: `[resourceGroup().location]`
-
-### Parameter: `lock`
-
-The lock settings of the service.
-
-- Required: No
-- Type: object
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`kind`](#parameter-lockkind) | string | Specify the type of lock. |
-| [`name`](#parameter-lockname) | string | Specify the name of lock. |
-
-### Parameter: `lock.kind`
-
-Specify the type of lock.
-
-- Required: No
-- Type: string
-- Allowed:
- ```Bicep
- [
- 'CanNotDelete'
- 'None'
- 'ReadOnly'
- ]
- ```
-
-### Parameter: `lock.name`
-
-Specify the name of lock.
-
-- Required: No
-- Type: string
-
-### Parameter: `managedIdentities`
-
-The managed identity definition for this resource.
-
-- Required: No
-- Type: object
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. |
-| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. |
-
-### Parameter: `managedIdentities.systemAssigned`
-
-Enables system assigned managed identity on the resource.
-
-- Required: No
-- Type: bool
-
-### Parameter: `managedIdentities.userAssignedResourceIds`
-
-The resource ID(s) to assign to the resource.
-
-- Required: No
-- Type: array
-
-### Parameter: `maxBatchInstancePercent`
-
-The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability.
-
-- Required: No
-- Type: int
-- Default: `20`
-
-### Parameter: `maxPriceForLowPriorityVm`
-
-Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `maxUnhealthyInstancePercent`
-
-The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch.
-
-- Required: No
-- Type: int
-- Default: `20`
-
-### Parameter: `maxUnhealthyUpgradedInstancePercent`
-
-The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch.
-
-- Required: No
-- Type: int
-- Default: `20`
-
-### Parameter: `monitoringWorkspaceId`
-
-Resource ID of the monitoring log analytics workspace.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `overprovision`
-
-Specifies whether the Virtual Machine Scale Set should be overprovisioned.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `pauseTimeBetweenBatches`
-
-The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format.
-
-- Required: No
-- Type: string
-- Default: `'PT0S'`
-
-### Parameter: `plan`
-
-Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use.
-
-- Required: No
-- Type: object
-- Default: `{}`
-
-### Parameter: `provisionVMAgent`
-
-Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.
-
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `proximityPlacementGroupResourceId`
-
-Resource ID of a proximity placement group.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `publicKeys`
-
-The list of SSH public keys used to authenticate with linux based VMs.
-
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `roleAssignments`
-
-Array of role assignments to create.
-
-- Required: No
-- Type: array
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. |
-| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
-| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. |
-| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. |
-| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. |
-| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. |
-
-### Parameter: `roleAssignments.principalId`
-
-The principal ID of the principal (user/group/identity) to assign the role to.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `roleAssignments.roleDefinitionIdOrName`
-
-The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `roleAssignments.condition`
-
-The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.conditionVersion`
-
-Version of the condition.
-
-- Required: No
-- Type: string
-- Allowed:
- ```Bicep
- [
- '2.0'
- ]
- ```
-
-### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
-
-The Resource Id of the delegated managed identity resource.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.description`
-
-The description of the role assignment.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.principalType`
-
-The principal type of the assigned principal ID.
-
-- Required: No
-- Type: string
-- Allowed:
- ```Bicep
- [
- 'Device'
- 'ForeignGroup'
- 'Group'
- 'ServicePrincipal'
- 'User'
- ]
- ```
-
-### Parameter: `sasTokenValidityLength`
-
-SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours.
-
-- Required: No
-- Type: string
-- Default: `'PT8H'`
-
-### Parameter: `scaleInPolicy`
-
-Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- rules: [
- 'Default'
- ]
- }
- ```
-
-### Parameter: `scaleSetFaultDomain`
-
-Fault Domain count for each placement group.
-
-- Required: No
-- Type: int
-- Default: `2`
-
-### Parameter: `scheduledEventsProfile`
-
-Specifies Scheduled Event related configurations.
-
-- Required: No
-- Type: object
-- Default: `{}`
-
-### Parameter: `secrets`
-
-Specifies set of certificates that should be installed onto the virtual machines in the scale set.
-
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `secureBootEnabled`
-
-Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `securityType`
-
-Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `singlePlacementGroup`
-
-When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true.
-
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `skuCapacity`
-
-The initial instance count of scale set VMs.
-
-- Required: No
-- Type: int
-- Default: `1`
-
-### Parameter: `tags`
-
-Tags of the resource.
-
-- Required: No
-- Type: object
-
-### Parameter: `timeZone`
-
-Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `ultraSSDEnabled`
-
-The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `upgradePolicyMode`
-
-Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling.
-
-- Required: No
-- Type: string
-- Default: `'Manual'`
-- Allowed:
- ```Bicep
- [
- 'Automatic'
- 'Manual'
- 'Rolling'
- ]
- ```
-
-### Parameter: `vmNamePrefix`
-
-Specifies the computer name prefix for all of the virtual machines in the scale set.
-
-- Required: No
-- Type: string
-- Default: `'vmssvm'`
-
-### Parameter: `vmPriority`
-
-Specifies the priority for the virtual machine.
-
-- Required: No
-- Type: string
-- Default: `'Regular'`
-- Allowed:
- ```Bicep
- [
- 'Low'
- 'Regular'
- 'Spot'
- ]
- ```
-
-### Parameter: `vTpmEnabled`
-
-Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `winRM`
-
-Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object.
-
-- Required: No
-- Type: object
-- Default: `{}`
-
-### Parameter: `zoneBalance`
-
-Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `baseTime`
-
-Do not provide a value! This date value is used to generate a registration token.
-
-- Required: No
-- Type: string
-- Default: `[utcNow('u')]`
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the virtual machine scale set. |
-| `resourceGroupName` | string | The resource group of the virtual machine scale set. |
-| `resourceId` | string | The resource ID of the virtual machine scale set. |
-| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. |
-
-## Cross-referenced modules
-
-_None_
-
-## Notes
-
-### Parameter Usage: `imageReference`
-
-#### Marketplace images
-
-Parameter JSON format
-
-```json
-"imageReference": {
- "value": {
- "publisher": "MicrosoftWindowsServer",
- "offer": "WindowsServer",
- "sku": "2022-datacenter-azure-edition",
- "version": "latest"
- }
-}
-```
-
-Bicep format
-
-```bicep
-imageReference: {
- publisher: 'MicrosoftWindowsServer'
- offer: 'WindowsServer'
- sku: '2022-datacenter-azure-edition'
- version: 'latest'
-}
-```
-
-Parameter JSON format
-
-```json
-"imageReference": {
- "value": {
- "id": "/subscriptions/12345-6789-1011-1213-15161718/resourceGroups/rg-name/providers/Microsoft.Compute/images/imagename"
- }
-}
-```
-
-Bicep format
-
-```bicep
-imageReference: {
- id: '/subscriptions/12345-6789-1011-1213-15161718/resourceGroups/rg-name/providers/Microsoft.Compute/images/imagename'
-}
-```
-
-
-
-### Parameter Usage: `plan`
-
-Parameter JSON format
-
-```json
-"plan": {
- "value": {
- "name": "qvsa-25",
- "product": "qualys-virtual-scanner",
- "publisher": "qualysguard"
- }
-}
-```
-
-Bicep format
-
-```bicep
-plan: {
- name: 'qvsa-25'
- product: 'qualys-virtual-scanner'
- publisher: 'qualysguard'
-}
-```
-
-
-
-### Parameter Usage: `osDisk`
-
-Parameter JSON format
-
-```json
-"osDisk": {
- "value": {
- "createOption": "fromImage",
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS",
- "diskEncryptionSet": { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.
- "id": "/subscriptions/Bicep format
-
-```bicep
-osDisk: {
- createOption: 'fromImage'
- diskSizeGB: '128'
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- diskEncryptionSet: { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.
- id: '/subscriptions/
-
-### Parameter Usage: `dataDisks`
-
-Parameter JSON format
-
-```json
-"dataDisks": {
- "value": [
- {
- "caching": "ReadOnly",
- "createOption": "Empty",
- "diskSizeGB": "256",
- "writeAcceleratorEnabled": true,
- "managedDisk": {
- "storageAccountType": "Premium_LRS",
- "diskEncryptionSet": { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.
- "id": "/subscriptions/Bicep format
-
-```bicep
-dataDisks: [
- {
- caching: 'ReadOnly'
- createOption: 'Empty'
- diskSizeGB: '256'
- writeAcceleratorEnabled: true
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- diskEncryptionSet: { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.
- id: '/subscriptions/
-
-### Parameter Usage: `nicConfigurations`
-
-Comments:
-- The field `nicSuffix` is mandatory.
-- If not disabled, `enableAcceleratedNetworking` is considered `true` by default and requires the VMSS to be deployed with a supported OS and VM size.
-
-Parameter JSON format
-
-```json
-"nicConfigurations": {
- "value": [
- {
- "nicSuffix": "-nic01",
- "ipConfigurations": [
- {
- "name": "ipconfig1",
- "properties": {
- "subnet": {
- "id": "/subscriptions/[[subscriptionId]]/resourceGroups/agents-vmss-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-scaleset/subnets/sxx-az-subnet-scaleset-linux"
- }
- }
- }
- ]
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-nicConfigurations: [
- {
- nicSuffix: '-nic01'
- ipConfigurations: [
- {
- name: 'ipconfig1'
- properties: {
- subnet: {
- id: '/subscriptions/[[subscriptionId]]/resourceGroups/agents-vmss-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-scaleset/subnets/sxx-az-subnet-scaleset-linux'
- }
- }
- }
- ]
- }
-]
-```
-
-
-
-### Parameter Usage: `extensionDomainJoinConfig`
-
-Parameter JSON format
-
-```json
-"extensionDomainJoinConfig": {
- "value": {
- "enabled": true,
- "settings": {
- "name": "contoso.com",
- "user": "test.user@testcompany.com",
- "ouPath": "OU=testOU; DC=contoso; DC=com",
- "restart": true,
- "options": 3
- }
- }
-},
-"extensionDomainJoinPassword": {
- "reference": {
- "keyVault": {
- "id": "/subscriptions/<Bicep format
-
-```bicep
-extensionDomainJoinConfig: {
- enabled: true
- settings: {
- name: 'contoso.com'
- user: 'test.user@testcompany.com'
- ouPath: 'OU=testOU; DC=contoso; DC=com'
- restart: true
- options: 3
- }
-}
-
-resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
- name: 'adp-[[namePrefix]]-az-kv-x-001'
- scope: resourceGroup('[[subscriptionId]]','validation-rg')
-}
-
-extensionDomainJoinPassword: kv1.getSecret('domainJoinUser02-Password')
-```
-
-
-
-### Parameter Usage: `extensionNetworkWatcherAgentConfig`
-
-Parameter JSON format
-
-```json
-"extensionNetworkWatcherAgentConfig": {
- "value": {
- "enabled": true
- }
-}
-```
-
-Bicep format
-
-```bicep
-extensionNetworkWatcherAgentConfig: {
- enabled: true
-}
-```
-
-
-
-### Parameter Usage: `extensionAntiMalwareConfig`
-
-Only for OSType Windows
-
-Parameter JSON format
-
-```json
-"extensionAntiMalwareConfig": {
- "value": {
- "enabled": true,
- "settings": {
- "AntimalwareEnabled": true,
- "Exclusions": {
- "Extensions": ".log;.ldf",
- "Paths": "D:\\IISlogs;D:\\DatabaseLogs",
- "Processes": "mssence.svc"
- },
- "RealtimeProtectionEnabled": true,
- "ScheduledScanSettings": {
- "isEnabled": "true",
- "scanType": "Quick",
- "day": "7",
- "time": "120"
- }
- }
- }
-}
-```
-
-Bicep format
-
-```bicep
-extensionAntiMalwareConfig: {
- enabled: true
- settings: {
- AntimalwareEnabled: true
- Exclusions: {
- Extensions: '.log;.ldf'
- Paths: 'D:\\IISlogs;D:\\DatabaseLogs'
- Processes: 'mssence.svc'
- }
- RealtimeProtectionEnabled: true
- ScheduledScanSettings: {
- isEnabled: 'true'
- scanType: 'Quick'
- day: '7'
- time: '120'
- }
- }
-}
-```
-
-
-
-### Parameter Usage: `extensionAzureDiskEncryptionConfig`
-
-Parameter JSON format
-
-```json
-"extensionAzureDiskEncryptionConfig": {
- // Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.
- "value": {
- "enabled": true,
- "settings": {
- "EncryptionOperation": "EnableEncryption",
- "KeyVaultURL": "https://mykeyvault.vault.azure.net/",
- "KeyVaultResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001",
- "KeyEncryptionKeyURL": "https://mykeyvault.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5", // ID must be updated for new keys
- "KekVaultResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001",
- "KeyEncryptionAlgorithm": "RSA-OAEP", //'RSA-OAEP'/'RSA-OAEP-256'/'RSA1_5'
- "VolumeType": "All", //'OS'/'Data'/'All'
- "ResizeOSDisk": "false"
- }
- }
-}
-```
-
-Bicep format
-
-```bicep
-extensionAzureDiskEncryptionConfig: {
- // Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.
- enabled: true
- settings: {
- EncryptionOperation: 'EnableEncryption'
- KeyVaultURL: 'https://mykeyvault.vault.azure.net/'
- KeyVaultResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001'
- KeyEncryptionKeyURL: 'https://mykeyvault.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5' // ID must be updated for new keys
- KekVaultResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001'
- KeyEncryptionAlgorithm: 'RSA-OAEP' //'RSA-OAEP'/'RSA-OAEP-256'/'RSA1_5'
- VolumeType: 'All' //'OS'/'Data'/'All'
- ResizeOSDisk: 'false'
- }
-}
-```
-
-
-
-### Parameter Usage: `extensionCustomScriptConfig`
-
-Parameter JSON format
-
-```json
-"extensionCustomScriptConfig": {
- "value": {
- "enabled": true,
- "fileData": [
- //storage accounts with SAS token requirement
- {
- "uri": "https://mystorageaccount.blob.core.windows.net/avdscripts/File1.ps1",
- "storageAccountId": "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName"
- },
- {
- "uri": "https://mystorageaccount.blob.core.windows.net/avdscripts/File2.ps1",
- "storageAccountId": "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName"
- },
- //storage account with public container (no SAS token is required) OR other public URL (not a storage account)
- {
- "uri": "https://github.com/myProject/File3.ps1",
- "storageAccountId": ""
- }
- ],
- "settings": {
- "commandToExecute": "powershell -ExecutionPolicy Unrestricted -File testscript.ps1"
- }
- }
-}
-```
-
-Bicep format
-
-```bicep
-extensionCustomScriptConfig: {
- enabled: true
- fileData: [
- //storage accounts with SAS token requirement
- {
- uri: 'https://mystorageaccount.blob.core.windows.net/avdscripts/File1.ps1'
- storageAccountId: '/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName'
- }
- {
- uri: 'https://mystorageaccount.blob.core.windows.net/avdscripts/File2.ps1'
- storageAccountId: '/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName'
- }
- //storage account with public container (no SAS token is required) OR other public URL (not a storage account)
- {
- uri: 'https://github.com/myProject/File3.ps1'
- storageAccountId: ''
- }
- ]
- settings: {
- commandToExecute: 'powershell -ExecutionPolicy Unrestricted -File testscript.ps1'
- }
-}
-```
-
-
-
-### Parameter Usage: `extensionDSCConfig`
-
-Parameter JSON format
-
-```json
-"extensionDSCConfig": {
- "value": {
- "enabled": true,
- "settings": {
- "wmfVersion": "latest",
- "configuration": {
- "url": "http://validURLToConfigLocation",
- "script": "ConfigurationScript.ps1",
- "function": "ConfigurationFunction"
- },
- "configurationArguments": {
- "argument1": "Value1",
- "argument2": "Value2"
- },
- "configurationData": {
- "url": "https://foo.psd1"
- },
- "privacy": {
- "dataCollection": "enable"
- },
- "advancedOptions": {
- "forcePullAndApply": false,
- "downloadMappings": {
- "specificDependencyKey": "https://myCustomDependencyLocation"
- }
- }
- },
- "protectedSettings": {
- "configurationArguments": {
- "mySecret": "MyPlaceholder"
- },
- "configurationUrlSasToken": "MyPlaceholder",
- "configurationDataUrlSasToken": "MyPlaceholder"
- }
- }
-}
-```
-
-Bicep format
-
-```bicep
-extensionDSCConfig: {
- enabled: true
- settings: {
- wmfVersion: 'latest'
- configuration: {
- url: 'http://validURLToConfigLocation'
- script: 'ConfigurationScript.ps1'
- function: 'ConfigurationFunction'
- }
- configurationArguments: {
- argument1: 'Value1'
- argument2: 'Value2'
- }
- configurationData: {
- url: 'https://foo.psd1'
- }
- privacy: {
- dataCollection: 'enable'
- }
- advancedOptions: {
- forcePullAndApply: false
- downloadMappings: {
- specificDependencyKey: 'https://myCustomDependencyLocation'
- }
- }
- }
- protectedSettings: {
- configurationArguments: {
- mySecret: 'MyPlaceholder'
- }
- configurationUrlSasToken: 'MyPlaceholder'
- configurationDataUrlSasToken: 'MyPlaceholder'
- }
-}
-```
-
-
+# Virtual Machine Scale Sets `[Microsoft.Compute/virtualMachineScaleSets]`
+
+This module deploys a Virtual Machine Scale Set.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+- [Notes](#Notes)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
+| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
+| `Microsoft.Compute/virtualMachineScaleSets` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/virtualMachineScaleSets) |
+| `Microsoft.Compute/virtualMachineScaleSets/extensions` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/virtualMachineScaleSets/extensions) |
+| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
+
+## Usage examples
+
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+
+>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+
+>**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.virtual-machine-scale-set:1.0.0`.
+
+- [Linux.Min](#example-1-linuxmin)
+- [Linux.Ssecmk](#example-2-linuxssecmk)
+- [Linux](#example-3-linux)
+- [Windows.Min](#example-4-windowsmin)
+- [Windows](#example-5-windows)
+
+### Example 1: _Linux.Min_
+
+via Bicep module
+
+```bicep
+module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-cvmsslinmin'
+ params: {
+ // Required parameters
+ adminUsername: 'scaleSetAdmin'
+ imageReference: {
+ offer: '0001-com-ubuntu-server-jammy'
+ publisher: 'Canonical'
+ sku: '22_04-lts-gen2'
+ version: 'latest'
+ }
+ name: 'cvmsslinmin001'
+ osDisk: {
+ createOption: 'fromImage'
+ diskSizeGB: '128'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ }
+ }
+ osType: 'Linux'
+ skuName: 'Standard_B12ms'
+ // Non-required parameters
+ disablePasswordAuthentication: true
+ enableDefaultTelemetry: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "scaleSetAdmin"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "0001-com-ubuntu-server-jammy",
+ "publisher": "Canonical",
+ "sku": "22_04-lts-gen2",
+ "version": "latest"
+ }
+ },
+ "name": {
+ "value": "cvmsslinmin001"
+ },
+ "osDisk": {
+ "value": {
+ "createOption": "fromImage",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ },
+ "osType": {
+ "value": "Linux"
+ },
+ "skuName": {
+ "value": "Standard_B12ms"
+ },
+ // Non-required parameters
+ "disablePasswordAuthentication": {
+ "value": true
+ },
+ "enableDefaultTelemetry": {
+ "value": "
+
+### Example 2: _Linux.Ssecmk_
+
+via Bicep module
+
+```bicep
+module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-cvmsslcmk'
+ params: {
+ // Required parameters
+ adminUsername: 'scaleSetAdmin'
+ imageReference: {
+ offer: '0001-com-ubuntu-server-jammy'
+ publisher: 'Canonical'
+ sku: '22_04-lts-gen2'
+ version: 'latest'
+ }
+ name: 'cvmsslcmk001'
+ osDisk: {
+ createOption: 'fromImage'
+ diskSizeGB: '128'
+ managedDisk: {
+ diskEncryptionSet: {
+ id: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "scaleSetAdmin"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "0001-com-ubuntu-server-jammy",
+ "publisher": "Canonical",
+ "sku": "22_04-lts-gen2",
+ "version": "latest"
+ }
+ },
+ "name": {
+ "value": "cvmsslcmk001"
+ },
+ "osDisk": {
+ "value": {
+ "createOption": "fromImage",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "diskEncryptionSet": {
+ "id": "
+
+### Example 3: _Linux_
+
+via Bicep module
+
+```bicep
+module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-cvmsslin'
+ params: {
+ // Required parameters
+ adminUsername: 'scaleSetAdmin'
+ imageReference: {
+ offer: '0001-com-ubuntu-server-jammy'
+ publisher: 'Canonical'
+ sku: '22_04-lts-gen2'
+ version: 'latest'
+ }
+ name: 'cvmsslin001'
+ osDisk: {
+ createOption: 'fromImage'
+ diskSizeGB: '128'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ }
+ }
+ osType: 'Linux'
+ skuName: 'Standard_B12ms'
+ // Non-required parameters
+ availabilityZones: [
+ '2'
+ ]
+ bootDiagnosticStorageAccountName: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "scaleSetAdmin"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "0001-com-ubuntu-server-jammy",
+ "publisher": "Canonical",
+ "sku": "22_04-lts-gen2",
+ "version": "latest"
+ }
+ },
+ "name": {
+ "value": "cvmsslin001"
+ },
+ "osDisk": {
+ "value": {
+ "createOption": "fromImage",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ },
+ "osType": {
+ "value": "Linux"
+ },
+ "skuName": {
+ "value": "Standard_B12ms"
+ },
+ // Non-required parameters
+ "availabilityZones": {
+ "value": [
+ "2"
+ ]
+ },
+ "bootDiagnosticStorageAccountName": {
+ "value": "
+
+### Example 4: _Windows.Min_
+
+via Bicep module
+
+```bicep
+module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-cvmsswinmin'
+ params: {
+ // Required parameters
+ adminUsername: 'localAdminUser'
+ imageReference: {
+ offer: 'WindowsServer'
+ publisher: 'MicrosoftWindowsServer'
+ sku: '2022-datacenter-azure-edition'
+ version: 'latest'
+ }
+ name: 'cvmsswinmin001'
+ osDisk: {
+ createOption: 'fromImage'
+ diskSizeGB: '128'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ }
+ }
+ osType: 'Windows'
+ skuName: 'Standard_B12ms'
+ // Non-required parameters
+ adminPassword: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "localAdminUser"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "WindowsServer",
+ "publisher": "MicrosoftWindowsServer",
+ "sku": "2022-datacenter-azure-edition",
+ "version": "latest"
+ }
+ },
+ "name": {
+ "value": "cvmsswinmin001"
+ },
+ "osDisk": {
+ "value": {
+ "createOption": "fromImage",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ },
+ "osType": {
+ "value": "Windows"
+ },
+ "skuName": {
+ "value": "Standard_B12ms"
+ },
+ // Non-required parameters
+ "adminPassword": {
+ "value": "
+
+### Example 5: _Windows_
+
+via Bicep module
+
+```bicep
+module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-cvmsswin'
+ params: {
+ // Required parameters
+ adminUsername: 'localAdminUser'
+ imageReference: {
+ offer: 'WindowsServer'
+ publisher: 'MicrosoftWindowsServer'
+ sku: '2022-datacenter-azure-edition'
+ version: 'latest'
+ }
+ name: 'cvmsswin001'
+ osDisk: {
+ createOption: 'fromImage'
+ diskSizeGB: '128'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ }
+ }
+ osType: 'Windows'
+ skuName: 'Standard_B12ms'
+ // Non-required parameters
+ adminPassword: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "localAdminUser"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "WindowsServer",
+ "publisher": "MicrosoftWindowsServer",
+ "sku": "2022-datacenter-azure-edition",
+ "version": "latest"
+ }
+ },
+ "name": {
+ "value": "cvmsswin001"
+ },
+ "osDisk": {
+ "value": {
+ "createOption": "fromImage",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS"
+ }
+ }
+ },
+ "osType": {
+ "value": "Windows"
+ },
+ "skuName": {
+ "value": "Standard_B12ms"
+ },
+ // Non-required parameters
+ "adminPassword": {
+ "value": "
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`adminUsername`](#parameter-adminusername) | securestring | Administrator username. |
+| [`imageReference`](#parameter-imagereference) | object | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. |
+| [`name`](#parameter-name) | string | Name of the VMSS. |
+| [`nicConfigurations`](#parameter-nicconfigurations) | array | Configures NICs and PIPs. |
+| [`osDisk`](#parameter-osdisk) | object | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. |
+| [`osType`](#parameter-ostype) | string | The chosen OS type. |
+| [`skuName`](#parameter-skuname) | string | The SKU size of the VMs. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`additionalUnattendContent`](#parameter-additionalunattendcontent) | array | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. |
+| [`adminPassword`](#parameter-adminpassword) | securestring | When specifying a Windows Virtual Machine, this value should be passed. |
+| [`automaticRepairsPolicyEnabled`](#parameter-automaticrepairspolicyenabled) | bool | Specifies whether automatic repairs should be enabled on the virtual machine scale set. |
+| [`availabilityZones`](#parameter-availabilityzones) | array | The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. |
+| [`bootDiagnosticStorageAccountName`](#parameter-bootdiagnosticstorageaccountname) | string | Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided. |
+| [`bootDiagnosticStorageAccountUri`](#parameter-bootdiagnosticstorageaccounturi) | string | Storage account boot diagnostic base URI. |
+| [`customData`](#parameter-customdata) | string | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. |
+| [`dataDisks`](#parameter-datadisks) | array | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. |
+| [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. |
+| [`disableAutomaticRollback`](#parameter-disableautomaticrollback) | bool | Whether OS image rollback feature should be disabled. |
+| [`disablePasswordAuthentication`](#parameter-disablepasswordauthentication) | bool | Specifies whether password authentication should be disabled. |
+| [`doNotRunExtensionsOnOverprovisionedVMs`](#parameter-donotrunextensionsonoverprovisionedvms) | bool | When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. |
+| [`enableAutomaticOSUpgrade`](#parameter-enableautomaticosupgrade) | bool | Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true. |
+| [`enableAutomaticUpdates`](#parameter-enableautomaticupdates) | bool | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enableEvictionPolicy`](#parameter-enableevictionpolicy) | bool | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. |
+| [`encryptionAtHost`](#parameter-encryptionathost) | bool | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets. |
+| [`extensionAntiMalwareConfig`](#parameter-extensionantimalwareconfig) | object | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionAzureDiskEncryptionConfig`](#parameter-extensionazurediskencryptionconfig) | object | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. |
+| [`extensionCustomScriptConfig`](#parameter-extensioncustomscriptconfig) | object | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionDependencyAgentConfig`](#parameter-extensiondependencyagentconfig) | object | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionDomainJoinConfig`](#parameter-extensiondomainjoinconfig) | object | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionDomainJoinPassword`](#parameter-extensiondomainjoinpassword) | securestring | Required if name is specified. Password of the user specified in user parameter. |
+| [`extensionDSCConfig`](#parameter-extensiondscconfig) | object | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionMonitoringAgentConfig`](#parameter-extensionmonitoringagentconfig) | object | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionNetworkWatcherAgentConfig`](#parameter-extensionnetworkwatcheragentconfig) | object | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`gracePeriod`](#parameter-graceperiod) | string | The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M). |
+| [`licenseType`](#parameter-licensetype) | string | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | object | The lock settings of the service. |
+| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. |
+| [`maxBatchInstancePercent`](#parameter-maxbatchinstancepercent) | int | The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. |
+| [`maxPriceForLowPriorityVm`](#parameter-maxpriceforlowpriorityvm) | string | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. |
+| [`maxUnhealthyInstancePercent`](#parameter-maxunhealthyinstancepercent) | int | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. |
+| [`maxUnhealthyUpgradedInstancePercent`](#parameter-maxunhealthyupgradedinstancepercent) | int | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. |
+| [`monitoringWorkspaceId`](#parameter-monitoringworkspaceid) | string | Resource ID of the monitoring log analytics workspace. |
+| [`overprovision`](#parameter-overprovision) | bool | Specifies whether the Virtual Machine Scale Set should be overprovisioned. |
+| [`pauseTimeBetweenBatches`](#parameter-pausetimebetweenbatches) | string | The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. |
+| [`plan`](#parameter-plan) | object | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. |
+| [`provisionVMAgent`](#parameter-provisionvmagent) | bool | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
+| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | Resource ID of a proximity placement group. |
+| [`publicKeys`](#parameter-publickeys) | array | The list of SSH public keys used to authenticate with linux based VMs. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. |
+| [`sasTokenValidityLength`](#parameter-sastokenvaliditylength) | string | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. |
+| [`scaleInPolicy`](#parameter-scaleinpolicy) | object | Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in. |
+| [`scaleSetFaultDomain`](#parameter-scalesetfaultdomain) | int | Fault Domain count for each placement group. |
+| [`scheduledEventsProfile`](#parameter-scheduledeventsprofile) | object | Specifies Scheduled Event related configurations. |
+| [`secrets`](#parameter-secrets) | array | Specifies set of certificates that should be installed onto the virtual machines in the scale set. |
+| [`secureBootEnabled`](#parameter-securebootenabled) | bool | Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. |
+| [`securityType`](#parameter-securitytype) | string | Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings. |
+| [`singlePlacementGroup`](#parameter-singleplacementgroup) | bool | When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true. |
+| [`skuCapacity`](#parameter-skucapacity) | int | The initial instance count of scale set VMs. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`timeZone`](#parameter-timezone) | string | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. |
+| [`ultraSSDEnabled`](#parameter-ultrassdenabled) | bool | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. |
+| [`upgradePolicyMode`](#parameter-upgradepolicymode) | string | Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling. |
+| [`vmNamePrefix`](#parameter-vmnameprefix) | string | Specifies the computer name prefix for all of the virtual machines in the scale set. |
+| [`vmPriority`](#parameter-vmpriority) | string | Specifies the priority for the virtual machine. |
+| [`vTpmEnabled`](#parameter-vtpmenabled) | bool | Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. |
+| [`winRM`](#parameter-winrm) | array | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. |
+| [`zoneBalance`](#parameter-zonebalance) | bool | Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. |
+
+**Generated parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. |
+
+### Parameter: `adminUsername`
+
+Administrator username.
+
+- Required: Yes
+- Type: securestring
+
+### Parameter: `imageReference`
+
+OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image.
+
+- Required: Yes
+- Type: object
+
+### Parameter: `name`
+
+Name of the VMSS.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `nicConfigurations`
+
+Configures NICs and PIPs.
+
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `osDisk`
+
+Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.
+
+- Required: Yes
+- Type: object
+
+### Parameter: `osType`
+
+The chosen OS type.
+
+- Required: Yes
+- Type: string
+- Allowed:
+ ```Bicep
+ [
+ 'Linux'
+ 'Windows'
+ ]
+ ```
+
+### Parameter: `skuName`
+
+The SKU size of the VMs.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `additionalUnattendContent`
+
+Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object.
+
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `adminPassword`
+
+When specifying a Windows Virtual Machine, this value should be passed.
+
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `automaticRepairsPolicyEnabled`
+
+Specifies whether automatic repairs should be enabled on the virtual machine scale set.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `availabilityZones`
+
+The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set.
+
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `bootDiagnosticStorageAccountName`
+
+Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `bootDiagnosticStorageAccountUri`
+
+Storage account boot diagnostic base URI.
+
+- Required: No
+- Type: string
+- Default: `[format('.blob.{0}/', environment().suffixes.storage)]`
+
+### Parameter: `customData`
+
+Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `dataDisks`
+
+Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.
+
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `diagnosticSettings`
+
+The diagnostic settings of the service.
+
+- Required: No
+- Type: array
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. |
+| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. |
+| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. |
+| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+
+### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.eventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.logAnalyticsDestinationType`
+
+A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.
+
+- Required: No
+- Type: string
+- Allowed:
+ ```Bicep
+ [
+ 'AzureDiagnostics'
+ 'Dedicated'
+ ]
+ ```
+
+### Parameter: `diagnosticSettings.marketplacePartnerResourceId`
+
+The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.metricCategories`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+
+- Required: No
+- Type: array
+
+### Parameter: `diagnosticSettings.name`
+
+The name of diagnostic setting.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.storageAccountResourceId`
+
+Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.workspaceResourceId`
+
+Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+
+- Required: No
+- Type: string
+
+### Parameter: `disableAutomaticRollback`
+
+Whether OS image rollback feature should be disabled.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `disablePasswordAuthentication`
+
+Specifies whether password authentication should be disabled.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `doNotRunExtensionsOnOverprovisionedVMs`
+
+When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableAutomaticOSUpgrade`
+
+Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableAutomaticUpdates`
+
+Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning.
+
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableEvictionPolicy`
+
+Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `encryptionAtHost`
+
+This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets.
+
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `extensionAntiMalwareConfig`
+
+The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ }
+ ```
+
+### Parameter: `extensionAzureDiskEncryptionConfig`
+
+The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ }
+ ```
+
+### Parameter: `extensionCustomScriptConfig`
+
+The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ fileData: []
+ }
+ ```
+
+### Parameter: `extensionDependencyAgentConfig`
+
+The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ }
+ ```
+
+### Parameter: `extensionDomainJoinConfig`
+
+The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ }
+ ```
+
+### Parameter: `extensionDomainJoinPassword`
+
+Required if name is specified. Password of the user specified in user parameter.
+
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `extensionDSCConfig`
+
+The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ }
+ ```
+
+### Parameter: `extensionMonitoringAgentConfig`
+
+The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ }
+ ```
+
+### Parameter: `extensionNetworkWatcherAgentConfig`
+
+The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ }
+ ```
+
+### Parameter: `gracePeriod`
+
+The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M).
+
+- Required: No
+- Type: string
+- Default: `'PT30M'`
+
+### Parameter: `licenseType`
+
+Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system.
+
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed:
+ ```Bicep
+ [
+ ''
+ 'Windows_Client'
+ 'Windows_Server'
+ ]
+ ```
+
+### Parameter: `location`
+
+Location for all resources.
+
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+The lock settings of the service.
+
+- Required: No
+- Type: object
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`kind`](#parameter-lockkind) | string | Specify the type of lock. |
+| [`name`](#parameter-lockname) | string | Specify the name of lock. |
+
+### Parameter: `lock.kind`
+
+Specify the type of lock.
+
+- Required: No
+- Type: string
+- Allowed:
+ ```Bicep
+ [
+ 'CanNotDelete'
+ 'None'
+ 'ReadOnly'
+ ]
+ ```
+
+### Parameter: `lock.name`
+
+Specify the name of lock.
+
+- Required: No
+- Type: string
+
+### Parameter: `managedIdentities`
+
+The managed identity definition for this resource.
+
+- Required: No
+- Type: object
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. |
+| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. |
+
+### Parameter: `managedIdentities.systemAssigned`
+
+Enables system assigned managed identity on the resource.
+
+- Required: No
+- Type: bool
+
+### Parameter: `managedIdentities.userAssignedResourceIds`
+
+The resource ID(s) to assign to the resource.
+
+- Required: No
+- Type: array
+
+### Parameter: `maxBatchInstancePercent`
+
+The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability.
+
+- Required: No
+- Type: int
+- Default: `20`
+
+### Parameter: `maxPriceForLowPriorityVm`
+
+Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `maxUnhealthyInstancePercent`
+
+The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch.
+
+- Required: No
+- Type: int
+- Default: `20`
+
+### Parameter: `maxUnhealthyUpgradedInstancePercent`
+
+The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch.
+
+- Required: No
+- Type: int
+- Default: `20`
+
+### Parameter: `monitoringWorkspaceId`
+
+Resource ID of the monitoring log analytics workspace.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `overprovision`
+
+Specifies whether the Virtual Machine Scale Set should be overprovisioned.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `pauseTimeBetweenBatches`
+
+The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format.
+
+- Required: No
+- Type: string
+- Default: `'PT0S'`
+
+### Parameter: `plan`
+
+Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use.
+
+- Required: No
+- Type: object
+- Default: `{}`
+
+### Parameter: `provisionVMAgent`
+
+Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.
+
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `proximityPlacementGroupResourceId`
+
+Resource ID of a proximity placement group.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `publicKeys`
+
+The list of SSH public keys used to authenticate with linux based VMs.
+
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignments to create.
+
+- Required: No
+- Type: array
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. |
+| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
+| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. |
+| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. |
+| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. |
+| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. |
+
+### Parameter: `roleAssignments.principalId`
+
+The principal ID of the principal (user/group/identity) to assign the role to.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments.roleDefinitionIdOrName`
+
+The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments.condition`
+
+The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.conditionVersion`
+
+Version of the condition.
+
+- Required: No
+- Type: string
+- Allowed:
+ ```Bicep
+ [
+ '2.0'
+ ]
+ ```
+
+### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
+
+The Resource Id of the delegated managed identity resource.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.description`
+
+The description of the role assignment.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.principalType`
+
+The principal type of the assigned principal ID.
+
+- Required: No
+- Type: string
+- Allowed:
+ ```Bicep
+ [
+ 'Device'
+ 'ForeignGroup'
+ 'Group'
+ 'ServicePrincipal'
+ 'User'
+ ]
+ ```
+
+### Parameter: `sasTokenValidityLength`
+
+SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours.
+
+- Required: No
+- Type: string
+- Default: `'PT8H'`
+
+### Parameter: `scaleInPolicy`
+
+Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ rules: [
+ 'Default'
+ ]
+ }
+ ```
+
+### Parameter: `scaleSetFaultDomain`
+
+Fault Domain count for each placement group.
+
+- Required: No
+- Type: int
+- Default: `2`
+
+### Parameter: `scheduledEventsProfile`
+
+Specifies Scheduled Event related configurations.
+
+- Required: No
+- Type: object
+- Default: `{}`
+
+### Parameter: `secrets`
+
+Specifies set of certificates that should be installed onto the virtual machines in the scale set.
+
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `secureBootEnabled`
+
+Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `securityType`
+
+Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `singlePlacementGroup`
+
+When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true.
+
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `skuCapacity`
+
+The initial instance count of scale set VMs.
+
+- Required: No
+- Type: int
+- Default: `1`
+
+### Parameter: `tags`
+
+Tags of the resource.
+
+- Required: No
+- Type: object
+
+### Parameter: `timeZone`
+
+Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `ultraSSDEnabled`
+
+The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `upgradePolicyMode`
+
+Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling.
+
+- Required: No
+- Type: string
+- Default: `'Manual'`
+- Allowed:
+ ```Bicep
+ [
+ 'Automatic'
+ 'Manual'
+ 'Rolling'
+ ]
+ ```
+
+### Parameter: `vmNamePrefix`
+
+Specifies the computer name prefix for all of the virtual machines in the scale set.
+
+- Required: No
+- Type: string
+- Default: `'vmssvm'`
+
+### Parameter: `vmPriority`
+
+Specifies the priority for the virtual machine.
+
+- Required: No
+- Type: string
+- Default: `'Regular'`
+- Allowed:
+ ```Bicep
+ [
+ 'Low'
+ 'Regular'
+ 'Spot'
+ ]
+ ```
+
+### Parameter: `vTpmEnabled`
+
+Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `winRM`
+
+Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object.
+
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `zoneBalance`
+
+Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `baseTime`
+
+Do not provide a value! This date value is used to generate a registration token.
+
+- Required: No
+- Type: string
+- Default: `[utcNow('u')]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the virtual machine scale set. |
+| `resourceGroupName` | string | The resource group of the virtual machine scale set. |
+| `resourceId` | string | The resource ID of the virtual machine scale set. |
+| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Cross-referenced modules
+
+_None_
+
+## Notes
+
+### Parameter Usage: `imageReference`
+
+#### Marketplace images
+
+Parameter JSON format
+
+```json
+"imageReference": {
+ "value": {
+ "publisher": "MicrosoftWindowsServer",
+ "offer": "WindowsServer",
+ "sku": "2022-datacenter-azure-edition",
+ "version": "latest"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+imageReference: {
+ publisher: 'MicrosoftWindowsServer'
+ offer: 'WindowsServer'
+ sku: '2022-datacenter-azure-edition'
+ version: 'latest'
+}
+```
+
+Parameter JSON format
+
+```json
+"imageReference": {
+ "value": {
+ "id": "/subscriptions/12345-6789-1011-1213-15161718/resourceGroups/rg-name/providers/Microsoft.Compute/images/imagename"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+imageReference: {
+ id: '/subscriptions/12345-6789-1011-1213-15161718/resourceGroups/rg-name/providers/Microsoft.Compute/images/imagename'
+}
+```
+
+
+
+### Parameter Usage: `plan`
+
+Parameter JSON format
+
+```json
+"plan": {
+ "value": {
+ "name": "qvsa-25",
+ "product": "qualys-virtual-scanner",
+ "publisher": "qualysguard"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+plan: {
+ name: 'qvsa-25'
+ product: 'qualys-virtual-scanner'
+ publisher: 'qualysguard'
+}
+```
+
+
+
+### Parameter Usage: `osDisk`
+
+Parameter JSON format
+
+```json
+"osDisk": {
+ "value": {
+ "createOption": "fromImage",
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS",
+ "diskEncryptionSet": { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.
+ "id": "/subscriptions/Bicep format
+
+```bicep
+osDisk: {
+ createOption: 'fromImage'
+ diskSizeGB: '128'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ diskEncryptionSet: { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.
+ id: '/subscriptions/
+
+### Parameter Usage: `dataDisks`
+
+Parameter JSON format
+
+```json
+"dataDisks": {
+ "value": [
+ {
+ "caching": "ReadOnly",
+ "createOption": "Empty",
+ "diskSizeGB": "256",
+ "writeAcceleratorEnabled": true,
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS",
+ "diskEncryptionSet": { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.
+ "id": "/subscriptions/Bicep format
+
+```bicep
+dataDisks: [
+ {
+ caching: 'ReadOnly'
+ createOption: 'Empty'
+ diskSizeGB: '256'
+ writeAcceleratorEnabled: true
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ diskEncryptionSet: { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.
+ id: '/subscriptions/
+
+### Parameter Usage: `nicConfigurations`
+
+Comments:
+- The field `nicSuffix` is mandatory.
+- If not disabled, `enableAcceleratedNetworking` is considered `true` by default and requires the VMSS to be deployed with a supported OS and VM size.
+
+Parameter JSON format
+
+```json
+"nicConfigurations": {
+ "value": [
+ {
+ "nicSuffix": "-nic01",
+ "ipConfigurations": [
+ {
+ "name": "ipconfig1",
+ "properties": {
+ "subnet": {
+ "id": "/subscriptions/[[subscriptionId]]/resourceGroups/agents-vmss-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-scaleset/subnets/sxx-az-subnet-scaleset-linux"
+ }
+ }
+ }
+ ]
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+nicConfigurations: [
+ {
+ nicSuffix: '-nic01'
+ ipConfigurations: [
+ {
+ name: 'ipconfig1'
+ properties: {
+ subnet: {
+ id: '/subscriptions/[[subscriptionId]]/resourceGroups/agents-vmss-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-scaleset/subnets/sxx-az-subnet-scaleset-linux'
+ }
+ }
+ }
+ ]
+ }
+]
+```
+
+
+
+### Parameter Usage: `extensionDomainJoinConfig`
+
+Parameter JSON format
+
+```json
+"extensionDomainJoinConfig": {
+ "value": {
+ "enabled": true,
+ "settings": {
+ "name": "contoso.com",
+ "user": "test.user@testcompany.com",
+ "ouPath": "OU=testOU; DC=contoso; DC=com",
+ "restart": true,
+ "options": 3
+ }
+ }
+},
+"extensionDomainJoinPassword": {
+ "reference": {
+ "keyVault": {
+ "id": "/subscriptions/<Bicep format
+
+```bicep
+extensionDomainJoinConfig: {
+ enabled: true
+ settings: {
+ name: 'contoso.com'
+ user: 'test.user@testcompany.com'
+ ouPath: 'OU=testOU; DC=contoso; DC=com'
+ restart: true
+ options: 3
+ }
+}
+
+resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
+ name: 'adp-[[namePrefix]]-az-kv-x-001'
+ scope: resourceGroup('[[subscriptionId]]','validation-rg')
+}
+
+extensionDomainJoinPassword: kv1.getSecret('domainJoinUser02-Password')
+```
+
+
+
+### Parameter Usage: `extensionNetworkWatcherAgentConfig`
+
+Parameter JSON format
+
+```json
+"extensionNetworkWatcherAgentConfig": {
+ "value": {
+ "enabled": true
+ }
+}
+```
+
+Bicep format
+
+```bicep
+extensionNetworkWatcherAgentConfig: {
+ enabled: true
+}
+```
+
+
+
+### Parameter Usage: `extensionAntiMalwareConfig`
+
+Only for OSType Windows
+
+Parameter JSON format
+
+```json
+"extensionAntiMalwareConfig": {
+ "value": {
+ "enabled": true,
+ "settings": {
+ "AntimalwareEnabled": true,
+ "Exclusions": {
+ "Extensions": ".log;.ldf",
+ "Paths": "D:\\IISlogs;D:\\DatabaseLogs",
+ "Processes": "mssence.svc"
+ },
+ "RealtimeProtectionEnabled": true,
+ "ScheduledScanSettings": {
+ "isEnabled": "true",
+ "scanType": "Quick",
+ "day": "7",
+ "time": "120"
+ }
+ }
+ }
+}
+```
+
+Bicep format
+
+```bicep
+extensionAntiMalwareConfig: {
+ enabled: true
+ settings: {
+ AntimalwareEnabled: true
+ Exclusions: {
+ Extensions: '.log;.ldf'
+ Paths: 'D:\\IISlogs;D:\\DatabaseLogs'
+ Processes: 'mssence.svc'
+ }
+ RealtimeProtectionEnabled: true
+ ScheduledScanSettings: {
+ isEnabled: 'true'
+ scanType: 'Quick'
+ day: '7'
+ time: '120'
+ }
+ }
+}
+```
+
+
+
+### Parameter Usage: `extensionAzureDiskEncryptionConfig`
+
+Parameter JSON format
+
+```json
+"extensionAzureDiskEncryptionConfig": {
+ // Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.
+ "value": {
+ "enabled": true,
+ "settings": {
+ "EncryptionOperation": "EnableEncryption",
+ "KeyVaultURL": "https://mykeyvault.vault.azure.net/",
+ "KeyVaultResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001",
+ "KeyEncryptionKeyURL": "https://mykeyvault.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5", // ID must be updated for new keys
+ "KekVaultResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001",
+ "KeyEncryptionAlgorithm": "RSA-OAEP", //'RSA-OAEP'/'RSA-OAEP-256'/'RSA1_5'
+ "VolumeType": "All", //'OS'/'Data'/'All'
+ "ResizeOSDisk": "false"
+ }
+ }
+}
+```
+
+Bicep format
+
+```bicep
+extensionAzureDiskEncryptionConfig: {
+ // Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.
+ enabled: true
+ settings: {
+ EncryptionOperation: 'EnableEncryption'
+ KeyVaultURL: 'https://mykeyvault.vault.azure.net/'
+ KeyVaultResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001'
+ KeyEncryptionKeyURL: 'https://mykeyvault.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5' // ID must be updated for new keys
+ KekVaultResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001'
+ KeyEncryptionAlgorithm: 'RSA-OAEP' //'RSA-OAEP'/'RSA-OAEP-256'/'RSA1_5'
+ VolumeType: 'All' //'OS'/'Data'/'All'
+ ResizeOSDisk: 'false'
+ }
+}
+```
+
+
+
+### Parameter Usage: `extensionCustomScriptConfig`
+
+Parameter JSON format
+
+```json
+"extensionCustomScriptConfig": {
+ "value": {
+ "enabled": true,
+ "fileData": [
+ //storage accounts with SAS token requirement
+ {
+ "uri": "https://mystorageaccount.blob.core.windows.net/avdscripts/File1.ps1",
+ "storageAccountId": "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName"
+ },
+ {
+ "uri": "https://mystorageaccount.blob.core.windows.net/avdscripts/File2.ps1",
+ "storageAccountId": "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName"
+ },
+ //storage account with public container (no SAS token is required) OR other public URL (not a storage account)
+ {
+ "uri": "https://github.com/myProject/File3.ps1",
+ "storageAccountId": ""
+ }
+ ],
+ "settings": {
+ "commandToExecute": "powershell -ExecutionPolicy Unrestricted -File testscript.ps1"
+ }
+ }
+}
+```
+
+Bicep format
+
+```bicep
+extensionCustomScriptConfig: {
+ enabled: true
+ fileData: [
+ //storage accounts with SAS token requirement
+ {
+ uri: 'https://mystorageaccount.blob.core.windows.net/avdscripts/File1.ps1'
+ storageAccountId: '/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName'
+ }
+ {
+ uri: 'https://mystorageaccount.blob.core.windows.net/avdscripts/File2.ps1'
+ storageAccountId: '/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName'
+ }
+ //storage account with public container (no SAS token is required) OR other public URL (not a storage account)
+ {
+ uri: 'https://github.com/myProject/File3.ps1'
+ storageAccountId: ''
+ }
+ ]
+ settings: {
+ commandToExecute: 'powershell -ExecutionPolicy Unrestricted -File testscript.ps1'
+ }
+}
+```
+
+
+
+### Parameter Usage: `extensionDSCConfig`
+
+Parameter JSON format
+
+```json
+"extensionDSCConfig": {
+ "value": {
+ "enabled": true,
+ "settings": {
+ "wmfVersion": "latest",
+ "configuration": {
+ "url": "http://validURLToConfigLocation",
+ "script": "ConfigurationScript.ps1",
+ "function": "ConfigurationFunction"
+ },
+ "configurationArguments": {
+ "argument1": "Value1",
+ "argument2": "Value2"
+ },
+ "configurationData": {
+ "url": "https://foo.psd1"
+ },
+ "privacy": {
+ "dataCollection": "enable"
+ },
+ "advancedOptions": {
+ "forcePullAndApply": false,
+ "downloadMappings": {
+ "specificDependencyKey": "https://myCustomDependencyLocation"
+ }
+ }
+ },
+ "protectedSettings": {
+ "configurationArguments": {
+ "mySecret": "MyPlaceholder"
+ },
+ "configurationUrlSasToken": "MyPlaceholder",
+ "configurationDataUrlSasToken": "MyPlaceholder"
+ }
+ }
+}
+```
+
+Bicep format
+
+```bicep
+extensionDSCConfig: {
+ enabled: true
+ settings: {
+ wmfVersion: 'latest'
+ configuration: {
+ url: 'http://validURLToConfigLocation'
+ script: 'ConfigurationScript.ps1'
+ function: 'ConfigurationFunction'
+ }
+ configurationArguments: {
+ argument1: 'Value1'
+ argument2: 'Value2'
+ }
+ configurationData: {
+ url: 'https://foo.psd1'
+ }
+ privacy: {
+ dataCollection: 'enable'
+ }
+ advancedOptions: {
+ forcePullAndApply: false
+ downloadMappings: {
+ specificDependencyKey: 'https://myCustomDependencyLocation'
+ }
+ }
+ }
+ protectedSettings: {
+ configurationArguments: {
+ mySecret: 'MyPlaceholder'
+ }
+ configurationUrlSasToken: 'MyPlaceholder'
+ configurationDataUrlSasToken: 'MyPlaceholder'
+ }
+}
+```
+
+
diff --git a/modules/compute/virtual-machine-scale-set/main.bicep b/modules/compute/virtual-machine-scale-set/main.bicep
index 0f845b192c..ca2ed9b062 100644
--- a/modules/compute/virtual-machine-scale-set/main.bicep
+++ b/modules/compute/virtual-machine-scale-set/main.bicep
@@ -1,726 +1,726 @@
-metadata name = 'Virtual Machine Scale Sets'
-metadata description = 'This module deploys a Virtual Machine Scale Set.'
-metadata owner = 'Azure/module-maintainers'
-
-@description('Required. Name of the VMSS.')
-param name string
-
-@description('Optional. Location for all resources.')
-param location string = resourceGroup().location
-
-@description('Optional. This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets.')
-param encryptionAtHost bool = true
-
-@description('Optional. Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings.')
-param securityType string = ''
-
-@description('Optional. Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.')
-param secureBootEnabled bool = false
-
-@description('Optional. Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.')
-param vTpmEnabled bool = false
-
-@description('Required. OS image reference. In case of marketplace images, it\'s the combination of the publisher, offer, sku, version attributes. In case of custom images it\'s the resource ID of the custom image.')
-param imageReference object
-
-@description('Optional. Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use.')
-param plan object = {}
-
-@description('Required. Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.')
-param osDisk object
-
-@description('Optional. Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.')
-param dataDisks array = []
-
-@description('Optional. The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled.')
-param ultraSSDEnabled bool = false
-
-@description('Required. Administrator username.')
-@secure()
-param adminUsername string
-
-@description('Optional. When specifying a Windows Virtual Machine, this value should be passed.')
-@secure()
-param adminPassword string = ''
-
-@description('Optional. Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format.')
-param customData string = ''
-
-@description('Optional. Array of role assignments to create.')
-param roleAssignments roleAssignmentType
-
-@description('Optional. Fault Domain count for each placement group.')
-param scaleSetFaultDomain int = 2
-
-@description('Optional. Resource ID of a proximity placement group.')
-param proximityPlacementGroupResourceId string = ''
-
-@description('Required. Configures NICs and PIPs.')
-param nicConfigurations array = []
-
-@description('Optional. Specifies the priority for the virtual machine.')
-@allowed([
- 'Regular'
- 'Low'
- 'Spot'
-])
-param vmPriority string = 'Regular'
-
-@description('Optional. Specifies the eviction policy for the low priority virtual machine. Will result in \'Deallocate\' eviction policy.')
-param enableEvictionPolicy bool = false
-
-@description('Optional. Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars.')
-param maxPriceForLowPriorityVm string = ''
-
-@description('Optional. Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system.')
-@allowed([
- 'Windows_Client'
- 'Windows_Server'
- ''
-])
-param licenseType string = ''
-
-@description('Optional. Required if name is specified. Password of the user specified in user parameter.')
-@secure()
-param extensionDomainJoinPassword string = ''
-
-@description('Optional. The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed.')
-param extensionDomainJoinConfig object = {
- enabled: false
-}
-
-@description('Optional. The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed.')
-param extensionAntiMalwareConfig object = {
- enabled: false
-}
-
-@description('Optional. The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed.')
-param extensionMonitoringAgentConfig object = {
- enabled: false
-}
-
-@description('Optional. Resource ID of the monitoring log analytics workspace.')
-param monitoringWorkspaceId string = ''
-
-@description('Optional. The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed.')
-param extensionDependencyAgentConfig object = {
- enabled: false
-}
-
-@description('Optional. The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed.')
-param extensionNetworkWatcherAgentConfig object = {
- enabled: false
-}
-
-@description('Optional. The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.')
-param extensionAzureDiskEncryptionConfig object = {
- enabled: false
-}
-
-@description('Optional. The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed.')
-param extensionDSCConfig object = {
- enabled: false
-}
-
-@description('Optional. The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed.')
-param extensionCustomScriptConfig object = {
- enabled: false
- fileData: []
-}
-
-@description('Optional. Storage account boot diagnostic base URI.')
-param bootDiagnosticStorageAccountUri string = '.blob.${environment().suffixes.storage}/'
-
-@description('Optional. Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided.')
-param bootDiagnosticStorageAccountName string = ''
-
-@description('Optional. The diagnostic settings of the service.')
-param diagnosticSettings diagnosticSettingType
-
-@description('Optional. The lock settings of the service.')
-param lock lockType
-
-@description('Optional. Specifies the mode of an upgrade to virtual machines in the scale set.\' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling.')
-@allowed([
- 'Manual'
- 'Automatic'
- 'Rolling'
-])
-param upgradePolicyMode string = 'Manual'
-
-@description('Optional. The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability.')
-param maxBatchInstancePercent int = 20
-
-@description('Optional. The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch.')
-param maxUnhealthyInstancePercent int = 20
-
-@description('Optional. The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch.')
-param maxUnhealthyUpgradedInstancePercent int = 20
-
-@description('Optional. The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format.')
-param pauseTimeBetweenBatches string = 'PT0S'
-
-@description('Optional. Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true.')
-param enableAutomaticOSUpgrade bool = false
-
-@description('Optional. Whether OS image rollback feature should be disabled.')
-param disableAutomaticRollback bool = false
-
-@description('Optional. Specifies whether automatic repairs should be enabled on the virtual machine scale set.')
-param automaticRepairsPolicyEnabled bool = false
-
-@description('Optional. The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M).')
-param gracePeriod string = 'PT30M'
-
-@description('Optional. Specifies the computer name prefix for all of the virtual machines in the scale set.')
-@minLength(1)
-@maxLength(15)
-param vmNamePrefix string = 'vmssvm'
-
-@description('Optional. Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.')
-param provisionVMAgent bool = true
-
-@description('Optional. Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning.')
-param enableAutomaticUpdates bool = true
-
-@description('Optional. Specifies the time zone of the virtual machine. e.g. \'Pacific Standard Time\'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`.')
-param timeZone string = ''
-
-@description('Optional. Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object.')
-param additionalUnattendContent array = []
-
-@description('Optional. Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object.')
-param winRM object = {}
-
-@description('Optional. Specifies whether password authentication should be disabled.')
-#disable-next-line secure-secrets-in-params // Not a secret
-param disablePasswordAuthentication bool = false
-
-@description('Optional. The list of SSH public keys used to authenticate with linux based VMs.')
-param publicKeys array = []
-
-@description('Optional. Specifies set of certificates that should be installed onto the virtual machines in the scale set.')
-#disable-next-line secure-secrets-in-params // Not a secret
-param secrets array = []
-
-@description('Optional. Specifies Scheduled Event related configurations.')
-param scheduledEventsProfile object = {}
-
-@description('Optional. Specifies whether the Virtual Machine Scale Set should be overprovisioned.')
-param overprovision bool = false
-
-@description('Optional. When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs.')
-param doNotRunExtensionsOnOverprovisionedVMs bool = false
-
-@description('Optional. Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage.')
-param zoneBalance bool = false
-
-@description('Optional. When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true.')
-param singlePlacementGroup bool = true
-
-@description('Optional. Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in.')
-param scaleInPolicy object = {
- rules: [
- 'Default'
- ]
-}
-
-@description('Required. The SKU size of the VMs.')
-param skuName string
-
-@description('Optional. The initial instance count of scale set VMs.')
-param skuCapacity int = 1
-
-@description('Optional. The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set.')
-param availabilityZones array = []
-
-@description('Optional. Tags of the resource.')
-param tags object?
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Required. The chosen OS type.')
-@allowed([
- 'Windows'
- 'Linux'
-])
-param osType string
-
-@description('Generated. Do not provide a value! This date value is used to generate a registration token.')
-param baseTime string = utcNow('u')
-
-@description('Optional. SAS token validity length to use to download files from storage accounts. Usage: \'PT8H\' - valid for 8 hours; \'P5D\' - valid for 5 days; \'P1Y\' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours.')
-param sasTokenValidityLength string = 'PT8H'
-
-@description('Optional. The managed identity definition for this resource.')
-param managedIdentities managedIdentitiesType
-
-var publicKeysFormatted = [for publicKey in publicKeys: {
- path: publicKey.path
- keyData: publicKey.keyData
-}]
-
-var linuxConfiguration = {
- disablePasswordAuthentication: disablePasswordAuthentication
- ssh: {
- publicKeys: publicKeysFormatted
- }
- provisionVMAgent: provisionVMAgent
-}
-
-var windowsConfiguration = {
- provisionVMAgent: provisionVMAgent
- enableAutomaticUpdates: enableAutomaticUpdates
- timeZone: empty(timeZone) ? null : timeZone
- additionalUnattendContent: empty(additionalUnattendContent) ? null : additionalUnattendContent
- winRM: !empty(winRM) ? {
- listeners: winRM
- } : null
-}
-
-var accountSasProperties = {
- signedServices: 'b'
- signedPermission: 'r'
- signedExpiry: dateTimeAdd(baseTime, sasTokenValidityLength)
- signedResourceTypes: 'o'
- signedProtocol: 'https'
-}
-
-var formattedUserAssignedIdentities = reduce(map((managedIdentities.?userAssignedResourceIds ?? []), (id) => { '${id}': {} }), {}, (cur, next) => union(cur, next)) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} }
-
-var identity = !empty(managedIdentities) ? {
- type: (managedIdentities.?systemAssigned ?? false) ? (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'UserAssigned' : null)
- userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null
-} : null
-
-var enableReferencedModulesTelemetry = false
-
-var builtInRoleNames = {
- Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
- 'Data Operator for Managed Disks': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '959f8984-c045-4866-89c7-12bf9737be2e')
- 'Desktop Virtualization Power On Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '489581de-a3bd-480d-9518-53dea7416b33')
- 'Desktop Virtualization Power On Off Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '40c5ff49-9181-41f8-ae61-143b0e78555e')
- 'Desktop Virtualization Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')
- 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')
- 'Disk Backup Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3e5e47e6-65f7-47ef-90b5-e5dd4d455f24')
- 'Disk Pool Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '60fc6e62-5479-42d4-8bf4-67625fcc2840')
- 'Disk Restore Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b50d9833-a0cb-478e-945f-707fcc997c13')
- 'Disk Snapshot Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce')
- Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
- Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
- 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')
- 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
- 'Virtual Machine Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')
- 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')
- 'Virtual Machine User Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')
- 'VM Scanner Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd24ecba3-c1f4-40fa-a7bb-4588a071e8fd')
-}
-
-resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
- name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
- properties: {
- mode: 'Incremental'
- template: {
- '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
- contentVersion: '1.0.0.0'
- resources: []
- }
- }
-}
-
-resource vmss 'Microsoft.Compute/virtualMachineScaleSets@2022-11-01' = {
- name: name
- location: location
- tags: tags
- identity: identity
- zones: availabilityZones
- properties: {
- proximityPlacementGroup: !empty(proximityPlacementGroupResourceId) ? {
- id: proximityPlacementGroupResourceId
- } : null
- upgradePolicy: {
- mode: upgradePolicyMode
- rollingUpgradePolicy: {
- maxBatchInstancePercent: maxBatchInstancePercent
- maxUnhealthyInstancePercent: maxUnhealthyInstancePercent
- maxUnhealthyUpgradedInstancePercent: maxUnhealthyUpgradedInstancePercent
- pauseTimeBetweenBatches: pauseTimeBetweenBatches
- }
- automaticOSUpgradePolicy: {
- enableAutomaticOSUpgrade: enableAutomaticOSUpgrade
- disableAutomaticRollback: disableAutomaticRollback
- }
- }
- automaticRepairsPolicy: {
- enabled: automaticRepairsPolicyEnabled
- gracePeriod: gracePeriod
- }
- virtualMachineProfile: {
- osProfile: {
- computerNamePrefix: vmNamePrefix
- adminUsername: adminUsername
- adminPassword: !empty(adminPassword) ? adminPassword : null
- customData: !empty(customData) ? base64(customData) : null
- windowsConfiguration: osType == 'Windows' ? windowsConfiguration : null
- linuxConfiguration: osType == 'Linux' ? linuxConfiguration : null
- secrets: secrets
- }
- securityProfile: {
- encryptionAtHost: encryptionAtHost ? encryptionAtHost : null
- securityType: securityType
- uefiSettings: securityType == 'TrustedLaunch' ? {
- secureBootEnabled: secureBootEnabled
- vTpmEnabled: vTpmEnabled
- } : null
- }
- storageProfile: {
- imageReference: imageReference
- osDisk: {
- createOption: osDisk.createOption
- diskSizeGB: osDisk.diskSizeGB
- caching: contains(osDisk, 'caching') ? osDisk.caching : null
- writeAcceleratorEnabled: contains(osDisk, 'writeAcceleratorEnabled') ? osDisk.writeAcceleratorEnabled : null
- diffDiskSettings: contains(osDisk, 'diffDiskSettings') ? osDisk.diffDiskSettings : null
- osType: contains(osDisk, 'osType') ? osDisk.osType : null
- image: contains(osDisk, 'image') ? osDisk.image : null
- vhdContainers: contains(osDisk, 'vhdContainers') ? osDisk.vhdContainers : null
- managedDisk: {
- storageAccountType: osDisk.managedDisk.storageAccountType
- diskEncryptionSet: contains(osDisk.managedDisk, 'diskEncryptionSet') ? {
- id: osDisk.managedDisk.diskEncryptionSet.id
- } : null
- }
- }
- dataDisks: [for (dataDisk, index) in dataDisks: {
- lun: index
- diskSizeGB: dataDisk.diskSizeGB
- createOption: dataDisk.createOption
- caching: dataDisk.caching
- writeAcceleratorEnabled: contains(osDisk, 'writeAcceleratorEnabled') ? osDisk.writeAcceleratorEnabled : null
- managedDisk: {
- storageAccountType: dataDisk.managedDisk.storageAccountType
- diskEncryptionSet: contains(dataDisk.managedDisk, 'diskEncryptionSet') ? {
- id: dataDisk.managedDisk.diskEncryptionSet.id
- } : null
- }
- diskIOPSReadWrite: contains(osDisk, 'diskIOPSReadWrite') ? dataDisk.diskIOPSReadWrite : null
- diskMBpsReadWrite: contains(osDisk, 'diskMBpsReadWrite') ? dataDisk.diskMBpsReadWrite : null
- }]
- }
- networkProfile: {
- networkInterfaceConfigurations: [for (nicConfiguration, index) in nicConfigurations: {
- name: '${name}${nicConfiguration.nicSuffix}configuration-${index}'
- properties: {
- primary: (index == 0) ? true : any(null)
- enableAcceleratedNetworking: contains(nicConfiguration, 'enableAcceleratedNetworking') ? nicConfiguration.enableAcceleratedNetworking : true
- networkSecurityGroup: contains(nicConfiguration, 'nsgId') ? {
- id: nicConfiguration.nsgId
- } : null
- ipConfigurations: nicConfiguration.ipConfigurations
- }
- }]
- }
- diagnosticsProfile: {
- bootDiagnostics: {
- enabled: !empty(bootDiagnosticStorageAccountName)
- storageUri: !empty(bootDiagnosticStorageAccountName) ? 'https://${bootDiagnosticStorageAccountName}${bootDiagnosticStorageAccountUri}' : null
- }
- }
- licenseType: empty(licenseType) ? null : licenseType
- priority: vmPriority
- evictionPolicy: enableEvictionPolicy ? 'Deallocate' : null
- billingProfile: !empty(vmPriority) && !empty(maxPriceForLowPriorityVm) ? {
- maxPrice: maxPriceForLowPriorityVm
- } : null
- scheduledEventsProfile: scheduledEventsProfile
- }
- overprovision: overprovision
- doNotRunExtensionsOnOverprovisionedVMs: doNotRunExtensionsOnOverprovisionedVMs
- zoneBalance: zoneBalance == 'true' ? zoneBalance : null
- platformFaultDomainCount: scaleSetFaultDomain
- singlePlacementGroup: singlePlacementGroup
- additionalCapabilities: {
- ultraSSDEnabled: ultraSSDEnabled
- }
- scaleInPolicy: scaleInPolicy
- }
- sku: {
- name: skuName
- capacity: skuCapacity
- }
- plan: !empty(plan) ? plan : null
-}
-
-module vmss_domainJoinExtension 'extension/main.bicep' = if (extensionDomainJoinConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VMSS-DomainJoin'
- params: {
- virtualMachineScaleSetName: vmss.name
- name: 'DomainJoin'
- publisher: 'Microsoft.Compute'
- type: 'JsonADDomainExtension'
- typeHandlerVersion: contains(extensionDomainJoinConfig, 'typeHandlerVersion') ? extensionDomainJoinConfig.typeHandlerVersion : '1.3'
- autoUpgradeMinorVersion: contains(extensionDomainJoinConfig, 'autoUpgradeMinorVersion') ? extensionDomainJoinConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionDomainJoinConfig, 'enableAutomaticUpgrade') ? extensionDomainJoinConfig.enableAutomaticUpgrade : false
- settings: extensionDomainJoinConfig.settings
- protectedSettings: {
- Password: extensionDomainJoinPassword
- }
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}
-
-module vmss_microsoftAntiMalwareExtension 'extension/main.bicep' = if (extensionAntiMalwareConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VMSS-MicrosoftAntiMalware'
- params: {
- virtualMachineScaleSetName: vmss.name
- name: 'MicrosoftAntiMalware'
- publisher: 'Microsoft.Azure.Security'
- type: 'IaaSAntimalware'
- typeHandlerVersion: contains(extensionAntiMalwareConfig, 'typeHandlerVersion') ? extensionAntiMalwareConfig.typeHandlerVersion : '1.3'
- autoUpgradeMinorVersion: contains(extensionAntiMalwareConfig, 'autoUpgradeMinorVersion') ? extensionAntiMalwareConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionAntiMalwareConfig, 'enableAutomaticUpgrade') ? extensionAntiMalwareConfig.enableAutomaticUpgrade : false
- settings: extensionAntiMalwareConfig.settings
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}
-
-resource vmss_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(monitoringWorkspaceId)) {
- name: last(split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : 'law'), '/'))!
- scope: az.resourceGroup(split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '//'), '/')[2], split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '////'), '/')[4])
-}
-
-module vmss_microsoftMonitoringAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VMSS-MicrosoftMonitoringAgent'
- params: {
- virtualMachineScaleSetName: vmss.name
- name: 'MicrosoftMonitoringAgent'
- publisher: 'Microsoft.EnterpriseCloud.Monitoring'
- type: osType == 'Windows' ? 'MicrosoftMonitoringAgent' : 'OmsAgentForLinux'
- typeHandlerVersion: contains(extensionMonitoringAgentConfig, 'typeHandlerVersion') ? extensionMonitoringAgentConfig.typeHandlerVersion : (osType == 'Windows' ? '1.0' : '1.7')
- autoUpgradeMinorVersion: contains(extensionMonitoringAgentConfig, 'autoUpgradeMinorVersion') ? extensionMonitoringAgentConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionMonitoringAgentConfig, 'enableAutomaticUpgrade') ? extensionMonitoringAgentConfig.enableAutomaticUpgrade : false
- settings: {
- workspaceId: !empty(monitoringWorkspaceId) ? reference(vmss_logAnalyticsWorkspace.id, vmss_logAnalyticsWorkspace.apiVersion).customerId : ''
- }
- protectedSettings: {
- workspaceKey: !empty(monitoringWorkspaceId) ? vmss_logAnalyticsWorkspace.listKeys().primarySharedKey : ''
- }
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}
-
-module vmss_dependencyAgentExtension 'extension/main.bicep' = if (extensionDependencyAgentConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VMSS-DependencyAgent'
- params: {
- virtualMachineScaleSetName: vmss.name
- name: 'DependencyAgent'
- publisher: 'Microsoft.Azure.Monitoring.DependencyAgent'
- type: osType == 'Windows' ? 'DependencyAgentWindows' : 'DependencyAgentLinux'
- typeHandlerVersion: contains(extensionDependencyAgentConfig, 'typeHandlerVersion') ? extensionDependencyAgentConfig.typeHandlerVersion : '9.5'
- autoUpgradeMinorVersion: contains(extensionDependencyAgentConfig, 'autoUpgradeMinorVersion') ? extensionDependencyAgentConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionDependencyAgentConfig, 'enableAutomaticUpgrade') ? extensionDependencyAgentConfig.enableAutomaticUpgrade : true
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}
-
-module vmss_networkWatcherAgentExtension 'extension/main.bicep' = if (extensionNetworkWatcherAgentConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VMSS-NetworkWatcherAgent'
- params: {
- virtualMachineScaleSetName: vmss.name
- name: 'NetworkWatcherAgent'
- publisher: 'Microsoft.Azure.NetworkWatcher'
- type: osType == 'Windows' ? 'NetworkWatcherAgentWindows' : 'NetworkWatcherAgentLinux'
- typeHandlerVersion: contains(extensionNetworkWatcherAgentConfig, 'typeHandlerVersion') ? extensionNetworkWatcherAgentConfig.typeHandlerVersion : '1.4'
- autoUpgradeMinorVersion: contains(extensionNetworkWatcherAgentConfig, 'autoUpgradeMinorVersion') ? extensionNetworkWatcherAgentConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionNetworkWatcherAgentConfig, 'enableAutomaticUpgrade') ? extensionNetworkWatcherAgentConfig.enableAutomaticUpgrade : false
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}
-
-module vmss_desiredStateConfigurationExtension 'extension/main.bicep' = if (extensionDSCConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VMSS-DesiredStateConfiguration'
- params: {
- virtualMachineScaleSetName: vmss.name
- name: 'DesiredStateConfiguration'
- publisher: 'Microsoft.Powershell'
- type: 'DSC'
- typeHandlerVersion: contains(extensionDSCConfig, 'typeHandlerVersion') ? extensionDSCConfig.typeHandlerVersion : '2.77'
- autoUpgradeMinorVersion: contains(extensionDSCConfig, 'autoUpgradeMinorVersion') ? extensionDSCConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionDSCConfig, 'enableAutomaticUpgrade') ? extensionDSCConfig.enableAutomaticUpgrade : false
- settings: contains(extensionDSCConfig, 'settings') ? extensionDSCConfig.settings : {}
- protectedSettings: contains(extensionDSCConfig, 'protectedSettings') ? extensionDSCConfig.protectedSettings : {}
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}
-
-module vmss_customScriptExtension 'extension/main.bicep' = if (extensionCustomScriptConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VMSS-CustomScriptExtension'
- params: {
- virtualMachineScaleSetName: vmss.name
- name: 'CustomScriptExtension'
- publisher: osType == 'Windows' ? 'Microsoft.Compute' : 'Microsoft.Azure.Extensions'
- type: osType == 'Windows' ? 'CustomScriptExtension' : 'CustomScript'
- typeHandlerVersion: contains(extensionCustomScriptConfig, 'typeHandlerVersion') ? extensionCustomScriptConfig.typeHandlerVersion : (osType == 'Windows' ? '1.10' : '2.1')
- autoUpgradeMinorVersion: contains(extensionCustomScriptConfig, 'autoUpgradeMinorVersion') ? extensionCustomScriptConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionCustomScriptConfig, 'enableAutomaticUpgrade') ? extensionCustomScriptConfig.enableAutomaticUpgrade : false
- settings: {
- fileUris: [for fileData in extensionCustomScriptConfig.fileData: contains(fileData, 'storageAccountId') ? '${fileData.uri}?${listAccountSas(fileData.storageAccountId, '2019-04-01', accountSasProperties).accountSasToken}' : fileData.uri]
- }
- protectedSettings: contains(extensionCustomScriptConfig, 'protectedSettings') ? extensionCustomScriptConfig.protectedSettings : {}
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
- dependsOn: [
- vmss_desiredStateConfigurationExtension
- ]
-}
-
-module vmss_azureDiskEncryptionExtension 'extension/main.bicep' = if (extensionAzureDiskEncryptionConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VMSS-AzureDiskEncryption'
- params: {
- virtualMachineScaleSetName: vmss.name
- name: 'AzureDiskEncryption'
- publisher: 'Microsoft.Azure.Security'
- type: osType == 'Windows' ? 'AzureDiskEncryption' : 'AzureDiskEncryptionForLinux'
- typeHandlerVersion: contains(extensionAzureDiskEncryptionConfig, 'typeHandlerVersion') ? extensionAzureDiskEncryptionConfig.typeHandlerVersion : (osType == 'Windows' ? '2.2' : '1.1')
- autoUpgradeMinorVersion: contains(extensionAzureDiskEncryptionConfig, 'autoUpgradeMinorVersion') ? extensionAzureDiskEncryptionConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionAzureDiskEncryptionConfig, 'enableAutomaticUpgrade') ? extensionAzureDiskEncryptionConfig.enableAutomaticUpgrade : false
- forceUpdateTag: contains(extensionAzureDiskEncryptionConfig, 'forceUpdateTag') ? extensionAzureDiskEncryptionConfig.forceUpdateTag : '1.0'
- settings: extensionAzureDiskEncryptionConfig.settings
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
- dependsOn: [
- vmss_customScriptExtension
- vmss_microsoftMonitoringAgentExtension
- ]
-}
-
-resource vmss_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') {
- name: lock.?name ?? 'lock-${name}'
- properties: {
- level: lock.?kind ?? ''
- notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.'
- }
- scope: vmss
-}
-
-resource vmss_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for (diagnosticSetting, index) in (diagnosticSettings ?? []): {
- name: diagnosticSetting.?name ?? '${name}-diagnosticSettings'
- properties: {
- storageAccountId: diagnosticSetting.?storageAccountResourceId
- workspaceId: diagnosticSetting.?workspaceResourceId
- eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId
- eventHubName: diagnosticSetting.?eventHubName
- metrics: diagnosticSetting.?metricCategories ?? [
- {
- category: 'AllMetrics'
- timeGrain: null
- enabled: true
- }
- ]
- marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId
- logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType
- }
- scope: vmss
-}]
-
-resource vmss_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): {
- name: guid(vmss.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName)
- properties: {
- roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : contains(roleAssignment.roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/') ? roleAssignment.roleDefinitionIdOrName : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName)
- principalId: roleAssignment.principalId
- description: roleAssignment.?description
- principalType: roleAssignment.?principalType
- condition: roleAssignment.?condition
- conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set
- delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId
- }
- scope: vmss
-}]
-
-@description('The resource ID of the virtual machine scale set.')
-output resourceId string = vmss.id
-
-@description('The resource group of the virtual machine scale set.')
-output resourceGroupName string = resourceGroup().name
-
-@description('The name of the virtual machine scale set.')
-output name string = vmss.name
-
-@description('The principal ID of the system assigned identity.')
-output systemAssignedMIPrincipalId string = (managedIdentities.?systemAssigned ?? false) && contains(vmss.identity, 'principalId') ? vmss.identity.principalId : ''
-
-@description('The location the resource was deployed into.')
-output location string = vmss.location
-
-// =============== //
-// Definitions //
-// =============== //
-
-type managedIdentitiesType = {
- @description('Optional. Enables system assigned managed identity on the resource.')
- systemAssigned: bool?
-
- @description('Optional. The resource ID(s) to assign to the resource.')
- userAssignedResourceIds: string[]?
-}?
-
-type lockType = {
- @description('Optional. Specify the name of lock.')
- name: string?
-
- @description('Optional. Specify the type of lock.')
- kind: ('CanNotDelete' | 'ReadOnly' | 'None')?
-}?
-
-type roleAssignmentType = {
- @description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
- roleDefinitionIdOrName: string
-
- @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.')
- principalId: string
-
- @description('Optional. The principal type of the assigned principal ID.')
- principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device')?
-
- @description('Optional. The description of the role assignment.')
- description: string?
-
- @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"')
- condition: string?
-
- @description('Optional. Version of the condition.')
- conditionVersion: '2.0'?
-
- @description('Optional. The Resource Id of the delegated managed identity resource.')
- delegatedManagedIdentityResourceId: string?
-}[]?
-
-type diagnosticSettingType = {
- @description('Optional. The name of diagnostic setting.')
- name: string?
-
- @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.')
- metricCategories: {
- @description('Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to \'AllMetrics\' to collect all metrics.')
- category: string
- }[]?
-
- @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.')
- logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics')?
-
- @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
- workspaceResourceId: string?
-
- @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
- storageAccountResourceId: string?
-
- @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.')
- eventHubAuthorizationRuleResourceId: string?
-
- @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
- eventHubName: string?
-
- @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.')
- marketplacePartnerResourceId: string?
-}[]?
+metadata name = 'Virtual Machine Scale Sets'
+metadata description = 'This module deploys a Virtual Machine Scale Set.'
+metadata owner = 'Azure/module-maintainers'
+
+@description('Required. Name of the VMSS.')
+param name string
+
+@description('Optional. Location for all resources.')
+param location string = resourceGroup().location
+
+@description('Optional. This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets.')
+param encryptionAtHost bool = true
+
+@description('Optional. Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings.')
+param securityType string = ''
+
+@description('Optional. Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.')
+param secureBootEnabled bool = false
+
+@description('Optional. Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.')
+param vTpmEnabled bool = false
+
+@description('Required. OS image reference. In case of marketplace images, it\'s the combination of the publisher, offer, sku, version attributes. In case of custom images it\'s the resource ID of the custom image.')
+param imageReference object
+
+@description('Optional. Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use.')
+param plan object = {}
+
+@description('Required. Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.')
+param osDisk object
+
+@description('Optional. Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets.')
+param dataDisks array = []
+
+@description('Optional. The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled.')
+param ultraSSDEnabled bool = false
+
+@description('Required. Administrator username.')
+@secure()
+param adminUsername string
+
+@description('Optional. When specifying a Windows Virtual Machine, this value should be passed.')
+@secure()
+param adminPassword string = ''
+
+@description('Optional. Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format.')
+param customData string = ''
+
+@description('Optional. Array of role assignments to create.')
+param roleAssignments roleAssignmentType
+
+@description('Optional. Fault Domain count for each placement group.')
+param scaleSetFaultDomain int = 2
+
+@description('Optional. Resource ID of a proximity placement group.')
+param proximityPlacementGroupResourceId string = ''
+
+@description('Required. Configures NICs and PIPs.')
+param nicConfigurations array = []
+
+@description('Optional. Specifies the priority for the virtual machine.')
+@allowed([
+ 'Regular'
+ 'Low'
+ 'Spot'
+])
+param vmPriority string = 'Regular'
+
+@description('Optional. Specifies the eviction policy for the low priority virtual machine. Will result in \'Deallocate\' eviction policy.')
+param enableEvictionPolicy bool = false
+
+@description('Optional. Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars.')
+param maxPriceForLowPriorityVm string = ''
+
+@description('Optional. Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system.')
+@allowed([
+ 'Windows_Client'
+ 'Windows_Server'
+ ''
+])
+param licenseType string = ''
+
+@description('Optional. Required if name is specified. Password of the user specified in user parameter.')
+@secure()
+param extensionDomainJoinPassword string = ''
+
+@description('Optional. The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed.')
+param extensionDomainJoinConfig object = {
+ enabled: false
+}
+
+@description('Optional. The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed.')
+param extensionAntiMalwareConfig object = {
+ enabled: false
+}
+
+@description('Optional. The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed.')
+param extensionMonitoringAgentConfig object = {
+ enabled: false
+}
+
+@description('Optional. Resource ID of the monitoring log analytics workspace.')
+param monitoringWorkspaceId string = ''
+
+@description('Optional. The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed.')
+param extensionDependencyAgentConfig object = {
+ enabled: false
+}
+
+@description('Optional. The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed.')
+param extensionNetworkWatcherAgentConfig object = {
+ enabled: false
+}
+
+@description('Optional. The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.')
+param extensionAzureDiskEncryptionConfig object = {
+ enabled: false
+}
+
+@description('Optional. The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed.')
+param extensionDSCConfig object = {
+ enabled: false
+}
+
+@description('Optional. The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed.')
+param extensionCustomScriptConfig object = {
+ enabled: false
+ fileData: []
+}
+
+@description('Optional. Storage account boot diagnostic base URI.')
+param bootDiagnosticStorageAccountUri string = '.blob.${environment().suffixes.storage}/'
+
+@description('Optional. Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided.')
+param bootDiagnosticStorageAccountName string = ''
+
+@description('Optional. The diagnostic settings of the service.')
+param diagnosticSettings diagnosticSettingType
+
+@description('Optional. The lock settings of the service.')
+param lock lockType
+
+@description('Optional. Specifies the mode of an upgrade to virtual machines in the scale set.\' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling.')
+@allowed([
+ 'Manual'
+ 'Automatic'
+ 'Rolling'
+])
+param upgradePolicyMode string = 'Manual'
+
+@description('Optional. The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability.')
+param maxBatchInstancePercent int = 20
+
+@description('Optional. The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch.')
+param maxUnhealthyInstancePercent int = 20
+
+@description('Optional. The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch.')
+param maxUnhealthyUpgradedInstancePercent int = 20
+
+@description('Optional. The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format.')
+param pauseTimeBetweenBatches string = 'PT0S'
+
+@description('Optional. Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true.')
+param enableAutomaticOSUpgrade bool = false
+
+@description('Optional. Whether OS image rollback feature should be disabled.')
+param disableAutomaticRollback bool = false
+
+@description('Optional. Specifies whether automatic repairs should be enabled on the virtual machine scale set.')
+param automaticRepairsPolicyEnabled bool = false
+
+@description('Optional. The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M).')
+param gracePeriod string = 'PT30M'
+
+@description('Optional. Specifies the computer name prefix for all of the virtual machines in the scale set.')
+@minLength(1)
+@maxLength(15)
+param vmNamePrefix string = 'vmssvm'
+
+@description('Optional. Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.')
+param provisionVMAgent bool = true
+
+@description('Optional. Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning.')
+param enableAutomaticUpdates bool = true
+
+@description('Optional. Specifies the time zone of the virtual machine. e.g. \'Pacific Standard Time\'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`.')
+param timeZone string = ''
+
+@description('Optional. Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object.')
+param additionalUnattendContent array = []
+
+@description('Optional. Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object.')
+param winRM array = []
+
+@description('Optional. Specifies whether password authentication should be disabled.')
+#disable-next-line secure-secrets-in-params // Not a secret
+param disablePasswordAuthentication bool = false
+
+@description('Optional. The list of SSH public keys used to authenticate with linux based VMs.')
+param publicKeys array = []
+
+@description('Optional. Specifies set of certificates that should be installed onto the virtual machines in the scale set.')
+#disable-next-line secure-secrets-in-params // Not a secret
+param secrets array = []
+
+@description('Optional. Specifies Scheduled Event related configurations.')
+param scheduledEventsProfile object = {}
+
+@description('Optional. Specifies whether the Virtual Machine Scale Set should be overprovisioned.')
+param overprovision bool = false
+
+@description('Optional. When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs.')
+param doNotRunExtensionsOnOverprovisionedVMs bool = false
+
+@description('Optional. Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage.')
+param zoneBalance bool = false
+
+@description('Optional. When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true.')
+param singlePlacementGroup bool = true
+
+@description('Optional. Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in.')
+param scaleInPolicy object = {
+ rules: [
+ 'Default'
+ ]
+}
+
+@description('Required. The SKU size of the VMs.')
+param skuName string
+
+@description('Optional. The initial instance count of scale set VMs.')
+param skuCapacity int = 1
+
+@description('Optional. The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set.')
+param availabilityZones array = []
+
+@description('Optional. Tags of the resource.')
+param tags object?
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+@description('Required. The chosen OS type.')
+@allowed([
+ 'Windows'
+ 'Linux'
+])
+param osType string
+
+@description('Generated. Do not provide a value! This date value is used to generate a registration token.')
+param baseTime string = utcNow('u')
+
+@description('Optional. SAS token validity length to use to download files from storage accounts. Usage: \'PT8H\' - valid for 8 hours; \'P5D\' - valid for 5 days; \'P1Y\' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours.')
+param sasTokenValidityLength string = 'PT8H'
+
+@description('Optional. The managed identity definition for this resource.')
+param managedIdentities managedIdentitiesType
+
+var publicKeysFormatted = [for publicKey in publicKeys: {
+ path: publicKey.path
+ keyData: publicKey.keyData
+}]
+
+var linuxConfiguration = {
+ disablePasswordAuthentication: disablePasswordAuthentication
+ ssh: {
+ publicKeys: publicKeysFormatted
+ }
+ provisionVMAgent: provisionVMAgent
+}
+
+var windowsConfiguration = {
+ provisionVMAgent: provisionVMAgent
+ enableAutomaticUpdates: enableAutomaticUpdates
+ timeZone: empty(timeZone) ? null : timeZone
+ additionalUnattendContent: empty(additionalUnattendContent) ? null : additionalUnattendContent
+ winRM: !empty(winRM) ? {
+ listeners: winRM
+ } : null
+}
+
+var accountSasProperties = {
+ signedServices: 'b'
+ signedPermission: 'r'
+ signedExpiry: dateTimeAdd(baseTime, sasTokenValidityLength)
+ signedResourceTypes: 'o'
+ signedProtocol: 'https'
+}
+
+var formattedUserAssignedIdentities = reduce(map((managedIdentities.?userAssignedResourceIds ?? []), (id) => { '${id}': {} }), {}, (cur, next) => union(cur, next)) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} }
+
+var identity = !empty(managedIdentities) ? {
+ type: (managedIdentities.?systemAssigned ?? false) ? (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'UserAssigned' : null)
+ userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null
+} : null
+
+var enableReferencedModulesTelemetry = false
+
+var builtInRoleNames = {
+ Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
+ 'Data Operator for Managed Disks': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '959f8984-c045-4866-89c7-12bf9737be2e')
+ 'Desktop Virtualization Power On Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '489581de-a3bd-480d-9518-53dea7416b33')
+ 'Desktop Virtualization Power On Off Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '40c5ff49-9181-41f8-ae61-143b0e78555e')
+ 'Desktop Virtualization Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')
+ 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')
+ 'Disk Backup Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3e5e47e6-65f7-47ef-90b5-e5dd4d455f24')
+ 'Disk Pool Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '60fc6e62-5479-42d4-8bf4-67625fcc2840')
+ 'Disk Restore Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b50d9833-a0cb-478e-945f-707fcc997c13')
+ 'Disk Snapshot Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce')
+ Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
+ Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
+ 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')
+ 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
+ 'Virtual Machine Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')
+ 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')
+ 'Virtual Machine User Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')
+ 'VM Scanner Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd24ecba3-c1f4-40fa-a7bb-4588a071e8fd')
+}
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+ name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
+ properties: {
+ mode: 'Incremental'
+ template: {
+ '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+ contentVersion: '1.0.0.0'
+ resources: []
+ }
+ }
+}
+
+resource vmss 'Microsoft.Compute/virtualMachineScaleSets@2022-11-01' = {
+ name: name
+ location: location
+ tags: tags
+ identity: identity
+ zones: availabilityZones
+ properties: {
+ proximityPlacementGroup: !empty(proximityPlacementGroupResourceId) ? {
+ id: proximityPlacementGroupResourceId
+ } : null
+ upgradePolicy: {
+ mode: upgradePolicyMode
+ rollingUpgradePolicy: {
+ maxBatchInstancePercent: maxBatchInstancePercent
+ maxUnhealthyInstancePercent: maxUnhealthyInstancePercent
+ maxUnhealthyUpgradedInstancePercent: maxUnhealthyUpgradedInstancePercent
+ pauseTimeBetweenBatches: pauseTimeBetweenBatches
+ }
+ automaticOSUpgradePolicy: {
+ enableAutomaticOSUpgrade: enableAutomaticOSUpgrade
+ disableAutomaticRollback: disableAutomaticRollback
+ }
+ }
+ automaticRepairsPolicy: {
+ enabled: automaticRepairsPolicyEnabled
+ gracePeriod: gracePeriod
+ }
+ virtualMachineProfile: {
+ osProfile: {
+ computerNamePrefix: vmNamePrefix
+ adminUsername: adminUsername
+ adminPassword: !empty(adminPassword) ? adminPassword : null
+ customData: !empty(customData) ? base64(customData) : null
+ windowsConfiguration: osType == 'Windows' ? windowsConfiguration : null
+ linuxConfiguration: osType == 'Linux' ? linuxConfiguration : null
+ secrets: secrets
+ }
+ securityProfile: {
+ encryptionAtHost: encryptionAtHost ? encryptionAtHost : null
+ securityType: securityType
+ uefiSettings: securityType == 'TrustedLaunch' ? {
+ secureBootEnabled: secureBootEnabled
+ vTpmEnabled: vTpmEnabled
+ } : null
+ }
+ storageProfile: {
+ imageReference: imageReference
+ osDisk: {
+ createOption: osDisk.createOption
+ diskSizeGB: osDisk.diskSizeGB
+ caching: contains(osDisk, 'caching') ? osDisk.caching : null
+ writeAcceleratorEnabled: contains(osDisk, 'writeAcceleratorEnabled') ? osDisk.writeAcceleratorEnabled : null
+ diffDiskSettings: contains(osDisk, 'diffDiskSettings') ? osDisk.diffDiskSettings : null
+ osType: contains(osDisk, 'osType') ? osDisk.osType : null
+ image: contains(osDisk, 'image') ? osDisk.image : null
+ vhdContainers: contains(osDisk, 'vhdContainers') ? osDisk.vhdContainers : null
+ managedDisk: {
+ storageAccountType: osDisk.managedDisk.storageAccountType
+ diskEncryptionSet: contains(osDisk.managedDisk, 'diskEncryptionSet') ? {
+ id: osDisk.managedDisk.diskEncryptionSet.id
+ } : null
+ }
+ }
+ dataDisks: [for (dataDisk, index) in dataDisks: {
+ lun: index
+ diskSizeGB: dataDisk.diskSizeGB
+ createOption: dataDisk.createOption
+ caching: dataDisk.caching
+ writeAcceleratorEnabled: contains(osDisk, 'writeAcceleratorEnabled') ? osDisk.writeAcceleratorEnabled : null
+ managedDisk: {
+ storageAccountType: dataDisk.managedDisk.storageAccountType
+ diskEncryptionSet: contains(dataDisk.managedDisk, 'diskEncryptionSet') ? {
+ id: dataDisk.managedDisk.diskEncryptionSet.id
+ } : null
+ }
+ diskIOPSReadWrite: contains(osDisk, 'diskIOPSReadWrite') ? dataDisk.diskIOPSReadWrite : null
+ diskMBpsReadWrite: contains(osDisk, 'diskMBpsReadWrite') ? dataDisk.diskMBpsReadWrite : null
+ }]
+ }
+ networkProfile: {
+ networkInterfaceConfigurations: [for (nicConfiguration, index) in nicConfigurations: {
+ name: '${name}${nicConfiguration.nicSuffix}configuration-${index}'
+ properties: {
+ primary: (index == 0) ? true : any(null)
+ enableAcceleratedNetworking: contains(nicConfiguration, 'enableAcceleratedNetworking') ? nicConfiguration.enableAcceleratedNetworking : true
+ networkSecurityGroup: contains(nicConfiguration, 'nsgId') ? {
+ id: nicConfiguration.nsgId
+ } : null
+ ipConfigurations: nicConfiguration.ipConfigurations
+ }
+ }]
+ }
+ diagnosticsProfile: {
+ bootDiagnostics: {
+ enabled: !empty(bootDiagnosticStorageAccountName)
+ storageUri: !empty(bootDiagnosticStorageAccountName) ? 'https://${bootDiagnosticStorageAccountName}${bootDiagnosticStorageAccountUri}' : null
+ }
+ }
+ licenseType: empty(licenseType) ? null : licenseType
+ priority: vmPriority
+ evictionPolicy: enableEvictionPolicy ? 'Deallocate' : null
+ billingProfile: !empty(vmPriority) && !empty(maxPriceForLowPriorityVm) ? {
+ maxPrice: maxPriceForLowPriorityVm
+ } : null
+ scheduledEventsProfile: scheduledEventsProfile
+ }
+ overprovision: overprovision
+ doNotRunExtensionsOnOverprovisionedVMs: doNotRunExtensionsOnOverprovisionedVMs
+ zoneBalance: zoneBalance == 'true' ? zoneBalance : null
+ platformFaultDomainCount: scaleSetFaultDomain
+ singlePlacementGroup: singlePlacementGroup
+ additionalCapabilities: {
+ ultraSSDEnabled: ultraSSDEnabled
+ }
+ scaleInPolicy: scaleInPolicy
+ }
+ sku: {
+ name: skuName
+ capacity: skuCapacity
+ }
+ plan: !empty(plan) ? plan : null
+}
+
+module vmss_domainJoinExtension 'extension/main.bicep' = if (extensionDomainJoinConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VMSS-DomainJoin'
+ params: {
+ virtualMachineScaleSetName: vmss.name
+ name: 'DomainJoin'
+ publisher: 'Microsoft.Compute'
+ type: 'JsonADDomainExtension'
+ typeHandlerVersion: contains(extensionDomainJoinConfig, 'typeHandlerVersion') ? extensionDomainJoinConfig.typeHandlerVersion : '1.3'
+ autoUpgradeMinorVersion: contains(extensionDomainJoinConfig, 'autoUpgradeMinorVersion') ? extensionDomainJoinConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionDomainJoinConfig, 'enableAutomaticUpgrade') ? extensionDomainJoinConfig.enableAutomaticUpgrade : false
+ settings: extensionDomainJoinConfig.settings
+ protectedSettings: {
+ Password: extensionDomainJoinPassword
+ }
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+}
+
+module vmss_microsoftAntiMalwareExtension 'extension/main.bicep' = if (extensionAntiMalwareConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VMSS-MicrosoftAntiMalware'
+ params: {
+ virtualMachineScaleSetName: vmss.name
+ name: 'MicrosoftAntiMalware'
+ publisher: 'Microsoft.Azure.Security'
+ type: 'IaaSAntimalware'
+ typeHandlerVersion: contains(extensionAntiMalwareConfig, 'typeHandlerVersion') ? extensionAntiMalwareConfig.typeHandlerVersion : '1.3'
+ autoUpgradeMinorVersion: contains(extensionAntiMalwareConfig, 'autoUpgradeMinorVersion') ? extensionAntiMalwareConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionAntiMalwareConfig, 'enableAutomaticUpgrade') ? extensionAntiMalwareConfig.enableAutomaticUpgrade : false
+ settings: extensionAntiMalwareConfig.settings
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+}
+
+resource vmss_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(monitoringWorkspaceId)) {
+ name: last(split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : 'law'), '/'))!
+ scope: az.resourceGroup(split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '//'), '/')[2], split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '////'), '/')[4])
+}
+
+module vmss_microsoftMonitoringAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VMSS-MicrosoftMonitoringAgent'
+ params: {
+ virtualMachineScaleSetName: vmss.name
+ name: 'MicrosoftMonitoringAgent'
+ publisher: 'Microsoft.EnterpriseCloud.Monitoring'
+ type: osType == 'Windows' ? 'MicrosoftMonitoringAgent' : 'OmsAgentForLinux'
+ typeHandlerVersion: contains(extensionMonitoringAgentConfig, 'typeHandlerVersion') ? extensionMonitoringAgentConfig.typeHandlerVersion : (osType == 'Windows' ? '1.0' : '1.7')
+ autoUpgradeMinorVersion: contains(extensionMonitoringAgentConfig, 'autoUpgradeMinorVersion') ? extensionMonitoringAgentConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionMonitoringAgentConfig, 'enableAutomaticUpgrade') ? extensionMonitoringAgentConfig.enableAutomaticUpgrade : false
+ settings: {
+ workspaceId: !empty(monitoringWorkspaceId) ? reference(vmss_logAnalyticsWorkspace.id, vmss_logAnalyticsWorkspace.apiVersion).customerId : ''
+ }
+ protectedSettings: {
+ workspaceKey: !empty(monitoringWorkspaceId) ? vmss_logAnalyticsWorkspace.listKeys().primarySharedKey : ''
+ }
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+}
+
+module vmss_dependencyAgentExtension 'extension/main.bicep' = if (extensionDependencyAgentConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VMSS-DependencyAgent'
+ params: {
+ virtualMachineScaleSetName: vmss.name
+ name: 'DependencyAgent'
+ publisher: 'Microsoft.Azure.Monitoring.DependencyAgent'
+ type: osType == 'Windows' ? 'DependencyAgentWindows' : 'DependencyAgentLinux'
+ typeHandlerVersion: contains(extensionDependencyAgentConfig, 'typeHandlerVersion') ? extensionDependencyAgentConfig.typeHandlerVersion : '9.5'
+ autoUpgradeMinorVersion: contains(extensionDependencyAgentConfig, 'autoUpgradeMinorVersion') ? extensionDependencyAgentConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionDependencyAgentConfig, 'enableAutomaticUpgrade') ? extensionDependencyAgentConfig.enableAutomaticUpgrade : true
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+}
+
+module vmss_networkWatcherAgentExtension 'extension/main.bicep' = if (extensionNetworkWatcherAgentConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VMSS-NetworkWatcherAgent'
+ params: {
+ virtualMachineScaleSetName: vmss.name
+ name: 'NetworkWatcherAgent'
+ publisher: 'Microsoft.Azure.NetworkWatcher'
+ type: osType == 'Windows' ? 'NetworkWatcherAgentWindows' : 'NetworkWatcherAgentLinux'
+ typeHandlerVersion: contains(extensionNetworkWatcherAgentConfig, 'typeHandlerVersion') ? extensionNetworkWatcherAgentConfig.typeHandlerVersion : '1.4'
+ autoUpgradeMinorVersion: contains(extensionNetworkWatcherAgentConfig, 'autoUpgradeMinorVersion') ? extensionNetworkWatcherAgentConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionNetworkWatcherAgentConfig, 'enableAutomaticUpgrade') ? extensionNetworkWatcherAgentConfig.enableAutomaticUpgrade : false
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+}
+
+module vmss_desiredStateConfigurationExtension 'extension/main.bicep' = if (extensionDSCConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VMSS-DesiredStateConfiguration'
+ params: {
+ virtualMachineScaleSetName: vmss.name
+ name: 'DesiredStateConfiguration'
+ publisher: 'Microsoft.Powershell'
+ type: 'DSC'
+ typeHandlerVersion: contains(extensionDSCConfig, 'typeHandlerVersion') ? extensionDSCConfig.typeHandlerVersion : '2.77'
+ autoUpgradeMinorVersion: contains(extensionDSCConfig, 'autoUpgradeMinorVersion') ? extensionDSCConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionDSCConfig, 'enableAutomaticUpgrade') ? extensionDSCConfig.enableAutomaticUpgrade : false
+ settings: contains(extensionDSCConfig, 'settings') ? extensionDSCConfig.settings : {}
+ protectedSettings: contains(extensionDSCConfig, 'protectedSettings') ? extensionDSCConfig.protectedSettings : {}
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+}
+
+module vmss_customScriptExtension 'extension/main.bicep' = if (extensionCustomScriptConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VMSS-CustomScriptExtension'
+ params: {
+ virtualMachineScaleSetName: vmss.name
+ name: 'CustomScriptExtension'
+ publisher: osType == 'Windows' ? 'Microsoft.Compute' : 'Microsoft.Azure.Extensions'
+ type: osType == 'Windows' ? 'CustomScriptExtension' : 'CustomScript'
+ typeHandlerVersion: contains(extensionCustomScriptConfig, 'typeHandlerVersion') ? extensionCustomScriptConfig.typeHandlerVersion : (osType == 'Windows' ? '1.10' : '2.1')
+ autoUpgradeMinorVersion: contains(extensionCustomScriptConfig, 'autoUpgradeMinorVersion') ? extensionCustomScriptConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionCustomScriptConfig, 'enableAutomaticUpgrade') ? extensionCustomScriptConfig.enableAutomaticUpgrade : false
+ settings: {
+ fileUris: [for fileData in extensionCustomScriptConfig.fileData: contains(fileData, 'storageAccountId') ? '${fileData.uri}?${listAccountSas(fileData.storageAccountId, '2019-04-01', accountSasProperties).accountSasToken}' : fileData.uri]
+ }
+ protectedSettings: contains(extensionCustomScriptConfig, 'protectedSettings') ? extensionCustomScriptConfig.protectedSettings : {}
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+ dependsOn: [
+ vmss_desiredStateConfigurationExtension
+ ]
+}
+
+module vmss_azureDiskEncryptionExtension 'extension/main.bicep' = if (extensionAzureDiskEncryptionConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VMSS-AzureDiskEncryption'
+ params: {
+ virtualMachineScaleSetName: vmss.name
+ name: 'AzureDiskEncryption'
+ publisher: 'Microsoft.Azure.Security'
+ type: osType == 'Windows' ? 'AzureDiskEncryption' : 'AzureDiskEncryptionForLinux'
+ typeHandlerVersion: contains(extensionAzureDiskEncryptionConfig, 'typeHandlerVersion') ? extensionAzureDiskEncryptionConfig.typeHandlerVersion : (osType == 'Windows' ? '2.2' : '1.1')
+ autoUpgradeMinorVersion: contains(extensionAzureDiskEncryptionConfig, 'autoUpgradeMinorVersion') ? extensionAzureDiskEncryptionConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionAzureDiskEncryptionConfig, 'enableAutomaticUpgrade') ? extensionAzureDiskEncryptionConfig.enableAutomaticUpgrade : false
+ forceUpdateTag: contains(extensionAzureDiskEncryptionConfig, 'forceUpdateTag') ? extensionAzureDiskEncryptionConfig.forceUpdateTag : '1.0'
+ settings: extensionAzureDiskEncryptionConfig.settings
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+ dependsOn: [
+ vmss_customScriptExtension
+ vmss_microsoftMonitoringAgentExtension
+ ]
+}
+
+resource vmss_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') {
+ name: lock.?name ?? 'lock-${name}'
+ properties: {
+ level: lock.?kind ?? ''
+ notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.'
+ }
+ scope: vmss
+}
+
+resource vmss_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for (diagnosticSetting, index) in (diagnosticSettings ?? []): {
+ name: diagnosticSetting.?name ?? '${name}-diagnosticSettings'
+ properties: {
+ storageAccountId: diagnosticSetting.?storageAccountResourceId
+ workspaceId: diagnosticSetting.?workspaceResourceId
+ eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId
+ eventHubName: diagnosticSetting.?eventHubName
+ metrics: diagnosticSetting.?metricCategories ?? [
+ {
+ category: 'AllMetrics'
+ timeGrain: null
+ enabled: true
+ }
+ ]
+ marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId
+ logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType
+ }
+ scope: vmss
+}]
+
+resource vmss_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): {
+ name: guid(vmss.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName)
+ properties: {
+ roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : contains(roleAssignment.roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/') ? roleAssignment.roleDefinitionIdOrName : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName)
+ principalId: roleAssignment.principalId
+ description: roleAssignment.?description
+ principalType: roleAssignment.?principalType
+ condition: roleAssignment.?condition
+ conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set
+ delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId
+ }
+ scope: vmss
+}]
+
+@description('The resource ID of the virtual machine scale set.')
+output resourceId string = vmss.id
+
+@description('The resource group of the virtual machine scale set.')
+output resourceGroupName string = resourceGroup().name
+
+@description('The name of the virtual machine scale set.')
+output name string = vmss.name
+
+@description('The principal ID of the system assigned identity.')
+output systemAssignedMIPrincipalId string = (managedIdentities.?systemAssigned ?? false) && contains(vmss.identity, 'principalId') ? vmss.identity.principalId : ''
+
+@description('The location the resource was deployed into.')
+output location string = vmss.location
+
+// =============== //
+// Definitions //
+// =============== //
+
+type managedIdentitiesType = {
+ @description('Optional. Enables system assigned managed identity on the resource.')
+ systemAssigned: bool?
+
+ @description('Optional. The resource ID(s) to assign to the resource.')
+ userAssignedResourceIds: string[]?
+}?
+
+type lockType = {
+ @description('Optional. Specify the name of lock.')
+ name: string?
+
+ @description('Optional. Specify the type of lock.')
+ kind: ('CanNotDelete' | 'ReadOnly' | 'None')?
+}?
+
+type roleAssignmentType = {
+ @description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
+ roleDefinitionIdOrName: string
+
+ @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.')
+ principalId: string
+
+ @description('Optional. The principal type of the assigned principal ID.')
+ principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device')?
+
+ @description('Optional. The description of the role assignment.')
+ description: string?
+
+ @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"')
+ condition: string?
+
+ @description('Optional. Version of the condition.')
+ conditionVersion: '2.0'?
+
+ @description('Optional. The Resource Id of the delegated managed identity resource.')
+ delegatedManagedIdentityResourceId: string?
+}[]?
+
+type diagnosticSettingType = {
+ @description('Optional. The name of diagnostic setting.')
+ name: string?
+
+ @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.')
+ metricCategories: {
+ @description('Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to \'AllMetrics\' to collect all metrics.')
+ category: string
+ }[]?
+
+ @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.')
+ logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics')?
+
+ @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
+ workspaceResourceId: string?
+
+ @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
+ storageAccountResourceId: string?
+
+ @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.')
+ eventHubAuthorizationRuleResourceId: string?
+
+ @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
+ eventHubName: string?
+
+ @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.')
+ marketplacePartnerResourceId: string?
+}[]?
diff --git a/modules/compute/virtual-machine-scale-set/main.json b/modules/compute/virtual-machine-scale-set/main.json
index 95643ce69d..8d9ced95ad 100644
--- a/modules/compute/virtual-machine-scale-set/main.json
+++ b/modules/compute/virtual-machine-scale-set/main.json
@@ -1,2522 +1,2522 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "6314533557974797448"
- },
- "name": "Virtual Machine Scale Sets",
- "description": "This module deploys a Virtual Machine Scale Set.",
- "owner": "Azure/module-maintainers"
- },
- "definitions": {
- "managedIdentitiesType": {
- "type": "object",
- "properties": {
- "systemAssigned": {
- "type": "bool",
- "nullable": true,
- "metadata": {
- "description": "Optional. Enables system assigned managed identity on the resource."
- }
- },
- "userAssignedResourceIds": {
- "type": "array",
- "items": {
- "type": "string"
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. The resource ID(s) to assign to the resource."
- }
- }
- },
- "nullable": true
- },
- "lockType": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the name of lock."
- }
- },
- "kind": {
- "type": "string",
- "allowedValues": [
- "CanNotDelete",
- "None",
- "ReadOnly"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the type of lock."
- }
- }
- },
- "nullable": true
- },
- "roleAssignmentType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "roleDefinitionIdOrName": {
- "type": "string",
- "metadata": {
- "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
- }
- },
- "principalId": {
- "type": "string",
- "metadata": {
- "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
- }
- },
- "principalType": {
- "type": "string",
- "allowedValues": [
- "Device",
- "ForeignGroup",
- "Group",
- "ServicePrincipal",
- "User"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. The principal type of the assigned principal ID."
- }
- },
- "description": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The description of the role assignment."
- }
- },
- "condition": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
- }
- },
- "conditionVersion": {
- "type": "string",
- "allowedValues": [
- "2.0"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Version of the condition."
- }
- },
- "delegatedManagedIdentityResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The Resource Id of the delegated managed identity resource."
- }
- }
- }
- },
- "nullable": true
- },
- "diagnosticSettingType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of diagnostic setting."
- }
- },
- "metricCategories": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "category": {
- "type": "string",
- "metadata": {
- "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics."
- }
- }
- }
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
- }
- },
- "logAnalyticsDestinationType": {
- "type": "string",
- "allowedValues": [
- "AzureDiagnostics",
- "Dedicated"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type."
- }
- },
- "workspaceResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "storageAccountResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "eventHubAuthorizationRuleResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
- }
- },
- "eventHubName": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "marketplacePartnerResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs."
- }
- }
- }
- },
- "nullable": true
- }
- },
- "parameters": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. Name of the VMSS."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all resources."
- }
- },
- "encryptionAtHost": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets."
- }
- },
- "securityType": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings."
- }
- },
- "secureBootEnabled": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings."
- }
- },
- "vTpmEnabled": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings."
- }
- },
- "imageReference": {
- "type": "object",
- "metadata": {
- "description": "Required. OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image."
- }
- },
- "plan": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use."
- }
- },
- "osDisk": {
- "type": "object",
- "metadata": {
- "description": "Required. Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets."
- }
- },
- "dataDisks": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Optional. Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets."
- }
- },
- "ultraSSDEnabled": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled."
- }
- },
- "adminUsername": {
- "type": "securestring",
- "metadata": {
- "description": "Required. Administrator username."
- }
- },
- "adminPassword": {
- "type": "securestring",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. When specifying a Windows Virtual Machine, this value should be passed."
- }
- },
- "customData": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format."
- }
- },
- "roleAssignments": {
- "$ref": "#/definitions/roleAssignmentType",
- "metadata": {
- "description": "Optional. Array of role assignments to create."
- }
- },
- "scaleSetFaultDomain": {
- "type": "int",
- "defaultValue": 2,
- "metadata": {
- "description": "Optional. Fault Domain count for each placement group."
- }
- },
- "proximityPlacementGroupResourceId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Resource ID of a proximity placement group."
- }
- },
- "nicConfigurations": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Required. Configures NICs and PIPs."
- }
- },
- "vmPriority": {
- "type": "string",
- "defaultValue": "Regular",
- "allowedValues": [
- "Regular",
- "Low",
- "Spot"
- ],
- "metadata": {
- "description": "Optional. Specifies the priority for the virtual machine."
- }
- },
- "enableEvictionPolicy": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy."
- }
- },
- "maxPriceForLowPriorityVm": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars."
- }
- },
- "licenseType": {
- "type": "string",
- "defaultValue": "",
- "allowedValues": [
- "Windows_Client",
- "Windows_Server",
- ""
- ],
- "metadata": {
- "description": "Optional. Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system."
- }
- },
- "extensionDomainJoinPassword": {
- "type": "securestring",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Required if name is specified. Password of the user specified in user parameter."
- }
- },
- "extensionDomainJoinConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false
- },
- "metadata": {
- "description": "Optional. The configuration for the [Domain Join] extension. Must at least contain the [\"enabled\": true] property to be executed."
- }
- },
- "extensionAntiMalwareConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false
- },
- "metadata": {
- "description": "Optional. The configuration for the [Anti Malware] extension. Must at least contain the [\"enabled\": true] property to be executed."
- }
- },
- "extensionMonitoringAgentConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false
- },
- "metadata": {
- "description": "Optional. The configuration for the [Monitoring Agent] extension. Must at least contain the [\"enabled\": true] property to be executed."
- }
- },
- "monitoringWorkspaceId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Resource ID of the monitoring log analytics workspace."
- }
- },
- "extensionDependencyAgentConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false
- },
- "metadata": {
- "description": "Optional. The configuration for the [Dependency Agent] extension. Must at least contain the [\"enabled\": true] property to be executed."
- }
- },
- "extensionNetworkWatcherAgentConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false
- },
- "metadata": {
- "description": "Optional. The configuration for the [Network Watcher Agent] extension. Must at least contain the [\"enabled\": true] property to be executed."
- }
- },
- "extensionAzureDiskEncryptionConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false
- },
- "metadata": {
- "description": "Optional. The configuration for the [Azure Disk Encryption] extension. Must at least contain the [\"enabled\": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys."
- }
- },
- "extensionDSCConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false
- },
- "metadata": {
- "description": "Optional. The configuration for the [Desired State Configuration] extension. Must at least contain the [\"enabled\": true] property to be executed."
- }
- },
- "extensionCustomScriptConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false,
- "fileData": []
- },
- "metadata": {
- "description": "Optional. The configuration for the [Custom Script] extension. Must at least contain the [\"enabled\": true] property to be executed."
- }
- },
- "bootDiagnosticStorageAccountUri": {
- "type": "string",
- "defaultValue": "[format('.blob.{0}/', environment().suffixes.storage)]",
- "metadata": {
- "description": "Optional. Storage account boot diagnostic base URI."
- }
- },
- "bootDiagnosticStorageAccountName": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided."
- }
- },
- "diagnosticSettings": {
- "$ref": "#/definitions/diagnosticSettingType",
- "metadata": {
- "description": "Optional. The diagnostic settings of the service."
- }
- },
- "lock": {
- "$ref": "#/definitions/lockType",
- "metadata": {
- "description": "Optional. The lock settings of the service."
- }
- },
- "upgradePolicyMode": {
- "type": "string",
- "defaultValue": "Manual",
- "allowedValues": [
- "Manual",
- "Automatic",
- "Rolling"
- ],
- "metadata": {
- "description": "Optional. Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling."
- }
- },
- "maxBatchInstancePercent": {
- "type": "int",
- "defaultValue": 20,
- "metadata": {
- "description": "Optional. The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability."
- }
- },
- "maxUnhealthyInstancePercent": {
- "type": "int",
- "defaultValue": 20,
- "metadata": {
- "description": "Optional. The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch."
- }
- },
- "maxUnhealthyUpgradedInstancePercent": {
- "type": "int",
- "defaultValue": 20,
- "metadata": {
- "description": "Optional. The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch."
- }
- },
- "pauseTimeBetweenBatches": {
- "type": "string",
- "defaultValue": "PT0S",
- "metadata": {
- "description": "Optional. The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format."
- }
- },
- "enableAutomaticOSUpgrade": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true."
- }
- },
- "disableAutomaticRollback": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Whether OS image rollback feature should be disabled."
- }
- },
- "automaticRepairsPolicyEnabled": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Specifies whether automatic repairs should be enabled on the virtual machine scale set."
- }
- },
- "gracePeriod": {
- "type": "string",
- "defaultValue": "PT30M",
- "metadata": {
- "description": "Optional. The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M)."
- }
- },
- "vmNamePrefix": {
- "type": "string",
- "defaultValue": "vmssvm",
- "minLength": 1,
- "maxLength": 15,
- "metadata": {
- "description": "Optional. Specifies the computer name prefix for all of the virtual machines in the scale set."
- }
- },
- "provisionVMAgent": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later."
- }
- },
- "enableAutomaticUpdates": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning."
- }
- },
- "timeZone": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`."
- }
- },
- "additionalUnattendContent": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Optional. Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object."
- }
- },
- "winRM": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object."
- }
- },
- "disablePasswordAuthentication": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Specifies whether password authentication should be disabled."
- }
- },
- "publicKeys": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Optional. The list of SSH public keys used to authenticate with linux based VMs."
- }
- },
- "secrets": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Optional. Specifies set of certificates that should be installed onto the virtual machines in the scale set."
- }
- },
- "scheduledEventsProfile": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Specifies Scheduled Event related configurations."
- }
- },
- "overprovision": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Specifies whether the Virtual Machine Scale Set should be overprovisioned."
- }
- },
- "doNotRunExtensionsOnOverprovisionedVMs": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs."
- }
- },
- "zoneBalance": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage."
- }
- },
- "singlePlacementGroup": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true."
- }
- },
- "scaleInPolicy": {
- "type": "object",
- "defaultValue": {
- "rules": [
- "Default"
- ]
- },
- "metadata": {
- "description": "Optional. Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in."
- }
- },
- "skuName": {
- "type": "string",
- "metadata": {
- "description": "Required. The SKU size of the VMs."
- }
- },
- "skuCapacity": {
- "type": "int",
- "defaultValue": 1,
- "metadata": {
- "description": "Optional. The initial instance count of scale set VMs."
- }
- },
- "availabilityZones": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Optional. The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "osType": {
- "type": "string",
- "allowedValues": [
- "Windows",
- "Linux"
- ],
- "metadata": {
- "description": "Required. The chosen OS type."
- }
- },
- "baseTime": {
- "type": "string",
- "defaultValue": "[utcNow('u')]",
- "metadata": {
- "description": "Generated. Do not provide a value! This date value is used to generate a registration token."
- }
- },
- "sasTokenValidityLength": {
- "type": "string",
- "defaultValue": "PT8H",
- "metadata": {
- "description": "Optional. SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours."
- }
- },
- "managedIdentities": {
- "$ref": "#/definitions/managedIdentitiesType",
- "metadata": {
- "description": "Optional. The managed identity definition for this resource."
- }
- }
- },
- "variables": {
- "copy": [
- {
- "name": "publicKeysFormatted",
- "count": "[length(parameters('publicKeys'))]",
- "input": {
- "path": "[parameters('publicKeys')[copyIndex('publicKeysFormatted')].path]",
- "keyData": "[parameters('publicKeys')[copyIndex('publicKeysFormatted')].keyData]"
- }
- }
- ],
- "linuxConfiguration": {
- "disablePasswordAuthentication": "[parameters('disablePasswordAuthentication')]",
- "ssh": {
- "publicKeys": "[variables('publicKeysFormatted')]"
- },
- "provisionVMAgent": "[parameters('provisionVMAgent')]"
- },
- "windowsConfiguration": {
- "provisionVMAgent": "[parameters('provisionVMAgent')]",
- "enableAutomaticUpdates": "[parameters('enableAutomaticUpdates')]",
- "timeZone": "[if(empty(parameters('timeZone')), null(), parameters('timeZone'))]",
- "additionalUnattendContent": "[if(empty(parameters('additionalUnattendContent')), null(), parameters('additionalUnattendContent'))]",
- "winRM": "[if(not(empty(parameters('winRM'))), createObject('listeners', parameters('winRM')), null())]"
- },
- "accountSasProperties": {
- "signedServices": "b",
- "signedPermission": "r",
- "signedExpiry": "[dateTimeAdd(parameters('baseTime'), parameters('sasTokenValidityLength'))]",
- "signedResourceTypes": "o",
- "signedProtocol": "https"
- },
- "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]",
- "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]",
- "enableReferencedModulesTelemetry": false,
- "builtInRoleNames": {
- "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
- "Data Operator for Managed Disks": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '959f8984-c045-4866-89c7-12bf9737be2e')]",
- "Desktop Virtualization Power On Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '489581de-a3bd-480d-9518-53dea7416b33')]",
- "Desktop Virtualization Power On Off Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '40c5ff49-9181-41f8-ae61-143b0e78555e')]",
- "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]",
- "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]",
- "Disk Backup Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3e5e47e6-65f7-47ef-90b5-e5dd4d455f24')]",
- "Disk Pool Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '60fc6e62-5479-42d4-8bf4-67625fcc2840')]",
- "Disk Restore Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b50d9833-a0cb-478e-945f-707fcc997c13')]",
- "Disk Snapshot Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce')]",
- "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
- "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
- "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
- "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]",
- "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]",
- "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]",
- "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]",
- "VM Scanner Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd24ecba3-c1f4-40fa-a7bb-4588a071e8fd')]"
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "vmss": {
- "type": "Microsoft.Compute/virtualMachineScaleSets",
- "apiVersion": "2022-11-01",
- "name": "[parameters('name')]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "identity": "[variables('identity')]",
- "zones": "[parameters('availabilityZones')]",
- "properties": {
- "proximityPlacementGroup": "[if(not(empty(parameters('proximityPlacementGroupResourceId'))), createObject('id', parameters('proximityPlacementGroupResourceId')), null())]",
- "upgradePolicy": {
- "mode": "[parameters('upgradePolicyMode')]",
- "rollingUpgradePolicy": {
- "maxBatchInstancePercent": "[parameters('maxBatchInstancePercent')]",
- "maxUnhealthyInstancePercent": "[parameters('maxUnhealthyInstancePercent')]",
- "maxUnhealthyUpgradedInstancePercent": "[parameters('maxUnhealthyUpgradedInstancePercent')]",
- "pauseTimeBetweenBatches": "[parameters('pauseTimeBetweenBatches')]"
- },
- "automaticOSUpgradePolicy": {
- "enableAutomaticOSUpgrade": "[parameters('enableAutomaticOSUpgrade')]",
- "disableAutomaticRollback": "[parameters('disableAutomaticRollback')]"
- }
- },
- "automaticRepairsPolicy": {
- "enabled": "[parameters('automaticRepairsPolicyEnabled')]",
- "gracePeriod": "[parameters('gracePeriod')]"
- },
- "virtualMachineProfile": {
- "osProfile": {
- "computerNamePrefix": "[parameters('vmNamePrefix')]",
- "adminUsername": "[parameters('adminUsername')]",
- "adminPassword": "[if(not(empty(parameters('adminPassword'))), parameters('adminPassword'), null())]",
- "customData": "[if(not(empty(parameters('customData'))), base64(parameters('customData')), null())]",
- "windowsConfiguration": "[if(equals(parameters('osType'), 'Windows'), variables('windowsConfiguration'), null())]",
- "linuxConfiguration": "[if(equals(parameters('osType'), 'Linux'), variables('linuxConfiguration'), null())]",
- "secrets": "[parameters('secrets')]"
- },
- "securityProfile": {
- "encryptionAtHost": "[if(parameters('encryptionAtHost'), parameters('encryptionAtHost'), null())]",
- "securityType": "[parameters('securityType')]",
- "uefiSettings": "[if(equals(parameters('securityType'), 'TrustedLaunch'), createObject('secureBootEnabled', parameters('secureBootEnabled'), 'vTpmEnabled', parameters('vTpmEnabled')), null())]"
- },
- "storageProfile": {
- "copy": [
- {
- "name": "dataDisks",
- "count": "[length(parameters('dataDisks'))]",
- "input": {
- "lun": "[copyIndex('dataDisks')]",
- "diskSizeGB": "[parameters('dataDisks')[copyIndex('dataDisks')].diskSizeGB]",
- "createOption": "[parameters('dataDisks')[copyIndex('dataDisks')].createOption]",
- "caching": "[parameters('dataDisks')[copyIndex('dataDisks')].caching]",
- "writeAcceleratorEnabled": "[if(contains(parameters('osDisk'), 'writeAcceleratorEnabled'), parameters('osDisk').writeAcceleratorEnabled, null())]",
- "managedDisk": {
- "storageAccountType": "[parameters('dataDisks')[copyIndex('dataDisks')].managedDisk.storageAccountType]",
- "diskEncryptionSet": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')].managedDisk, 'diskEncryptionSet'), createObject('id', parameters('dataDisks')[copyIndex('dataDisks')].managedDisk.diskEncryptionSet.id), null())]"
- },
- "diskIOPSReadWrite": "[if(contains(parameters('osDisk'), 'diskIOPSReadWrite'), parameters('dataDisks')[copyIndex('dataDisks')].diskIOPSReadWrite, null())]",
- "diskMBpsReadWrite": "[if(contains(parameters('osDisk'), 'diskMBpsReadWrite'), parameters('dataDisks')[copyIndex('dataDisks')].diskMBpsReadWrite, null())]"
- }
- }
- ],
- "imageReference": "[parameters('imageReference')]",
- "osDisk": {
- "createOption": "[parameters('osDisk').createOption]",
- "diskSizeGB": "[parameters('osDisk').diskSizeGB]",
- "caching": "[if(contains(parameters('osDisk'), 'caching'), parameters('osDisk').caching, null())]",
- "writeAcceleratorEnabled": "[if(contains(parameters('osDisk'), 'writeAcceleratorEnabled'), parameters('osDisk').writeAcceleratorEnabled, null())]",
- "diffDiskSettings": "[if(contains(parameters('osDisk'), 'diffDiskSettings'), parameters('osDisk').diffDiskSettings, null())]",
- "osType": "[if(contains(parameters('osDisk'), 'osType'), parameters('osDisk').osType, null())]",
- "image": "[if(contains(parameters('osDisk'), 'image'), parameters('osDisk').image, null())]",
- "vhdContainers": "[if(contains(parameters('osDisk'), 'vhdContainers'), parameters('osDisk').vhdContainers, null())]",
- "managedDisk": {
- "storageAccountType": "[parameters('osDisk').managedDisk.storageAccountType]",
- "diskEncryptionSet": "[if(contains(parameters('osDisk').managedDisk, 'diskEncryptionSet'), createObject('id', parameters('osDisk').managedDisk.diskEncryptionSet.id), null())]"
- }
- }
- },
- "networkProfile": {
- "copy": [
- {
- "name": "networkInterfaceConfigurations",
- "count": "[length(parameters('nicConfigurations'))]",
- "input": {
- "name": "[format('{0}{1}configuration-{2}', parameters('name'), parameters('nicConfigurations')[copyIndex('networkInterfaceConfigurations')].nicSuffix, copyIndex('networkInterfaceConfigurations'))]",
- "properties": {
- "primary": "[if(equals(copyIndex('networkInterfaceConfigurations'), 0), true(), null())]",
- "enableAcceleratedNetworking": "[if(contains(parameters('nicConfigurations')[copyIndex('networkInterfaceConfigurations')], 'enableAcceleratedNetworking'), parameters('nicConfigurations')[copyIndex('networkInterfaceConfigurations')].enableAcceleratedNetworking, true())]",
- "networkSecurityGroup": "[if(contains(parameters('nicConfigurations')[copyIndex('networkInterfaceConfigurations')], 'nsgId'), createObject('id', parameters('nicConfigurations')[copyIndex('networkInterfaceConfigurations')].nsgId), null())]",
- "ipConfigurations": "[parameters('nicConfigurations')[copyIndex('networkInterfaceConfigurations')].ipConfigurations]"
- }
- }
- }
- ]
- },
- "diagnosticsProfile": {
- "bootDiagnostics": {
- "enabled": "[not(empty(parameters('bootDiagnosticStorageAccountName')))]",
- "storageUri": "[if(not(empty(parameters('bootDiagnosticStorageAccountName'))), format('https://{0}{1}', parameters('bootDiagnosticStorageAccountName'), parameters('bootDiagnosticStorageAccountUri')), null())]"
- }
- },
- "licenseType": "[if(empty(parameters('licenseType')), null(), parameters('licenseType'))]",
- "priority": "[parameters('vmPriority')]",
- "evictionPolicy": "[if(parameters('enableEvictionPolicy'), 'Deallocate', null())]",
- "billingProfile": "[if(and(not(empty(parameters('vmPriority'))), not(empty(parameters('maxPriceForLowPriorityVm')))), createObject('maxPrice', parameters('maxPriceForLowPriorityVm')), null())]",
- "scheduledEventsProfile": "[parameters('scheduledEventsProfile')]"
- },
- "overprovision": "[parameters('overprovision')]",
- "doNotRunExtensionsOnOverprovisionedVMs": "[parameters('doNotRunExtensionsOnOverprovisionedVMs')]",
- "zoneBalance": "[if(equals(parameters('zoneBalance'), 'true'), parameters('zoneBalance'), null())]",
- "platformFaultDomainCount": "[parameters('scaleSetFaultDomain')]",
- "singlePlacementGroup": "[parameters('singlePlacementGroup')]",
- "additionalCapabilities": {
- "ultraSSDEnabled": "[parameters('ultraSSDEnabled')]"
- },
- "scaleInPolicy": "[parameters('scaleInPolicy')]"
- },
- "sku": {
- "name": "[parameters('skuName')]",
- "capacity": "[parameters('skuCapacity')]"
- },
- "plan": "[if(not(empty(parameters('plan'))), parameters('plan'), null())]"
- },
- "vmss_logAnalyticsWorkspace": {
- "condition": "[not(empty(parameters('monitoringWorkspaceId')))]",
- "existing": true,
- "type": "Microsoft.OperationalInsights/workspaces",
- "apiVersion": "2021-06-01",
- "subscriptionId": "[split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '//'), '/')[2]]",
- "resourceGroup": "[split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '////'), '/')[4]]",
- "name": "[last(split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), 'law'), '/'))]"
- },
- "vmss_lock": {
- "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
- "type": "Microsoft.Authorization/locks",
- "apiVersion": "2020-05-01",
- "scope": "[format('Microsoft.Compute/virtualMachineScaleSets/{0}', parameters('name'))]",
- "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
- "properties": {
- "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
- "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
- },
- "dependsOn": [
- "vmss"
- ]
- },
- "vmss_diagnosticSettings": {
- "copy": {
- "name": "vmss_diagnosticSettings",
- "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]"
- },
- "type": "Microsoft.Insights/diagnosticSettings",
- "apiVersion": "2021-05-01-preview",
- "scope": "[format('Microsoft.Compute/virtualMachineScaleSets/{0}', parameters('name'))]",
- "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]",
- "properties": {
- "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]",
- "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]",
- "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]",
- "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]",
- "metrics": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics', 'timeGrain', null(), 'enabled', true())))]",
- "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]",
- "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]"
- },
- "dependsOn": [
- "vmss"
- ]
- },
- "vmss_roleAssignments": {
- "copy": {
- "name": "vmss_roleAssignments",
- "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
- },
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2022-04-01",
- "scope": "[format('Microsoft.Compute/virtualMachineScaleSets/{0}', parameters('name'))]",
- "name": "[guid(resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "properties": {
- "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]",
- "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
- "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
- "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
- "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
- "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
- "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
- },
- "dependsOn": [
- "vmss"
- ]
- },
- "vmss_domainJoinExtension": {
- "condition": "[parameters('extensionDomainJoinConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VMSS-DomainJoin', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineScaleSetName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "DomainJoin"
- },
- "publisher": {
- "value": "Microsoft.Compute"
- },
- "type": {
- "value": "JsonADDomainExtension"
- },
- "typeHandlerVersion": "[if(contains(parameters('extensionDomainJoinConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDomainJoinConfig').typeHandlerVersion), createObject('value', '1.3'))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDomainJoinConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDomainJoinConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionDomainJoinConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDomainJoinConfig').enableAutomaticUpgrade), createObject('value', false()))]",
- "settings": {
- "value": "[parameters('extensionDomainJoinConfig').settings]"
- },
- "protectedSettings": {
- "value": {
- "Password": "[parameters('extensionDomainJoinPassword')]"
- }
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "7901509432352717969"
- },
- "name": "Virtual Machine Scale Set Extensions",
- "description": "This module deploys a Virtual Machine Scale Set Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineScaleSetName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine scale set extension."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- }
- },
- "resources": [
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- {
- "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The ResourceId of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- }
- }
- }
- },
- "dependsOn": [
- "vmss"
- ]
- },
- "vmss_microsoftAntiMalwareExtension": {
- "condition": "[parameters('extensionAntiMalwareConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VMSS-MicrosoftAntiMalware', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineScaleSetName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "MicrosoftAntiMalware"
- },
- "publisher": {
- "value": "Microsoft.Azure.Security"
- },
- "type": {
- "value": "IaaSAntimalware"
- },
- "typeHandlerVersion": "[if(contains(parameters('extensionAntiMalwareConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAntiMalwareConfig').typeHandlerVersion), createObject('value', '1.3'))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAntiMalwareConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAntiMalwareConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionAntiMalwareConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAntiMalwareConfig').enableAutomaticUpgrade), createObject('value', false()))]",
- "settings": {
- "value": "[parameters('extensionAntiMalwareConfig').settings]"
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "7901509432352717969"
- },
- "name": "Virtual Machine Scale Set Extensions",
- "description": "This module deploys a Virtual Machine Scale Set Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineScaleSetName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine scale set extension."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- }
- },
- "resources": [
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- {
- "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The ResourceId of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- }
- }
- }
- },
- "dependsOn": [
- "vmss"
- ]
- },
- "vmss_microsoftMonitoringAgentExtension": {
- "condition": "[parameters('extensionMonitoringAgentConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VMSS-MicrosoftMonitoringAgent', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineScaleSetName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "MicrosoftMonitoringAgent"
- },
- "publisher": {
- "value": "Microsoft.EnterpriseCloud.Monitoring"
- },
- "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'MicrosoftMonitoringAgent'), createObject('value', 'OmsAgentForLinux'))]",
- "typeHandlerVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '1.0'), createObject('value', '1.7')))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionMonitoringAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]",
- "settings": {
- "value": {
- "workspaceId": "[if(not(empty(parameters('monitoringWorkspaceId'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '//'), '/')[2], split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '////'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), 'law'), '/'))), '2021-06-01').customerId, '')]"
- }
- },
- "protectedSettings": {
- "value": {
- "workspaceKey": "[if(not(empty(parameters('monitoringWorkspaceId'))), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '//'), '/')[2], split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '////'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), 'law'), '/'))), '2021-06-01').primarySharedKey, '')]"
- }
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "7901509432352717969"
- },
- "name": "Virtual Machine Scale Set Extensions",
- "description": "This module deploys a Virtual Machine Scale Set Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineScaleSetName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine scale set extension."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- }
- },
- "resources": [
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- {
- "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The ResourceId of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- }
- }
- }
- },
- "dependsOn": [
- "vmss",
- "vmss_logAnalyticsWorkspace"
- ]
- },
- "vmss_dependencyAgentExtension": {
- "condition": "[parameters('extensionDependencyAgentConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VMSS-DependencyAgent', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineScaleSetName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "DependencyAgent"
- },
- "publisher": {
- "value": "Microsoft.Azure.Monitoring.DependencyAgent"
- },
- "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'DependencyAgentWindows'), createObject('value', 'DependencyAgentLinux'))]",
- "typeHandlerVersion": "[if(contains(parameters('extensionDependencyAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDependencyAgentConfig').typeHandlerVersion), createObject('value', '9.5'))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDependencyAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDependencyAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionDependencyAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDependencyAgentConfig').enableAutomaticUpgrade), createObject('value', true()))]",
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "7901509432352717969"
- },
- "name": "Virtual Machine Scale Set Extensions",
- "description": "This module deploys a Virtual Machine Scale Set Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineScaleSetName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine scale set extension."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- }
- },
- "resources": [
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- {
- "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The ResourceId of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- }
- }
- }
- },
- "dependsOn": [
- "vmss"
- ]
- },
- "vmss_networkWatcherAgentExtension": {
- "condition": "[parameters('extensionNetworkWatcherAgentConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VMSS-NetworkWatcherAgent', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineScaleSetName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "NetworkWatcherAgent"
- },
- "publisher": {
- "value": "Microsoft.Azure.NetworkWatcher"
- },
- "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'NetworkWatcherAgentWindows'), createObject('value', 'NetworkWatcherAgentLinux'))]",
- "typeHandlerVersion": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').typeHandlerVersion), createObject('value', '1.4'))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]",
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "7901509432352717969"
- },
- "name": "Virtual Machine Scale Set Extensions",
- "description": "This module deploys a Virtual Machine Scale Set Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineScaleSetName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine scale set extension."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- }
- },
- "resources": [
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- {
- "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The ResourceId of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- }
- }
- }
- },
- "dependsOn": [
- "vmss"
- ]
- },
- "vmss_desiredStateConfigurationExtension": {
- "condition": "[parameters('extensionDSCConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VMSS-DesiredStateConfiguration', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineScaleSetName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "DesiredStateConfiguration"
- },
- "publisher": {
- "value": "Microsoft.Powershell"
- },
- "type": {
- "value": "DSC"
- },
- "typeHandlerVersion": "[if(contains(parameters('extensionDSCConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDSCConfig').typeHandlerVersion), createObject('value', '2.77'))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDSCConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDSCConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionDSCConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDSCConfig').enableAutomaticUpgrade), createObject('value', false()))]",
- "settings": "[if(contains(parameters('extensionDSCConfig'), 'settings'), createObject('value', parameters('extensionDSCConfig').settings), createObject('value', createObject()))]",
- "protectedSettings": "[if(contains(parameters('extensionDSCConfig'), 'protectedSettings'), createObject('value', parameters('extensionDSCConfig').protectedSettings), createObject('value', createObject()))]",
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "7901509432352717969"
- },
- "name": "Virtual Machine Scale Set Extensions",
- "description": "This module deploys a Virtual Machine Scale Set Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineScaleSetName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine scale set extension."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- }
- },
- "resources": [
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- {
- "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The ResourceId of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- }
- }
- }
- },
- "dependsOn": [
- "vmss"
- ]
- },
- "vmss_customScriptExtension": {
- "condition": "[parameters('extensionCustomScriptConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VMSS-CustomScriptExtension', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineScaleSetName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "CustomScriptExtension"
- },
- "publisher": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'Microsoft.Compute'), createObject('value', 'Microsoft.Azure.Extensions'))]",
- "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'CustomScriptExtension'), createObject('value', 'CustomScript'))]",
- "typeHandlerVersion": "[if(contains(parameters('extensionCustomScriptConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionCustomScriptConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '1.10'), createObject('value', '2.1')))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionCustomScriptConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionCustomScriptConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionCustomScriptConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionCustomScriptConfig').enableAutomaticUpgrade), createObject('value', false()))]",
- "settings": {
- "value": {
- "copy": [
- {
- "name": "fileUris",
- "count": "[length(parameters('extensionCustomScriptConfig').fileData)]",
- "input": "[if(contains(parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')], 'storageAccountId'), format('{0}?{1}', parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].uri, listAccountSas(parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].storageAccountId, '2019-04-01', variables('accountSasProperties')).accountSasToken), parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].uri)]"
- }
- ]
- }
- },
- "protectedSettings": "[if(contains(parameters('extensionCustomScriptConfig'), 'protectedSettings'), createObject('value', parameters('extensionCustomScriptConfig').protectedSettings), createObject('value', createObject()))]",
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "7901509432352717969"
- },
- "name": "Virtual Machine Scale Set Extensions",
- "description": "This module deploys a Virtual Machine Scale Set Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineScaleSetName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine scale set extension."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- }
- },
- "resources": [
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- {
- "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The ResourceId of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- }
- }
- }
- },
- "dependsOn": [
- "vmss",
- "vmss_desiredStateConfigurationExtension"
- ]
- },
- "vmss_azureDiskEncryptionExtension": {
- "condition": "[parameters('extensionAzureDiskEncryptionConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VMSS-AzureDiskEncryption', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineScaleSetName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "AzureDiskEncryption"
- },
- "publisher": {
- "value": "Microsoft.Azure.Security"
- },
- "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'AzureDiskEncryption'), createObject('value', 'AzureDiskEncryptionForLinux'))]",
- "typeHandlerVersion": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '2.2'), createObject('value', '1.1')))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').enableAutomaticUpgrade), createObject('value', false()))]",
- "forceUpdateTag": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'forceUpdateTag'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').forceUpdateTag), createObject('value', '1.0'))]",
- "settings": {
- "value": "[parameters('extensionAzureDiskEncryptionConfig').settings]"
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "7901509432352717969"
- },
- "name": "Virtual Machine Scale Set Extensions",
- "description": "This module deploys a Virtual Machine Scale Set Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineScaleSetName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine scale set extension."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- }
- },
- "resources": [
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- {
- "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The ResourceId of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- }
- }
- }
- },
- "dependsOn": [
- "vmss",
- "vmss_customScriptExtension",
- "vmss_microsoftMonitoringAgentExtension"
- ]
- }
- },
- "outputs": {
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the virtual machine scale set."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group of the virtual machine scale set."
- },
- "value": "[resourceGroup().name]"
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the virtual machine scale set."
- },
- "value": "[parameters('name')]"
- },
- "systemAssignedMIPrincipalId": {
- "type": "string",
- "metadata": {
- "description": "The principal ID of the system assigned identity."
- },
- "value": "[if(and(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), contains(reference('vmss', '2022-11-01', 'full').identity, 'principalId')), reference('vmss', '2022-11-01', 'full').identity.principalId, '')]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('vmss', '2022-11-01', 'full').location]"
- }
- }
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "14263499970126484312"
+ },
+ "name": "Virtual Machine Scale Sets",
+ "description": "This module deploys a Virtual Machine Scale Set.",
+ "owner": "Azure/module-maintainers"
+ },
+ "definitions": {
+ "managedIdentitiesType": {
+ "type": "object",
+ "properties": {
+ "systemAssigned": {
+ "type": "bool",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Enables system assigned managed identity on the resource."
+ }
+ },
+ "userAssignedResourceIds": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The resource ID(s) to assign to the resource."
+ }
+ }
+ },
+ "nullable": true
+ },
+ "lockType": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the name of lock."
+ }
+ },
+ "kind": {
+ "type": "string",
+ "allowedValues": [
+ "CanNotDelete",
+ "None",
+ "ReadOnly"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the type of lock."
+ }
+ }
+ },
+ "nullable": true
+ },
+ "roleAssignmentType": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "roleDefinitionIdOrName": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
+ }
+ },
+ "principalId": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
+ }
+ },
+ "principalType": {
+ "type": "string",
+ "allowedValues": [
+ "Device",
+ "ForeignGroup",
+ "Group",
+ "ServicePrincipal",
+ "User"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The principal type of the assigned principal ID."
+ }
+ },
+ "description": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The description of the role assignment."
+ }
+ },
+ "condition": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
+ }
+ },
+ "conditionVersion": {
+ "type": "string",
+ "allowedValues": [
+ "2.0"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Version of the condition."
+ }
+ },
+ "delegatedManagedIdentityResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The Resource Id of the delegated managed identity resource."
+ }
+ }
+ }
+ },
+ "nullable": true
+ },
+ "diagnosticSettingType": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of diagnostic setting."
+ }
+ },
+ "metricCategories": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "category": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics."
+ }
+ }
+ }
+ },
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
+ }
+ },
+ "logAnalyticsDestinationType": {
+ "type": "string",
+ "allowedValues": [
+ "AzureDiagnostics",
+ "Dedicated"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type."
+ }
+ },
+ "workspaceResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "storageAccountResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "eventHubAuthorizationRuleResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
+ }
+ },
+ "eventHubName": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "marketplacePartnerResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs."
+ }
+ }
+ }
+ },
+ "nullable": true
+ }
+ },
+ "parameters": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Name of the VMSS."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. Location for all resources."
+ }
+ },
+ "encryptionAtHost": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets."
+ }
+ },
+ "securityType": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings."
+ }
+ },
+ "secureBootEnabled": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings."
+ }
+ },
+ "vTpmEnabled": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings."
+ }
+ },
+ "imageReference": {
+ "type": "object",
+ "metadata": {
+ "description": "Required. OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image."
+ }
+ },
+ "plan": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use."
+ }
+ },
+ "osDisk": {
+ "type": "object",
+ "metadata": {
+ "description": "Required. Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets."
+ }
+ },
+ "dataDisks": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets."
+ }
+ },
+ "ultraSSDEnabled": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled."
+ }
+ },
+ "adminUsername": {
+ "type": "securestring",
+ "metadata": {
+ "description": "Required. Administrator username."
+ }
+ },
+ "adminPassword": {
+ "type": "securestring",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. When specifying a Windows Virtual Machine, this value should be passed."
+ }
+ },
+ "customData": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format."
+ }
+ },
+ "roleAssignments": {
+ "$ref": "#/definitions/roleAssignmentType",
+ "metadata": {
+ "description": "Optional. Array of role assignments to create."
+ }
+ },
+ "scaleSetFaultDomain": {
+ "type": "int",
+ "defaultValue": 2,
+ "metadata": {
+ "description": "Optional. Fault Domain count for each placement group."
+ }
+ },
+ "proximityPlacementGroupResourceId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Resource ID of a proximity placement group."
+ }
+ },
+ "nicConfigurations": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Required. Configures NICs and PIPs."
+ }
+ },
+ "vmPriority": {
+ "type": "string",
+ "defaultValue": "Regular",
+ "allowedValues": [
+ "Regular",
+ "Low",
+ "Spot"
+ ],
+ "metadata": {
+ "description": "Optional. Specifies the priority for the virtual machine."
+ }
+ },
+ "enableEvictionPolicy": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy."
+ }
+ },
+ "maxPriceForLowPriorityVm": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars."
+ }
+ },
+ "licenseType": {
+ "type": "string",
+ "defaultValue": "",
+ "allowedValues": [
+ "Windows_Client",
+ "Windows_Server",
+ ""
+ ],
+ "metadata": {
+ "description": "Optional. Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system."
+ }
+ },
+ "extensionDomainJoinPassword": {
+ "type": "securestring",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Required if name is specified. Password of the user specified in user parameter."
+ }
+ },
+ "extensionDomainJoinConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Domain Join] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ }
+ },
+ "extensionAntiMalwareConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Anti Malware] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ }
+ },
+ "extensionMonitoringAgentConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Monitoring Agent] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ }
+ },
+ "monitoringWorkspaceId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Resource ID of the monitoring log analytics workspace."
+ }
+ },
+ "extensionDependencyAgentConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Dependency Agent] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ }
+ },
+ "extensionNetworkWatcherAgentConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Network Watcher Agent] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ }
+ },
+ "extensionAzureDiskEncryptionConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Azure Disk Encryption] extension. Must at least contain the [\"enabled\": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys."
+ }
+ },
+ "extensionDSCConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Desired State Configuration] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ }
+ },
+ "extensionCustomScriptConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false,
+ "fileData": []
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Custom Script] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ }
+ },
+ "bootDiagnosticStorageAccountUri": {
+ "type": "string",
+ "defaultValue": "[format('.blob.{0}/', environment().suffixes.storage)]",
+ "metadata": {
+ "description": "Optional. Storage account boot diagnostic base URI."
+ }
+ },
+ "bootDiagnosticStorageAccountName": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided."
+ }
+ },
+ "diagnosticSettings": {
+ "$ref": "#/definitions/diagnosticSettingType",
+ "metadata": {
+ "description": "Optional. The diagnostic settings of the service."
+ }
+ },
+ "lock": {
+ "$ref": "#/definitions/lockType",
+ "metadata": {
+ "description": "Optional. The lock settings of the service."
+ }
+ },
+ "upgradePolicyMode": {
+ "type": "string",
+ "defaultValue": "Manual",
+ "allowedValues": [
+ "Manual",
+ "Automatic",
+ "Rolling"
+ ],
+ "metadata": {
+ "description": "Optional. Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling."
+ }
+ },
+ "maxBatchInstancePercent": {
+ "type": "int",
+ "defaultValue": 20,
+ "metadata": {
+ "description": "Optional. The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability."
+ }
+ },
+ "maxUnhealthyInstancePercent": {
+ "type": "int",
+ "defaultValue": 20,
+ "metadata": {
+ "description": "Optional. The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch."
+ }
+ },
+ "maxUnhealthyUpgradedInstancePercent": {
+ "type": "int",
+ "defaultValue": 20,
+ "metadata": {
+ "description": "Optional. The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch."
+ }
+ },
+ "pauseTimeBetweenBatches": {
+ "type": "string",
+ "defaultValue": "PT0S",
+ "metadata": {
+ "description": "Optional. The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format."
+ }
+ },
+ "enableAutomaticOSUpgrade": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true."
+ }
+ },
+ "disableAutomaticRollback": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Whether OS image rollback feature should be disabled."
+ }
+ },
+ "automaticRepairsPolicyEnabled": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Specifies whether automatic repairs should be enabled on the virtual machine scale set."
+ }
+ },
+ "gracePeriod": {
+ "type": "string",
+ "defaultValue": "PT30M",
+ "metadata": {
+ "description": "Optional. The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M)."
+ }
+ },
+ "vmNamePrefix": {
+ "type": "string",
+ "defaultValue": "vmssvm",
+ "minLength": 1,
+ "maxLength": 15,
+ "metadata": {
+ "description": "Optional. Specifies the computer name prefix for all of the virtual machines in the scale set."
+ }
+ },
+ "provisionVMAgent": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later."
+ }
+ },
+ "enableAutomaticUpdates": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning."
+ }
+ },
+ "timeZone": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`."
+ }
+ },
+ "additionalUnattendContent": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object."
+ }
+ },
+ "winRM": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object."
+ }
+ },
+ "disablePasswordAuthentication": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Specifies whether password authentication should be disabled."
+ }
+ },
+ "publicKeys": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. The list of SSH public keys used to authenticate with linux based VMs."
+ }
+ },
+ "secrets": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. Specifies set of certificates that should be installed onto the virtual machines in the scale set."
+ }
+ },
+ "scheduledEventsProfile": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Specifies Scheduled Event related configurations."
+ }
+ },
+ "overprovision": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Specifies whether the Virtual Machine Scale Set should be overprovisioned."
+ }
+ },
+ "doNotRunExtensionsOnOverprovisionedVMs": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs."
+ }
+ },
+ "zoneBalance": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage."
+ }
+ },
+ "singlePlacementGroup": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true."
+ }
+ },
+ "scaleInPolicy": {
+ "type": "object",
+ "defaultValue": {
+ "rules": [
+ "Default"
+ ]
+ },
+ "metadata": {
+ "description": "Optional. Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in."
+ }
+ },
+ "skuName": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The SKU size of the VMs."
+ }
+ },
+ "skuCapacity": {
+ "type": "int",
+ "defaultValue": 1,
+ "metadata": {
+ "description": "Optional. The initial instance count of scale set VMs."
+ }
+ },
+ "availabilityZones": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Tags of the resource."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ },
+ "osType": {
+ "type": "string",
+ "allowedValues": [
+ "Windows",
+ "Linux"
+ ],
+ "metadata": {
+ "description": "Required. The chosen OS type."
+ }
+ },
+ "baseTime": {
+ "type": "string",
+ "defaultValue": "[utcNow('u')]",
+ "metadata": {
+ "description": "Generated. Do not provide a value! This date value is used to generate a registration token."
+ }
+ },
+ "sasTokenValidityLength": {
+ "type": "string",
+ "defaultValue": "PT8H",
+ "metadata": {
+ "description": "Optional. SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours."
+ }
+ },
+ "managedIdentities": {
+ "$ref": "#/definitions/managedIdentitiesType",
+ "metadata": {
+ "description": "Optional. The managed identity definition for this resource."
+ }
+ }
+ },
+ "variables": {
+ "copy": [
+ {
+ "name": "publicKeysFormatted",
+ "count": "[length(parameters('publicKeys'))]",
+ "input": {
+ "path": "[parameters('publicKeys')[copyIndex('publicKeysFormatted')].path]",
+ "keyData": "[parameters('publicKeys')[copyIndex('publicKeysFormatted')].keyData]"
+ }
+ }
+ ],
+ "linuxConfiguration": {
+ "disablePasswordAuthentication": "[parameters('disablePasswordAuthentication')]",
+ "ssh": {
+ "publicKeys": "[variables('publicKeysFormatted')]"
+ },
+ "provisionVMAgent": "[parameters('provisionVMAgent')]"
+ },
+ "windowsConfiguration": {
+ "provisionVMAgent": "[parameters('provisionVMAgent')]",
+ "enableAutomaticUpdates": "[parameters('enableAutomaticUpdates')]",
+ "timeZone": "[if(empty(parameters('timeZone')), null(), parameters('timeZone'))]",
+ "additionalUnattendContent": "[if(empty(parameters('additionalUnattendContent')), null(), parameters('additionalUnattendContent'))]",
+ "winRM": "[if(not(empty(parameters('winRM'))), createObject('listeners', parameters('winRM')), null())]"
+ },
+ "accountSasProperties": {
+ "signedServices": "b",
+ "signedPermission": "r",
+ "signedExpiry": "[dateTimeAdd(parameters('baseTime'), parameters('sasTokenValidityLength'))]",
+ "signedResourceTypes": "o",
+ "signedProtocol": "https"
+ },
+ "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]",
+ "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]",
+ "enableReferencedModulesTelemetry": false,
+ "builtInRoleNames": {
+ "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
+ "Data Operator for Managed Disks": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '959f8984-c045-4866-89c7-12bf9737be2e')]",
+ "Desktop Virtualization Power On Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '489581de-a3bd-480d-9518-53dea7416b33')]",
+ "Desktop Virtualization Power On Off Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '40c5ff49-9181-41f8-ae61-143b0e78555e')]",
+ "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]",
+ "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]",
+ "Disk Backup Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3e5e47e6-65f7-47ef-90b5-e5dd4d455f24')]",
+ "Disk Pool Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '60fc6e62-5479-42d4-8bf4-67625fcc2840')]",
+ "Disk Restore Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b50d9833-a0cb-478e-945f-707fcc997c13')]",
+ "Disk Snapshot Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce')]",
+ "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
+ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
+ "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
+ "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]",
+ "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]",
+ "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]",
+ "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]",
+ "VM Scanner Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd24ecba3-c1f4-40fa-a7bb-4588a071e8fd')]"
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "vmss": {
+ "type": "Microsoft.Compute/virtualMachineScaleSets",
+ "apiVersion": "2022-11-01",
+ "name": "[parameters('name')]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tags')]",
+ "identity": "[variables('identity')]",
+ "zones": "[parameters('availabilityZones')]",
+ "properties": {
+ "proximityPlacementGroup": "[if(not(empty(parameters('proximityPlacementGroupResourceId'))), createObject('id', parameters('proximityPlacementGroupResourceId')), null())]",
+ "upgradePolicy": {
+ "mode": "[parameters('upgradePolicyMode')]",
+ "rollingUpgradePolicy": {
+ "maxBatchInstancePercent": "[parameters('maxBatchInstancePercent')]",
+ "maxUnhealthyInstancePercent": "[parameters('maxUnhealthyInstancePercent')]",
+ "maxUnhealthyUpgradedInstancePercent": "[parameters('maxUnhealthyUpgradedInstancePercent')]",
+ "pauseTimeBetweenBatches": "[parameters('pauseTimeBetweenBatches')]"
+ },
+ "automaticOSUpgradePolicy": {
+ "enableAutomaticOSUpgrade": "[parameters('enableAutomaticOSUpgrade')]",
+ "disableAutomaticRollback": "[parameters('disableAutomaticRollback')]"
+ }
+ },
+ "automaticRepairsPolicy": {
+ "enabled": "[parameters('automaticRepairsPolicyEnabled')]",
+ "gracePeriod": "[parameters('gracePeriod')]"
+ },
+ "virtualMachineProfile": {
+ "osProfile": {
+ "computerNamePrefix": "[parameters('vmNamePrefix')]",
+ "adminUsername": "[parameters('adminUsername')]",
+ "adminPassword": "[if(not(empty(parameters('adminPassword'))), parameters('adminPassword'), null())]",
+ "customData": "[if(not(empty(parameters('customData'))), base64(parameters('customData')), null())]",
+ "windowsConfiguration": "[if(equals(parameters('osType'), 'Windows'), variables('windowsConfiguration'), null())]",
+ "linuxConfiguration": "[if(equals(parameters('osType'), 'Linux'), variables('linuxConfiguration'), null())]",
+ "secrets": "[parameters('secrets')]"
+ },
+ "securityProfile": {
+ "encryptionAtHost": "[if(parameters('encryptionAtHost'), parameters('encryptionAtHost'), null())]",
+ "securityType": "[parameters('securityType')]",
+ "uefiSettings": "[if(equals(parameters('securityType'), 'TrustedLaunch'), createObject('secureBootEnabled', parameters('secureBootEnabled'), 'vTpmEnabled', parameters('vTpmEnabled')), null())]"
+ },
+ "storageProfile": {
+ "copy": [
+ {
+ "name": "dataDisks",
+ "count": "[length(parameters('dataDisks'))]",
+ "input": {
+ "lun": "[copyIndex('dataDisks')]",
+ "diskSizeGB": "[parameters('dataDisks')[copyIndex('dataDisks')].diskSizeGB]",
+ "createOption": "[parameters('dataDisks')[copyIndex('dataDisks')].createOption]",
+ "caching": "[parameters('dataDisks')[copyIndex('dataDisks')].caching]",
+ "writeAcceleratorEnabled": "[if(contains(parameters('osDisk'), 'writeAcceleratorEnabled'), parameters('osDisk').writeAcceleratorEnabled, null())]",
+ "managedDisk": {
+ "storageAccountType": "[parameters('dataDisks')[copyIndex('dataDisks')].managedDisk.storageAccountType]",
+ "diskEncryptionSet": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')].managedDisk, 'diskEncryptionSet'), createObject('id', parameters('dataDisks')[copyIndex('dataDisks')].managedDisk.diskEncryptionSet.id), null())]"
+ },
+ "diskIOPSReadWrite": "[if(contains(parameters('osDisk'), 'diskIOPSReadWrite'), parameters('dataDisks')[copyIndex('dataDisks')].diskIOPSReadWrite, null())]",
+ "diskMBpsReadWrite": "[if(contains(parameters('osDisk'), 'diskMBpsReadWrite'), parameters('dataDisks')[copyIndex('dataDisks')].diskMBpsReadWrite, null())]"
+ }
+ }
+ ],
+ "imageReference": "[parameters('imageReference')]",
+ "osDisk": {
+ "createOption": "[parameters('osDisk').createOption]",
+ "diskSizeGB": "[parameters('osDisk').diskSizeGB]",
+ "caching": "[if(contains(parameters('osDisk'), 'caching'), parameters('osDisk').caching, null())]",
+ "writeAcceleratorEnabled": "[if(contains(parameters('osDisk'), 'writeAcceleratorEnabled'), parameters('osDisk').writeAcceleratorEnabled, null())]",
+ "diffDiskSettings": "[if(contains(parameters('osDisk'), 'diffDiskSettings'), parameters('osDisk').diffDiskSettings, null())]",
+ "osType": "[if(contains(parameters('osDisk'), 'osType'), parameters('osDisk').osType, null())]",
+ "image": "[if(contains(parameters('osDisk'), 'image'), parameters('osDisk').image, null())]",
+ "vhdContainers": "[if(contains(parameters('osDisk'), 'vhdContainers'), parameters('osDisk').vhdContainers, null())]",
+ "managedDisk": {
+ "storageAccountType": "[parameters('osDisk').managedDisk.storageAccountType]",
+ "diskEncryptionSet": "[if(contains(parameters('osDisk').managedDisk, 'diskEncryptionSet'), createObject('id', parameters('osDisk').managedDisk.diskEncryptionSet.id), null())]"
+ }
+ }
+ },
+ "networkProfile": {
+ "copy": [
+ {
+ "name": "networkInterfaceConfigurations",
+ "count": "[length(parameters('nicConfigurations'))]",
+ "input": {
+ "name": "[format('{0}{1}configuration-{2}', parameters('name'), parameters('nicConfigurations')[copyIndex('networkInterfaceConfigurations')].nicSuffix, copyIndex('networkInterfaceConfigurations'))]",
+ "properties": {
+ "primary": "[if(equals(copyIndex('networkInterfaceConfigurations'), 0), true(), null())]",
+ "enableAcceleratedNetworking": "[if(contains(parameters('nicConfigurations')[copyIndex('networkInterfaceConfigurations')], 'enableAcceleratedNetworking'), parameters('nicConfigurations')[copyIndex('networkInterfaceConfigurations')].enableAcceleratedNetworking, true())]",
+ "networkSecurityGroup": "[if(contains(parameters('nicConfigurations')[copyIndex('networkInterfaceConfigurations')], 'nsgId'), createObject('id', parameters('nicConfigurations')[copyIndex('networkInterfaceConfigurations')].nsgId), null())]",
+ "ipConfigurations": "[parameters('nicConfigurations')[copyIndex('networkInterfaceConfigurations')].ipConfigurations]"
+ }
+ }
+ }
+ ]
+ },
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "enabled": "[not(empty(parameters('bootDiagnosticStorageAccountName')))]",
+ "storageUri": "[if(not(empty(parameters('bootDiagnosticStorageAccountName'))), format('https://{0}{1}', parameters('bootDiagnosticStorageAccountName'), parameters('bootDiagnosticStorageAccountUri')), null())]"
+ }
+ },
+ "licenseType": "[if(empty(parameters('licenseType')), null(), parameters('licenseType'))]",
+ "priority": "[parameters('vmPriority')]",
+ "evictionPolicy": "[if(parameters('enableEvictionPolicy'), 'Deallocate', null())]",
+ "billingProfile": "[if(and(not(empty(parameters('vmPriority'))), not(empty(parameters('maxPriceForLowPriorityVm')))), createObject('maxPrice', parameters('maxPriceForLowPriorityVm')), null())]",
+ "scheduledEventsProfile": "[parameters('scheduledEventsProfile')]"
+ },
+ "overprovision": "[parameters('overprovision')]",
+ "doNotRunExtensionsOnOverprovisionedVMs": "[parameters('doNotRunExtensionsOnOverprovisionedVMs')]",
+ "zoneBalance": "[if(equals(parameters('zoneBalance'), 'true'), parameters('zoneBalance'), null())]",
+ "platformFaultDomainCount": "[parameters('scaleSetFaultDomain')]",
+ "singlePlacementGroup": "[parameters('singlePlacementGroup')]",
+ "additionalCapabilities": {
+ "ultraSSDEnabled": "[parameters('ultraSSDEnabled')]"
+ },
+ "scaleInPolicy": "[parameters('scaleInPolicy')]"
+ },
+ "sku": {
+ "name": "[parameters('skuName')]",
+ "capacity": "[parameters('skuCapacity')]"
+ },
+ "plan": "[if(not(empty(parameters('plan'))), parameters('plan'), null())]"
+ },
+ "vmss_logAnalyticsWorkspace": {
+ "condition": "[not(empty(parameters('monitoringWorkspaceId')))]",
+ "existing": true,
+ "type": "Microsoft.OperationalInsights/workspaces",
+ "apiVersion": "2021-06-01",
+ "subscriptionId": "[split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '//'), '/')[2]]",
+ "resourceGroup": "[split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '////'), '/')[4]]",
+ "name": "[last(split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), 'law'), '/'))]"
+ },
+ "vmss_lock": {
+ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
+ "type": "Microsoft.Authorization/locks",
+ "apiVersion": "2020-05-01",
+ "scope": "[format('Microsoft.Compute/virtualMachineScaleSets/{0}', parameters('name'))]",
+ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
+ "properties": {
+ "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
+ "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
+ },
+ "dependsOn": [
+ "vmss"
+ ]
+ },
+ "vmss_diagnosticSettings": {
+ "copy": {
+ "name": "vmss_diagnosticSettings",
+ "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]"
+ },
+ "type": "Microsoft.Insights/diagnosticSettings",
+ "apiVersion": "2021-05-01-preview",
+ "scope": "[format('Microsoft.Compute/virtualMachineScaleSets/{0}', parameters('name'))]",
+ "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]",
+ "properties": {
+ "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]",
+ "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]",
+ "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]",
+ "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]",
+ "metrics": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics', 'timeGrain', null(), 'enabled', true())))]",
+ "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]",
+ "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]"
+ },
+ "dependsOn": [
+ "vmss"
+ ]
+ },
+ "vmss_roleAssignments": {
+ "copy": {
+ "name": "vmss_roleAssignments",
+ "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
+ },
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2022-04-01",
+ "scope": "[format('Microsoft.Compute/virtualMachineScaleSets/{0}', parameters('name'))]",
+ "name": "[guid(resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
+ "properties": {
+ "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]",
+ "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
+ "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
+ "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
+ "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
+ "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
+ "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
+ },
+ "dependsOn": [
+ "vmss"
+ ]
+ },
+ "vmss_domainJoinExtension": {
+ "condition": "[parameters('extensionDomainJoinConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VMSS-DomainJoin', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "DomainJoin"
+ },
+ "publisher": {
+ "value": "Microsoft.Compute"
+ },
+ "type": {
+ "value": "JsonADDomainExtension"
+ },
+ "typeHandlerVersion": "[if(contains(parameters('extensionDomainJoinConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDomainJoinConfig').typeHandlerVersion), createObject('value', '1.3'))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDomainJoinConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDomainJoinConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionDomainJoinConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDomainJoinConfig').enableAutomaticUpgrade), createObject('value', false()))]",
+ "settings": {
+ "value": "[parameters('extensionDomainJoinConfig').settings]"
+ },
+ "protectedSettings": {
+ "value": {
+ "Password": "[parameters('extensionDomainJoinPassword')]"
+ }
+ },
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "11750050808770259539"
+ },
+ "name": "Virtual Machine Scale Set Extensions",
+ "description": "This module deploys a Virtual Machine Scale Set Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine scale set extension."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ }
+ },
+ "resources": [
+ {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ }
+ }
+ ],
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The ResourceId of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vmss"
+ ]
+ },
+ "vmss_microsoftAntiMalwareExtension": {
+ "condition": "[parameters('extensionAntiMalwareConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VMSS-MicrosoftAntiMalware', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "MicrosoftAntiMalware"
+ },
+ "publisher": {
+ "value": "Microsoft.Azure.Security"
+ },
+ "type": {
+ "value": "IaaSAntimalware"
+ },
+ "typeHandlerVersion": "[if(contains(parameters('extensionAntiMalwareConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAntiMalwareConfig').typeHandlerVersion), createObject('value', '1.3'))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAntiMalwareConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAntiMalwareConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionAntiMalwareConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAntiMalwareConfig').enableAutomaticUpgrade), createObject('value', false()))]",
+ "settings": {
+ "value": "[parameters('extensionAntiMalwareConfig').settings]"
+ },
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "11750050808770259539"
+ },
+ "name": "Virtual Machine Scale Set Extensions",
+ "description": "This module deploys a Virtual Machine Scale Set Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine scale set extension."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ }
+ },
+ "resources": [
+ {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ }
+ }
+ ],
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The ResourceId of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vmss"
+ ]
+ },
+ "vmss_microsoftMonitoringAgentExtension": {
+ "condition": "[parameters('extensionMonitoringAgentConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VMSS-MicrosoftMonitoringAgent', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "MicrosoftMonitoringAgent"
+ },
+ "publisher": {
+ "value": "Microsoft.EnterpriseCloud.Monitoring"
+ },
+ "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'MicrosoftMonitoringAgent'), createObject('value', 'OmsAgentForLinux'))]",
+ "typeHandlerVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '1.0'), createObject('value', '1.7')))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionMonitoringAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]",
+ "settings": {
+ "value": {
+ "workspaceId": "[if(not(empty(parameters('monitoringWorkspaceId'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '//'), '/')[2], split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '////'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), 'law'), '/'))), '2021-06-01').customerId, '')]"
+ }
+ },
+ "protectedSettings": {
+ "value": {
+ "workspaceKey": "[if(not(empty(parameters('monitoringWorkspaceId'))), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '//'), '/')[2], split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '////'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), 'law'), '/'))), '2021-06-01').primarySharedKey, '')]"
+ }
+ },
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "11750050808770259539"
+ },
+ "name": "Virtual Machine Scale Set Extensions",
+ "description": "This module deploys a Virtual Machine Scale Set Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine scale set extension."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ }
+ },
+ "resources": [
+ {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ }
+ }
+ ],
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The ResourceId of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vmss",
+ "vmss_logAnalyticsWorkspace"
+ ]
+ },
+ "vmss_dependencyAgentExtension": {
+ "condition": "[parameters('extensionDependencyAgentConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VMSS-DependencyAgent', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "DependencyAgent"
+ },
+ "publisher": {
+ "value": "Microsoft.Azure.Monitoring.DependencyAgent"
+ },
+ "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'DependencyAgentWindows'), createObject('value', 'DependencyAgentLinux'))]",
+ "typeHandlerVersion": "[if(contains(parameters('extensionDependencyAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDependencyAgentConfig').typeHandlerVersion), createObject('value', '9.5'))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDependencyAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDependencyAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionDependencyAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDependencyAgentConfig').enableAutomaticUpgrade), createObject('value', true()))]",
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "11750050808770259539"
+ },
+ "name": "Virtual Machine Scale Set Extensions",
+ "description": "This module deploys a Virtual Machine Scale Set Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine scale set extension."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ }
+ },
+ "resources": [
+ {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ }
+ }
+ ],
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The ResourceId of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vmss"
+ ]
+ },
+ "vmss_networkWatcherAgentExtension": {
+ "condition": "[parameters('extensionNetworkWatcherAgentConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VMSS-NetworkWatcherAgent', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "NetworkWatcherAgent"
+ },
+ "publisher": {
+ "value": "Microsoft.Azure.NetworkWatcher"
+ },
+ "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'NetworkWatcherAgentWindows'), createObject('value', 'NetworkWatcherAgentLinux'))]",
+ "typeHandlerVersion": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').typeHandlerVersion), createObject('value', '1.4'))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]",
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "11750050808770259539"
+ },
+ "name": "Virtual Machine Scale Set Extensions",
+ "description": "This module deploys a Virtual Machine Scale Set Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine scale set extension."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ }
+ },
+ "resources": [
+ {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ }
+ }
+ ],
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The ResourceId of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vmss"
+ ]
+ },
+ "vmss_desiredStateConfigurationExtension": {
+ "condition": "[parameters('extensionDSCConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VMSS-DesiredStateConfiguration', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "DesiredStateConfiguration"
+ },
+ "publisher": {
+ "value": "Microsoft.Powershell"
+ },
+ "type": {
+ "value": "DSC"
+ },
+ "typeHandlerVersion": "[if(contains(parameters('extensionDSCConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDSCConfig').typeHandlerVersion), createObject('value', '2.77'))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDSCConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDSCConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionDSCConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDSCConfig').enableAutomaticUpgrade), createObject('value', false()))]",
+ "settings": "[if(contains(parameters('extensionDSCConfig'), 'settings'), createObject('value', parameters('extensionDSCConfig').settings), createObject('value', createObject()))]",
+ "protectedSettings": "[if(contains(parameters('extensionDSCConfig'), 'protectedSettings'), createObject('value', parameters('extensionDSCConfig').protectedSettings), createObject('value', createObject()))]",
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "11750050808770259539"
+ },
+ "name": "Virtual Machine Scale Set Extensions",
+ "description": "This module deploys a Virtual Machine Scale Set Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine scale set extension."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ }
+ },
+ "resources": [
+ {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ }
+ }
+ ],
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The ResourceId of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vmss"
+ ]
+ },
+ "vmss_customScriptExtension": {
+ "condition": "[parameters('extensionCustomScriptConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VMSS-CustomScriptExtension', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "CustomScriptExtension"
+ },
+ "publisher": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'Microsoft.Compute'), createObject('value', 'Microsoft.Azure.Extensions'))]",
+ "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'CustomScriptExtension'), createObject('value', 'CustomScript'))]",
+ "typeHandlerVersion": "[if(contains(parameters('extensionCustomScriptConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionCustomScriptConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '1.10'), createObject('value', '2.1')))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionCustomScriptConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionCustomScriptConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionCustomScriptConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionCustomScriptConfig').enableAutomaticUpgrade), createObject('value', false()))]",
+ "settings": {
+ "value": {
+ "copy": [
+ {
+ "name": "fileUris",
+ "count": "[length(parameters('extensionCustomScriptConfig').fileData)]",
+ "input": "[if(contains(parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')], 'storageAccountId'), format('{0}?{1}', parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].uri, listAccountSas(parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].storageAccountId, '2019-04-01', variables('accountSasProperties')).accountSasToken), parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].uri)]"
+ }
+ ]
+ }
+ },
+ "protectedSettings": "[if(contains(parameters('extensionCustomScriptConfig'), 'protectedSettings'), createObject('value', parameters('extensionCustomScriptConfig').protectedSettings), createObject('value', createObject()))]",
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "11750050808770259539"
+ },
+ "name": "Virtual Machine Scale Set Extensions",
+ "description": "This module deploys a Virtual Machine Scale Set Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine scale set extension."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ }
+ },
+ "resources": [
+ {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ }
+ }
+ ],
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The ResourceId of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vmss",
+ "vmss_desiredStateConfigurationExtension"
+ ]
+ },
+ "vmss_azureDiskEncryptionExtension": {
+ "condition": "[parameters('extensionAzureDiskEncryptionConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VMSS-AzureDiskEncryption', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "AzureDiskEncryption"
+ },
+ "publisher": {
+ "value": "Microsoft.Azure.Security"
+ },
+ "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'AzureDiskEncryption'), createObject('value', 'AzureDiskEncryptionForLinux'))]",
+ "typeHandlerVersion": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '2.2'), createObject('value', '1.1')))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').enableAutomaticUpgrade), createObject('value', false()))]",
+ "forceUpdateTag": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'forceUpdateTag'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').forceUpdateTag), createObject('value', '1.0'))]",
+ "settings": {
+ "value": "[parameters('extensionAzureDiskEncryptionConfig').settings]"
+ },
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "11750050808770259539"
+ },
+ "name": "Virtual Machine Scale Set Extensions",
+ "description": "This module deploys a Virtual Machine Scale Set Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineScaleSetName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine scale set extension."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ }
+ },
+ "resources": [
+ {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachineScaleSets/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineScaleSetName'), parameters('name'))]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ }
+ }
+ ],
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The ResourceId of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets/extensions', parameters('virtualMachineScaleSetName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vmss",
+ "vmss_customScriptExtension",
+ "vmss_microsoftMonitoringAgentExtension"
+ ]
+ }
+ },
+ "outputs": {
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the virtual machine scale set."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource group of the virtual machine scale set."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the virtual machine scale set."
+ },
+ "value": "[parameters('name')]"
+ },
+ "systemAssignedMIPrincipalId": {
+ "type": "string",
+ "metadata": {
+ "description": "The principal ID of the system assigned identity."
+ },
+ "value": "[if(and(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), contains(reference('vmss', '2022-11-01', 'full').identity, 'principalId')), reference('vmss', '2022-11-01', 'full').identity.principalId, '')]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('vmss', '2022-11-01', 'full').location]"
+ }
+ }
}
\ No newline at end of file
diff --git a/modules/compute/virtual-machine/README.md b/modules/compute/virtual-machine/README.md
index b92ce4549a..fe8c8db4c9 100644
--- a/modules/compute/virtual-machine/README.md
+++ b/modules/compute/virtual-machine/README.md
@@ -1,3552 +1,3552 @@
-# Virtual Machines `[Microsoft.Compute/virtualMachines]`
-
-This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Usage examples](#Usage-examples)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
-- [Notes](#Notes)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
-| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-| `Microsoft.Automanage/configurationProfileAssignments` | [2021-04-30-preview](https://learn.microsoft.com/en-us/azure/templates) |
-| `Microsoft.Compute/virtualMachines` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/virtualMachines) |
-| `Microsoft.Compute/virtualMachines/extensions` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/virtualMachines/extensions) |
-| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
-| `Microsoft.Network/networkInterfaces` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkInterfaces) |
-| `Microsoft.Network/publicIPAddresses` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/publicIPAddresses) |
-| `Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems` | [2023-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2023-01-01/vaults/backupFabrics/protectionContainers/protectedItems) |
-
-## Usage examples
-
-The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
-
->**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
->**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.virtual-machine:1.0.0`.
-
-- [Linux.Atmg](#example-1-linuxatmg)
-- [Linux.Min](#example-2-linuxmin)
-- [Linux](#example-3-linux)
-- [Windows.Atmg](#example-4-windowsatmg)
-- [Windows.Min](#example-5-windowsmin)
-- [Windows.Ssecmk](#example-6-windowsssecmk)
-- [Windows](#example-7-windows)
-
-### Example 1: _Linux.Atmg_
-
-via Bicep module
-
-```bicep
-module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-cvmlinatmg'
- params: {
- // Required parameters
- adminUsername: 'localAdminUser'
- imageReference: {
- offer: '0001-com-ubuntu-server-jammy'
- publisher: 'Canonical'
- sku: '22_04-lts-gen2'
- version: 'latest'
- }
- nicConfigurations: [
- {
- ipConfigurations: [
- {
- name: 'ipconfig01'
- pipConfiguration: {
- publicIpNameSuffix: '-pip-01'
- tags: {
- Environment: 'Non-Prod'
- 'hidden-title': 'This is visible in the resource name'
- Role: 'DeploymentValidation'
- }
- }
- subnetResourceId: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "adminUsername": {
- "value": "localAdminUser"
- },
- "imageReference": {
- "value": {
- "offer": "0001-com-ubuntu-server-jammy",
- "publisher": "Canonical",
- "sku": "22_04-lts-gen2",
- "version": "latest"
- }
- },
- "nicConfigurations": {
- "value": [
- {
- "ipConfigurations": [
- {
- "name": "ipconfig01",
- "pipConfiguration": {
- "publicIpNameSuffix": "-pip-01",
- "tags": {
- "Environment": "Non-Prod",
- "hidden-title": "This is visible in the resource name",
- "Role": "DeploymentValidation"
- }
- },
- "subnetResourceId": "
-
-### Example 2: _Linux.Min_
-
-via Bicep module
-
-```bicep
-module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-cvmlinmin'
- params: {
- // Required parameters
- adminUsername: 'localAdminUser'
- imageReference: {
- offer: '0001-com-ubuntu-server-jammy'
- publisher: 'Canonical'
- sku: '22_04-lts-gen2'
- version: 'latest'
- }
- nicConfigurations: [
- {
- ipConfigurations: [
- {
- name: 'ipconfig01'
- pipConfiguration: {
- publicIpNameSuffix: '-pip-01'
- }
- subnetResourceId: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "adminUsername": {
- "value": "localAdminUser"
- },
- "imageReference": {
- "value": {
- "offer": "0001-com-ubuntu-server-jammy",
- "publisher": "Canonical",
- "sku": "22_04-lts-gen2",
- "version": "latest"
- }
- },
- "nicConfigurations": {
- "value": [
- {
- "ipConfigurations": [
- {
- "name": "ipconfig01",
- "pipConfiguration": {
- "publicIpNameSuffix": "-pip-01"
- },
- "subnetResourceId": "
-
-### Example 3: _Linux_
-
-via Bicep module
-
-```bicep
-module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-cvmlincom'
- params: {
- // Required parameters
- adminUsername: 'localAdministrator'
- imageReference: {
- offer: '0001-com-ubuntu-server-focal'
- publisher: 'Canonical'
- sku: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "adminUsername": {
- "value": "localAdministrator"
- },
- "imageReference": {
- "value": {
- "offer": "0001-com-ubuntu-server-focal",
- "publisher": "Canonical",
- "sku": "
-
-### Example 4: _Windows.Atmg_
-
-via Bicep module
-
-```bicep
-module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-cvmwinatmg'
- params: {
- // Required parameters
- adminUsername: 'localAdministrator'
- imageReference: {
- offer: 'WindowsServer'
- publisher: 'MicrosoftWindowsServer'
- sku: '2022-datacenter-azure-edition'
- version: 'latest'
- }
- nicConfigurations: [
- {
- ipConfigurations: [
- {
- name: 'ipconfig01'
- subnetResourceId: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "adminUsername": {
- "value": "localAdministrator"
- },
- "imageReference": {
- "value": {
- "offer": "WindowsServer",
- "publisher": "MicrosoftWindowsServer",
- "sku": "2022-datacenter-azure-edition",
- "version": "latest"
- }
- },
- "nicConfigurations": {
- "value": [
- {
- "ipConfigurations": [
- {
- "name": "ipconfig01",
- "subnetResourceId": "
-
-### Example 5: _Windows.Min_
-
-via Bicep module
-
-```bicep
-module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-cvmwinmin'
- params: {
- // Required parameters
- adminUsername: 'localAdminUser'
- imageReference: {
- offer: 'WindowsServer'
- publisher: 'MicrosoftWindowsServer'
- sku: '2022-datacenter-azure-edition'
- version: 'latest'
- }
- nicConfigurations: [
- {
- ipConfigurations: [
- {
- name: 'ipconfig01'
- subnetResourceId: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "adminUsername": {
- "value": "localAdminUser"
- },
- "imageReference": {
- "value": {
- "offer": "WindowsServer",
- "publisher": "MicrosoftWindowsServer",
- "sku": "2022-datacenter-azure-edition",
- "version": "latest"
- }
- },
- "nicConfigurations": {
- "value": [
- {
- "ipConfigurations": [
- {
- "name": "ipconfig01",
- "subnetResourceId": "
-
-### Example 6: _Windows.Ssecmk_
-
-via Bicep module
-
-```bicep
-module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-cvmwincmk'
- params: {
- // Required parameters
- adminUsername: 'VMAdministrator'
- imageReference: {
- offer: 'WindowsServer'
- publisher: 'MicrosoftWindowsServer'
- sku: '2019-datacenter'
- version: 'latest'
- }
- nicConfigurations: [
- {
- ipConfigurations: [
- {
- name: 'ipconfig01'
- subnetResourceId: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "adminUsername": {
- "value": "VMAdministrator"
- },
- "imageReference": {
- "value": {
- "offer": "WindowsServer",
- "publisher": "MicrosoftWindowsServer",
- "sku": "2019-datacenter",
- "version": "latest"
- }
- },
- "nicConfigurations": {
- "value": [
- {
- "ipConfigurations": [
- {
- "name": "ipconfig01",
- "subnetResourceId": "
-
-### Example 7: _Windows_
-
-via Bicep module
-
-```bicep
-module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-cvmwincom'
- params: {
- // Required parameters
- adminUsername: 'VMAdmin'
- imageReference: {
- offer: 'WindowsServer'
- publisher: 'MicrosoftWindowsServer'
- sku: '2019-datacenter'
- version: 'latest'
- }
- nicConfigurations: [
- {
- deleteOption: 'Delete'
- diagnosticSettings: [
- {
- eventHubAuthorizationRuleResourceId: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "adminUsername": {
- "value": "VMAdmin"
- },
- "imageReference": {
- "value": {
- "offer": "WindowsServer",
- "publisher": "MicrosoftWindowsServer",
- "sku": "2019-datacenter",
- "version": "latest"
- }
- },
- "nicConfigurations": {
- "value": [
- {
- "deleteOption": "Delete",
- "diagnosticSettings": [
- {
- "eventHubAuthorizationRuleResourceId": "
-
-
-## Parameters
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`adminUsername`](#parameter-adminusername) | securestring | Administrator username. |
-| [`configurationProfile`](#parameter-configurationprofile) | string | The configuration profile of automanage. |
-| [`imageReference`](#parameter-imagereference) | object | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. |
-| [`nicConfigurations`](#parameter-nicconfigurations) | array | Configures NICs and PIPs. |
-| [`osDisk`](#parameter-osdisk) | object | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. |
-| [`osType`](#parameter-ostype) | string | The chosen OS type. |
-| [`vmSize`](#parameter-vmsize) | string | Specifies the size for the VMs. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`additionalUnattendContent`](#parameter-additionalunattendcontent) | array | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. |
-| [`adminPassword`](#parameter-adminpassword) | securestring | When specifying a Windows Virtual Machine, this value should be passed. |
-| [`allowExtensionOperations`](#parameter-allowextensionoperations) | bool | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. |
-| [`availabilitySetResourceId`](#parameter-availabilitysetresourceid) | string | Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set. |
-| [`availabilityZone`](#parameter-availabilityzone) | int | If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set. |
-| [`backupPolicyName`](#parameter-backuppolicyname) | string | Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault. |
-| [`backupVaultName`](#parameter-backupvaultname) | string | Recovery service vault name to add VMs to backup. |
-| [`backupVaultResourceGroup`](#parameter-backupvaultresourcegroup) | string | Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default. |
-| [`bootDiagnostics`](#parameter-bootdiagnostics) | bool | Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled. |
-| [`bootDiagnosticStorageAccountName`](#parameter-bootdiagnosticstorageaccountname) | string | Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided. |
-| [`bootDiagnosticStorageAccountUri`](#parameter-bootdiagnosticstorageaccounturi) | string | Storage account boot diagnostic base URI. |
-| [`certificatesToBeInstalled`](#parameter-certificatestobeinstalled) | array | Specifies set of certificates that should be installed onto the virtual machine. |
-| [`computerName`](#parameter-computername) | string | Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name. |
-| [`customData`](#parameter-customdata) | string | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. |
-| [`dataDisks`](#parameter-datadisks) | array | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. |
-| [`dedicatedHostId`](#parameter-dedicatedhostid) | string | Specifies resource ID about the dedicated host that the virtual machine resides in. |
-| [`disablePasswordAuthentication`](#parameter-disablepasswordauthentication) | bool | Specifies whether password authentication should be disabled. |
-| [`enableAutomaticUpdates`](#parameter-enableautomaticupdates) | bool | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
-| [`enableEvictionPolicy`](#parameter-enableevictionpolicy) | bool | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. |
-| [`encryptionAtHost`](#parameter-encryptionathost) | bool | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. |
-| [`extensionAadJoinConfig`](#parameter-extensionaadjoinconfig) | object | The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed. |
-| [`extensionAntiMalwareConfig`](#parameter-extensionantimalwareconfig) | object | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. |
-| [`extensionAzureDiskEncryptionConfig`](#parameter-extensionazurediskencryptionconfig) | object | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. |
-| [`extensionCustomScriptConfig`](#parameter-extensioncustomscriptconfig) | object | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. |
-| [`extensionCustomScriptProtectedSetting`](#parameter-extensioncustomscriptprotectedsetting) | secureObject | Any object that contains the extension specific protected settings. |
-| [`extensionDependencyAgentConfig`](#parameter-extensiondependencyagentconfig) | object | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
-| [`extensionDomainJoinConfig`](#parameter-extensiondomainjoinconfig) | object | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. |
-| [`extensionDomainJoinPassword`](#parameter-extensiondomainjoinpassword) | securestring | Required if name is specified. Password of the user specified in user parameter. |
-| [`extensionDSCConfig`](#parameter-extensiondscconfig) | object | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. |
-| [`extensionMonitoringAgentConfig`](#parameter-extensionmonitoringagentconfig) | object | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
-| [`extensionNetworkWatcherAgentConfig`](#parameter-extensionnetworkwatcheragentconfig) | object | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
-| [`licenseType`](#parameter-licensetype) | string | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. |
-| [`location`](#parameter-location) | string | Location for all resources. |
-| [`lock`](#parameter-lock) | object | The lock settings of the service. |
-| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True". |
-| [`maxPriceForLowPriorityVm`](#parameter-maxpriceforlowpriorityvm) | string | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. |
-| [`monitoringWorkspaceId`](#parameter-monitoringworkspaceid) | string | Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true. |
-| [`name`](#parameter-name) | string | The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name. |
-| [`patchAssessmentMode`](#parameter-patchassessmentmode) | string | VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours. |
-| [`patchMode`](#parameter-patchmode) | string | VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'. |
-| [`plan`](#parameter-plan) | object | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. |
-| [`priority`](#parameter-priority) | string | Specifies the priority for the virtual machine. |
-| [`provisionVMAgent`](#parameter-provisionvmagent) | bool | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
-| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | Resource ID of a proximity placement group. |
-| [`publicKeys`](#parameter-publickeys) | array | The list of SSH public keys used to authenticate with linux based VMs. |
-| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. |
-| [`sasTokenValidityLength`](#parameter-sastokenvaliditylength) | string | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. |
-| [`secureBootEnabled`](#parameter-securebootenabled) | bool | Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. |
-| [`securityType`](#parameter-securitytype) | string | Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. |
-| [`tags`](#parameter-tags) | object | Tags of the resource. |
-| [`timeZone`](#parameter-timezone) | string | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. |
-| [`ultraSSDEnabled`](#parameter-ultrassdenabled) | bool | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. |
-| [`vTpmEnabled`](#parameter-vtpmenabled) | bool | Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. |
-| [`winRM`](#parameter-winrm) | object | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. |
-
-**Generated parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. |
-
-### Parameter: `adminUsername`
-
-Administrator username.
-
-- Required: Yes
-- Type: securestring
-
-### Parameter: `configurationProfile`
-
-The configuration profile of automanage.
-
-- Required: No
-- Type: string
-- Default: `''`
-- Allowed:
- ```Bicep
- [
- ''
- '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest'
- '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
- ]
- ```
-
-### Parameter: `imageReference`
-
-OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image.
-
-- Required: Yes
-- Type: object
-
-### Parameter: `nicConfigurations`
-
-Configures NICs and PIPs.
-
-- Required: Yes
-- Type: array
-
-### Parameter: `osDisk`
-
-Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
-
-- Required: Yes
-- Type: object
-
-### Parameter: `osType`
-
-The chosen OS type.
-
-- Required: Yes
-- Type: string
-- Allowed:
- ```Bicep
- [
- 'Linux'
- 'Windows'
- ]
- ```
-
-### Parameter: `vmSize`
-
-Specifies the size for the VMs.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `additionalUnattendContent`
-
-Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object.
-
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `adminPassword`
-
-When specifying a Windows Virtual Machine, this value should be passed.
-
-- Required: No
-- Type: securestring
-- Default: `''`
-
-### Parameter: `allowExtensionOperations`
-
-Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine.
-
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `availabilitySetResourceId`
-
-Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `availabilityZone`
-
-If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set.
-
-- Required: No
-- Type: int
-- Default: `0`
-- Allowed:
- ```Bicep
- [
- 0
- 1
- 2
- 3
- ]
- ```
-
-### Parameter: `backupPolicyName`
-
-Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault.
-
-- Required: No
-- Type: string
-- Default: `'DefaultPolicy'`
-
-### Parameter: `backupVaultName`
-
-Recovery service vault name to add VMs to backup.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `backupVaultResourceGroup`
-
-Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default.
-
-- Required: No
-- Type: string
-- Default: `[resourceGroup().name]`
-
-### Parameter: `bootDiagnostics`
-
-Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `bootDiagnosticStorageAccountName`
-
-Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `bootDiagnosticStorageAccountUri`
-
-Storage account boot diagnostic base URI.
-
-- Required: No
-- Type: string
-- Default: `[format('.blob.{0}/', environment().suffixes.storage)]`
-
-### Parameter: `certificatesToBeInstalled`
-
-Specifies set of certificates that should be installed onto the virtual machine.
-
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `computerName`
-
-Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name.
-
-- Required: No
-- Type: string
-- Default: `[parameters('name')]`
-
-### Parameter: `customData`
-
-Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `dataDisks`
-
-Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
-
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `dedicatedHostId`
-
-Specifies resource ID about the dedicated host that the virtual machine resides in.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `disablePasswordAuthentication`
-
-Specifies whether password authentication should be disabled.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `enableAutomaticUpdates`
-
-Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning.
-
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via a Globally Unique Identifier (GUID).
-
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `enableEvictionPolicy`
-
-Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `encryptionAtHost`
-
-This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
-
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `extensionAadJoinConfig`
-
-The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- }
- ```
-
-### Parameter: `extensionAntiMalwareConfig`
-
-The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- }
- ```
-
-### Parameter: `extensionAzureDiskEncryptionConfig`
-
-The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- }
- ```
-
-### Parameter: `extensionCustomScriptConfig`
-
-The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- fileData: []
- }
- ```
-
-### Parameter: `extensionCustomScriptProtectedSetting`
-
-Any object that contains the extension specific protected settings.
-
-- Required: No
-- Type: secureObject
-- Default: `{}`
-
-### Parameter: `extensionDependencyAgentConfig`
-
-The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- }
- ```
-
-### Parameter: `extensionDomainJoinConfig`
-
-The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- }
- ```
-
-### Parameter: `extensionDomainJoinPassword`
-
-Required if name is specified. Password of the user specified in user parameter.
-
-- Required: No
-- Type: securestring
-- Default: `''`
-
-### Parameter: `extensionDSCConfig`
-
-The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- }
- ```
-
-### Parameter: `extensionMonitoringAgentConfig`
-
-The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- }
- ```
-
-### Parameter: `extensionNetworkWatcherAgentConfig`
-
-The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed.
-
-- Required: No
-- Type: object
-- Default:
- ```Bicep
- {
- enabled: false
- }
- ```
-
-### Parameter: `licenseType`
-
-Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system.
-
-- Required: No
-- Type: string
-- Default: `''`
-- Allowed:
- ```Bicep
- [
- ''
- 'Windows_Client'
- 'Windows_Server'
- ]
- ```
-
-### Parameter: `location`
-
-Location for all resources.
-
-- Required: No
-- Type: string
-- Default: `[resourceGroup().location]`
-
-### Parameter: `lock`
-
-The lock settings of the service.
-
-- Required: No
-- Type: object
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`kind`](#parameter-lockkind) | string | Specify the type of lock. |
-| [`name`](#parameter-lockname) | string | Specify the name of lock. |
-
-### Parameter: `lock.kind`
-
-Specify the type of lock.
-
-- Required: No
-- Type: string
-- Allowed:
- ```Bicep
- [
- 'CanNotDelete'
- 'None'
- 'ReadOnly'
- ]
- ```
-
-### Parameter: `lock.name`
-
-Specify the name of lock.
-
-- Required: No
-- Type: string
-
-### Parameter: `managedIdentities`
-
-The managed identity definition for this resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True".
-
-- Required: No
-- Type: object
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. |
-| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. |
-
-### Parameter: `managedIdentities.systemAssigned`
-
-Enables system assigned managed identity on the resource.
-
-- Required: No
-- Type: bool
-
-### Parameter: `managedIdentities.userAssignedResourceIds`
-
-The resource ID(s) to assign to the resource.
-
-- Required: No
-- Type: array
-
-### Parameter: `maxPriceForLowPriorityVm`
-
-Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `monitoringWorkspaceId`
-
-Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `name`
-
-The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name.
-
-- Required: No
-- Type: string
-- Default: `[take(toLower(uniqueString(resourceGroup().name)), 10)]`
-
-### Parameter: `patchAssessmentMode`
-
-VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours.
-
-- Required: No
-- Type: string
-- Default: `'ImageDefault'`
-- Allowed:
- ```Bicep
- [
- 'AutomaticByPlatform'
- 'ImageDefault'
- ]
- ```
-
-### Parameter: `patchMode`
-
-VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'.
-
-- Required: No
-- Type: string
-- Default: `''`
-- Allowed:
- ```Bicep
- [
- ''
- 'AutomaticByOS'
- 'AutomaticByPlatform'
- 'ImageDefault'
- 'Manual'
- ]
- ```
-
-### Parameter: `plan`
-
-Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use.
-
-- Required: No
-- Type: object
-- Default: `{}`
-
-### Parameter: `priority`
-
-Specifies the priority for the virtual machine.
-
-- Required: No
-- Type: string
-- Default: `'Regular'`
-- Allowed:
- ```Bicep
- [
- 'Low'
- 'Regular'
- 'Spot'
- ]
- ```
-
-### Parameter: `provisionVMAgent`
-
-Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.
-
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `proximityPlacementGroupResourceId`
-
-Resource ID of a proximity placement group.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `publicKeys`
-
-The list of SSH public keys used to authenticate with linux based VMs.
-
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `roleAssignments`
-
-Array of role assignments to create.
-
-- Required: No
-- Type: array
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. |
-| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
-| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. |
-| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. |
-| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. |
-| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. |
-
-### Parameter: `roleAssignments.principalId`
-
-The principal ID of the principal (user/group/identity) to assign the role to.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `roleAssignments.roleDefinitionIdOrName`
-
-The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `roleAssignments.condition`
-
-The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.conditionVersion`
-
-Version of the condition.
-
-- Required: No
-- Type: string
-- Allowed:
- ```Bicep
- [
- '2.0'
- ]
- ```
-
-### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
-
-The Resource Id of the delegated managed identity resource.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.description`
-
-The description of the role assignment.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.principalType`
-
-The principal type of the assigned principal ID.
-
-- Required: No
-- Type: string
-- Allowed:
- ```Bicep
- [
- 'Device'
- 'ForeignGroup'
- 'Group'
- 'ServicePrincipal'
- 'User'
- ]
- ```
-
-### Parameter: `sasTokenValidityLength`
-
-SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours.
-
-- Required: No
-- Type: string
-- Default: `'PT8H'`
-
-### Parameter: `secureBootEnabled`
-
-Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `securityType`
-
-Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `tags`
-
-Tags of the resource.
-
-- Required: No
-- Type: object
-
-### Parameter: `timeZone`
-
-Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`.
-
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `ultraSSDEnabled`
-
-The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `vTpmEnabled`
-
-Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.
-
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `winRM`
-
-Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object.
-
-- Required: No
-- Type: object
-- Default: `{}`
-
-### Parameter: `baseTime`
-
-Do not provide a value! This date value is used to generate a registration token.
-
-- Required: No
-- Type: string
-- Default: `[utcNow('u')]`
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the VM. |
-| `resourceGroupName` | string | The name of the resource group the VM was created in. |
-| `resourceId` | string | The resource ID of the VM. |
-| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. |
-
-## Cross-referenced modules
-
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
-
-| Reference | Type |
-| :-- | :-- |
-| `modules/network/network-interface` | Local reference |
-| `modules/network/public-ip-address` | Local reference |
-| `modules/recovery-services/vault/backup-fabric/protection-container/protected-item` | Local reference |
-
-## Notes
-
-### Automanage considerations
-
-Enabling automanage triggers the creation of additional resources outside of the specific virtual machine deployment, such as:
-- an `Automanage-Automate-
-
-#### Custom images
-
-
-
-### Parameter Usage: `plan`
-
-
-
-### Parameter Usage: `osDisk`
-
-
-
-### Parameter Usage: `dataDisks`
-
-
-
-### Parameter Usage: `nicConfigurations`
-
-Comments:
-- The field `nicSuffix` and `subnetResourceId` are mandatory.
-- If `enablePublicIP` is set to true, then `publicIpNameSuffix` is also mandatory.
-- Each IP config needs to have the mandatory field `name`.
-- If not disabled, `enableAcceleratedNetworking` is considered `true` by default and requires the VM to be deployed with a supported OS and VM size.
-
-
-
-### Parameter Usage: `configurationProfileAssignments`
-
-
-
-### Parameter Usage: `extensionDomainJoinConfig`
-
-
-
-### Parameter Usage: `extensionAntiMalwareConfig`
-
-Only for OSType Windows
-
-
-
-### Parameter Usage: `extensionAzureDiskEncryptionConfig`
-
-
-
-### Parameter Usage: `extensionDSCConfig`
-
-
-
-### Parameter Usage: `extensionCustomScriptConfig`
-
-
-
-### Parameter Usage: `extensionCustomScriptProtectedSetting`
-
-This is used if you are going to use secrets or other sensitive information that you don't want to be visible in the deployment and logs.
-
-
+# Virtual Machines `[Microsoft.Compute/virtualMachines]`
+
+This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+- [Notes](#Notes)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
+| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
+| `Microsoft.Automanage/configurationProfileAssignments` | [2021-04-30-preview](https://learn.microsoft.com/en-us/azure/templates) |
+| `Microsoft.Compute/virtualMachines` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/virtualMachines) |
+| `Microsoft.Compute/virtualMachines/extensions` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/virtualMachines/extensions) |
+| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
+| `Microsoft.Network/networkInterfaces` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkInterfaces) |
+| `Microsoft.Network/publicIPAddresses` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/publicIPAddresses) |
+| `Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems` | [2023-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2023-01-01/vaults/backupFabrics/protectionContainers/protectedItems) |
+
+## Usage examples
+
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+
+>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+
+>**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.virtual-machine:1.0.0`.
+
+- [Linux.Atmg](#example-1-linuxatmg)
+- [Linux.Min](#example-2-linuxmin)
+- [Linux](#example-3-linux)
+- [Windows.Atmg](#example-4-windowsatmg)
+- [Windows.Min](#example-5-windowsmin)
+- [Windows.Ssecmk](#example-6-windowsssecmk)
+- [Windows](#example-7-windows)
+
+### Example 1: _Linux.Atmg_
+
+
+
+
+
+### Example 2: _Linux.Min_
+
+
+
+
+
+### Example 3: _Linux_
+
+
+
+
+
+### Example 4: _Windows.Atmg_
+
+
+
+
+
+### Example 5: _Windows.Min_
+
+
+
+
+
+### Example 6: _Windows.Ssecmk_
+
+
+
+
+
+### Example 7: _Windows_
+
+
+
+
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`adminUsername`](#parameter-adminusername) | securestring | Administrator username. |
+| [`configurationProfile`](#parameter-configurationprofile) | string | The configuration profile of automanage. |
+| [`imageReference`](#parameter-imagereference) | object | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. |
+| [`nicConfigurations`](#parameter-nicconfigurations) | array | Configures NICs and PIPs. |
+| [`osDisk`](#parameter-osdisk) | object | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. |
+| [`osType`](#parameter-ostype) | string | The chosen OS type. |
+| [`vmSize`](#parameter-vmsize) | string | Specifies the size for the VMs. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`additionalUnattendContent`](#parameter-additionalunattendcontent) | array | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. |
+| [`adminPassword`](#parameter-adminpassword) | securestring | When specifying a Windows Virtual Machine, this value should be passed. |
+| [`allowExtensionOperations`](#parameter-allowextensionoperations) | bool | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. |
+| [`availabilitySetResourceId`](#parameter-availabilitysetresourceid) | string | Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set. |
+| [`availabilityZone`](#parameter-availabilityzone) | int | If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set. |
+| [`backupPolicyName`](#parameter-backuppolicyname) | string | Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault. |
+| [`backupVaultName`](#parameter-backupvaultname) | string | Recovery service vault name to add VMs to backup. |
+| [`backupVaultResourceGroup`](#parameter-backupvaultresourcegroup) | string | Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default. |
+| [`bootDiagnostics`](#parameter-bootdiagnostics) | bool | Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled. |
+| [`bootDiagnosticStorageAccountName`](#parameter-bootdiagnosticstorageaccountname) | string | Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided. |
+| [`bootDiagnosticStorageAccountUri`](#parameter-bootdiagnosticstorageaccounturi) | string | Storage account boot diagnostic base URI. |
+| [`certificatesToBeInstalled`](#parameter-certificatestobeinstalled) | array | Specifies set of certificates that should be installed onto the virtual machine. |
+| [`computerName`](#parameter-computername) | string | Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name. |
+| [`customData`](#parameter-customdata) | string | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. |
+| [`dataDisks`](#parameter-datadisks) | array | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. |
+| [`dedicatedHostId`](#parameter-dedicatedhostid) | string | Specifies resource ID about the dedicated host that the virtual machine resides in. |
+| [`disablePasswordAuthentication`](#parameter-disablepasswordauthentication) | bool | Specifies whether password authentication should be disabled. |
+| [`enableAutomaticUpdates`](#parameter-enableautomaticupdates) | bool | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enableEvictionPolicy`](#parameter-enableevictionpolicy) | bool | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. |
+| [`encryptionAtHost`](#parameter-encryptionathost) | bool | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. |
+| [`extensionAadJoinConfig`](#parameter-extensionaadjoinconfig) | object | The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionAntiMalwareConfig`](#parameter-extensionantimalwareconfig) | object | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionAzureDiskEncryptionConfig`](#parameter-extensionazurediskencryptionconfig) | object | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. |
+| [`extensionCustomScriptConfig`](#parameter-extensioncustomscriptconfig) | object | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionCustomScriptProtectedSetting`](#parameter-extensioncustomscriptprotectedsetting) | secureObject | Any object that contains the extension specific protected settings. |
+| [`extensionDependencyAgentConfig`](#parameter-extensiondependencyagentconfig) | object | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionDomainJoinConfig`](#parameter-extensiondomainjoinconfig) | object | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionDomainJoinPassword`](#parameter-extensiondomainjoinpassword) | securestring | Required if name is specified. Password of the user specified in user parameter. |
+| [`extensionDSCConfig`](#parameter-extensiondscconfig) | object | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionMonitoringAgentConfig`](#parameter-extensionmonitoringagentconfig) | object | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`extensionNetworkWatcherAgentConfig`](#parameter-extensionnetworkwatcheragentconfig) | object | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. |
+| [`licenseType`](#parameter-licensetype) | string | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | object | The lock settings of the service. |
+| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True". |
+| [`maxPriceForLowPriorityVm`](#parameter-maxpriceforlowpriorityvm) | string | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. |
+| [`monitoringWorkspaceId`](#parameter-monitoringworkspaceid) | string | Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true. |
+| [`name`](#parameter-name) | string | The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name. |
+| [`patchAssessmentMode`](#parameter-patchassessmentmode) | string | VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours. |
+| [`patchMode`](#parameter-patchmode) | string | VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'. |
+| [`plan`](#parameter-plan) | object | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. |
+| [`priority`](#parameter-priority) | string | Specifies the priority for the virtual machine. |
+| [`provisionVMAgent`](#parameter-provisionvmagent) | bool | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. |
+| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | Resource ID of a proximity placement group. |
+| [`publicKeys`](#parameter-publickeys) | array | The list of SSH public keys used to authenticate with linux based VMs. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. |
+| [`sasTokenValidityLength`](#parameter-sastokenvaliditylength) | string | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. |
+| [`secureBootEnabled`](#parameter-securebootenabled) | bool | Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. |
+| [`securityType`](#parameter-securitytype) | string | Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`timeZone`](#parameter-timezone) | string | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. |
+| [`ultraSSDEnabled`](#parameter-ultrassdenabled) | bool | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. |
+| [`vTpmEnabled`](#parameter-vtpmenabled) | bool | Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. |
+| [`winRM`](#parameter-winrm) | array | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. |
+
+**Generated parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. |
+
+### Parameter: `adminUsername`
+
+Administrator username.
+
+- Required: Yes
+- Type: securestring
+
+### Parameter: `configurationProfile`
+
+The configuration profile of automanage.
+
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed:
+ ```Bicep
+ [
+ ''
+ '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest'
+ '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
+ ]
+ ```
+
+### Parameter: `imageReference`
+
+OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image.
+
+- Required: Yes
+- Type: object
+
+### Parameter: `nicConfigurations`
+
+Configures NICs and PIPs.
+
+- Required: Yes
+- Type: array
+
+### Parameter: `osDisk`
+
+Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
+
+- Required: Yes
+- Type: object
+
+### Parameter: `osType`
+
+The chosen OS type.
+
+- Required: Yes
+- Type: string
+- Allowed:
+ ```Bicep
+ [
+ 'Linux'
+ 'Windows'
+ ]
+ ```
+
+### Parameter: `vmSize`
+
+Specifies the size for the VMs.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `additionalUnattendContent`
+
+Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object.
+
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `adminPassword`
+
+When specifying a Windows Virtual Machine, this value should be passed.
+
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `allowExtensionOperations`
+
+Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine.
+
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `availabilitySetResourceId`
+
+Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `availabilityZone`
+
+If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set.
+
+- Required: No
+- Type: int
+- Default: `0`
+- Allowed:
+ ```Bicep
+ [
+ 0
+ 1
+ 2
+ 3
+ ]
+ ```
+
+### Parameter: `backupPolicyName`
+
+Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault.
+
+- Required: No
+- Type: string
+- Default: `'DefaultPolicy'`
+
+### Parameter: `backupVaultName`
+
+Recovery service vault name to add VMs to backup.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `backupVaultResourceGroup`
+
+Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default.
+
+- Required: No
+- Type: string
+- Default: `[resourceGroup().name]`
+
+### Parameter: `bootDiagnostics`
+
+Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `bootDiagnosticStorageAccountName`
+
+Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `bootDiagnosticStorageAccountUri`
+
+Storage account boot diagnostic base URI.
+
+- Required: No
+- Type: string
+- Default: `[format('.blob.{0}/', environment().suffixes.storage)]`
+
+### Parameter: `certificatesToBeInstalled`
+
+Specifies set of certificates that should be installed onto the virtual machine.
+
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `computerName`
+
+Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name.
+
+- Required: No
+- Type: string
+- Default: `[parameters('name')]`
+
+### Parameter: `customData`
+
+Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `dataDisks`
+
+Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
+
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `dedicatedHostId`
+
+Specifies resource ID about the dedicated host that the virtual machine resides in.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `disablePasswordAuthentication`
+
+Specifies whether password authentication should be disabled.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableAutomaticUpdates`
+
+Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning.
+
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableEvictionPolicy`
+
+Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `encryptionAtHost`
+
+This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
+
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `extensionAadJoinConfig`
+
+The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ }
+ ```
+
+### Parameter: `extensionAntiMalwareConfig`
+
+The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ }
+ ```
+
+### Parameter: `extensionAzureDiskEncryptionConfig`
+
+The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ }
+ ```
+
+### Parameter: `extensionCustomScriptConfig`
+
+The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ fileData: []
+ }
+ ```
+
+### Parameter: `extensionCustomScriptProtectedSetting`
+
+Any object that contains the extension specific protected settings.
+
+- Required: No
+- Type: secureObject
+- Default: `{}`
+
+### Parameter: `extensionDependencyAgentConfig`
+
+The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ }
+ ```
+
+### Parameter: `extensionDomainJoinConfig`
+
+The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ }
+ ```
+
+### Parameter: `extensionDomainJoinPassword`
+
+Required if name is specified. Password of the user specified in user parameter.
+
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `extensionDSCConfig`
+
+The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ }
+ ```
+
+### Parameter: `extensionMonitoringAgentConfig`
+
+The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ }
+ ```
+
+### Parameter: `extensionNetworkWatcherAgentConfig`
+
+The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed.
+
+- Required: No
+- Type: object
+- Default:
+ ```Bicep
+ {
+ enabled: false
+ }
+ ```
+
+### Parameter: `licenseType`
+
+Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system.
+
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed:
+ ```Bicep
+ [
+ ''
+ 'Windows_Client'
+ 'Windows_Server'
+ ]
+ ```
+
+### Parameter: `location`
+
+Location for all resources.
+
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+The lock settings of the service.
+
+- Required: No
+- Type: object
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`kind`](#parameter-lockkind) | string | Specify the type of lock. |
+| [`name`](#parameter-lockname) | string | Specify the name of lock. |
+
+### Parameter: `lock.kind`
+
+Specify the type of lock.
+
+- Required: No
+- Type: string
+- Allowed:
+ ```Bicep
+ [
+ 'CanNotDelete'
+ 'None'
+ 'ReadOnly'
+ ]
+ ```
+
+### Parameter: `lock.name`
+
+Specify the name of lock.
+
+- Required: No
+- Type: string
+
+### Parameter: `managedIdentities`
+
+The managed identity definition for this resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True".
+
+- Required: No
+- Type: object
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. |
+| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. |
+
+### Parameter: `managedIdentities.systemAssigned`
+
+Enables system assigned managed identity on the resource.
+
+- Required: No
+- Type: bool
+
+### Parameter: `managedIdentities.userAssignedResourceIds`
+
+The resource ID(s) to assign to the resource.
+
+- Required: No
+- Type: array
+
+### Parameter: `maxPriceForLowPriorityVm`
+
+Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `monitoringWorkspaceId`
+
+Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `name`
+
+The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name.
+
+- Required: No
+- Type: string
+- Default: `[take(toLower(uniqueString(resourceGroup().name)), 10)]`
+
+### Parameter: `patchAssessmentMode`
+
+VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours.
+
+- Required: No
+- Type: string
+- Default: `'ImageDefault'`
+- Allowed:
+ ```Bicep
+ [
+ 'AutomaticByPlatform'
+ 'ImageDefault'
+ ]
+ ```
+
+### Parameter: `patchMode`
+
+VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'.
+
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed:
+ ```Bicep
+ [
+ ''
+ 'AutomaticByOS'
+ 'AutomaticByPlatform'
+ 'ImageDefault'
+ 'Manual'
+ ]
+ ```
+
+### Parameter: `plan`
+
+Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use.
+
+- Required: No
+- Type: object
+- Default: `{}`
+
+### Parameter: `priority`
+
+Specifies the priority for the virtual machine.
+
+- Required: No
+- Type: string
+- Default: `'Regular'`
+- Allowed:
+ ```Bicep
+ [
+ 'Low'
+ 'Regular'
+ 'Spot'
+ ]
+ ```
+
+### Parameter: `provisionVMAgent`
+
+Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.
+
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `proximityPlacementGroupResourceId`
+
+Resource ID of a proximity placement group.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `publicKeys`
+
+The list of SSH public keys used to authenticate with linux based VMs.
+
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignments to create.
+
+- Required: No
+- Type: array
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. |
+| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
+| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. |
+| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. |
+| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. |
+| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. |
+
+### Parameter: `roleAssignments.principalId`
+
+The principal ID of the principal (user/group/identity) to assign the role to.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments.roleDefinitionIdOrName`
+
+The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments.condition`
+
+The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.conditionVersion`
+
+Version of the condition.
+
+- Required: No
+- Type: string
+- Allowed:
+ ```Bicep
+ [
+ '2.0'
+ ]
+ ```
+
+### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
+
+The Resource Id of the delegated managed identity resource.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.description`
+
+The description of the role assignment.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.principalType`
+
+The principal type of the assigned principal ID.
+
+- Required: No
+- Type: string
+- Allowed:
+ ```Bicep
+ [
+ 'Device'
+ 'ForeignGroup'
+ 'Group'
+ 'ServicePrincipal'
+ 'User'
+ ]
+ ```
+
+### Parameter: `sasTokenValidityLength`
+
+SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours.
+
+- Required: No
+- Type: string
+- Default: `'PT8H'`
+
+### Parameter: `secureBootEnabled`
+
+Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `securityType`
+
+Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `tags`
+
+Tags of the resource.
+
+- Required: No
+- Type: object
+
+### Parameter: `timeZone`
+
+Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `ultraSSDEnabled`
+
+The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `vTpmEnabled`
+
+Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `winRM`
+
+Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object.
+
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `baseTime`
+
+Do not provide a value! This date value is used to generate a registration token.
+
+- Required: No
+- Type: string
+- Default: `[utcNow('u')]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the VM. |
+| `resourceGroupName` | string | The name of the resource group the VM was created in. |
+| `resourceId` | string | The resource ID of the VM. |
+| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/network/network-interface` | Local reference |
+| `modules/network/public-ip-address` | Local reference |
+| `modules/recovery-services/vault/backup-fabric/protection-container/protected-item` | Local reference |
+
+## Notes
+
+### Automanage considerations
+
+Enabling automanage triggers the creation of additional resources outside of the specific virtual machine deployment, such as:
+- an `Automanage-Automate-
+
+#### Custom images
+
+
+
+### Parameter Usage: `plan`
+
+
+
+### Parameter Usage: `osDisk`
+
+
+
+### Parameter Usage: `dataDisks`
+
+
+
+### Parameter Usage: `nicConfigurations`
+
+Comments:
+- The field `nicSuffix` and `subnetResourceId` are mandatory.
+- If `enablePublicIP` is set to true, then `publicIpNameSuffix` is also mandatory.
+- Each IP config needs to have the mandatory field `name`.
+- If not disabled, `enableAcceleratedNetworking` is considered `true` by default and requires the VM to be deployed with a supported OS and VM size.
+
+
+
+### Parameter Usage: `configurationProfileAssignments`
+
+
+
+### Parameter Usage: `extensionDomainJoinConfig`
+
+
+
+### Parameter Usage: `extensionAntiMalwareConfig`
+
+Only for OSType Windows
+
+
+
+### Parameter Usage: `extensionAzureDiskEncryptionConfig`
+
+
+
+### Parameter Usage: `extensionDSCConfig`
+
+
+
+### Parameter Usage: `extensionCustomScriptConfig`
+
+
+
+### Parameter Usage: `extensionCustomScriptProtectedSetting`
+
+This is used if you are going to use secrets or other sensitive information that you don't want to be visible in the deployment and logs.
+
+
diff --git a/modules/compute/virtual-machine/main.bicep b/modules/compute/virtual-machine/main.bicep
index f908e4b473..f5f1a07211 100644
--- a/modules/compute/virtual-machine/main.bicep
+++ b/modules/compute/virtual-machine/main.bicep
@@ -1,771 +1,771 @@
-metadata name = 'Virtual Machines'
-metadata description = 'This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs.'
-metadata owner = 'Azure/module-maintainers'
-
-// Main resource
-@description('Optional. The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group\'s name.')
-param name string = take(toLower(uniqueString(resourceGroup().name)), 10)
-
-@description('Optional. Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name.')
-param computerName string = name
-
-@description('Required. Specifies the size for the VMs.')
-param vmSize string
-
-@description('Optional. This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.')
-param encryptionAtHost bool = true
-
-@description('Optional. Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings.')
-param securityType string = ''
-
-@description('Optional. Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.')
-param secureBootEnabled bool = false
-
-@description('Optional. Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.')
-param vTpmEnabled bool = false
-
-@description('Required. OS image reference. In case of marketplace images, it\'s the combination of the publisher, offer, sku, version attributes. In case of custom images it\'s the resource ID of the custom image.')
-param imageReference object
-
-@description('Optional. Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use.')
-param plan object = {}
-
-@description('Required. Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.')
-param osDisk object
-
-@description('Optional. Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.')
-param dataDisks array = []
-
-@description('Optional. The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled.')
-param ultraSSDEnabled bool = false
-
-@description('Required. Administrator username.')
-@secure()
-param adminUsername string
-
-@description('Optional. When specifying a Windows Virtual Machine, this value should be passed.')
-@secure()
-param adminPassword string = ''
-
-@description('Optional. Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format.')
-param customData string = ''
-
-@description('Optional. Specifies set of certificates that should be installed onto the virtual machine.')
-param certificatesToBeInstalled array = []
-
-@description('Optional. Specifies the priority for the virtual machine.')
-@allowed([
- 'Regular'
- 'Low'
- 'Spot'
-])
-param priority string = 'Regular'
-
-@description('Optional. Specifies the eviction policy for the low priority virtual machine. Will result in \'Deallocate\' eviction policy.')
-param enableEvictionPolicy bool = false
-
-@description('Optional. Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars.')
-param maxPriceForLowPriorityVm string = ''
-
-@description('Optional. Specifies resource ID about the dedicated host that the virtual machine resides in.')
-param dedicatedHostId string = ''
-
-@description('Optional. Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system.')
-@allowed([
- 'Windows_Client'
- 'Windows_Server'
- ''
-])
-param licenseType string = ''
-
-@description('Optional. The list of SSH public keys used to authenticate with linux based VMs.')
-param publicKeys array = []
-
-@description('Optional. The managed identity definition for this resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True".')
-param managedIdentities managedIdentitiesType
-
-@description('Optional. Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled.')
-param bootDiagnostics bool = false
-
-@description('Optional. Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided.')
-param bootDiagnosticStorageAccountName string = ''
-
-@description('Optional. Storage account boot diagnostic base URI.')
-param bootDiagnosticStorageAccountUri string = '.blob.${environment().suffixes.storage}/'
-
-@description('Optional. Resource ID of a proximity placement group.')
-param proximityPlacementGroupResourceId string = ''
-
-@description('Optional. Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set.')
-param availabilitySetResourceId string = ''
-
-@description('Optional. If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set.')
-@allowed([
- 0
- 1
- 2
- 3
-])
-param availabilityZone int = 0
-
-// External resources
-@description('Required. Configures NICs and PIPs.')
-param nicConfigurations array
-
-@description('Optional. Recovery service vault name to add VMs to backup.')
-param backupVaultName string = ''
-
-@description('Optional. Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default.')
-param backupVaultResourceGroup string = resourceGroup().name
-
-@description('Optional. Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault.')
-param backupPolicyName string = 'DefaultPolicy'
-
-// Child resources
-@description('Optional. Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine.')
-param allowExtensionOperations bool = true
-
-@description('Optional. Required if name is specified. Password of the user specified in user parameter.')
-@secure()
-param extensionDomainJoinPassword string = ''
-
-@description('Optional. The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed.')
-param extensionDomainJoinConfig object = {
- enabled: false
-}
-
-@description('Optional. The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed.')
-param extensionAadJoinConfig object = {
- enabled: false
-}
-
-@description('Optional. The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed.')
-param extensionAntiMalwareConfig object = {
- enabled: false
-}
-
-@description('Optional. The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed.')
-param extensionMonitoringAgentConfig object = {
- enabled: false
-}
-
-@description('Optional. Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true.')
-param monitoringWorkspaceId string = ''
-
-@description('Optional. The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed.')
-param extensionDependencyAgentConfig object = {
- enabled: false
-}
-
-@description('Optional. The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed.')
-param extensionNetworkWatcherAgentConfig object = {
- enabled: false
-}
-
-@description('Optional. The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.')
-param extensionAzureDiskEncryptionConfig object = {
- enabled: false
-}
-
-@description('Optional. The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed.')
-param extensionDSCConfig object = {
- enabled: false
-}
-
-@description('Optional. The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed.')
-param extensionCustomScriptConfig object = {
- enabled: false
- fileData: []
-}
-
-@description('Optional. Any object that contains the extension specific protected settings.')
-@secure()
-param extensionCustomScriptProtectedSetting object = {}
-
-// Shared parameters
-@description('Optional. Location for all resources.')
-param location string = resourceGroup().location
-
-@description('Optional. The lock settings of the service.')
-param lock lockType
-
-@description('Optional. Array of role assignments to create.')
-param roleAssignments roleAssignmentType
-
-@description('Optional. Tags of the resource.')
-param tags object?
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Generated. Do not provide a value! This date value is used to generate a registration token.')
-param baseTime string = utcNow('u')
-
-@description('Optional. SAS token validity length to use to download files from storage accounts. Usage: \'PT8H\' - valid for 8 hours; \'P5D\' - valid for 5 days; \'P1Y\' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours.')
-param sasTokenValidityLength string = 'PT8H'
-
-@description('Required. The chosen OS type.')
-@allowed([
- 'Windows'
- 'Linux'
-])
-param osType string
-
-@description('Optional. Specifies whether password authentication should be disabled.')
-#disable-next-line secure-secrets-in-params // Not a secret
-param disablePasswordAuthentication bool = false
-
-@description('Optional. Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.')
-param provisionVMAgent bool = true
-
-@description('Optional. Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning.')
-param enableAutomaticUpdates bool = true
-
-@description('Optional. VM guest patching orchestration mode. \'AutomaticByOS\' & \'Manual\' are for Windows only, \'ImageDefault\' for Linux only. Refer to \'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching\'.')
-@allowed([
- 'AutomaticByPlatform'
- 'AutomaticByOS'
- 'Manual'
- 'ImageDefault'
- ''
-])
-param patchMode string = ''
-
-@description('Optional. VM guest patching assessment mode. Set it to \'AutomaticByPlatform\' to enable automatically check for updates every 24 hours.')
-@allowed([
- 'AutomaticByPlatform'
- 'ImageDefault'
-])
-param patchAssessmentMode string = 'ImageDefault'
-
-@description('Optional. Specifies the time zone of the virtual machine. e.g. \'Pacific Standard Time\'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`.')
-param timeZone string = ''
-
-@description('Optional. Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object.')
-param additionalUnattendContent array = []
-
-@description('Optional. Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object.')
-param winRM object = {}
-
-@description('Required. The configuration profile of automanage.')
-@allowed([
- '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
- '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest'
- ''
-])
-param configurationProfile string = ''
-
-var publicKeysFormatted = [for publicKey in publicKeys: {
- path: publicKey.path
- keyData: publicKey.keyData
-}]
-
-var linuxConfiguration = {
- disablePasswordAuthentication: disablePasswordAuthentication
- ssh: {
- publicKeys: publicKeysFormatted
- }
- provisionVMAgent: provisionVMAgent
- patchSettings: (provisionVMAgent && (patchMode =~ 'AutomaticByPlatform' || patchMode =~ 'ImageDefault')) ? {
- patchMode: patchMode
- assessmentMode: patchAssessmentMode
- } : null
-}
-
-var windowsConfiguration = {
- provisionVMAgent: provisionVMAgent
- enableAutomaticUpdates: enableAutomaticUpdates
- patchSettings: (provisionVMAgent && (patchMode =~ 'AutomaticByPlatform' || patchMode =~ 'AutomaticByOS' || patchMode =~ 'Manual')) ? {
- patchMode: patchMode
- assessmentMode: patchAssessmentMode
- } : null
- timeZone: empty(timeZone) ? null : timeZone
- additionalUnattendContent: empty(additionalUnattendContent) ? null : additionalUnattendContent
- winRM: !empty(winRM) ? {
- listeners: winRM
- } : null
-}
-
-var accountSasProperties = {
- signedServices: 'b'
- signedPermission: 'r'
- signedExpiry: dateTimeAdd(baseTime, sasTokenValidityLength)
- signedResourceTypes: 'o'
- signedProtocol: 'https'
-}
-
-var formattedUserAssignedIdentities = reduce(map((managedIdentities.?userAssignedResourceIds ?? []), (id) => { '${id}': {} }), {}, (cur, next) => union(cur, next)) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} }
-
-// If AADJoin Extension is enabled then we automatically enable SystemAssigned (required by AADJoin), otherwise we follow the usual logic.
-var identity = !empty(managedIdentities) ? {
- type: (extensionAadJoinConfig.enabled ? true : (managedIdentities.?systemAssigned ?? false)) ? (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'UserAssigned' : null)
- userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null
-} : null
-
-var enableReferencedModulesTelemetry = false
-
-var builtInRoleNames = {
- Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
- 'Data Operator for Managed Disks': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '959f8984-c045-4866-89c7-12bf9737be2e')
- 'Desktop Virtualization Power On Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '489581de-a3bd-480d-9518-53dea7416b33')
- 'Desktop Virtualization Power On Off Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '40c5ff49-9181-41f8-ae61-143b0e78555e')
- 'Desktop Virtualization Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')
- 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')
- 'Disk Backup Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3e5e47e6-65f7-47ef-90b5-e5dd4d455f24')
- 'Disk Pool Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '60fc6e62-5479-42d4-8bf4-67625fcc2840')
- 'Disk Restore Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b50d9833-a0cb-478e-945f-707fcc997c13')
- 'Disk Snapshot Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce')
- Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
- Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
- 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')
- 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
- 'Virtual Machine Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')
- 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')
- 'Virtual Machine User Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')
- 'VM Scanner Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd24ecba3-c1f4-40fa-a7bb-4588a071e8fd')
-}
-
-resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
- name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
- properties: {
- mode: 'Incremental'
- template: {
- '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
- contentVersion: '1.0.0.0'
- resources: []
- }
- }
-}
-
-module vm_nic 'modules/nested_networkInterface.bicep' = [for (nicConfiguration, index) in nicConfigurations: {
- name: '${uniqueString(deployment().name, location)}-VM-Nic-${index}'
- params: {
- networkInterfaceName: '${name}${nicConfiguration.nicSuffix}'
- virtualMachineName: name
- location: location
- enableIPForwarding: contains(nicConfiguration, 'enableIPForwarding') ? (!empty(nicConfiguration.enableIPForwarding) ? nicConfiguration.enableIPForwarding : false) : false
- enableAcceleratedNetworking: contains(nicConfiguration, 'enableAcceleratedNetworking') ? nicConfiguration.enableAcceleratedNetworking : true
- dnsServers: contains(nicConfiguration, 'dnsServers') ? (!empty(nicConfiguration.dnsServers) ? nicConfiguration.dnsServers : []) : []
- networkSecurityGroupResourceId: contains(nicConfiguration, 'networkSecurityGroupResourceId') ? nicConfiguration.networkSecurityGroupResourceId : ''
- ipConfigurations: nicConfiguration.ipConfigurations
- lock: nicConfiguration.?lock ?? lock
- tags: nicConfiguration.?tags ?? tags
- diagnosticSettings: nicConfiguration.?diagnosticSettings
- roleAssignments: nicConfiguration.?roleAssignments
- }
-}]
-
-resource vm 'Microsoft.Compute/virtualMachines@2022-11-01' = {
- name: name
- location: location
- identity: identity
- tags: tags
- zones: availabilityZone != 0 ? array(availabilityZone) : null
- plan: !empty(plan) ? plan : null
- properties: {
- hardwareProfile: {
- vmSize: vmSize
- }
- securityProfile: {
- encryptionAtHost: encryptionAtHost ? encryptionAtHost : null
- securityType: securityType
- uefiSettings: securityType == 'TrustedLaunch' ? {
- secureBootEnabled: secureBootEnabled
- vTpmEnabled: vTpmEnabled
- } : null
- }
- storageProfile: {
- imageReference: imageReference
- osDisk: {
- name: '${name}-disk-os-01'
- createOption: contains(osDisk, 'createOption') ? osDisk.createOption : 'FromImage'
- deleteOption: contains(osDisk, 'deleteOption') ? osDisk.deleteOption : 'Delete'
- diskSizeGB: osDisk.diskSizeGB
- caching: contains(osDisk, 'caching') ? osDisk.caching : 'ReadOnly'
- managedDisk: {
- storageAccountType: osDisk.managedDisk.storageAccountType
- diskEncryptionSet: contains(osDisk.managedDisk, 'diskEncryptionSet') ? {
- id: osDisk.managedDisk.diskEncryptionSet.id
- } : null
- }
- }
- dataDisks: [for (dataDisk, index) in dataDisks: {
- lun: index
- name: '${name}-disk-data-${padLeft((index + 1), 2, '0')}'
- diskSizeGB: dataDisk.diskSizeGB
- createOption: contains(dataDisk, 'createOption') ? dataDisk.createOption : 'Empty'
- deleteOption: contains(dataDisk, 'deleteOption') ? dataDisk.deleteOption : 'Delete'
- caching: contains(dataDisk, 'caching') ? dataDisk.caching : 'ReadOnly'
- managedDisk: {
- storageAccountType: dataDisk.managedDisk.storageAccountType
- diskEncryptionSet: contains(dataDisk.managedDisk, 'diskEncryptionSet') ? {
- id: dataDisk.managedDisk.diskEncryptionSet.id
- } : null
- }
- }]
- }
- additionalCapabilities: {
- ultraSSDEnabled: ultraSSDEnabled
- }
- osProfile: {
- computerName: computerName
- adminUsername: adminUsername
- adminPassword: adminPassword
- customData: !empty(customData) ? base64(customData) : null
- windowsConfiguration: osType == 'Windows' ? windowsConfiguration : null
- linuxConfiguration: osType == 'Linux' ? linuxConfiguration : null
- secrets: certificatesToBeInstalled
- allowExtensionOperations: allowExtensionOperations
- }
- networkProfile: {
- networkInterfaces: [for (nicConfiguration, index) in nicConfigurations: {
- properties: {
- deleteOption: contains(nicConfiguration, 'deleteOption') ? nicConfiguration.deleteOption : 'Delete'
- primary: index == 0 ? true : false
- }
- id: az.resourceId('Microsoft.Network/networkInterfaces', '${name}${nicConfiguration.nicSuffix}')
- }]
- }
- diagnosticsProfile: {
- bootDiagnostics: {
- enabled: !empty(bootDiagnosticStorageAccountName) ? true : bootDiagnostics
- storageUri: !empty(bootDiagnosticStorageAccountName) ? 'https://${bootDiagnosticStorageAccountName}${bootDiagnosticStorageAccountUri}' : null
- }
- }
- availabilitySet: !empty(availabilitySetResourceId) ? {
- id: availabilitySetResourceId
- } : null
- proximityPlacementGroup: !empty(proximityPlacementGroupResourceId) ? {
- id: proximityPlacementGroupResourceId
- } : null
- priority: priority
- evictionPolicy: enableEvictionPolicy ? 'Deallocate' : null
- billingProfile: !empty(priority) && !empty(maxPriceForLowPriorityVm) ? {
- maxPrice: maxPriceForLowPriorityVm
- } : null
- host: !empty(dedicatedHostId) ? {
- id: dedicatedHostId
- } : null
- licenseType: !empty(licenseType) ? licenseType : null
- }
- dependsOn: [
- vm_nic
- ]
-}
-
-resource vm_configurationProfileAssignment 'Microsoft.Automanage/configurationProfileAssignments@2021-04-30-preview' = if (!empty(configurationProfile)) {
- name: 'default'
- properties: {
- configurationProfile: configurationProfile
- }
- scope: vm
-}
-
-module vm_aadJoinExtension 'extension/main.bicep' = if (extensionAadJoinConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VM-AADLogin'
- params: {
- virtualMachineName: vm.name
- name: 'AADLogin'
- publisher: 'Microsoft.Azure.ActiveDirectory'
- type: osType == 'Windows' ? 'AADLoginForWindows' : 'AADSSHLoginforLinux'
- typeHandlerVersion: contains(extensionAadJoinConfig, 'typeHandlerVersion') ? extensionAadJoinConfig.typeHandlerVersion : '1.0'
- autoUpgradeMinorVersion: contains(extensionAadJoinConfig, 'autoUpgradeMinorVersion') ? extensionAadJoinConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionAadJoinConfig, 'enableAutomaticUpgrade') ? extensionAadJoinConfig.enableAutomaticUpgrade : false
- settings: contains(extensionAadJoinConfig, 'settings') ? extensionAadJoinConfig.settings : {}
- tags: extensionAadJoinConfig.?tags ?? tags
- }
-}
-
-module vm_domainJoinExtension 'extension/main.bicep' = if (extensionDomainJoinConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VM-DomainJoin'
- params: {
- virtualMachineName: vm.name
- name: 'DomainJoin'
- publisher: 'Microsoft.Compute'
- type: 'JsonADDomainExtension'
- typeHandlerVersion: contains(extensionDomainJoinConfig, 'typeHandlerVersion') ? extensionDomainJoinConfig.typeHandlerVersion : '1.3'
- autoUpgradeMinorVersion: contains(extensionDomainJoinConfig, 'autoUpgradeMinorVersion') ? extensionDomainJoinConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionDomainJoinConfig, 'enableAutomaticUpgrade') ? extensionDomainJoinConfig.enableAutomaticUpgrade : false
- settings: extensionDomainJoinConfig.settings
- tags: extensionDomainJoinConfig.?tags ?? tags
- protectedSettings: {
- Password: extensionDomainJoinPassword
- }
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}
-
-module vm_microsoftAntiMalwareExtension 'extension/main.bicep' = if (extensionAntiMalwareConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VM-MicrosoftAntiMalware'
- params: {
- virtualMachineName: vm.name
- name: 'MicrosoftAntiMalware'
- publisher: 'Microsoft.Azure.Security'
- type: 'IaaSAntimalware'
- typeHandlerVersion: contains(extensionAntiMalwareConfig, 'typeHandlerVersion') ? extensionAntiMalwareConfig.typeHandlerVersion : '1.3'
- autoUpgradeMinorVersion: contains(extensionAntiMalwareConfig, 'autoUpgradeMinorVersion') ? extensionAntiMalwareConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionAntiMalwareConfig, 'enableAutomaticUpgrade') ? extensionAntiMalwareConfig.enableAutomaticUpgrade : false
- settings: extensionAntiMalwareConfig.settings
- tags: extensionAntiMalwareConfig.?tags ?? tags
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}
-
-resource vm_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(monitoringWorkspaceId)) {
- name: last(split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : 'law'), '/'))!
- scope: az.resourceGroup(split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '//'), '/')[2], split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '////'), '/')[4])
-}
-
-module vm_microsoftMonitoringAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VM-MicrosoftMonitoringAgent'
- params: {
- virtualMachineName: vm.name
- name: 'MicrosoftMonitoringAgent'
- publisher: 'Microsoft.EnterpriseCloud.Monitoring'
- type: osType == 'Windows' ? 'MicrosoftMonitoringAgent' : 'OmsAgentForLinux'
- typeHandlerVersion: contains(extensionMonitoringAgentConfig, 'typeHandlerVersion') ? extensionMonitoringAgentConfig.typeHandlerVersion : (osType == 'Windows' ? '1.0' : '1.7')
- autoUpgradeMinorVersion: contains(extensionMonitoringAgentConfig, 'autoUpgradeMinorVersion') ? extensionMonitoringAgentConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionMonitoringAgentConfig, 'enableAutomaticUpgrade') ? extensionMonitoringAgentConfig.enableAutomaticUpgrade : false
- settings: {
- workspaceId: !empty(monitoringWorkspaceId) ? vm_logAnalyticsWorkspace.properties.customerId : ''
- }
- tags: extensionMonitoringAgentConfig.?tags ?? tags
- protectedSettings: {
- workspaceKey: !empty(monitoringWorkspaceId) ? vm_logAnalyticsWorkspace.listKeys().primarySharedKey : ''
- }
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}
-
-module vm_dependencyAgentExtension 'extension/main.bicep' = if (extensionDependencyAgentConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VM-DependencyAgent'
- params: {
- virtualMachineName: vm.name
- name: 'DependencyAgent'
- publisher: 'Microsoft.Azure.Monitoring.DependencyAgent'
- type: osType == 'Windows' ? 'DependencyAgentWindows' : 'DependencyAgentLinux'
- typeHandlerVersion: contains(extensionDependencyAgentConfig, 'typeHandlerVersion') ? extensionDependencyAgentConfig.typeHandlerVersion : '9.5'
- autoUpgradeMinorVersion: contains(extensionDependencyAgentConfig, 'autoUpgradeMinorVersion') ? extensionDependencyAgentConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionDependencyAgentConfig, 'enableAutomaticUpgrade') ? extensionDependencyAgentConfig.enableAutomaticUpgrade : true
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- tags: extensionDependencyAgentConfig.?tags ?? tags
- }
-}
-
-module vm_networkWatcherAgentExtension 'extension/main.bicep' = if (extensionNetworkWatcherAgentConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VM-NetworkWatcherAgent'
- params: {
- virtualMachineName: vm.name
- name: 'NetworkWatcherAgent'
- publisher: 'Microsoft.Azure.NetworkWatcher'
- type: osType == 'Windows' ? 'NetworkWatcherAgentWindows' : 'NetworkWatcherAgentLinux'
- typeHandlerVersion: contains(extensionNetworkWatcherAgentConfig, 'typeHandlerVersion') ? extensionNetworkWatcherAgentConfig.typeHandlerVersion : '1.4'
- autoUpgradeMinorVersion: contains(extensionNetworkWatcherAgentConfig, 'autoUpgradeMinorVersion') ? extensionNetworkWatcherAgentConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionNetworkWatcherAgentConfig, 'enableAutomaticUpgrade') ? extensionNetworkWatcherAgentConfig.enableAutomaticUpgrade : false
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- tags: extensionNetworkWatcherAgentConfig.?tags ?? tags
- }
-}
-
-module vm_desiredStateConfigurationExtension 'extension/main.bicep' = if (extensionDSCConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VM-DesiredStateConfiguration'
- params: {
- virtualMachineName: vm.name
- name: 'DesiredStateConfiguration'
- publisher: 'Microsoft.Powershell'
- type: 'DSC'
- typeHandlerVersion: contains(extensionDSCConfig, 'typeHandlerVersion') ? extensionDSCConfig.typeHandlerVersion : '2.77'
- autoUpgradeMinorVersion: contains(extensionDSCConfig, 'autoUpgradeMinorVersion') ? extensionDSCConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionDSCConfig, 'enableAutomaticUpgrade') ? extensionDSCConfig.enableAutomaticUpgrade : false
- settings: contains(extensionDSCConfig, 'settings') ? extensionDSCConfig.settings : {}
- tags: extensionDSCConfig.?tags ?? tags
- protectedSettings: contains(extensionDSCConfig, 'protectedSettings') ? extensionDSCConfig.protectedSettings : {}
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}
-
-module vm_customScriptExtension 'extension/main.bicep' = if (extensionCustomScriptConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VM-CustomScriptExtension'
- params: {
- virtualMachineName: vm.name
- name: 'CustomScriptExtension'
- publisher: osType == 'Windows' ? 'Microsoft.Compute' : 'Microsoft.Azure.Extensions'
- type: osType == 'Windows' ? 'CustomScriptExtension' : 'CustomScript'
- typeHandlerVersion: contains(extensionCustomScriptConfig, 'typeHandlerVersion') ? extensionCustomScriptConfig.typeHandlerVersion : (osType == 'Windows' ? '1.10' : '2.1')
- autoUpgradeMinorVersion: contains(extensionCustomScriptConfig, 'autoUpgradeMinorVersion') ? extensionCustomScriptConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionCustomScriptConfig, 'enableAutomaticUpgrade') ? extensionCustomScriptConfig.enableAutomaticUpgrade : false
- settings: {
- fileUris: [for fileData in extensionCustomScriptConfig.fileData: contains(fileData, 'storageAccountId') ? '${fileData.uri}?${listAccountSas(fileData.storageAccountId, '2019-04-01', accountSasProperties).accountSasToken}' : fileData.uri]
- }
- tags: extensionCustomScriptConfig.?tags ?? tags
- protectedSettings: extensionCustomScriptProtectedSetting
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
- dependsOn: [
- vm_desiredStateConfigurationExtension
- ]
-}
-
-module vm_azureDiskEncryptionExtension 'extension/main.bicep' = if (extensionAzureDiskEncryptionConfig.enabled) {
- name: '${uniqueString(deployment().name, location)}-VM-AzureDiskEncryption'
- params: {
- virtualMachineName: vm.name
- name: 'AzureDiskEncryption'
- publisher: 'Microsoft.Azure.Security'
- type: osType == 'Windows' ? 'AzureDiskEncryption' : 'AzureDiskEncryptionForLinux'
- typeHandlerVersion: contains(extensionAzureDiskEncryptionConfig, 'typeHandlerVersion') ? extensionAzureDiskEncryptionConfig.typeHandlerVersion : (osType == 'Windows' ? '2.2' : '1.1')
- autoUpgradeMinorVersion: contains(extensionAzureDiskEncryptionConfig, 'autoUpgradeMinorVersion') ? extensionAzureDiskEncryptionConfig.autoUpgradeMinorVersion : true
- enableAutomaticUpgrade: contains(extensionAzureDiskEncryptionConfig, 'enableAutomaticUpgrade') ? extensionAzureDiskEncryptionConfig.enableAutomaticUpgrade : false
- forceUpdateTag: contains(extensionAzureDiskEncryptionConfig, 'forceUpdateTag') ? extensionAzureDiskEncryptionConfig.forceUpdateTag : '1.0'
- settings: extensionAzureDiskEncryptionConfig.settings
- tags: extensionAzureDiskEncryptionConfig.?tags ?? tags
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
- dependsOn: [
- vm_customScriptExtension
- vm_microsoftMonitoringAgentExtension
- ]
-}
-
-module vm_backup '../../recovery-services/vault/backup-fabric/protection-container/protected-item/main.bicep' = if (!empty(backupVaultName)) {
- name: '${uniqueString(deployment().name, location)}-VM-Backup'
- params: {
- name: 'vm;iaasvmcontainerv2;${resourceGroup().name};${vm.name}'
- policyId: az.resourceId('Microsoft.RecoveryServices/vaults/backupPolicies', backupVaultName, backupPolicyName)
- protectedItemType: 'Microsoft.Compute/virtualMachines'
- protectionContainerName: 'iaasvmcontainer;iaasvmcontainerv2;${resourceGroup().name};${vm.name}'
- recoveryVaultName: backupVaultName
- sourceResourceId: vm.id
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
- scope: az.resourceGroup(backupVaultResourceGroup)
- dependsOn: [
- vm_aadJoinExtension
- vm_domainJoinExtension
- vm_microsoftMonitoringAgentExtension
- vm_microsoftAntiMalwareExtension
- vm_networkWatcherAgentExtension
- vm_dependencyAgentExtension
- vm_desiredStateConfigurationExtension
- vm_customScriptExtension
- ]
-}
-
-resource vm_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') {
- name: lock.?name ?? 'lock-${name}'
- properties: {
- level: lock.?kind ?? ''
- notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.'
- }
- scope: vm
-}
-
-resource vm_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): {
- name: guid(vm.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName)
- properties: {
- roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : contains(roleAssignment.roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/') ? roleAssignment.roleDefinitionIdOrName : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName)
- principalId: roleAssignment.principalId
- description: roleAssignment.?description
- principalType: roleAssignment.?principalType
- condition: roleAssignment.?condition
- conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set
- delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId
- }
- scope: vm
-}]
-
-@description('The name of the VM.')
-output name string = vm.name
-
-@description('The resource ID of the VM.')
-output resourceId string = vm.id
-
-@description('The name of the resource group the VM was created in.')
-output resourceGroupName string = resourceGroup().name
-
-@description('The principal ID of the system assigned identity.')
-output systemAssignedMIPrincipalId string = (managedIdentities.?systemAssigned ?? false) && contains(vm.identity, 'principalId') ? vm.identity.principalId : ''
-
-@description('The location the resource was deployed into.')
-output location string = vm.location
-
-// =============== //
-// Definitions //
-// =============== //
-
-type managedIdentitiesType = {
- @description('Optional. Enables system assigned managed identity on the resource.')
- systemAssigned: bool?
-
- @description('Optional. The resource ID(s) to assign to the resource.')
- userAssignedResourceIds: string[]?
-}?
-
-type lockType = {
- @description('Optional. Specify the name of lock.')
- name: string?
-
- @description('Optional. Specify the type of lock.')
- kind: ('CanNotDelete' | 'ReadOnly' | 'None')?
-}?
-
-type roleAssignmentType = {
- @description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
- roleDefinitionIdOrName: string
-
- @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.')
- principalId: string
-
- @description('Optional. The principal type of the assigned principal ID.')
- principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device')?
-
- @description('Optional. The description of the role assignment.')
- description: string?
-
- @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"')
- condition: string?
-
- @description('Optional. Version of the condition.')
- conditionVersion: '2.0'?
-
- @description('Optional. The Resource Id of the delegated managed identity resource.')
- delegatedManagedIdentityResourceId: string?
-}[]?
-
-type diagnosticSettingType = {
- @description('Optional. The name of diagnostic setting.')
- name: string?
-
- @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.')
- logCategoriesAndGroups: {
- @description('Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.')
- category: string?
-
- @description('Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to \'AllLogs\' to collect all logs.')
- categoryGroup: string?
- }[]?
-
- @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.')
- metricCategories: {
- @description('Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to \'AllMetrics\' to collect all metrics.')
- category: string
- }[]?
-
- @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.')
- logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics')?
-
- @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
- workspaceResourceId: string?
-
- @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
- storageAccountResourceId: string?
-
- @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.')
- eventHubAuthorizationRuleResourceId: string?
-
- @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
- eventHubName: string?
-
- @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.')
- marketplacePartnerResourceId: string?
-}[]?
+metadata name = 'Virtual Machines'
+metadata description = 'This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs.'
+metadata owner = 'Azure/module-maintainers'
+
+// Main resource
+@description('Optional. The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group\'s name.')
+param name string = take(toLower(uniqueString(resourceGroup().name)), 10)
+
+@description('Optional. Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name.')
+param computerName string = name
+
+@description('Required. Specifies the size for the VMs.')
+param vmSize string
+
+@description('Optional. This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.')
+param encryptionAtHost bool = true
+
+@description('Optional. Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings.')
+param securityType string = ''
+
+@description('Optional. Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.')
+param secureBootEnabled bool = false
+
+@description('Optional. Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings.')
+param vTpmEnabled bool = false
+
+@description('Required. OS image reference. In case of marketplace images, it\'s the combination of the publisher, offer, sku, version attributes. In case of custom images it\'s the resource ID of the custom image.')
+param imageReference object
+
+@description('Optional. Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use.')
+param plan object = {}
+
+@description('Required. Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.')
+param osDisk object
+
+@description('Optional. Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.')
+param dataDisks array = []
+
+@description('Optional. The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled.')
+param ultraSSDEnabled bool = false
+
+@description('Required. Administrator username.')
+@secure()
+param adminUsername string
+
+@description('Optional. When specifying a Windows Virtual Machine, this value should be passed.')
+@secure()
+param adminPassword string = ''
+
+@description('Optional. Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format.')
+param customData string = ''
+
+@description('Optional. Specifies set of certificates that should be installed onto the virtual machine.')
+param certificatesToBeInstalled array = []
+
+@description('Optional. Specifies the priority for the virtual machine.')
+@allowed([
+ 'Regular'
+ 'Low'
+ 'Spot'
+])
+param priority string = 'Regular'
+
+@description('Optional. Specifies the eviction policy for the low priority virtual machine. Will result in \'Deallocate\' eviction policy.')
+param enableEvictionPolicy bool = false
+
+@description('Optional. Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars.')
+param maxPriceForLowPriorityVm string = ''
+
+@description('Optional. Specifies resource ID about the dedicated host that the virtual machine resides in.')
+param dedicatedHostId string = ''
+
+@description('Optional. Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system.')
+@allowed([
+ 'Windows_Client'
+ 'Windows_Server'
+ ''
+])
+param licenseType string = ''
+
+@description('Optional. The list of SSH public keys used to authenticate with linux based VMs.')
+param publicKeys array = []
+
+@description('Optional. The managed identity definition for this resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True".')
+param managedIdentities managedIdentitiesType
+
+@description('Optional. Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled.')
+param bootDiagnostics bool = false
+
+@description('Optional. Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided.')
+param bootDiagnosticStorageAccountName string = ''
+
+@description('Optional. Storage account boot diagnostic base URI.')
+param bootDiagnosticStorageAccountUri string = '.blob.${environment().suffixes.storage}/'
+
+@description('Optional. Resource ID of a proximity placement group.')
+param proximityPlacementGroupResourceId string = ''
+
+@description('Optional. Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set.')
+param availabilitySetResourceId string = ''
+
+@description('Optional. If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set.')
+@allowed([
+ 0
+ 1
+ 2
+ 3
+])
+param availabilityZone int = 0
+
+// External resources
+@description('Required. Configures NICs and PIPs.')
+param nicConfigurations array
+
+@description('Optional. Recovery service vault name to add VMs to backup.')
+param backupVaultName string = ''
+
+@description('Optional. Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default.')
+param backupVaultResourceGroup string = resourceGroup().name
+
+@description('Optional. Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault.')
+param backupPolicyName string = 'DefaultPolicy'
+
+// Child resources
+@description('Optional. Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine.')
+param allowExtensionOperations bool = true
+
+@description('Optional. Required if name is specified. Password of the user specified in user parameter.')
+@secure()
+param extensionDomainJoinPassword string = ''
+
+@description('Optional. The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed.')
+param extensionDomainJoinConfig object = {
+ enabled: false
+}
+
+@description('Optional. The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed.')
+param extensionAadJoinConfig object = {
+ enabled: false
+}
+
+@description('Optional. The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed.')
+param extensionAntiMalwareConfig object = {
+ enabled: false
+}
+
+@description('Optional. The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed.')
+param extensionMonitoringAgentConfig object = {
+ enabled: false
+}
+
+@description('Optional. Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true.')
+param monitoringWorkspaceId string = ''
+
+@description('Optional. The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed.')
+param extensionDependencyAgentConfig object = {
+ enabled: false
+}
+
+@description('Optional. The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed.')
+param extensionNetworkWatcherAgentConfig object = {
+ enabled: false
+}
+
+@description('Optional. The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.')
+param extensionAzureDiskEncryptionConfig object = {
+ enabled: false
+}
+
+@description('Optional. The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed.')
+param extensionDSCConfig object = {
+ enabled: false
+}
+
+@description('Optional. The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed.')
+param extensionCustomScriptConfig object = {
+ enabled: false
+ fileData: []
+}
+
+@description('Optional. Any object that contains the extension specific protected settings.')
+@secure()
+param extensionCustomScriptProtectedSetting object = {}
+
+// Shared parameters
+@description('Optional. Location for all resources.')
+param location string = resourceGroup().location
+
+@description('Optional. The lock settings of the service.')
+param lock lockType
+
+@description('Optional. Array of role assignments to create.')
+param roleAssignments roleAssignmentType
+
+@description('Optional. Tags of the resource.')
+param tags object?
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+@description('Generated. Do not provide a value! This date value is used to generate a registration token.')
+param baseTime string = utcNow('u')
+
+@description('Optional. SAS token validity length to use to download files from storage accounts. Usage: \'PT8H\' - valid for 8 hours; \'P5D\' - valid for 5 days; \'P1Y\' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours.')
+param sasTokenValidityLength string = 'PT8H'
+
+@description('Required. The chosen OS type.')
+@allowed([
+ 'Windows'
+ 'Linux'
+])
+param osType string
+
+@description('Optional. Specifies whether password authentication should be disabled.')
+#disable-next-line secure-secrets-in-params // Not a secret
+param disablePasswordAuthentication bool = false
+
+@description('Optional. Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later.')
+param provisionVMAgent bool = true
+
+@description('Optional. Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning.')
+param enableAutomaticUpdates bool = true
+
+@description('Optional. VM guest patching orchestration mode. \'AutomaticByOS\' & \'Manual\' are for Windows only, \'ImageDefault\' for Linux only. Refer to \'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching\'.')
+@allowed([
+ 'AutomaticByPlatform'
+ 'AutomaticByOS'
+ 'Manual'
+ 'ImageDefault'
+ ''
+])
+param patchMode string = ''
+
+@description('Optional. VM guest patching assessment mode. Set it to \'AutomaticByPlatform\' to enable automatically check for updates every 24 hours.')
+@allowed([
+ 'AutomaticByPlatform'
+ 'ImageDefault'
+])
+param patchAssessmentMode string = 'ImageDefault'
+
+@description('Optional. Specifies the time zone of the virtual machine. e.g. \'Pacific Standard Time\'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`.')
+param timeZone string = ''
+
+@description('Optional. Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object.')
+param additionalUnattendContent array = []
+
+@description('Optional. Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object.')
+param winRM array = []
+
+@description('Required. The configuration profile of automanage.')
+@allowed([
+ '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
+ '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest'
+ ''
+])
+param configurationProfile string = ''
+
+var publicKeysFormatted = [for publicKey in publicKeys: {
+ path: publicKey.path
+ keyData: publicKey.keyData
+}]
+
+var linuxConfiguration = {
+ disablePasswordAuthentication: disablePasswordAuthentication
+ ssh: {
+ publicKeys: publicKeysFormatted
+ }
+ provisionVMAgent: provisionVMAgent
+ patchSettings: (provisionVMAgent && (patchMode =~ 'AutomaticByPlatform' || patchMode =~ 'ImageDefault')) ? {
+ patchMode: patchMode
+ assessmentMode: patchAssessmentMode
+ } : null
+}
+
+var windowsConfiguration = {
+ provisionVMAgent: provisionVMAgent
+ enableAutomaticUpdates: enableAutomaticUpdates
+ patchSettings: (provisionVMAgent && (patchMode =~ 'AutomaticByPlatform' || patchMode =~ 'AutomaticByOS' || patchMode =~ 'Manual')) ? {
+ patchMode: patchMode
+ assessmentMode: patchAssessmentMode
+ } : null
+ timeZone: empty(timeZone) ? null : timeZone
+ additionalUnattendContent: empty(additionalUnattendContent) ? null : additionalUnattendContent
+ winRM: !empty(winRM) ? {
+ listeners: winRM
+ } : null
+}
+
+var accountSasProperties = {
+ signedServices: 'b'
+ signedPermission: 'r'
+ signedExpiry: dateTimeAdd(baseTime, sasTokenValidityLength)
+ signedResourceTypes: 'o'
+ signedProtocol: 'https'
+}
+
+var formattedUserAssignedIdentities = reduce(map((managedIdentities.?userAssignedResourceIds ?? []), (id) => { '${id}': {} }), {}, (cur, next) => union(cur, next)) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} }
+
+// If AADJoin Extension is enabled then we automatically enable SystemAssigned (required by AADJoin), otherwise we follow the usual logic.
+var identity = !empty(managedIdentities) ? {
+ type: (extensionAadJoinConfig.enabled ? true : (managedIdentities.?systemAssigned ?? false)) ? (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'UserAssigned' : null)
+ userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null
+} : null
+
+var enableReferencedModulesTelemetry = false
+
+var builtInRoleNames = {
+ Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
+ 'Data Operator for Managed Disks': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '959f8984-c045-4866-89c7-12bf9737be2e')
+ 'Desktop Virtualization Power On Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '489581de-a3bd-480d-9518-53dea7416b33')
+ 'Desktop Virtualization Power On Off Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '40c5ff49-9181-41f8-ae61-143b0e78555e')
+ 'Desktop Virtualization Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')
+ 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')
+ 'Disk Backup Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3e5e47e6-65f7-47ef-90b5-e5dd4d455f24')
+ 'Disk Pool Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '60fc6e62-5479-42d4-8bf4-67625fcc2840')
+ 'Disk Restore Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b50d9833-a0cb-478e-945f-707fcc997c13')
+ 'Disk Snapshot Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce')
+ Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
+ Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
+ 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')
+ 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
+ 'Virtual Machine Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')
+ 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')
+ 'Virtual Machine User Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')
+ 'VM Scanner Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd24ecba3-c1f4-40fa-a7bb-4588a071e8fd')
+}
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+ name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
+ properties: {
+ mode: 'Incremental'
+ template: {
+ '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+ contentVersion: '1.0.0.0'
+ resources: []
+ }
+ }
+}
+
+module vm_nic 'modules/nested_networkInterface.bicep' = [for (nicConfiguration, index) in nicConfigurations: {
+ name: '${uniqueString(deployment().name, location)}-VM-Nic-${index}'
+ params: {
+ networkInterfaceName: '${name}${nicConfiguration.nicSuffix}'
+ virtualMachineName: name
+ location: location
+ enableIPForwarding: contains(nicConfiguration, 'enableIPForwarding') ? (!empty(nicConfiguration.enableIPForwarding) ? nicConfiguration.enableIPForwarding : false) : false
+ enableAcceleratedNetworking: contains(nicConfiguration, 'enableAcceleratedNetworking') ? nicConfiguration.enableAcceleratedNetworking : true
+ dnsServers: contains(nicConfiguration, 'dnsServers') ? (!empty(nicConfiguration.dnsServers) ? nicConfiguration.dnsServers : []) : []
+ networkSecurityGroupResourceId: contains(nicConfiguration, 'networkSecurityGroupResourceId') ? nicConfiguration.networkSecurityGroupResourceId : ''
+ ipConfigurations: nicConfiguration.ipConfigurations
+ lock: nicConfiguration.?lock ?? lock
+ tags: nicConfiguration.?tags ?? tags
+ diagnosticSettings: nicConfiguration.?diagnosticSettings
+ roleAssignments: nicConfiguration.?roleAssignments
+ }
+}]
+
+resource vm 'Microsoft.Compute/virtualMachines@2022-11-01' = {
+ name: name
+ location: location
+ identity: identity
+ tags: tags
+ zones: availabilityZone != 0 ? array(availabilityZone) : null
+ plan: !empty(plan) ? plan : null
+ properties: {
+ hardwareProfile: {
+ vmSize: vmSize
+ }
+ securityProfile: {
+ encryptionAtHost: encryptionAtHost ? encryptionAtHost : null
+ securityType: securityType
+ uefiSettings: securityType == 'TrustedLaunch' ? {
+ secureBootEnabled: secureBootEnabled
+ vTpmEnabled: vTpmEnabled
+ } : null
+ }
+ storageProfile: {
+ imageReference: imageReference
+ osDisk: {
+ name: '${name}-disk-os-01'
+ createOption: contains(osDisk, 'createOption') ? osDisk.createOption : 'FromImage'
+ deleteOption: contains(osDisk, 'deleteOption') ? osDisk.deleteOption : 'Delete'
+ diskSizeGB: osDisk.diskSizeGB
+ caching: contains(osDisk, 'caching') ? osDisk.caching : 'ReadOnly'
+ managedDisk: {
+ storageAccountType: osDisk.managedDisk.storageAccountType
+ diskEncryptionSet: contains(osDisk.managedDisk, 'diskEncryptionSet') ? {
+ id: osDisk.managedDisk.diskEncryptionSet.id
+ } : null
+ }
+ }
+ dataDisks: [for (dataDisk, index) in dataDisks: {
+ lun: index
+ name: '${name}-disk-data-${padLeft((index + 1), 2, '0')}'
+ diskSizeGB: dataDisk.diskSizeGB
+ createOption: contains(dataDisk, 'createOption') ? dataDisk.createOption : 'Empty'
+ deleteOption: contains(dataDisk, 'deleteOption') ? dataDisk.deleteOption : 'Delete'
+ caching: contains(dataDisk, 'caching') ? dataDisk.caching : 'ReadOnly'
+ managedDisk: {
+ storageAccountType: dataDisk.managedDisk.storageAccountType
+ diskEncryptionSet: contains(dataDisk.managedDisk, 'diskEncryptionSet') ? {
+ id: dataDisk.managedDisk.diskEncryptionSet.id
+ } : null
+ }
+ }]
+ }
+ additionalCapabilities: {
+ ultraSSDEnabled: ultraSSDEnabled
+ }
+ osProfile: {
+ computerName: computerName
+ adminUsername: adminUsername
+ adminPassword: adminPassword
+ customData: !empty(customData) ? base64(customData) : null
+ windowsConfiguration: osType == 'Windows' ? windowsConfiguration : null
+ linuxConfiguration: osType == 'Linux' ? linuxConfiguration : null
+ secrets: certificatesToBeInstalled
+ allowExtensionOperations: allowExtensionOperations
+ }
+ networkProfile: {
+ networkInterfaces: [for (nicConfiguration, index) in nicConfigurations: {
+ properties: {
+ deleteOption: contains(nicConfiguration, 'deleteOption') ? nicConfiguration.deleteOption : 'Delete'
+ primary: index == 0 ? true : false
+ }
+ id: az.resourceId('Microsoft.Network/networkInterfaces', '${name}${nicConfiguration.nicSuffix}')
+ }]
+ }
+ diagnosticsProfile: {
+ bootDiagnostics: {
+ enabled: !empty(bootDiagnosticStorageAccountName) ? true : bootDiagnostics
+ storageUri: !empty(bootDiagnosticStorageAccountName) ? 'https://${bootDiagnosticStorageAccountName}${bootDiagnosticStorageAccountUri}' : null
+ }
+ }
+ availabilitySet: !empty(availabilitySetResourceId) ? {
+ id: availabilitySetResourceId
+ } : null
+ proximityPlacementGroup: !empty(proximityPlacementGroupResourceId) ? {
+ id: proximityPlacementGroupResourceId
+ } : null
+ priority: priority
+ evictionPolicy: enableEvictionPolicy ? 'Deallocate' : null
+ billingProfile: !empty(priority) && !empty(maxPriceForLowPriorityVm) ? {
+ maxPrice: maxPriceForLowPriorityVm
+ } : null
+ host: !empty(dedicatedHostId) ? {
+ id: dedicatedHostId
+ } : null
+ licenseType: !empty(licenseType) ? licenseType : null
+ }
+ dependsOn: [
+ vm_nic
+ ]
+}
+
+resource vm_configurationProfileAssignment 'Microsoft.Automanage/configurationProfileAssignments@2021-04-30-preview' = if (!empty(configurationProfile)) {
+ name: 'default'
+ properties: {
+ configurationProfile: configurationProfile
+ }
+ scope: vm
+}
+
+module vm_aadJoinExtension 'extension/main.bicep' = if (extensionAadJoinConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VM-AADLogin'
+ params: {
+ virtualMachineName: vm.name
+ name: 'AADLogin'
+ publisher: 'Microsoft.Azure.ActiveDirectory'
+ type: osType == 'Windows' ? 'AADLoginForWindows' : 'AADSSHLoginforLinux'
+ typeHandlerVersion: contains(extensionAadJoinConfig, 'typeHandlerVersion') ? extensionAadJoinConfig.typeHandlerVersion : '1.0'
+ autoUpgradeMinorVersion: contains(extensionAadJoinConfig, 'autoUpgradeMinorVersion') ? extensionAadJoinConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionAadJoinConfig, 'enableAutomaticUpgrade') ? extensionAadJoinConfig.enableAutomaticUpgrade : false
+ settings: contains(extensionAadJoinConfig, 'settings') ? extensionAadJoinConfig.settings : {}
+ tags: extensionAadJoinConfig.?tags ?? tags
+ }
+}
+
+module vm_domainJoinExtension 'extension/main.bicep' = if (extensionDomainJoinConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VM-DomainJoin'
+ params: {
+ virtualMachineName: vm.name
+ name: 'DomainJoin'
+ publisher: 'Microsoft.Compute'
+ type: 'JsonADDomainExtension'
+ typeHandlerVersion: contains(extensionDomainJoinConfig, 'typeHandlerVersion') ? extensionDomainJoinConfig.typeHandlerVersion : '1.3'
+ autoUpgradeMinorVersion: contains(extensionDomainJoinConfig, 'autoUpgradeMinorVersion') ? extensionDomainJoinConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionDomainJoinConfig, 'enableAutomaticUpgrade') ? extensionDomainJoinConfig.enableAutomaticUpgrade : false
+ settings: extensionDomainJoinConfig.settings
+ tags: extensionDomainJoinConfig.?tags ?? tags
+ protectedSettings: {
+ Password: extensionDomainJoinPassword
+ }
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+}
+
+module vm_microsoftAntiMalwareExtension 'extension/main.bicep' = if (extensionAntiMalwareConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VM-MicrosoftAntiMalware'
+ params: {
+ virtualMachineName: vm.name
+ name: 'MicrosoftAntiMalware'
+ publisher: 'Microsoft.Azure.Security'
+ type: 'IaaSAntimalware'
+ typeHandlerVersion: contains(extensionAntiMalwareConfig, 'typeHandlerVersion') ? extensionAntiMalwareConfig.typeHandlerVersion : '1.3'
+ autoUpgradeMinorVersion: contains(extensionAntiMalwareConfig, 'autoUpgradeMinorVersion') ? extensionAntiMalwareConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionAntiMalwareConfig, 'enableAutomaticUpgrade') ? extensionAntiMalwareConfig.enableAutomaticUpgrade : false
+ settings: extensionAntiMalwareConfig.settings
+ tags: extensionAntiMalwareConfig.?tags ?? tags
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+}
+
+resource vm_logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(monitoringWorkspaceId)) {
+ name: last(split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : 'law'), '/'))!
+ scope: az.resourceGroup(split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '//'), '/')[2], split((!empty(monitoringWorkspaceId) ? monitoringWorkspaceId : '////'), '/')[4])
+}
+
+module vm_microsoftMonitoringAgentExtension 'extension/main.bicep' = if (extensionMonitoringAgentConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VM-MicrosoftMonitoringAgent'
+ params: {
+ virtualMachineName: vm.name
+ name: 'MicrosoftMonitoringAgent'
+ publisher: 'Microsoft.EnterpriseCloud.Monitoring'
+ type: osType == 'Windows' ? 'MicrosoftMonitoringAgent' : 'OmsAgentForLinux'
+ typeHandlerVersion: contains(extensionMonitoringAgentConfig, 'typeHandlerVersion') ? extensionMonitoringAgentConfig.typeHandlerVersion : (osType == 'Windows' ? '1.0' : '1.7')
+ autoUpgradeMinorVersion: contains(extensionMonitoringAgentConfig, 'autoUpgradeMinorVersion') ? extensionMonitoringAgentConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionMonitoringAgentConfig, 'enableAutomaticUpgrade') ? extensionMonitoringAgentConfig.enableAutomaticUpgrade : false
+ settings: {
+ workspaceId: !empty(monitoringWorkspaceId) ? vm_logAnalyticsWorkspace.properties.customerId : ''
+ }
+ tags: extensionMonitoringAgentConfig.?tags ?? tags
+ protectedSettings: {
+ workspaceKey: !empty(monitoringWorkspaceId) ? vm_logAnalyticsWorkspace.listKeys().primarySharedKey : ''
+ }
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+}
+
+module vm_dependencyAgentExtension 'extension/main.bicep' = if (extensionDependencyAgentConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VM-DependencyAgent'
+ params: {
+ virtualMachineName: vm.name
+ name: 'DependencyAgent'
+ publisher: 'Microsoft.Azure.Monitoring.DependencyAgent'
+ type: osType == 'Windows' ? 'DependencyAgentWindows' : 'DependencyAgentLinux'
+ typeHandlerVersion: contains(extensionDependencyAgentConfig, 'typeHandlerVersion') ? extensionDependencyAgentConfig.typeHandlerVersion : '9.5'
+ autoUpgradeMinorVersion: contains(extensionDependencyAgentConfig, 'autoUpgradeMinorVersion') ? extensionDependencyAgentConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionDependencyAgentConfig, 'enableAutomaticUpgrade') ? extensionDependencyAgentConfig.enableAutomaticUpgrade : true
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ tags: extensionDependencyAgentConfig.?tags ?? tags
+ }
+}
+
+module vm_networkWatcherAgentExtension 'extension/main.bicep' = if (extensionNetworkWatcherAgentConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VM-NetworkWatcherAgent'
+ params: {
+ virtualMachineName: vm.name
+ name: 'NetworkWatcherAgent'
+ publisher: 'Microsoft.Azure.NetworkWatcher'
+ type: osType == 'Windows' ? 'NetworkWatcherAgentWindows' : 'NetworkWatcherAgentLinux'
+ typeHandlerVersion: contains(extensionNetworkWatcherAgentConfig, 'typeHandlerVersion') ? extensionNetworkWatcherAgentConfig.typeHandlerVersion : '1.4'
+ autoUpgradeMinorVersion: contains(extensionNetworkWatcherAgentConfig, 'autoUpgradeMinorVersion') ? extensionNetworkWatcherAgentConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionNetworkWatcherAgentConfig, 'enableAutomaticUpgrade') ? extensionNetworkWatcherAgentConfig.enableAutomaticUpgrade : false
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ tags: extensionNetworkWatcherAgentConfig.?tags ?? tags
+ }
+}
+
+module vm_desiredStateConfigurationExtension 'extension/main.bicep' = if (extensionDSCConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VM-DesiredStateConfiguration'
+ params: {
+ virtualMachineName: vm.name
+ name: 'DesiredStateConfiguration'
+ publisher: 'Microsoft.Powershell'
+ type: 'DSC'
+ typeHandlerVersion: contains(extensionDSCConfig, 'typeHandlerVersion') ? extensionDSCConfig.typeHandlerVersion : '2.77'
+ autoUpgradeMinorVersion: contains(extensionDSCConfig, 'autoUpgradeMinorVersion') ? extensionDSCConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionDSCConfig, 'enableAutomaticUpgrade') ? extensionDSCConfig.enableAutomaticUpgrade : false
+ settings: contains(extensionDSCConfig, 'settings') ? extensionDSCConfig.settings : {}
+ tags: extensionDSCConfig.?tags ?? tags
+ protectedSettings: contains(extensionDSCConfig, 'protectedSettings') ? extensionDSCConfig.protectedSettings : {}
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+}
+
+module vm_customScriptExtension 'extension/main.bicep' = if (extensionCustomScriptConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VM-CustomScriptExtension'
+ params: {
+ virtualMachineName: vm.name
+ name: 'CustomScriptExtension'
+ publisher: osType == 'Windows' ? 'Microsoft.Compute' : 'Microsoft.Azure.Extensions'
+ type: osType == 'Windows' ? 'CustomScriptExtension' : 'CustomScript'
+ typeHandlerVersion: contains(extensionCustomScriptConfig, 'typeHandlerVersion') ? extensionCustomScriptConfig.typeHandlerVersion : (osType == 'Windows' ? '1.10' : '2.1')
+ autoUpgradeMinorVersion: contains(extensionCustomScriptConfig, 'autoUpgradeMinorVersion') ? extensionCustomScriptConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionCustomScriptConfig, 'enableAutomaticUpgrade') ? extensionCustomScriptConfig.enableAutomaticUpgrade : false
+ settings: {
+ fileUris: [for fileData in extensionCustomScriptConfig.fileData: contains(fileData, 'storageAccountId') ? '${fileData.uri}?${listAccountSas(fileData.storageAccountId, '2019-04-01', accountSasProperties).accountSasToken}' : fileData.uri]
+ }
+ tags: extensionCustomScriptConfig.?tags ?? tags
+ protectedSettings: extensionCustomScriptProtectedSetting
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+ dependsOn: [
+ vm_desiredStateConfigurationExtension
+ ]
+}
+
+module vm_azureDiskEncryptionExtension 'extension/main.bicep' = if (extensionAzureDiskEncryptionConfig.enabled) {
+ name: '${uniqueString(deployment().name, location)}-VM-AzureDiskEncryption'
+ params: {
+ virtualMachineName: vm.name
+ name: 'AzureDiskEncryption'
+ publisher: 'Microsoft.Azure.Security'
+ type: osType == 'Windows' ? 'AzureDiskEncryption' : 'AzureDiskEncryptionForLinux'
+ typeHandlerVersion: contains(extensionAzureDiskEncryptionConfig, 'typeHandlerVersion') ? extensionAzureDiskEncryptionConfig.typeHandlerVersion : (osType == 'Windows' ? '2.2' : '1.1')
+ autoUpgradeMinorVersion: contains(extensionAzureDiskEncryptionConfig, 'autoUpgradeMinorVersion') ? extensionAzureDiskEncryptionConfig.autoUpgradeMinorVersion : true
+ enableAutomaticUpgrade: contains(extensionAzureDiskEncryptionConfig, 'enableAutomaticUpgrade') ? extensionAzureDiskEncryptionConfig.enableAutomaticUpgrade : false
+ forceUpdateTag: contains(extensionAzureDiskEncryptionConfig, 'forceUpdateTag') ? extensionAzureDiskEncryptionConfig.forceUpdateTag : '1.0'
+ settings: extensionAzureDiskEncryptionConfig.settings
+ tags: extensionAzureDiskEncryptionConfig.?tags ?? tags
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+ dependsOn: [
+ vm_customScriptExtension
+ vm_microsoftMonitoringAgentExtension
+ ]
+}
+
+module vm_backup '../../recovery-services/vault/backup-fabric/protection-container/protected-item/main.bicep' = if (!empty(backupVaultName)) {
+ name: '${uniqueString(deployment().name, location)}-VM-Backup'
+ params: {
+ name: 'vm;iaasvmcontainerv2;${resourceGroup().name};${vm.name}'
+ policyId: az.resourceId('Microsoft.RecoveryServices/vaults/backupPolicies', backupVaultName, backupPolicyName)
+ protectedItemType: 'Microsoft.Compute/virtualMachines'
+ protectionContainerName: 'iaasvmcontainer;iaasvmcontainerv2;${resourceGroup().name};${vm.name}'
+ recoveryVaultName: backupVaultName
+ sourceResourceId: vm.id
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+ scope: az.resourceGroup(backupVaultResourceGroup)
+ dependsOn: [
+ vm_aadJoinExtension
+ vm_domainJoinExtension
+ vm_microsoftMonitoringAgentExtension
+ vm_microsoftAntiMalwareExtension
+ vm_networkWatcherAgentExtension
+ vm_dependencyAgentExtension
+ vm_desiredStateConfigurationExtension
+ vm_customScriptExtension
+ ]
+}
+
+resource vm_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') {
+ name: lock.?name ?? 'lock-${name}'
+ properties: {
+ level: lock.?kind ?? ''
+ notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.'
+ }
+ scope: vm
+}
+
+resource vm_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): {
+ name: guid(vm.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName)
+ properties: {
+ roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : contains(roleAssignment.roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/') ? roleAssignment.roleDefinitionIdOrName : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName)
+ principalId: roleAssignment.principalId
+ description: roleAssignment.?description
+ principalType: roleAssignment.?principalType
+ condition: roleAssignment.?condition
+ conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set
+ delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId
+ }
+ scope: vm
+}]
+
+@description('The name of the VM.')
+output name string = vm.name
+
+@description('The resource ID of the VM.')
+output resourceId string = vm.id
+
+@description('The name of the resource group the VM was created in.')
+output resourceGroupName string = resourceGroup().name
+
+@description('The principal ID of the system assigned identity.')
+output systemAssignedMIPrincipalId string = (managedIdentities.?systemAssigned ?? false) && contains(vm.identity, 'principalId') ? vm.identity.principalId : ''
+
+@description('The location the resource was deployed into.')
+output location string = vm.location
+
+// =============== //
+// Definitions //
+// =============== //
+
+type managedIdentitiesType = {
+ @description('Optional. Enables system assigned managed identity on the resource.')
+ systemAssigned: bool?
+
+ @description('Optional. The resource ID(s) to assign to the resource.')
+ userAssignedResourceIds: string[]?
+}?
+
+type lockType = {
+ @description('Optional. Specify the name of lock.')
+ name: string?
+
+ @description('Optional. Specify the type of lock.')
+ kind: ('CanNotDelete' | 'ReadOnly' | 'None')?
+}?
+
+type roleAssignmentType = {
+ @description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
+ roleDefinitionIdOrName: string
+
+ @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.')
+ principalId: string
+
+ @description('Optional. The principal type of the assigned principal ID.')
+ principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device')?
+
+ @description('Optional. The description of the role assignment.')
+ description: string?
+
+ @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"')
+ condition: string?
+
+ @description('Optional. Version of the condition.')
+ conditionVersion: '2.0'?
+
+ @description('Optional. The Resource Id of the delegated managed identity resource.')
+ delegatedManagedIdentityResourceId: string?
+}[]?
+
+type diagnosticSettingType = {
+ @description('Optional. The name of diagnostic setting.')
+ name: string?
+
+ @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.')
+ logCategoriesAndGroups: {
+ @description('Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.')
+ category: string?
+
+ @description('Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to \'AllLogs\' to collect all logs.')
+ categoryGroup: string?
+ }[]?
+
+ @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.')
+ metricCategories: {
+ @description('Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to \'AllMetrics\' to collect all metrics.')
+ category: string
+ }[]?
+
+ @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.')
+ logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics')?
+
+ @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
+ workspaceResourceId: string?
+
+ @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
+ storageAccountResourceId: string?
+
+ @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.')
+ eventHubAuthorizationRuleResourceId: string?
+
+ @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
+ eventHubName: string?
+
+ @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.')
+ marketplacePartnerResourceId: string?
+}[]?
diff --git a/modules/compute/virtual-machine/main.json b/modules/compute/virtual-machine/main.json
index cb696cbdcc..ee2f366e63 100644
--- a/modules/compute/virtual-machine/main.json
+++ b/modules/compute/virtual-machine/main.json
@@ -1,4524 +1,4524 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "89939038941992549"
- },
- "name": "Virtual Machines",
- "description": "This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs.",
- "owner": "Azure/module-maintainers"
- },
- "definitions": {
- "managedIdentitiesType": {
- "type": "object",
- "properties": {
- "systemAssigned": {
- "type": "bool",
- "nullable": true,
- "metadata": {
- "description": "Optional. Enables system assigned managed identity on the resource."
- }
- },
- "userAssignedResourceIds": {
- "type": "array",
- "items": {
- "type": "string"
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. The resource ID(s) to assign to the resource."
- }
- }
- },
- "nullable": true
- },
- "lockType": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the name of lock."
- }
- },
- "kind": {
- "type": "string",
- "allowedValues": [
- "CanNotDelete",
- "None",
- "ReadOnly"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the type of lock."
- }
- }
- },
- "nullable": true
- },
- "roleAssignmentType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "roleDefinitionIdOrName": {
- "type": "string",
- "metadata": {
- "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
- }
- },
- "principalId": {
- "type": "string",
- "metadata": {
- "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
- }
- },
- "principalType": {
- "type": "string",
- "allowedValues": [
- "Device",
- "ForeignGroup",
- "Group",
- "ServicePrincipal",
- "User"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. The principal type of the assigned principal ID."
- }
- },
- "description": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The description of the role assignment."
- }
- },
- "condition": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
- }
- },
- "conditionVersion": {
- "type": "string",
- "allowedValues": [
- "2.0"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Version of the condition."
- }
- },
- "delegatedManagedIdentityResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The Resource Id of the delegated managed identity resource."
- }
- }
- }
- },
- "nullable": true
- },
- "diagnosticSettingType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of diagnostic setting."
- }
- },
- "logCategoriesAndGroups": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "category": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here."
- }
- },
- "categoryGroup": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs."
- }
- }
- }
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
- }
- },
- "metricCategories": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "category": {
- "type": "string",
- "metadata": {
- "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics."
- }
- }
- }
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
- }
- },
- "logAnalyticsDestinationType": {
- "type": "string",
- "allowedValues": [
- "AzureDiagnostics",
- "Dedicated"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type."
- }
- },
- "workspaceResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "storageAccountResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "eventHubAuthorizationRuleResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
- }
- },
- "eventHubName": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "marketplacePartnerResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs."
- }
- }
- }
- },
- "nullable": true
- }
- },
- "parameters": {
- "name": {
- "type": "string",
- "defaultValue": "[take(toLower(uniqueString(resourceGroup().name)), 10)]",
- "metadata": {
- "description": "Optional. The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name."
- }
- },
- "computerName": {
- "type": "string",
- "defaultValue": "[parameters('name')]",
- "metadata": {
- "description": "Optional. Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name."
- }
- },
- "vmSize": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the size for the VMs."
- }
- },
- "encryptionAtHost": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs."
- }
- },
- "securityType": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings."
- }
- },
- "secureBootEnabled": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings."
- }
- },
- "vTpmEnabled": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings."
- }
- },
- "imageReference": {
- "type": "object",
- "metadata": {
- "description": "Required. OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image."
- }
- },
- "plan": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use."
- }
- },
- "osDisk": {
- "type": "object",
- "metadata": {
- "description": "Required. Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs."
- }
- },
- "dataDisks": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Optional. Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs."
- }
- },
- "ultraSSDEnabled": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled."
- }
- },
- "adminUsername": {
- "type": "securestring",
- "metadata": {
- "description": "Required. Administrator username."
- }
- },
- "adminPassword": {
- "type": "securestring",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. When specifying a Windows Virtual Machine, this value should be passed."
- }
- },
- "customData": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format."
- }
- },
- "certificatesToBeInstalled": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Optional. Specifies set of certificates that should be installed onto the virtual machine."
- }
- },
- "priority": {
- "type": "string",
- "defaultValue": "Regular",
- "allowedValues": [
- "Regular",
- "Low",
- "Spot"
- ],
- "metadata": {
- "description": "Optional. Specifies the priority for the virtual machine."
- }
- },
- "enableEvictionPolicy": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy."
- }
- },
- "maxPriceForLowPriorityVm": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars."
- }
- },
- "dedicatedHostId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Specifies resource ID about the dedicated host that the virtual machine resides in."
- }
- },
- "licenseType": {
- "type": "string",
- "defaultValue": "",
- "allowedValues": [
- "Windows_Client",
- "Windows_Server",
- ""
- ],
- "metadata": {
- "description": "Optional. Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system."
- }
- },
- "publicKeys": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Optional. The list of SSH public keys used to authenticate with linux based VMs."
- }
- },
- "managedIdentities": {
- "$ref": "#/definitions/managedIdentitiesType",
- "metadata": {
- "description": "Optional. The managed identity definition for this resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = \"True\"."
- }
- },
- "bootDiagnostics": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled."
- }
- },
- "bootDiagnosticStorageAccountName": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided."
- }
- },
- "bootDiagnosticStorageAccountUri": {
- "type": "string",
- "defaultValue": "[format('.blob.{0}/', environment().suffixes.storage)]",
- "metadata": {
- "description": "Optional. Storage account boot diagnostic base URI."
- }
- },
- "proximityPlacementGroupResourceId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Resource ID of a proximity placement group."
- }
- },
- "availabilitySetResourceId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set."
- }
- },
- "availabilityZone": {
- "type": "int",
- "defaultValue": 0,
- "allowedValues": [
- 0,
- 1,
- 2,
- 3
- ],
- "metadata": {
- "description": "Optional. If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set."
- }
- },
- "nicConfigurations": {
- "type": "array",
- "metadata": {
- "description": "Required. Configures NICs and PIPs."
- }
- },
- "backupVaultName": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Recovery service vault name to add VMs to backup."
- }
- },
- "backupVaultResourceGroup": {
- "type": "string",
- "defaultValue": "[resourceGroup().name]",
- "metadata": {
- "description": "Optional. Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default."
- }
- },
- "backupPolicyName": {
- "type": "string",
- "defaultValue": "DefaultPolicy",
- "metadata": {
- "description": "Optional. Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault."
- }
- },
- "allowExtensionOperations": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine."
- }
- },
- "extensionDomainJoinPassword": {
- "type": "securestring",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Required if name is specified. Password of the user specified in user parameter."
- }
- },
- "extensionDomainJoinConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false
- },
- "metadata": {
- "description": "Optional. The configuration for the [Domain Join] extension. Must at least contain the [\"enabled\": true] property to be executed."
- }
- },
- "extensionAadJoinConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false
- },
- "metadata": {
- "description": "Optional. The configuration for the [AAD Join] extension. Must at least contain the [\"enabled\": true] property to be executed."
- }
- },
- "extensionAntiMalwareConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false
- },
- "metadata": {
- "description": "Optional. The configuration for the [Anti Malware] extension. Must at least contain the [\"enabled\": true] property to be executed."
- }
- },
- "extensionMonitoringAgentConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false
- },
- "metadata": {
- "description": "Optional. The configuration for the [Monitoring Agent] extension. Must at least contain the [\"enabled\": true] property to be executed."
- }
- },
- "monitoringWorkspaceId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true."
- }
- },
- "extensionDependencyAgentConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false
- },
- "metadata": {
- "description": "Optional. The configuration for the [Dependency Agent] extension. Must at least contain the [\"enabled\": true] property to be executed."
- }
- },
- "extensionNetworkWatcherAgentConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false
- },
- "metadata": {
- "description": "Optional. The configuration for the [Network Watcher Agent] extension. Must at least contain the [\"enabled\": true] property to be executed."
- }
- },
- "extensionAzureDiskEncryptionConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false
- },
- "metadata": {
- "description": "Optional. The configuration for the [Azure Disk Encryption] extension. Must at least contain the [\"enabled\": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys."
- }
- },
- "extensionDSCConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false
- },
- "metadata": {
- "description": "Optional. The configuration for the [Desired State Configuration] extension. Must at least contain the [\"enabled\": true] property to be executed."
- }
- },
- "extensionCustomScriptConfig": {
- "type": "object",
- "defaultValue": {
- "enabled": false,
- "fileData": []
- },
- "metadata": {
- "description": "Optional. The configuration for the [Custom Script] extension. Must at least contain the [\"enabled\": true] property to be executed."
- }
- },
- "extensionCustomScriptProtectedSetting": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all resources."
- }
- },
- "lock": {
- "$ref": "#/definitions/lockType",
- "metadata": {
- "description": "Optional. The lock settings of the service."
- }
- },
- "roleAssignments": {
- "$ref": "#/definitions/roleAssignmentType",
- "metadata": {
- "description": "Optional. Array of role assignments to create."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "baseTime": {
- "type": "string",
- "defaultValue": "[utcNow('u')]",
- "metadata": {
- "description": "Generated. Do not provide a value! This date value is used to generate a registration token."
- }
- },
- "sasTokenValidityLength": {
- "type": "string",
- "defaultValue": "PT8H",
- "metadata": {
- "description": "Optional. SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours."
- }
- },
- "osType": {
- "type": "string",
- "allowedValues": [
- "Windows",
- "Linux"
- ],
- "metadata": {
- "description": "Required. The chosen OS type."
- }
- },
- "disablePasswordAuthentication": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Specifies whether password authentication should be disabled."
- }
- },
- "provisionVMAgent": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later."
- }
- },
- "enableAutomaticUpdates": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning."
- }
- },
- "patchMode": {
- "type": "string",
- "defaultValue": "",
- "allowedValues": [
- "AutomaticByPlatform",
- "AutomaticByOS",
- "Manual",
- "ImageDefault",
- ""
- ],
- "metadata": {
- "description": "Optional. VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'."
- }
- },
- "patchAssessmentMode": {
- "type": "string",
- "defaultValue": "ImageDefault",
- "allowedValues": [
- "AutomaticByPlatform",
- "ImageDefault"
- ],
- "metadata": {
- "description": "Optional. VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours."
- }
- },
- "timeZone": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`."
- }
- },
- "additionalUnattendContent": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Optional. Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object."
- }
- },
- "winRM": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object."
- }
- },
- "configurationProfile": {
- "type": "string",
- "defaultValue": "",
- "allowedValues": [
- "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction",
- "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest",
- ""
- ],
- "metadata": {
- "description": "Required. The configuration profile of automanage."
- }
- }
- },
- "variables": {
- "copy": [
- {
- "name": "publicKeysFormatted",
- "count": "[length(parameters('publicKeys'))]",
- "input": {
- "path": "[parameters('publicKeys')[copyIndex('publicKeysFormatted')].path]",
- "keyData": "[parameters('publicKeys')[copyIndex('publicKeysFormatted')].keyData]"
- }
- }
- ],
- "linuxConfiguration": {
- "disablePasswordAuthentication": "[parameters('disablePasswordAuthentication')]",
- "ssh": {
- "publicKeys": "[variables('publicKeysFormatted')]"
- },
- "provisionVMAgent": "[parameters('provisionVMAgent')]",
- "patchSettings": "[if(and(parameters('provisionVMAgent'), or(equals(toLower(parameters('patchMode')), toLower('AutomaticByPlatform')), equals(toLower(parameters('patchMode')), toLower('ImageDefault')))), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode')), null())]"
- },
- "windowsConfiguration": {
- "provisionVMAgent": "[parameters('provisionVMAgent')]",
- "enableAutomaticUpdates": "[parameters('enableAutomaticUpdates')]",
- "patchSettings": "[if(and(parameters('provisionVMAgent'), or(or(equals(toLower(parameters('patchMode')), toLower('AutomaticByPlatform')), equals(toLower(parameters('patchMode')), toLower('AutomaticByOS'))), equals(toLower(parameters('patchMode')), toLower('Manual')))), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode')), null())]",
- "timeZone": "[if(empty(parameters('timeZone')), null(), parameters('timeZone'))]",
- "additionalUnattendContent": "[if(empty(parameters('additionalUnattendContent')), null(), parameters('additionalUnattendContent'))]",
- "winRM": "[if(not(empty(parameters('winRM'))), createObject('listeners', parameters('winRM')), null())]"
- },
- "accountSasProperties": {
- "signedServices": "b",
- "signedPermission": "r",
- "signedExpiry": "[dateTimeAdd(parameters('baseTime'), parameters('sasTokenValidityLength'))]",
- "signedResourceTypes": "o",
- "signedProtocol": "https"
- },
- "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]",
- "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(if(parameters('extensionAadJoinConfig').enabled, true(), coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false())), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]",
- "enableReferencedModulesTelemetry": false,
- "builtInRoleNames": {
- "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
- "Data Operator for Managed Disks": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '959f8984-c045-4866-89c7-12bf9737be2e')]",
- "Desktop Virtualization Power On Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '489581de-a3bd-480d-9518-53dea7416b33')]",
- "Desktop Virtualization Power On Off Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '40c5ff49-9181-41f8-ae61-143b0e78555e')]",
- "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]",
- "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]",
- "Disk Backup Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3e5e47e6-65f7-47ef-90b5-e5dd4d455f24')]",
- "Disk Pool Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '60fc6e62-5479-42d4-8bf4-67625fcc2840')]",
- "Disk Restore Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b50d9833-a0cb-478e-945f-707fcc997c13')]",
- "Disk Snapshot Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce')]",
- "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
- "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
- "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
- "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]",
- "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]",
- "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]",
- "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]",
- "VM Scanner Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd24ecba3-c1f4-40fa-a7bb-4588a071e8fd')]"
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "vm": {
- "type": "Microsoft.Compute/virtualMachines",
- "apiVersion": "2022-11-01",
- "name": "[parameters('name')]",
- "location": "[parameters('location')]",
- "identity": "[variables('identity')]",
- "tags": "[parameters('tags')]",
- "zones": "[if(not(equals(parameters('availabilityZone'), 0)), array(parameters('availabilityZone')), null())]",
- "plan": "[if(not(empty(parameters('plan'))), parameters('plan'), null())]",
- "properties": {
- "hardwareProfile": {
- "vmSize": "[parameters('vmSize')]"
- },
- "securityProfile": {
- "encryptionAtHost": "[if(parameters('encryptionAtHost'), parameters('encryptionAtHost'), null())]",
- "securityType": "[parameters('securityType')]",
- "uefiSettings": "[if(equals(parameters('securityType'), 'TrustedLaunch'), createObject('secureBootEnabled', parameters('secureBootEnabled'), 'vTpmEnabled', parameters('vTpmEnabled')), null())]"
- },
- "storageProfile": {
- "copy": [
- {
- "name": "dataDisks",
- "count": "[length(parameters('dataDisks'))]",
- "input": {
- "lun": "[copyIndex('dataDisks')]",
- "name": "[format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0'))]",
- "diskSizeGB": "[parameters('dataDisks')[copyIndex('dataDisks')].diskSizeGB]",
- "createOption": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')], 'createOption'), parameters('dataDisks')[copyIndex('dataDisks')].createOption, 'Empty')]",
- "deleteOption": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')], 'deleteOption'), parameters('dataDisks')[copyIndex('dataDisks')].deleteOption, 'Delete')]",
- "caching": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')], 'caching'), parameters('dataDisks')[copyIndex('dataDisks')].caching, 'ReadOnly')]",
- "managedDisk": {
- "storageAccountType": "[parameters('dataDisks')[copyIndex('dataDisks')].managedDisk.storageAccountType]",
- "diskEncryptionSet": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')].managedDisk, 'diskEncryptionSet'), createObject('id', parameters('dataDisks')[copyIndex('dataDisks')].managedDisk.diskEncryptionSet.id), null())]"
- }
- }
- }
- ],
- "imageReference": "[parameters('imageReference')]",
- "osDisk": {
- "name": "[format('{0}-disk-os-01', parameters('name'))]",
- "createOption": "[if(contains(parameters('osDisk'), 'createOption'), parameters('osDisk').createOption, 'FromImage')]",
- "deleteOption": "[if(contains(parameters('osDisk'), 'deleteOption'), parameters('osDisk').deleteOption, 'Delete')]",
- "diskSizeGB": "[parameters('osDisk').diskSizeGB]",
- "caching": "[if(contains(parameters('osDisk'), 'caching'), parameters('osDisk').caching, 'ReadOnly')]",
- "managedDisk": {
- "storageAccountType": "[parameters('osDisk').managedDisk.storageAccountType]",
- "diskEncryptionSet": "[if(contains(parameters('osDisk').managedDisk, 'diskEncryptionSet'), createObject('id', parameters('osDisk').managedDisk.diskEncryptionSet.id), null())]"
- }
- }
- },
- "additionalCapabilities": {
- "ultraSSDEnabled": "[parameters('ultraSSDEnabled')]"
- },
- "osProfile": {
- "computerName": "[parameters('computerName')]",
- "adminUsername": "[parameters('adminUsername')]",
- "adminPassword": "[parameters('adminPassword')]",
- "customData": "[if(not(empty(parameters('customData'))), base64(parameters('customData')), null())]",
- "windowsConfiguration": "[if(equals(parameters('osType'), 'Windows'), variables('windowsConfiguration'), null())]",
- "linuxConfiguration": "[if(equals(parameters('osType'), 'Linux'), variables('linuxConfiguration'), null())]",
- "secrets": "[parameters('certificatesToBeInstalled')]",
- "allowExtensionOperations": "[parameters('allowExtensionOperations')]"
- },
- "networkProfile": {
- "copy": [
- {
- "name": "networkInterfaces",
- "count": "[length(parameters('nicConfigurations'))]",
- "input": {
- "properties": {
- "deleteOption": "[if(contains(parameters('nicConfigurations')[copyIndex('networkInterfaces')], 'deleteOption'), parameters('nicConfigurations')[copyIndex('networkInterfaces')].deleteOption, 'Delete')]",
- "primary": "[if(equals(copyIndex('networkInterfaces'), 0), true(), false())]"
- },
- "id": "[resourceId('Microsoft.Network/networkInterfaces', format('{0}{1}', parameters('name'), parameters('nicConfigurations')[copyIndex('networkInterfaces')].nicSuffix))]"
- }
- }
- ]
- },
- "diagnosticsProfile": {
- "bootDiagnostics": {
- "enabled": "[if(not(empty(parameters('bootDiagnosticStorageAccountName'))), true(), parameters('bootDiagnostics'))]",
- "storageUri": "[if(not(empty(parameters('bootDiagnosticStorageAccountName'))), format('https://{0}{1}', parameters('bootDiagnosticStorageAccountName'), parameters('bootDiagnosticStorageAccountUri')), null())]"
- }
- },
- "availabilitySet": "[if(not(empty(parameters('availabilitySetResourceId'))), createObject('id', parameters('availabilitySetResourceId')), null())]",
- "proximityPlacementGroup": "[if(not(empty(parameters('proximityPlacementGroupResourceId'))), createObject('id', parameters('proximityPlacementGroupResourceId')), null())]",
- "priority": "[parameters('priority')]",
- "evictionPolicy": "[if(parameters('enableEvictionPolicy'), 'Deallocate', null())]",
- "billingProfile": "[if(and(not(empty(parameters('priority'))), not(empty(parameters('maxPriceForLowPriorityVm')))), createObject('maxPrice', parameters('maxPriceForLowPriorityVm')), null())]",
- "host": "[if(not(empty(parameters('dedicatedHostId'))), createObject('id', parameters('dedicatedHostId')), null())]",
- "licenseType": "[if(not(empty(parameters('licenseType'))), parameters('licenseType'), null())]"
- },
- "dependsOn": [
- "vm_nic"
- ]
- },
- "vm_configurationProfileAssignment": {
- "condition": "[not(empty(parameters('configurationProfile')))]",
- "type": "Microsoft.Automanage/configurationProfileAssignments",
- "apiVersion": "2021-04-30-preview",
- "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]",
- "name": "default",
- "properties": {
- "configurationProfile": "[parameters('configurationProfile')]"
- },
- "dependsOn": [
- "vm"
- ]
- },
- "vm_logAnalyticsWorkspace": {
- "condition": "[not(empty(parameters('monitoringWorkspaceId')))]",
- "existing": true,
- "type": "Microsoft.OperationalInsights/workspaces",
- "apiVersion": "2021-06-01",
- "subscriptionId": "[split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '//'), '/')[2]]",
- "resourceGroup": "[split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '////'), '/')[4]]",
- "name": "[last(split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), 'law'), '/'))]"
- },
- "vm_lock": {
- "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
- "type": "Microsoft.Authorization/locks",
- "apiVersion": "2020-05-01",
- "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]",
- "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
- "properties": {
- "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
- "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
- },
- "dependsOn": [
- "vm"
- ]
- },
- "vm_roleAssignments": {
- "copy": {
- "name": "vm_roleAssignments",
- "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
- },
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2022-04-01",
- "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]",
- "name": "[guid(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "properties": {
- "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]",
- "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
- "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
- "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
- "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
- "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
- "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
- },
- "dependsOn": [
- "vm"
- ]
- },
- "vm_nic": {
- "copy": {
- "name": "vm_nic",
- "count": "[length(parameters('nicConfigurations'))]"
- },
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VM-Nic-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "networkInterfaceName": {
- "value": "[format('{0}{1}', parameters('name'), parameters('nicConfigurations')[copyIndex()].nicSuffix)]"
- },
- "virtualMachineName": {
- "value": "[parameters('name')]"
- },
- "location": {
- "value": "[parameters('location')]"
- },
- "enableIPForwarding": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'enableIPForwarding'), if(not(empty(parameters('nicConfigurations')[copyIndex()].enableIPForwarding)), createObject('value', parameters('nicConfigurations')[copyIndex()].enableIPForwarding), createObject('value', false())), createObject('value', false()))]",
- "enableAcceleratedNetworking": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'enableAcceleratedNetworking'), createObject('value', parameters('nicConfigurations')[copyIndex()].enableAcceleratedNetworking), createObject('value', true()))]",
- "dnsServers": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'dnsServers'), if(not(empty(parameters('nicConfigurations')[copyIndex()].dnsServers)), createObject('value', parameters('nicConfigurations')[copyIndex()].dnsServers), createObject('value', createArray())), createObject('value', createArray()))]",
- "networkSecurityGroupResourceId": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'networkSecurityGroupResourceId'), createObject('value', parameters('nicConfigurations')[copyIndex()].networkSecurityGroupResourceId), createObject('value', ''))]",
- "ipConfigurations": {
- "value": "[parameters('nicConfigurations')[copyIndex()].ipConfigurations]"
- },
- "lock": {
- "value": "[coalesce(tryGet(parameters('nicConfigurations')[copyIndex()], 'lock'), parameters('lock'))]"
- },
- "tags": {
- "value": "[coalesce(tryGet(parameters('nicConfigurations')[copyIndex()], 'tags'), parameters('tags'))]"
- },
- "diagnosticSettings": {
- "value": "[tryGet(parameters('nicConfigurations')[copyIndex()], 'diagnosticSettings')]"
- },
- "roleAssignments": {
- "value": "[tryGet(parameters('nicConfigurations')[copyIndex()], 'roleAssignments')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "11123708724712871468"
- }
- },
- "definitions": {
- "lockType": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the name of lock."
- }
- },
- "kind": {
- "type": "string",
- "allowedValues": [
- "CanNotDelete",
- "None",
- "ReadOnly"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the type of lock."
- }
- }
- },
- "nullable": true
- },
- "diagnosticSettingType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of diagnostic setting."
- }
- },
- "logCategoriesAndGroups": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "category": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here."
- }
- },
- "categoryGroup": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to \u0007llLogs to collect all logs."
- }
- }
- }
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
- }
- },
- "metricCategories": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "category": {
- "type": "string",
- "metadata": {
- "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to AllMetrics to collect all metrics."
- }
- }
- }
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
- }
- },
- "logAnalyticsDestinationType": {
- "type": "string",
- "allowedValues": [
- "AzureDiagnostics",
- "Dedicated"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type."
- }
- },
- "workspaceResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "storageAccountResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "eventHubAuthorizationRuleResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
- }
- },
- "eventHubName": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "marketplacePartnerResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs."
- }
- }
- }
- },
- "nullable": true
- },
- "roleAssignmentType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "roleDefinitionIdOrName": {
- "type": "string",
- "metadata": {
- "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
- }
- },
- "principalId": {
- "type": "string",
- "metadata": {
- "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
- }
- },
- "principalType": {
- "type": "string",
- "allowedValues": [
- "Device",
- "ForeignGroup",
- "Group",
- "ServicePrincipal",
- "User"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. The principal type of the assigned principal ID."
- }
- },
- "description": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The description of the role assignment."
- }
- },
- "condition": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
- }
- },
- "conditionVersion": {
- "type": "string",
- "allowedValues": [
- "2.0"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Version of the condition."
- }
- },
- "delegatedManagedIdentityResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The Resource Id of the delegated managed identity resource."
- }
- }
- }
- },
- "nullable": true
- }
- },
- "parameters": {
- "networkInterfaceName": {
- "type": "string"
- },
- "virtualMachineName": {
- "type": "string"
- },
- "location": {
- "type": "string"
- },
- "tags": {
- "type": "object",
- "nullable": true
- },
- "enableIPForwarding": {
- "type": "bool",
- "defaultValue": false
- },
- "enableAcceleratedNetworking": {
- "type": "bool",
- "defaultValue": false
- },
- "dnsServers": {
- "type": "array",
- "defaultValue": []
- },
- "networkSecurityGroupResourceId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. The network security group (NSG) to attach to the network interface."
- }
- },
- "ipConfigurations": {
- "type": "array"
- },
- "lock": {
- "$ref": "#/definitions/lockType"
- },
- "diagnosticSettings": {
- "$ref": "#/definitions/diagnosticSettingType",
- "metadata": {
- "description": "Optional. The diagnostic settings of the Network Interface."
- }
- },
- "roleAssignments": {
- "$ref": "#/definitions/roleAssignmentType",
- "metadata": {
- "description": "Optional. Array of role assignments to create."
- }
- }
- },
- "variables": {
- "enableReferencedModulesTelemetry": false
- },
- "resources": {
- "networkInterface_publicIPAddresses": {
- "copy": {
- "name": "networkInterface_publicIPAddresses",
- "count": "[length(parameters('ipConfigurations'))]"
- },
- "condition": "[contains(parameters('ipConfigurations')[copyIndex()], 'pipconfiguration')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-publicIP-{1}', deployment().name, copyIndex())]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "name": {
- "value": "[format('{0}{1}', parameters('virtualMachineName'), parameters('ipConfigurations')[copyIndex()].pipconfiguration.publicIpNameSuffix)]"
- },
- "diagnosticSettings": {
- "value": "[tryGet(parameters('ipConfigurations')[copyIndex()], 'diagnosticSettings')]"
- },
- "location": {
- "value": "[parameters('location')]"
- },
- "lock": {
- "value": "[parameters('lock')]"
- },
- "publicIPAddressVersion": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'publicIPAddressVersion'), createObject('value', parameters('ipConfigurations')[copyIndex()].publicIPAddressVersion), createObject('value', 'IPv4'))]",
- "publicIPAllocationMethod": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'publicIPAllocationMethod'), createObject('value', parameters('ipConfigurations')[copyIndex()].publicIPAllocationMethod), createObject('value', 'Static'))]",
- "publicIPPrefixResourceId": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'publicIPPrefixResourceId'), createObject('value', parameters('ipConfigurations')[copyIndex()].publicIPPrefixResourceId), createObject('value', ''))]",
- "roleAssignments": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'roleAssignments'), createObject('value', parameters('ipConfigurations')[copyIndex()].roleAssignments), createObject('value', createArray()))]",
- "skuName": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'skuName'), createObject('value', parameters('ipConfigurations')[copyIndex()].skuName), createObject('value', 'Standard'))]",
- "skuTier": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'skuTier'), createObject('value', parameters('ipConfigurations')[copyIndex()].skuTier), createObject('value', 'Regional'))]",
- "tags": {
- "value": "[coalesce(tryGet(parameters('ipConfigurations')[copyIndex()], 'tags'), parameters('tags'))]"
- },
- "zones": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'zones'), createObject('value', parameters('ipConfigurations')[copyIndex()].zones), createObject('value', createArray()))]"
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "15536304828480480757"
- },
- "name": "Public IP Addresses",
- "description": "This module deploys a Public IP Address.",
- "owner": "Azure/module-maintainers"
- },
- "definitions": {
- "lockType": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the name of lock."
- }
- },
- "kind": {
- "type": "string",
- "allowedValues": [
- "CanNotDelete",
- "None",
- "ReadOnly"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the type of lock."
- }
- }
- },
- "nullable": true
- },
- "roleAssignmentType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "roleDefinitionIdOrName": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
- }
- },
- "principalId": {
- "type": "string",
- "metadata": {
- "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
- }
- },
- "principalType": {
- "type": "string",
- "allowedValues": [
- "Device",
- "ForeignGroup",
- "Group",
- "ServicePrincipal",
- "User"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. The principal type of the assigned principal ID."
- }
- },
- "description": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The description of the role assignment."
- }
- },
- "condition": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
- }
- },
- "conditionVersion": {
- "type": "string",
- "allowedValues": [
- "2.0"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Version of the condition."
- }
- },
- "delegatedManagedIdentityResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The Resource Id of the delegated managed identity resource."
- }
- }
- }
- },
- "nullable": true
- },
- "diagnosticSettingType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of diagnostic setting."
- }
- },
- "logCategoriesAndGroups": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "category": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here."
- }
- },
- "categoryGroup": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs."
- }
- }
- }
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
- }
- },
- "metricCategories": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "category": {
- "type": "string",
- "metadata": {
- "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics."
- }
- }
- }
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
- }
- },
- "logAnalyticsDestinationType": {
- "type": "string",
- "allowedValues": [
- "AzureDiagnostics",
- "Dedicated"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type."
- }
- },
- "workspaceResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "storageAccountResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "eventHubAuthorizationRuleResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
- }
- },
- "eventHubName": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "marketplacePartnerResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs."
- }
- }
- }
- },
- "nullable": true
- }
- },
- "parameters": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the Public IP Address."
- }
- },
- "publicIPPrefixResourceId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix."
- }
- },
- "publicIPAllocationMethod": {
- "type": "string",
- "defaultValue": "Static",
- "allowedValues": [
- "Dynamic",
- "Static"
- ],
- "metadata": {
- "description": "Optional. The public IP address allocation method."
- }
- },
- "skuName": {
- "type": "string",
- "defaultValue": "Standard",
- "allowedValues": [
- "Basic",
- "Standard"
- ],
- "metadata": {
- "description": "Optional. Name of a public IP address SKU."
- }
- },
- "skuTier": {
- "type": "string",
- "defaultValue": "Regional",
- "allowedValues": [
- "Global",
- "Regional"
- ],
- "metadata": {
- "description": "Optional. Tier of a public IP address SKU."
- }
- },
- "zones": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Optional. A list of availability zones denoting the IP allocated for the resource needs to come from."
- }
- },
- "publicIPAddressVersion": {
- "type": "string",
- "defaultValue": "IPv4",
- "allowedValues": [
- "IPv4",
- "IPv6"
- ],
- "metadata": {
- "description": "Optional. IP address version."
- }
- },
- "diagnosticSettings": {
- "$ref": "#/definitions/diagnosticSettingType",
- "metadata": {
- "description": "Optional. The diagnostic settings of the service."
- }
- },
- "domainNameLabel": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system."
- }
- },
- "domainNameLabelScope": {
- "type": "string",
- "defaultValue": "",
- "allowedValues": [
- "",
- "NoReuse",
- "ResourceGroupReuse",
- "SubscriptionReuse",
- "TenantReuse"
- ],
- "metadata": {
- "description": "Optional. The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN."
- }
- },
- "fqdn": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone."
- }
- },
- "reverseFqdn": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN."
- }
- },
- "lock": {
- "$ref": "#/definitions/lockType",
- "metadata": {
- "description": "Optional. The lock settings of the service."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all resources."
- }
- },
- "roleAssignments": {
- "$ref": "#/definitions/roleAssignmentType",
- "metadata": {
- "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- }
- },
- "variables": {
- "builtInRoleNames": {
- "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
- "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
- "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
- "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]",
- "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
- "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
- "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]"
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "publicIpAddress": {
- "type": "Microsoft.Network/publicIPAddresses",
- "apiVersion": "2023-04-01",
- "name": "[parameters('name')]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "sku": {
- "name": "[parameters('skuName')]",
- "tier": "[parameters('skuTier')]"
- },
- "zones": "[parameters('zones')]",
- "properties": {
- "dnsSettings": "[if(not(empty(parameters('domainNameLabel'))), createObject('domainNameLabel', parameters('domainNameLabel'), 'domainNameLabelScope', parameters('domainNameLabelScope'), 'fqdn', parameters('fqdn'), 'reverseFqdn', parameters('reverseFqdn')), null())]",
- "publicIPAddressVersion": "[parameters('publicIPAddressVersion')]",
- "publicIPAllocationMethod": "[parameters('publicIPAllocationMethod')]",
- "publicIPPrefix": "[if(not(empty(parameters('publicIPPrefixResourceId'))), createObject('id', parameters('publicIPPrefixResourceId')), null())]",
- "idleTimeoutInMinutes": 4,
- "ipTags": []
- }
- },
- "publicIpAddress_lock": {
- "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
- "type": "Microsoft.Authorization/locks",
- "apiVersion": "2020-05-01",
- "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]",
- "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
- "properties": {
- "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
- "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
- },
- "dependsOn": [
- "publicIpAddress"
- ]
- },
- "publicIpAddress_diagnosticSettings": {
- "copy": {
- "name": "publicIpAddress_diagnosticSettings",
- "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]"
- },
- "type": "Microsoft.Insights/diagnosticSettings",
- "apiVersion": "2021-05-01-preview",
- "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]",
- "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]",
- "properties": {
- "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]",
- "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]",
- "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]",
- "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]",
- "metrics": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics', 'timeGrain', null(), 'enabled', true())))]",
- "logs": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'AllLogs', 'enabled', true())))]",
- "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]",
- "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]"
- },
- "dependsOn": [
- "publicIpAddress"
- ]
- },
- "publicIpAddress_roleAssignments": {
- "copy": {
- "name": "publicIpAddress_roleAssignments",
- "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
- },
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2022-04-01",
- "name": "[guid(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "properties": {
- "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
- "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
- "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
- "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
- "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
- "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
- },
- "dependsOn": [
- "publicIpAddress"
- ]
- }
- },
- "outputs": {
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group the public IP address was deployed into."
- },
- "value": "[resourceGroup().name]"
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the public IP address."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the public IP address."
- },
- "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]"
- },
- "ipAddress": {
- "type": "string",
- "metadata": {
- "description": "The public IP address of the public IP address resource."
- },
- "value": "[if(contains(reference('publicIpAddress'), 'ipAddress'), reference('publicIpAddress').ipAddress, '')]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('publicIpAddress', '2023-04-01', 'full').location]"
- }
- }
- }
- }
- },
- "networkInterface": {
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-NetworkInterface', deployment().name)]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "name": {
- "value": "[parameters('networkInterfaceName')]"
- },
- "ipConfigurations": {
- "copy": [
- {
- "name": "value",
- "count": "[length(parameters('ipConfigurations'))]",
- "input": "[createObject('name', if(not(empty(parameters('ipConfigurations')[copyIndex('value')].name)), parameters('ipConfigurations')[copyIndex('value')].name, null()), 'primary', equals(copyIndex('value'), 0), 'privateIPAllocationMethod', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'privateIPAllocationMethod'), if(not(empty(parameters('ipConfigurations')[copyIndex('value')].privateIPAllocationMethod)), parameters('ipConfigurations')[copyIndex('value')].privateIPAllocationMethod, null()), null()), 'privateIPAddress', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'privateIPAddress'), if(not(empty(parameters('ipConfigurations')[copyIndex('value')].privateIPAddress)), parameters('ipConfigurations')[copyIndex('value')].privateIPAddress, null()), null()), 'publicIPAddressResourceId', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'pipconfiguration'), resourceId('Microsoft.Network/publicIPAddresses', format('{0}{1}', parameters('virtualMachineName'), parameters('ipConfigurations')[copyIndex('value')].pipconfiguration.publicIpNameSuffix)), null()), 'subnetResourceId', parameters('ipConfigurations')[copyIndex('value')].subnetResourceId, 'loadBalancerBackendAddressPools', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'loadBalancerBackendAddressPools'), parameters('ipConfigurations')[copyIndex('value')].loadBalancerBackendAddressPools, null()), 'applicationSecurityGroups', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'applicationSecurityGroups'), parameters('ipConfigurations')[copyIndex('value')].applicationSecurityGroups, null()), 'applicationGatewayBackendAddressPools', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'applicationGatewayBackendAddressPools'), parameters('ipConfigurations')[copyIndex('value')].applicationGatewayBackendAddressPools, null()), 'gatewayLoadBalancer', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'gatewayLoadBalancer'), parameters('ipConfigurations')[copyIndex('value')].gatewayLoadBalancer, null()), 'loadBalancerInboundNatRules', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'loadBalancerInboundNatRules'), parameters('ipConfigurations')[copyIndex('value')].loadBalancerInboundNatRules, null()), 'privateIPAddressVersion', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'privateIPAddressVersion'), parameters('ipConfigurations')[copyIndex('value')].privateIPAddressVersion, null()), 'virtualNetworkTaps', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'virtualNetworkTaps'), parameters('ipConfigurations')[copyIndex('value')].virtualNetworkTaps, null()))]"
- }
- ]
- },
- "location": {
- "value": "[parameters('location')]"
- },
- "tags": {
- "value": "[parameters('tags')]"
- },
- "diagnosticSettings": {
- "value": "[parameters('diagnosticSettings')]"
- },
- "dnsServers": "[if(not(empty(parameters('dnsServers'))), createObject('value', parameters('dnsServers')), createObject('value', createArray()))]",
- "enableAcceleratedNetworking": {
- "value": "[parameters('enableAcceleratedNetworking')]"
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- },
- "enableIPForwarding": {
- "value": "[parameters('enableIPForwarding')]"
- },
- "lock": {
- "value": "[parameters('lock')]"
- },
- "networkSecurityGroupResourceId": "[if(not(empty(parameters('networkSecurityGroupResourceId'))), createObject('value', parameters('networkSecurityGroupResourceId')), createObject('value', ''))]",
- "roleAssignments": "[if(not(empty(parameters('roleAssignments'))), createObject('value', parameters('roleAssignments')), createObject('value', createArray()))]"
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "2750011165297287068"
- },
- "name": "Network Interface",
- "description": "This module deploys a Network Interface.",
- "owner": "Azure/module-maintainers"
- },
- "definitions": {
- "lockType": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the name of lock."
- }
- },
- "kind": {
- "type": "string",
- "allowedValues": [
- "CanNotDelete",
- "None",
- "ReadOnly"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the type of lock."
- }
- }
- },
- "nullable": true
- },
- "roleAssignmentType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "roleDefinitionIdOrName": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
- }
- },
- "principalId": {
- "type": "string",
- "metadata": {
- "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
- }
- },
- "principalType": {
- "type": "string",
- "allowedValues": [
- "Device",
- "ForeignGroup",
- "Group",
- "ServicePrincipal",
- "User"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. The principal type of the assigned principal ID."
- }
- },
- "description": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The description of the role assignment."
- }
- },
- "condition": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
- }
- },
- "conditionVersion": {
- "type": "string",
- "allowedValues": [
- "2.0"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Version of the condition."
- }
- },
- "delegatedManagedIdentityResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The Resource Id of the delegated managed identity resource."
- }
- }
- }
- },
- "nullable": true
- },
- "diagnosticSettingType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of diagnostic setting."
- }
- },
- "metricCategories": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "category": {
- "type": "string",
- "metadata": {
- "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics."
- }
- }
- }
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
- }
- },
- "logAnalyticsDestinationType": {
- "type": "string",
- "allowedValues": [
- "AzureDiagnostics",
- "Dedicated"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type."
- }
- },
- "workspaceResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "storageAccountResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "eventHubAuthorizationRuleResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
- }
- },
- "eventHubName": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "marketplacePartnerResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs."
- }
- }
- }
- },
- "nullable": true
- }
- },
- "parameters": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the network interface."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all resources."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "enableIPForwarding": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether IP forwarding is enabled on this network interface."
- }
- },
- "enableAcceleratedNetworking": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. If the network interface is accelerated networking enabled."
- }
- },
- "dnsServers": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Optional. List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection."
- }
- },
- "networkSecurityGroupResourceId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. The network security group (NSG) to attach to the network interface."
- }
- },
- "auxiliaryMode": {
- "type": "string",
- "defaultValue": "None",
- "allowedValues": [
- "Floating",
- "MaxConnections",
- "None"
- ],
- "metadata": {
- "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic."
- }
- },
- "auxiliarySku": {
- "type": "string",
- "defaultValue": "None",
- "allowedValues": [
- "A1",
- "A2",
- "A4",
- "A8",
- "None"
- ],
- "metadata": {
- "description": "Optional. Auxiliary sku of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic."
- }
- },
- "disableTcpStateTracking": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether to disable tcp state tracking. Subscription must be registered for the Microsoft.Network/AllowDisableTcpStateTracking feature before this property can be set to true."
- }
- },
- "ipConfigurations": {
- "type": "array",
- "metadata": {
- "description": "Required. A list of IPConfigurations of the network interface."
- }
- },
- "lock": {
- "$ref": "#/definitions/lockType",
- "metadata": {
- "description": "Optional. The lock settings of the service."
- }
- },
- "roleAssignments": {
- "$ref": "#/definitions/roleAssignmentType",
- "metadata": {
- "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
- }
- },
- "diagnosticSettings": {
- "$ref": "#/definitions/diagnosticSettingType",
- "metadata": {
- "description": "Optional. The diagnostic settings of the service."
- }
- }
- },
- "variables": {
- "builtInRoleNames": {
- "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
- "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
- "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
- "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]",
- "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
- "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
- "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]"
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "networkInterface": {
- "type": "Microsoft.Network/networkInterfaces",
- "apiVersion": "2023-04-01",
- "name": "[parameters('name')]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "properties": {
- "copy": [
- {
- "name": "ipConfigurations",
- "count": "[length(parameters('ipConfigurations'))]",
- "input": {
- "name": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'name'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].name, format('ipconfig0{0}', add(copyIndex('ipConfigurations'), 1)))]",
- "properties": {
- "primary": "[if(equals(copyIndex('ipConfigurations'), 0), true(), false())]",
- "privateIPAllocationMethod": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'privateIPAllocationMethod'), if(not(empty(parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAllocationMethod)), parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAllocationMethod, null()), null())]",
- "privateIPAddress": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'privateIPAddress'), if(not(empty(parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAddress)), parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAddress, null()), null())]",
- "publicIPAddress": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'publicIPAddressResourceId'), if(not(equals(parameters('ipConfigurations')[copyIndex('ipConfigurations')].publicIPAddressResourceId, null())), createObject('id', parameters('ipConfigurations')[copyIndex('ipConfigurations')].publicIPAddressResourceId), null()), null())]",
- "subnet": {
- "id": "[parameters('ipConfigurations')[copyIndex('ipConfigurations')].subnetResourceId]"
- },
- "loadBalancerBackendAddressPools": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'loadBalancerBackendAddressPools'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].loadBalancerBackendAddressPools, null())]",
- "applicationSecurityGroups": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'applicationSecurityGroups'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].applicationSecurityGroups, null())]",
- "applicationGatewayBackendAddressPools": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'applicationGatewayBackendAddressPools'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].applicationGatewayBackendAddressPools, null())]",
- "gatewayLoadBalancer": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'gatewayLoadBalancer'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].gatewayLoadBalancer, null())]",
- "loadBalancerInboundNatRules": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'loadBalancerInboundNatRules'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].loadBalancerInboundNatRules, null())]",
- "privateIPAddressVersion": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'privateIPAddressVersion'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAddressVersion, null())]",
- "virtualNetworkTaps": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'virtualNetworkTaps'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].virtualNetworkTaps, null())]"
- }
- }
- }
- ],
- "auxiliaryMode": "[parameters('auxiliaryMode')]",
- "auxiliarySku": "[parameters('auxiliarySku')]",
- "disableTcpStateTracking": "[parameters('disableTcpStateTracking')]",
- "dnsSettings": "[if(not(empty(parameters('dnsServers'))), createObject('dnsServers', parameters('dnsServers')), null())]",
- "enableAcceleratedNetworking": "[parameters('enableAcceleratedNetworking')]",
- "enableIPForwarding": "[parameters('enableIPForwarding')]",
- "networkSecurityGroup": "[if(not(empty(parameters('networkSecurityGroupResourceId'))), createObject('id', parameters('networkSecurityGroupResourceId')), null())]"
- }
- },
- "networkInterface_diagnosticSettings": {
- "copy": {
- "name": "networkInterface_diagnosticSettings",
- "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]"
- },
- "type": "Microsoft.Insights/diagnosticSettings",
- "apiVersion": "2021-05-01-preview",
- "scope": "[format('Microsoft.Network/networkInterfaces/{0}', parameters('name'))]",
- "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]",
- "properties": {
- "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]",
- "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]",
- "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]",
- "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]",
- "metrics": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics', 'timeGrain', null(), 'enabled', true())))]",
- "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]",
- "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]"
- },
- "dependsOn": [
- "networkInterface"
- ]
- },
- "networkInterface_lock": {
- "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
- "type": "Microsoft.Authorization/locks",
- "apiVersion": "2020-05-01",
- "scope": "[format('Microsoft.Network/networkInterfaces/{0}', parameters('name'))]",
- "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
- "properties": {
- "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
- "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
- },
- "dependsOn": [
- "networkInterface"
- ]
- },
- "networkInterface_roleAssignments": {
- "copy": {
- "name": "networkInterface_roleAssignments",
- "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
- },
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2022-04-01",
- "name": "[guid(resourceId('Microsoft.Network/networkInterfaces', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "properties": {
- "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
- "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
- "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
- "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
- "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
- "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
- },
- "dependsOn": [
- "networkInterface"
- ]
- }
- },
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the deployed resource."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the deployed resource."
- },
- "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group of the deployed resource."
- },
- "value": "[resourceGroup().name]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('networkInterface', '2023-04-01', 'full').location]"
- }
- }
- }
- },
- "dependsOn": [
- "networkInterface_publicIPAddresses"
- ]
- }
- }
- }
- }
- },
- "vm_aadJoinExtension": {
- "condition": "[parameters('extensionAadJoinConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VM-AADLogin', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "AADLogin"
- },
- "publisher": {
- "value": "Microsoft.Azure.ActiveDirectory"
- },
- "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'AADLoginForWindows'), createObject('value', 'AADSSHLoginforLinux'))]",
- "typeHandlerVersion": "[if(contains(parameters('extensionAadJoinConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAadJoinConfig').typeHandlerVersion), createObject('value', '1.0'))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAadJoinConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAadJoinConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionAadJoinConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAadJoinConfig').enableAutomaticUpgrade), createObject('value', false()))]",
- "settings": "[if(contains(parameters('extensionAadJoinConfig'), 'settings'), createObject('value', parameters('extensionAadJoinConfig').settings), createObject('value', createObject()))]",
- "tags": {
- "value": "[coalesce(tryGet(parameters('extensionAadJoinConfig'), 'tags'), parameters('tags'))]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "5421737065579119324"
- },
- "name": "Virtual Machine Extensions",
- "description": "This module deploys a Virtual Machine Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine extension."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. The location the extension is deployed to."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "virtualMachine": {
- "existing": true,
- "type": "Microsoft.Compute/virtualMachines",
- "apiVersion": "2022-11-01",
- "name": "[parameters('virtualMachineName')]"
- },
- "extension": {
- "type": "Microsoft.Compute/virtualMachines/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- },
- "dependsOn": [
- "virtualMachine"
- ]
- }
- },
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('extension', '2022-11-01', 'full').location]"
- }
- }
- }
- },
- "dependsOn": [
- "vm"
- ]
- },
- "vm_domainJoinExtension": {
- "condition": "[parameters('extensionDomainJoinConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VM-DomainJoin', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "DomainJoin"
- },
- "publisher": {
- "value": "Microsoft.Compute"
- },
- "type": {
- "value": "JsonADDomainExtension"
- },
- "typeHandlerVersion": "[if(contains(parameters('extensionDomainJoinConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDomainJoinConfig').typeHandlerVersion), createObject('value', '1.3'))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDomainJoinConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDomainJoinConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionDomainJoinConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDomainJoinConfig').enableAutomaticUpgrade), createObject('value', false()))]",
- "settings": {
- "value": "[parameters('extensionDomainJoinConfig').settings]"
- },
- "tags": {
- "value": "[coalesce(tryGet(parameters('extensionDomainJoinConfig'), 'tags'), parameters('tags'))]"
- },
- "protectedSettings": {
- "value": {
- "Password": "[parameters('extensionDomainJoinPassword')]"
- }
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "5421737065579119324"
- },
- "name": "Virtual Machine Extensions",
- "description": "This module deploys a Virtual Machine Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine extension."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. The location the extension is deployed to."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "virtualMachine": {
- "existing": true,
- "type": "Microsoft.Compute/virtualMachines",
- "apiVersion": "2022-11-01",
- "name": "[parameters('virtualMachineName')]"
- },
- "extension": {
- "type": "Microsoft.Compute/virtualMachines/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- },
- "dependsOn": [
- "virtualMachine"
- ]
- }
- },
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('extension', '2022-11-01', 'full').location]"
- }
- }
- }
- },
- "dependsOn": [
- "vm"
- ]
- },
- "vm_microsoftAntiMalwareExtension": {
- "condition": "[parameters('extensionAntiMalwareConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VM-MicrosoftAntiMalware', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "MicrosoftAntiMalware"
- },
- "publisher": {
- "value": "Microsoft.Azure.Security"
- },
- "type": {
- "value": "IaaSAntimalware"
- },
- "typeHandlerVersion": "[if(contains(parameters('extensionAntiMalwareConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAntiMalwareConfig').typeHandlerVersion), createObject('value', '1.3'))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAntiMalwareConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAntiMalwareConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionAntiMalwareConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAntiMalwareConfig').enableAutomaticUpgrade), createObject('value', false()))]",
- "settings": {
- "value": "[parameters('extensionAntiMalwareConfig').settings]"
- },
- "tags": {
- "value": "[coalesce(tryGet(parameters('extensionAntiMalwareConfig'), 'tags'), parameters('tags'))]"
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "5421737065579119324"
- },
- "name": "Virtual Machine Extensions",
- "description": "This module deploys a Virtual Machine Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine extension."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. The location the extension is deployed to."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "virtualMachine": {
- "existing": true,
- "type": "Microsoft.Compute/virtualMachines",
- "apiVersion": "2022-11-01",
- "name": "[parameters('virtualMachineName')]"
- },
- "extension": {
- "type": "Microsoft.Compute/virtualMachines/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- },
- "dependsOn": [
- "virtualMachine"
- ]
- }
- },
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('extension', '2022-11-01', 'full').location]"
- }
- }
- }
- },
- "dependsOn": [
- "vm"
- ]
- },
- "vm_microsoftMonitoringAgentExtension": {
- "condition": "[parameters('extensionMonitoringAgentConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VM-MicrosoftMonitoringAgent', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "MicrosoftMonitoringAgent"
- },
- "publisher": {
- "value": "Microsoft.EnterpriseCloud.Monitoring"
- },
- "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'MicrosoftMonitoringAgent'), createObject('value', 'OmsAgentForLinux'))]",
- "typeHandlerVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '1.0'), createObject('value', '1.7')))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionMonitoringAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]",
- "settings": {
- "value": {
- "workspaceId": "[if(not(empty(parameters('monitoringWorkspaceId'))), reference('vm_logAnalyticsWorkspace').customerId, '')]"
- }
- },
- "tags": {
- "value": "[coalesce(tryGet(parameters('extensionMonitoringAgentConfig'), 'tags'), parameters('tags'))]"
- },
- "protectedSettings": {
- "value": {
- "workspaceKey": "[if(not(empty(parameters('monitoringWorkspaceId'))), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '//'), '/')[2], split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '////'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), 'law'), '/'))), '2021-06-01').primarySharedKey, '')]"
- }
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "5421737065579119324"
- },
- "name": "Virtual Machine Extensions",
- "description": "This module deploys a Virtual Machine Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine extension."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. The location the extension is deployed to."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "virtualMachine": {
- "existing": true,
- "type": "Microsoft.Compute/virtualMachines",
- "apiVersion": "2022-11-01",
- "name": "[parameters('virtualMachineName')]"
- },
- "extension": {
- "type": "Microsoft.Compute/virtualMachines/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- },
- "dependsOn": [
- "virtualMachine"
- ]
- }
- },
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('extension', '2022-11-01', 'full').location]"
- }
- }
- }
- },
- "dependsOn": [
- "vm",
- "vm_logAnalyticsWorkspace"
- ]
- },
- "vm_dependencyAgentExtension": {
- "condition": "[parameters('extensionDependencyAgentConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VM-DependencyAgent', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "DependencyAgent"
- },
- "publisher": {
- "value": "Microsoft.Azure.Monitoring.DependencyAgent"
- },
- "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'DependencyAgentWindows'), createObject('value', 'DependencyAgentLinux'))]",
- "typeHandlerVersion": "[if(contains(parameters('extensionDependencyAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDependencyAgentConfig').typeHandlerVersion), createObject('value', '9.5'))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDependencyAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDependencyAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionDependencyAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDependencyAgentConfig').enableAutomaticUpgrade), createObject('value', true()))]",
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- },
- "tags": {
- "value": "[coalesce(tryGet(parameters('extensionDependencyAgentConfig'), 'tags'), parameters('tags'))]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "5421737065579119324"
- },
- "name": "Virtual Machine Extensions",
- "description": "This module deploys a Virtual Machine Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine extension."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. The location the extension is deployed to."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "virtualMachine": {
- "existing": true,
- "type": "Microsoft.Compute/virtualMachines",
- "apiVersion": "2022-11-01",
- "name": "[parameters('virtualMachineName')]"
- },
- "extension": {
- "type": "Microsoft.Compute/virtualMachines/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- },
- "dependsOn": [
- "virtualMachine"
- ]
- }
- },
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('extension', '2022-11-01', 'full').location]"
- }
- }
- }
- },
- "dependsOn": [
- "vm"
- ]
- },
- "vm_networkWatcherAgentExtension": {
- "condition": "[parameters('extensionNetworkWatcherAgentConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VM-NetworkWatcherAgent', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "NetworkWatcherAgent"
- },
- "publisher": {
- "value": "Microsoft.Azure.NetworkWatcher"
- },
- "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'NetworkWatcherAgentWindows'), createObject('value', 'NetworkWatcherAgentLinux'))]",
- "typeHandlerVersion": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').typeHandlerVersion), createObject('value', '1.4'))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]",
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- },
- "tags": {
- "value": "[coalesce(tryGet(parameters('extensionNetworkWatcherAgentConfig'), 'tags'), parameters('tags'))]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "5421737065579119324"
- },
- "name": "Virtual Machine Extensions",
- "description": "This module deploys a Virtual Machine Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine extension."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. The location the extension is deployed to."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "virtualMachine": {
- "existing": true,
- "type": "Microsoft.Compute/virtualMachines",
- "apiVersion": "2022-11-01",
- "name": "[parameters('virtualMachineName')]"
- },
- "extension": {
- "type": "Microsoft.Compute/virtualMachines/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- },
- "dependsOn": [
- "virtualMachine"
- ]
- }
- },
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('extension', '2022-11-01', 'full').location]"
- }
- }
- }
- },
- "dependsOn": [
- "vm"
- ]
- },
- "vm_desiredStateConfigurationExtension": {
- "condition": "[parameters('extensionDSCConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VM-DesiredStateConfiguration', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "DesiredStateConfiguration"
- },
- "publisher": {
- "value": "Microsoft.Powershell"
- },
- "type": {
- "value": "DSC"
- },
- "typeHandlerVersion": "[if(contains(parameters('extensionDSCConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDSCConfig').typeHandlerVersion), createObject('value', '2.77'))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDSCConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDSCConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionDSCConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDSCConfig').enableAutomaticUpgrade), createObject('value', false()))]",
- "settings": "[if(contains(parameters('extensionDSCConfig'), 'settings'), createObject('value', parameters('extensionDSCConfig').settings), createObject('value', createObject()))]",
- "tags": {
- "value": "[coalesce(tryGet(parameters('extensionDSCConfig'), 'tags'), parameters('tags'))]"
- },
- "protectedSettings": "[if(contains(parameters('extensionDSCConfig'), 'protectedSettings'), createObject('value', parameters('extensionDSCConfig').protectedSettings), createObject('value', createObject()))]",
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "5421737065579119324"
- },
- "name": "Virtual Machine Extensions",
- "description": "This module deploys a Virtual Machine Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine extension."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. The location the extension is deployed to."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "virtualMachine": {
- "existing": true,
- "type": "Microsoft.Compute/virtualMachines",
- "apiVersion": "2022-11-01",
- "name": "[parameters('virtualMachineName')]"
- },
- "extension": {
- "type": "Microsoft.Compute/virtualMachines/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- },
- "dependsOn": [
- "virtualMachine"
- ]
- }
- },
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('extension', '2022-11-01', 'full').location]"
- }
- }
- }
- },
- "dependsOn": [
- "vm"
- ]
- },
- "vm_customScriptExtension": {
- "condition": "[parameters('extensionCustomScriptConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VM-CustomScriptExtension', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "CustomScriptExtension"
- },
- "publisher": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'Microsoft.Compute'), createObject('value', 'Microsoft.Azure.Extensions'))]",
- "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'CustomScriptExtension'), createObject('value', 'CustomScript'))]",
- "typeHandlerVersion": "[if(contains(parameters('extensionCustomScriptConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionCustomScriptConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '1.10'), createObject('value', '2.1')))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionCustomScriptConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionCustomScriptConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionCustomScriptConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionCustomScriptConfig').enableAutomaticUpgrade), createObject('value', false()))]",
- "settings": {
- "value": {
- "copy": [
- {
- "name": "fileUris",
- "count": "[length(parameters('extensionCustomScriptConfig').fileData)]",
- "input": "[if(contains(parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')], 'storageAccountId'), format('{0}?{1}', parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].uri, listAccountSas(parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].storageAccountId, '2019-04-01', variables('accountSasProperties')).accountSasToken), parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].uri)]"
- }
- ]
- }
- },
- "tags": {
- "value": "[coalesce(tryGet(parameters('extensionCustomScriptConfig'), 'tags'), parameters('tags'))]"
- },
- "protectedSettings": {
- "value": "[parameters('extensionCustomScriptProtectedSetting')]"
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "5421737065579119324"
- },
- "name": "Virtual Machine Extensions",
- "description": "This module deploys a Virtual Machine Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine extension."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. The location the extension is deployed to."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "virtualMachine": {
- "existing": true,
- "type": "Microsoft.Compute/virtualMachines",
- "apiVersion": "2022-11-01",
- "name": "[parameters('virtualMachineName')]"
- },
- "extension": {
- "type": "Microsoft.Compute/virtualMachines/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- },
- "dependsOn": [
- "virtualMachine"
- ]
- }
- },
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('extension', '2022-11-01', 'full').location]"
- }
- }
- }
- },
- "dependsOn": [
- "vm",
- "vm_desiredStateConfigurationExtension"
- ]
- },
- "vm_azureDiskEncryptionExtension": {
- "condition": "[parameters('extensionAzureDiskEncryptionConfig').enabled]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VM-AzureDiskEncryption', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "virtualMachineName": {
- "value": "[parameters('name')]"
- },
- "name": {
- "value": "AzureDiskEncryption"
- },
- "publisher": {
- "value": "Microsoft.Azure.Security"
- },
- "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'AzureDiskEncryption'), createObject('value', 'AzureDiskEncryptionForLinux'))]",
- "typeHandlerVersion": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '2.2'), createObject('value', '1.1')))]",
- "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
- "enableAutomaticUpgrade": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').enableAutomaticUpgrade), createObject('value', false()))]",
- "forceUpdateTag": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'forceUpdateTag'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').forceUpdateTag), createObject('value', '1.0'))]",
- "settings": {
- "value": "[parameters('extensionAzureDiskEncryptionConfig').settings]"
- },
- "tags": {
- "value": "[coalesce(tryGet(parameters('extensionAzureDiskEncryptionConfig'), 'tags'), parameters('tags'))]"
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "5421737065579119324"
- },
- "name": "Virtual Machine Extensions",
- "description": "This module deploys a Virtual Machine Extension.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "virtualMachineName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the virtual machine extension."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. The location the extension is deployed to."
- }
- },
- "publisher": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the extension handler publisher."
- }
- },
- "type": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
- }
- },
- "typeHandlerVersion": {
- "type": "string",
- "metadata": {
- "description": "Required. Specifies the version of the script handler."
- }
- },
- "autoUpgradeMinorVersion": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
- }
- },
- "forceUpdateTag": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
- }
- },
- "settings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific settings."
- }
- },
- "protectedSettings": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Any object that contains the extension specific protected settings."
- }
- },
- "supressFailures": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
- }
- },
- "enableAutomaticUpgrade": {
- "type": "bool",
- "metadata": {
- "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "virtualMachine": {
- "existing": true,
- "type": "Microsoft.Compute/virtualMachines",
- "apiVersion": "2022-11-01",
- "name": "[parameters('virtualMachineName')]"
- },
- "extension": {
- "type": "Microsoft.Compute/virtualMachines/extensions",
- "apiVersion": "2022-11-01",
- "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "properties": {
- "publisher": "[parameters('publisher')]",
- "type": "[parameters('type')]",
- "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
- "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
- "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
- "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
- "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
- "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
- "suppressFailures": "[parameters('supressFailures')]"
- },
- "dependsOn": [
- "virtualMachine"
- ]
- }
- },
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the extension."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the extension."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the extension was created in."
- },
- "value": "[resourceGroup().name]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('extension', '2022-11-01', 'full').location]"
- }
- }
- }
- },
- "dependsOn": [
- "vm",
- "vm_customScriptExtension",
- "vm_microsoftMonitoringAgentExtension"
- ]
- },
- "vm_backup": {
- "condition": "[not(empty(parameters('backupVaultName')))]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-VM-Backup', uniqueString(deployment().name, parameters('location')))]",
- "resourceGroup": "[parameters('backupVaultResourceGroup')]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "name": {
- "value": "[format('vm;iaasvmcontainerv2;{0};{1}', resourceGroup().name, parameters('name'))]"
- },
- "policyId": {
- "value": "[resourceId('Microsoft.RecoveryServices/vaults/backupPolicies', parameters('backupVaultName'), parameters('backupPolicyName'))]"
- },
- "protectedItemType": {
- "value": "Microsoft.Compute/virtualMachines"
- },
- "protectionContainerName": {
- "value": "[format('iaasvmcontainer;iaasvmcontainerv2;{0};{1}', resourceGroup().name, parameters('name'))]"
- },
- "recoveryVaultName": {
- "value": "[parameters('backupVaultName')]"
- },
- "sourceResourceId": {
- "value": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]"
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.23.1.45101",
- "templateHash": "9921011786088905122"
- },
- "name": "Recovery Service Vaults Protection Container Protected Item",
- "description": "This module deploys a Recovery Services Vault Protection Container Protected Item.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. Name of the resource."
- }
- },
- "protectionContainerName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. Name of the Azure Recovery Service Vault Protection Container. Required if the template is used in a standalone deployment."
- }
- },
- "recoveryVaultName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all resources."
- }
- },
- "protectedItemType": {
- "type": "string",
- "allowedValues": [
- "AzureFileShareProtectedItem",
- "AzureVmWorkloadSAPAseDatabase",
- "AzureVmWorkloadSAPHanaDatabase",
- "AzureVmWorkloadSQLDatabase",
- "DPMProtectedItem",
- "GenericProtectedItem",
- "MabFileFolderProtectedItem",
- "Microsoft.ClassicCompute/virtualMachines",
- "Microsoft.Compute/virtualMachines",
- "Microsoft.Sql/servers/databases"
- ],
- "metadata": {
- "description": "Required. The backup item type."
- }
- },
- "policyId": {
- "type": "string",
- "metadata": {
- "description": "Required. ID of the backup policy with which this item is backed up."
- }
- },
- "sourceResourceId": {
- "type": "string",
- "metadata": {
- "description": "Required. Resource ID of the resource to back up."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- }
- },
- "resources": [
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- {
- "type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems",
- "apiVersion": "2023-01-01",
- "name": "[format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name'))]",
- "location": "[parameters('location')]",
- "properties": {
- "protectedItemType": "[parameters('protectedItemType')]",
- "policyId": "[parameters('policyId')]",
- "sourceResourceId": "[parameters('sourceResourceId')]"
- }
- }
- ],
- "outputs": {
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the Resource Group the protected item was created in."
- },
- "value": "[resourceGroup().name]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the protected item."
- },
- "value": "[resourceId('Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems', split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[0], split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[1], split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[2], split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[3])]"
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "The Name of the protected item."
- },
- "value": "[format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name'))]"
- }
- }
- }
- },
- "dependsOn": [
- "vm",
- "vm_aadJoinExtension",
- "vm_customScriptExtension",
- "vm_dependencyAgentExtension",
- "vm_desiredStateConfigurationExtension",
- "vm_domainJoinExtension",
- "vm_microsoftAntiMalwareExtension",
- "vm_microsoftMonitoringAgentExtension",
- "vm_networkWatcherAgentExtension"
- ]
- }
- },
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the VM."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the VM."
- },
- "value": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the resource group the VM was created in."
- },
- "value": "[resourceGroup().name]"
- },
- "systemAssignedMIPrincipalId": {
- "type": "string",
- "metadata": {
- "description": "The principal ID of the system assigned identity."
- },
- "value": "[if(and(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), contains(reference('vm', '2022-11-01', 'full').identity, 'principalId')), reference('vm', '2022-11-01', 'full').identity.principalId, '')]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('vm', '2022-11-01', 'full').location]"
- }
- }
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "7283140726016531733"
+ },
+ "name": "Virtual Machines",
+ "description": "This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs.",
+ "owner": "Azure/module-maintainers"
+ },
+ "definitions": {
+ "managedIdentitiesType": {
+ "type": "object",
+ "properties": {
+ "systemAssigned": {
+ "type": "bool",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Enables system assigned managed identity on the resource."
+ }
+ },
+ "userAssignedResourceIds": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The resource ID(s) to assign to the resource."
+ }
+ }
+ },
+ "nullable": true
+ },
+ "lockType": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the name of lock."
+ }
+ },
+ "kind": {
+ "type": "string",
+ "allowedValues": [
+ "CanNotDelete",
+ "None",
+ "ReadOnly"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the type of lock."
+ }
+ }
+ },
+ "nullable": true
+ },
+ "roleAssignmentType": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "roleDefinitionIdOrName": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
+ }
+ },
+ "principalId": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
+ }
+ },
+ "principalType": {
+ "type": "string",
+ "allowedValues": [
+ "Device",
+ "ForeignGroup",
+ "Group",
+ "ServicePrincipal",
+ "User"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The principal type of the assigned principal ID."
+ }
+ },
+ "description": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The description of the role assignment."
+ }
+ },
+ "condition": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
+ }
+ },
+ "conditionVersion": {
+ "type": "string",
+ "allowedValues": [
+ "2.0"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Version of the condition."
+ }
+ },
+ "delegatedManagedIdentityResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The Resource Id of the delegated managed identity resource."
+ }
+ }
+ }
+ },
+ "nullable": true
+ },
+ "diagnosticSettingType": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of diagnostic setting."
+ }
+ },
+ "logCategoriesAndGroups": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "category": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here."
+ }
+ },
+ "categoryGroup": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs."
+ }
+ }
+ }
+ },
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
+ }
+ },
+ "metricCategories": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "category": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics."
+ }
+ }
+ }
+ },
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
+ }
+ },
+ "logAnalyticsDestinationType": {
+ "type": "string",
+ "allowedValues": [
+ "AzureDiagnostics",
+ "Dedicated"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type."
+ }
+ },
+ "workspaceResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "storageAccountResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "eventHubAuthorizationRuleResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
+ }
+ },
+ "eventHubName": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "marketplacePartnerResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs."
+ }
+ }
+ }
+ },
+ "nullable": true
+ }
+ },
+ "parameters": {
+ "name": {
+ "type": "string",
+ "defaultValue": "[take(toLower(uniqueString(resourceGroup().name)), 10)]",
+ "metadata": {
+ "description": "Optional. The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name."
+ }
+ },
+ "computerName": {
+ "type": "string",
+ "defaultValue": "[parameters('name')]",
+ "metadata": {
+ "description": "Optional. Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name."
+ }
+ },
+ "vmSize": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the size for the VMs."
+ }
+ },
+ "encryptionAtHost": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs."
+ }
+ },
+ "securityType": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings."
+ }
+ },
+ "secureBootEnabled": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings."
+ }
+ },
+ "vTpmEnabled": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings."
+ }
+ },
+ "imageReference": {
+ "type": "object",
+ "metadata": {
+ "description": "Required. OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image."
+ }
+ },
+ "plan": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use."
+ }
+ },
+ "osDisk": {
+ "type": "object",
+ "metadata": {
+ "description": "Required. Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs."
+ }
+ },
+ "dataDisks": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs."
+ }
+ },
+ "ultraSSDEnabled": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled."
+ }
+ },
+ "adminUsername": {
+ "type": "securestring",
+ "metadata": {
+ "description": "Required. Administrator username."
+ }
+ },
+ "adminPassword": {
+ "type": "securestring",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. When specifying a Windows Virtual Machine, this value should be passed."
+ }
+ },
+ "customData": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format."
+ }
+ },
+ "certificatesToBeInstalled": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. Specifies set of certificates that should be installed onto the virtual machine."
+ }
+ },
+ "priority": {
+ "type": "string",
+ "defaultValue": "Regular",
+ "allowedValues": [
+ "Regular",
+ "Low",
+ "Spot"
+ ],
+ "metadata": {
+ "description": "Optional. Specifies the priority for the virtual machine."
+ }
+ },
+ "enableEvictionPolicy": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy."
+ }
+ },
+ "maxPriceForLowPriorityVm": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars."
+ }
+ },
+ "dedicatedHostId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Specifies resource ID about the dedicated host that the virtual machine resides in."
+ }
+ },
+ "licenseType": {
+ "type": "string",
+ "defaultValue": "",
+ "allowedValues": [
+ "Windows_Client",
+ "Windows_Server",
+ ""
+ ],
+ "metadata": {
+ "description": "Optional. Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system."
+ }
+ },
+ "publicKeys": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. The list of SSH public keys used to authenticate with linux based VMs."
+ }
+ },
+ "managedIdentities": {
+ "$ref": "#/definitions/managedIdentitiesType",
+ "metadata": {
+ "description": "Optional. The managed identity definition for this resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = \"True\"."
+ }
+ },
+ "bootDiagnostics": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled."
+ }
+ },
+ "bootDiagnosticStorageAccountName": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided."
+ }
+ },
+ "bootDiagnosticStorageAccountUri": {
+ "type": "string",
+ "defaultValue": "[format('.blob.{0}/', environment().suffixes.storage)]",
+ "metadata": {
+ "description": "Optional. Storage account boot diagnostic base URI."
+ }
+ },
+ "proximityPlacementGroupResourceId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Resource ID of a proximity placement group."
+ }
+ },
+ "availabilitySetResourceId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set."
+ }
+ },
+ "availabilityZone": {
+ "type": "int",
+ "defaultValue": 0,
+ "allowedValues": [
+ 0,
+ 1,
+ 2,
+ 3
+ ],
+ "metadata": {
+ "description": "Optional. If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set."
+ }
+ },
+ "nicConfigurations": {
+ "type": "array",
+ "metadata": {
+ "description": "Required. Configures NICs and PIPs."
+ }
+ },
+ "backupVaultName": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Recovery service vault name to add VMs to backup."
+ }
+ },
+ "backupVaultResourceGroup": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().name]",
+ "metadata": {
+ "description": "Optional. Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default."
+ }
+ },
+ "backupPolicyName": {
+ "type": "string",
+ "defaultValue": "DefaultPolicy",
+ "metadata": {
+ "description": "Optional. Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault."
+ }
+ },
+ "allowExtensionOperations": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine."
+ }
+ },
+ "extensionDomainJoinPassword": {
+ "type": "securestring",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Required if name is specified. Password of the user specified in user parameter."
+ }
+ },
+ "extensionDomainJoinConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Domain Join] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ }
+ },
+ "extensionAadJoinConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [AAD Join] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ }
+ },
+ "extensionAntiMalwareConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Anti Malware] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ }
+ },
+ "extensionMonitoringAgentConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Monitoring Agent] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ }
+ },
+ "monitoringWorkspaceId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true."
+ }
+ },
+ "extensionDependencyAgentConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Dependency Agent] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ }
+ },
+ "extensionNetworkWatcherAgentConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Network Watcher Agent] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ }
+ },
+ "extensionAzureDiskEncryptionConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Azure Disk Encryption] extension. Must at least contain the [\"enabled\": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys."
+ }
+ },
+ "extensionDSCConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Desired State Configuration] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ }
+ },
+ "extensionCustomScriptConfig": {
+ "type": "object",
+ "defaultValue": {
+ "enabled": false,
+ "fileData": []
+ },
+ "metadata": {
+ "description": "Optional. The configuration for the [Custom Script] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ }
+ },
+ "extensionCustomScriptProtectedSetting": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. Location for all resources."
+ }
+ },
+ "lock": {
+ "$ref": "#/definitions/lockType",
+ "metadata": {
+ "description": "Optional. The lock settings of the service."
+ }
+ },
+ "roleAssignments": {
+ "$ref": "#/definitions/roleAssignmentType",
+ "metadata": {
+ "description": "Optional. Array of role assignments to create."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Tags of the resource."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ },
+ "baseTime": {
+ "type": "string",
+ "defaultValue": "[utcNow('u')]",
+ "metadata": {
+ "description": "Generated. Do not provide a value! This date value is used to generate a registration token."
+ }
+ },
+ "sasTokenValidityLength": {
+ "type": "string",
+ "defaultValue": "PT8H",
+ "metadata": {
+ "description": "Optional. SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours."
+ }
+ },
+ "osType": {
+ "type": "string",
+ "allowedValues": [
+ "Windows",
+ "Linux"
+ ],
+ "metadata": {
+ "description": "Required. The chosen OS type."
+ }
+ },
+ "disablePasswordAuthentication": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Specifies whether password authentication should be disabled."
+ }
+ },
+ "provisionVMAgent": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later."
+ }
+ },
+ "enableAutomaticUpdates": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning."
+ }
+ },
+ "patchMode": {
+ "type": "string",
+ "defaultValue": "",
+ "allowedValues": [
+ "AutomaticByPlatform",
+ "AutomaticByOS",
+ "Manual",
+ "ImageDefault",
+ ""
+ ],
+ "metadata": {
+ "description": "Optional. VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'."
+ }
+ },
+ "patchAssessmentMode": {
+ "type": "string",
+ "defaultValue": "ImageDefault",
+ "allowedValues": [
+ "AutomaticByPlatform",
+ "ImageDefault"
+ ],
+ "metadata": {
+ "description": "Optional. VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours."
+ }
+ },
+ "timeZone": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`."
+ }
+ },
+ "additionalUnattendContent": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object."
+ }
+ },
+ "winRM": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object."
+ }
+ },
+ "configurationProfile": {
+ "type": "string",
+ "defaultValue": "",
+ "allowedValues": [
+ "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction",
+ "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest",
+ ""
+ ],
+ "metadata": {
+ "description": "Required. The configuration profile of automanage."
+ }
+ }
+ },
+ "variables": {
+ "copy": [
+ {
+ "name": "publicKeysFormatted",
+ "count": "[length(parameters('publicKeys'))]",
+ "input": {
+ "path": "[parameters('publicKeys')[copyIndex('publicKeysFormatted')].path]",
+ "keyData": "[parameters('publicKeys')[copyIndex('publicKeysFormatted')].keyData]"
+ }
+ }
+ ],
+ "linuxConfiguration": {
+ "disablePasswordAuthentication": "[parameters('disablePasswordAuthentication')]",
+ "ssh": {
+ "publicKeys": "[variables('publicKeysFormatted')]"
+ },
+ "provisionVMAgent": "[parameters('provisionVMAgent')]",
+ "patchSettings": "[if(and(parameters('provisionVMAgent'), or(equals(toLower(parameters('patchMode')), toLower('AutomaticByPlatform')), equals(toLower(parameters('patchMode')), toLower('ImageDefault')))), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode')), null())]"
+ },
+ "windowsConfiguration": {
+ "provisionVMAgent": "[parameters('provisionVMAgent')]",
+ "enableAutomaticUpdates": "[parameters('enableAutomaticUpdates')]",
+ "patchSettings": "[if(and(parameters('provisionVMAgent'), or(or(equals(toLower(parameters('patchMode')), toLower('AutomaticByPlatform')), equals(toLower(parameters('patchMode')), toLower('AutomaticByOS'))), equals(toLower(parameters('patchMode')), toLower('Manual')))), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode')), null())]",
+ "timeZone": "[if(empty(parameters('timeZone')), null(), parameters('timeZone'))]",
+ "additionalUnattendContent": "[if(empty(parameters('additionalUnattendContent')), null(), parameters('additionalUnattendContent'))]",
+ "winRM": "[if(not(empty(parameters('winRM'))), createObject('listeners', parameters('winRM')), null())]"
+ },
+ "accountSasProperties": {
+ "signedServices": "b",
+ "signedPermission": "r",
+ "signedExpiry": "[dateTimeAdd(parameters('baseTime'), parameters('sasTokenValidityLength'))]",
+ "signedResourceTypes": "o",
+ "signedProtocol": "https"
+ },
+ "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]",
+ "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(if(parameters('extensionAadJoinConfig').enabled, true(), coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false())), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]",
+ "enableReferencedModulesTelemetry": false,
+ "builtInRoleNames": {
+ "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
+ "Data Operator for Managed Disks": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '959f8984-c045-4866-89c7-12bf9737be2e')]",
+ "Desktop Virtualization Power On Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '489581de-a3bd-480d-9518-53dea7416b33')]",
+ "Desktop Virtualization Power On Off Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '40c5ff49-9181-41f8-ae61-143b0e78555e')]",
+ "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]",
+ "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]",
+ "Disk Backup Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3e5e47e6-65f7-47ef-90b5-e5dd4d455f24')]",
+ "Disk Pool Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '60fc6e62-5479-42d4-8bf4-67625fcc2840')]",
+ "Disk Restore Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b50d9833-a0cb-478e-945f-707fcc997c13')]",
+ "Disk Snapshot Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce')]",
+ "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
+ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
+ "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
+ "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]",
+ "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]",
+ "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]",
+ "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]",
+ "VM Scanner Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd24ecba3-c1f4-40fa-a7bb-4588a071e8fd')]"
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "vm": {
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "2022-11-01",
+ "name": "[parameters('name')]",
+ "location": "[parameters('location')]",
+ "identity": "[variables('identity')]",
+ "tags": "[parameters('tags')]",
+ "zones": "[if(not(equals(parameters('availabilityZone'), 0)), array(parameters('availabilityZone')), null())]",
+ "plan": "[if(not(empty(parameters('plan'))), parameters('plan'), null())]",
+ "properties": {
+ "hardwareProfile": {
+ "vmSize": "[parameters('vmSize')]"
+ },
+ "securityProfile": {
+ "encryptionAtHost": "[if(parameters('encryptionAtHost'), parameters('encryptionAtHost'), null())]",
+ "securityType": "[parameters('securityType')]",
+ "uefiSettings": "[if(equals(parameters('securityType'), 'TrustedLaunch'), createObject('secureBootEnabled', parameters('secureBootEnabled'), 'vTpmEnabled', parameters('vTpmEnabled')), null())]"
+ },
+ "storageProfile": {
+ "copy": [
+ {
+ "name": "dataDisks",
+ "count": "[length(parameters('dataDisks'))]",
+ "input": {
+ "lun": "[copyIndex('dataDisks')]",
+ "name": "[format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0'))]",
+ "diskSizeGB": "[parameters('dataDisks')[copyIndex('dataDisks')].diskSizeGB]",
+ "createOption": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')], 'createOption'), parameters('dataDisks')[copyIndex('dataDisks')].createOption, 'Empty')]",
+ "deleteOption": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')], 'deleteOption'), parameters('dataDisks')[copyIndex('dataDisks')].deleteOption, 'Delete')]",
+ "caching": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')], 'caching'), parameters('dataDisks')[copyIndex('dataDisks')].caching, 'ReadOnly')]",
+ "managedDisk": {
+ "storageAccountType": "[parameters('dataDisks')[copyIndex('dataDisks')].managedDisk.storageAccountType]",
+ "diskEncryptionSet": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')].managedDisk, 'diskEncryptionSet'), createObject('id', parameters('dataDisks')[copyIndex('dataDisks')].managedDisk.diskEncryptionSet.id), null())]"
+ }
+ }
+ }
+ ],
+ "imageReference": "[parameters('imageReference')]",
+ "osDisk": {
+ "name": "[format('{0}-disk-os-01', parameters('name'))]",
+ "createOption": "[if(contains(parameters('osDisk'), 'createOption'), parameters('osDisk').createOption, 'FromImage')]",
+ "deleteOption": "[if(contains(parameters('osDisk'), 'deleteOption'), parameters('osDisk').deleteOption, 'Delete')]",
+ "diskSizeGB": "[parameters('osDisk').diskSizeGB]",
+ "caching": "[if(contains(parameters('osDisk'), 'caching'), parameters('osDisk').caching, 'ReadOnly')]",
+ "managedDisk": {
+ "storageAccountType": "[parameters('osDisk').managedDisk.storageAccountType]",
+ "diskEncryptionSet": "[if(contains(parameters('osDisk').managedDisk, 'diskEncryptionSet'), createObject('id', parameters('osDisk').managedDisk.diskEncryptionSet.id), null())]"
+ }
+ }
+ },
+ "additionalCapabilities": {
+ "ultraSSDEnabled": "[parameters('ultraSSDEnabled')]"
+ },
+ "osProfile": {
+ "computerName": "[parameters('computerName')]",
+ "adminUsername": "[parameters('adminUsername')]",
+ "adminPassword": "[parameters('adminPassword')]",
+ "customData": "[if(not(empty(parameters('customData'))), base64(parameters('customData')), null())]",
+ "windowsConfiguration": "[if(equals(parameters('osType'), 'Windows'), variables('windowsConfiguration'), null())]",
+ "linuxConfiguration": "[if(equals(parameters('osType'), 'Linux'), variables('linuxConfiguration'), null())]",
+ "secrets": "[parameters('certificatesToBeInstalled')]",
+ "allowExtensionOperations": "[parameters('allowExtensionOperations')]"
+ },
+ "networkProfile": {
+ "copy": [
+ {
+ "name": "networkInterfaces",
+ "count": "[length(parameters('nicConfigurations'))]",
+ "input": {
+ "properties": {
+ "deleteOption": "[if(contains(parameters('nicConfigurations')[copyIndex('networkInterfaces')], 'deleteOption'), parameters('nicConfigurations')[copyIndex('networkInterfaces')].deleteOption, 'Delete')]",
+ "primary": "[if(equals(copyIndex('networkInterfaces'), 0), true(), false())]"
+ },
+ "id": "[resourceId('Microsoft.Network/networkInterfaces', format('{0}{1}', parameters('name'), parameters('nicConfigurations')[copyIndex('networkInterfaces')].nicSuffix))]"
+ }
+ }
+ ]
+ },
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "enabled": "[if(not(empty(parameters('bootDiagnosticStorageAccountName'))), true(), parameters('bootDiagnostics'))]",
+ "storageUri": "[if(not(empty(parameters('bootDiagnosticStorageAccountName'))), format('https://{0}{1}', parameters('bootDiagnosticStorageAccountName'), parameters('bootDiagnosticStorageAccountUri')), null())]"
+ }
+ },
+ "availabilitySet": "[if(not(empty(parameters('availabilitySetResourceId'))), createObject('id', parameters('availabilitySetResourceId')), null())]",
+ "proximityPlacementGroup": "[if(not(empty(parameters('proximityPlacementGroupResourceId'))), createObject('id', parameters('proximityPlacementGroupResourceId')), null())]",
+ "priority": "[parameters('priority')]",
+ "evictionPolicy": "[if(parameters('enableEvictionPolicy'), 'Deallocate', null())]",
+ "billingProfile": "[if(and(not(empty(parameters('priority'))), not(empty(parameters('maxPriceForLowPriorityVm')))), createObject('maxPrice', parameters('maxPriceForLowPriorityVm')), null())]",
+ "host": "[if(not(empty(parameters('dedicatedHostId'))), createObject('id', parameters('dedicatedHostId')), null())]",
+ "licenseType": "[if(not(empty(parameters('licenseType'))), parameters('licenseType'), null())]"
+ },
+ "dependsOn": [
+ "vm_nic"
+ ]
+ },
+ "vm_configurationProfileAssignment": {
+ "condition": "[not(empty(parameters('configurationProfile')))]",
+ "type": "Microsoft.Automanage/configurationProfileAssignments",
+ "apiVersion": "2021-04-30-preview",
+ "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]",
+ "name": "default",
+ "properties": {
+ "configurationProfile": "[parameters('configurationProfile')]"
+ },
+ "dependsOn": [
+ "vm"
+ ]
+ },
+ "vm_logAnalyticsWorkspace": {
+ "condition": "[not(empty(parameters('monitoringWorkspaceId')))]",
+ "existing": true,
+ "type": "Microsoft.OperationalInsights/workspaces",
+ "apiVersion": "2021-06-01",
+ "subscriptionId": "[split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '//'), '/')[2]]",
+ "resourceGroup": "[split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '////'), '/')[4]]",
+ "name": "[last(split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), 'law'), '/'))]"
+ },
+ "vm_lock": {
+ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
+ "type": "Microsoft.Authorization/locks",
+ "apiVersion": "2020-05-01",
+ "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]",
+ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
+ "properties": {
+ "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
+ "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
+ },
+ "dependsOn": [
+ "vm"
+ ]
+ },
+ "vm_roleAssignments": {
+ "copy": {
+ "name": "vm_roleAssignments",
+ "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
+ },
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2022-04-01",
+ "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]",
+ "name": "[guid(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
+ "properties": {
+ "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]",
+ "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
+ "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
+ "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
+ "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
+ "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
+ "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
+ },
+ "dependsOn": [
+ "vm"
+ ]
+ },
+ "vm_nic": {
+ "copy": {
+ "name": "vm_nic",
+ "count": "[length(parameters('nicConfigurations'))]"
+ },
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VM-Nic-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "networkInterfaceName": {
+ "value": "[format('{0}{1}', parameters('name'), parameters('nicConfigurations')[copyIndex()].nicSuffix)]"
+ },
+ "virtualMachineName": {
+ "value": "[parameters('name')]"
+ },
+ "location": {
+ "value": "[parameters('location')]"
+ },
+ "enableIPForwarding": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'enableIPForwarding'), if(not(empty(parameters('nicConfigurations')[copyIndex()].enableIPForwarding)), createObject('value', parameters('nicConfigurations')[copyIndex()].enableIPForwarding), createObject('value', false())), createObject('value', false()))]",
+ "enableAcceleratedNetworking": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'enableAcceleratedNetworking'), createObject('value', parameters('nicConfigurations')[copyIndex()].enableAcceleratedNetworking), createObject('value', true()))]",
+ "dnsServers": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'dnsServers'), if(not(empty(parameters('nicConfigurations')[copyIndex()].dnsServers)), createObject('value', parameters('nicConfigurations')[copyIndex()].dnsServers), createObject('value', createArray())), createObject('value', createArray()))]",
+ "networkSecurityGroupResourceId": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'networkSecurityGroupResourceId'), createObject('value', parameters('nicConfigurations')[copyIndex()].networkSecurityGroupResourceId), createObject('value', ''))]",
+ "ipConfigurations": {
+ "value": "[parameters('nicConfigurations')[copyIndex()].ipConfigurations]"
+ },
+ "lock": {
+ "value": "[coalesce(tryGet(parameters('nicConfigurations')[copyIndex()], 'lock'), parameters('lock'))]"
+ },
+ "tags": {
+ "value": "[coalesce(tryGet(parameters('nicConfigurations')[copyIndex()], 'tags'), parameters('tags'))]"
+ },
+ "diagnosticSettings": {
+ "value": "[tryGet(parameters('nicConfigurations')[copyIndex()], 'diagnosticSettings')]"
+ },
+ "roleAssignments": {
+ "value": "[tryGet(parameters('nicConfigurations')[copyIndex()], 'roleAssignments')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "8409177324826913650"
+ }
+ },
+ "definitions": {
+ "lockType": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the name of lock."
+ }
+ },
+ "kind": {
+ "type": "string",
+ "allowedValues": [
+ "CanNotDelete",
+ "None",
+ "ReadOnly"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the type of lock."
+ }
+ }
+ },
+ "nullable": true
+ },
+ "diagnosticSettingType": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of diagnostic setting."
+ }
+ },
+ "logCategoriesAndGroups": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "category": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here."
+ }
+ },
+ "categoryGroup": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to \u0007llLogs to collect all logs."
+ }
+ }
+ }
+ },
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
+ }
+ },
+ "metricCategories": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "category": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to AllMetrics to collect all metrics."
+ }
+ }
+ }
+ },
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
+ }
+ },
+ "logAnalyticsDestinationType": {
+ "type": "string",
+ "allowedValues": [
+ "AzureDiagnostics",
+ "Dedicated"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type."
+ }
+ },
+ "workspaceResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "storageAccountResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "eventHubAuthorizationRuleResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
+ }
+ },
+ "eventHubName": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "marketplacePartnerResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs."
+ }
+ }
+ }
+ },
+ "nullable": true
+ },
+ "roleAssignmentType": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "roleDefinitionIdOrName": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
+ }
+ },
+ "principalId": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
+ }
+ },
+ "principalType": {
+ "type": "string",
+ "allowedValues": [
+ "Device",
+ "ForeignGroup",
+ "Group",
+ "ServicePrincipal",
+ "User"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The principal type of the assigned principal ID."
+ }
+ },
+ "description": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The description of the role assignment."
+ }
+ },
+ "condition": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
+ }
+ },
+ "conditionVersion": {
+ "type": "string",
+ "allowedValues": [
+ "2.0"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Version of the condition."
+ }
+ },
+ "delegatedManagedIdentityResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The Resource Id of the delegated managed identity resource."
+ }
+ }
+ }
+ },
+ "nullable": true
+ }
+ },
+ "parameters": {
+ "networkInterfaceName": {
+ "type": "string"
+ },
+ "virtualMachineName": {
+ "type": "string"
+ },
+ "location": {
+ "type": "string"
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true
+ },
+ "enableIPForwarding": {
+ "type": "bool",
+ "defaultValue": false
+ },
+ "enableAcceleratedNetworking": {
+ "type": "bool",
+ "defaultValue": false
+ },
+ "dnsServers": {
+ "type": "array",
+ "defaultValue": []
+ },
+ "networkSecurityGroupResourceId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. The network security group (NSG) to attach to the network interface."
+ }
+ },
+ "ipConfigurations": {
+ "type": "array"
+ },
+ "lock": {
+ "$ref": "#/definitions/lockType"
+ },
+ "diagnosticSettings": {
+ "$ref": "#/definitions/diagnosticSettingType",
+ "metadata": {
+ "description": "Optional. The diagnostic settings of the Network Interface."
+ }
+ },
+ "roleAssignments": {
+ "$ref": "#/definitions/roleAssignmentType",
+ "metadata": {
+ "description": "Optional. Array of role assignments to create."
+ }
+ }
+ },
+ "variables": {
+ "enableReferencedModulesTelemetry": false
+ },
+ "resources": {
+ "networkInterface_publicIPAddresses": {
+ "copy": {
+ "name": "networkInterface_publicIPAddresses",
+ "count": "[length(parameters('ipConfigurations'))]"
+ },
+ "condition": "[contains(parameters('ipConfigurations')[copyIndex()], 'pipconfiguration')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-publicIP-{1}', deployment().name, copyIndex())]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "name": {
+ "value": "[format('{0}{1}', parameters('virtualMachineName'), parameters('ipConfigurations')[copyIndex()].pipconfiguration.publicIpNameSuffix)]"
+ },
+ "diagnosticSettings": {
+ "value": "[tryGet(parameters('ipConfigurations')[copyIndex()], 'diagnosticSettings')]"
+ },
+ "location": {
+ "value": "[parameters('location')]"
+ },
+ "lock": {
+ "value": "[parameters('lock')]"
+ },
+ "publicIPAddressVersion": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'publicIPAddressVersion'), createObject('value', parameters('ipConfigurations')[copyIndex()].publicIPAddressVersion), createObject('value', 'IPv4'))]",
+ "publicIPAllocationMethod": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'publicIPAllocationMethod'), createObject('value', parameters('ipConfigurations')[copyIndex()].publicIPAllocationMethod), createObject('value', 'Static'))]",
+ "publicIPPrefixResourceId": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'publicIPPrefixResourceId'), createObject('value', parameters('ipConfigurations')[copyIndex()].publicIPPrefixResourceId), createObject('value', ''))]",
+ "roleAssignments": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'roleAssignments'), createObject('value', parameters('ipConfigurations')[copyIndex()].roleAssignments), createObject('value', createArray()))]",
+ "skuName": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'skuName'), createObject('value', parameters('ipConfigurations')[copyIndex()].skuName), createObject('value', 'Standard'))]",
+ "skuTier": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'skuTier'), createObject('value', parameters('ipConfigurations')[copyIndex()].skuTier), createObject('value', 'Regional'))]",
+ "tags": {
+ "value": "[coalesce(tryGet(parameters('ipConfigurations')[copyIndex()], 'tags'), parameters('tags'))]"
+ },
+ "zones": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'zones'), createObject('value', parameters('ipConfigurations')[copyIndex()].zones), createObject('value', createArray()))]"
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "11463500650113068679"
+ },
+ "name": "Public IP Addresses",
+ "description": "This module deploys a Public IP Address.",
+ "owner": "Azure/module-maintainers"
+ },
+ "definitions": {
+ "lockType": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the name of lock."
+ }
+ },
+ "kind": {
+ "type": "string",
+ "allowedValues": [
+ "CanNotDelete",
+ "None",
+ "ReadOnly"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the type of lock."
+ }
+ }
+ },
+ "nullable": true
+ },
+ "roleAssignmentType": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "roleDefinitionIdOrName": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
+ }
+ },
+ "principalId": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
+ }
+ },
+ "principalType": {
+ "type": "string",
+ "allowedValues": [
+ "Device",
+ "ForeignGroup",
+ "Group",
+ "ServicePrincipal",
+ "User"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The principal type of the assigned principal ID."
+ }
+ },
+ "description": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The description of the role assignment."
+ }
+ },
+ "condition": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
+ }
+ },
+ "conditionVersion": {
+ "type": "string",
+ "allowedValues": [
+ "2.0"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Version of the condition."
+ }
+ },
+ "delegatedManagedIdentityResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The Resource Id of the delegated managed identity resource."
+ }
+ }
+ }
+ },
+ "nullable": true
+ },
+ "diagnosticSettingType": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of diagnostic setting."
+ }
+ },
+ "logCategoriesAndGroups": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "category": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here."
+ }
+ },
+ "categoryGroup": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs."
+ }
+ }
+ }
+ },
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
+ }
+ },
+ "metricCategories": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "category": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics."
+ }
+ }
+ }
+ },
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
+ }
+ },
+ "logAnalyticsDestinationType": {
+ "type": "string",
+ "allowedValues": [
+ "AzureDiagnostics",
+ "Dedicated"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type."
+ }
+ },
+ "workspaceResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "storageAccountResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "eventHubAuthorizationRuleResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
+ }
+ },
+ "eventHubName": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "marketplacePartnerResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs."
+ }
+ }
+ }
+ },
+ "nullable": true
+ }
+ },
+ "parameters": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the Public IP Address."
+ }
+ },
+ "publicIPPrefixResourceId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix."
+ }
+ },
+ "publicIPAllocationMethod": {
+ "type": "string",
+ "defaultValue": "Static",
+ "allowedValues": [
+ "Dynamic",
+ "Static"
+ ],
+ "metadata": {
+ "description": "Optional. The public IP address allocation method."
+ }
+ },
+ "skuName": {
+ "type": "string",
+ "defaultValue": "Standard",
+ "allowedValues": [
+ "Basic",
+ "Standard"
+ ],
+ "metadata": {
+ "description": "Optional. Name of a public IP address SKU."
+ }
+ },
+ "skuTier": {
+ "type": "string",
+ "defaultValue": "Regional",
+ "allowedValues": [
+ "Global",
+ "Regional"
+ ],
+ "metadata": {
+ "description": "Optional. Tier of a public IP address SKU."
+ }
+ },
+ "zones": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. A list of availability zones denoting the IP allocated for the resource needs to come from."
+ }
+ },
+ "publicIPAddressVersion": {
+ "type": "string",
+ "defaultValue": "IPv4",
+ "allowedValues": [
+ "IPv4",
+ "IPv6"
+ ],
+ "metadata": {
+ "description": "Optional. IP address version."
+ }
+ },
+ "diagnosticSettings": {
+ "$ref": "#/definitions/diagnosticSettingType",
+ "metadata": {
+ "description": "Optional. The diagnostic settings of the service."
+ }
+ },
+ "domainNameLabel": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system."
+ }
+ },
+ "domainNameLabelScope": {
+ "type": "string",
+ "defaultValue": "",
+ "allowedValues": [
+ "",
+ "NoReuse",
+ "ResourceGroupReuse",
+ "SubscriptionReuse",
+ "TenantReuse"
+ ],
+ "metadata": {
+ "description": "Optional. The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN."
+ }
+ },
+ "fqdn": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone."
+ }
+ },
+ "reverseFqdn": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN."
+ }
+ },
+ "lock": {
+ "$ref": "#/definitions/lockType",
+ "metadata": {
+ "description": "Optional. The lock settings of the service."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. Location for all resources."
+ }
+ },
+ "roleAssignments": {
+ "$ref": "#/definitions/roleAssignmentType",
+ "metadata": {
+ "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Tags of the resource."
+ }
+ }
+ },
+ "variables": {
+ "builtInRoleNames": {
+ "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
+ "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
+ "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
+ "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]",
+ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
+ "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
+ "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]"
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "publicIpAddress": {
+ "type": "Microsoft.Network/publicIPAddresses",
+ "apiVersion": "2023-04-01",
+ "name": "[parameters('name')]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tags')]",
+ "sku": {
+ "name": "[parameters('skuName')]",
+ "tier": "[parameters('skuTier')]"
+ },
+ "zones": "[parameters('zones')]",
+ "properties": {
+ "dnsSettings": "[if(not(empty(parameters('domainNameLabel'))), createObject('domainNameLabel', parameters('domainNameLabel'), 'domainNameLabelScope', parameters('domainNameLabelScope'), 'fqdn', parameters('fqdn'), 'reverseFqdn', parameters('reverseFqdn')), null())]",
+ "publicIPAddressVersion": "[parameters('publicIPAddressVersion')]",
+ "publicIPAllocationMethod": "[parameters('publicIPAllocationMethod')]",
+ "publicIPPrefix": "[if(not(empty(parameters('publicIPPrefixResourceId'))), createObject('id', parameters('publicIPPrefixResourceId')), null())]",
+ "idleTimeoutInMinutes": 4,
+ "ipTags": []
+ }
+ },
+ "publicIpAddress_lock": {
+ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
+ "type": "Microsoft.Authorization/locks",
+ "apiVersion": "2020-05-01",
+ "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]",
+ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
+ "properties": {
+ "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
+ "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
+ },
+ "dependsOn": [
+ "publicIpAddress"
+ ]
+ },
+ "publicIpAddress_diagnosticSettings": {
+ "copy": {
+ "name": "publicIpAddress_diagnosticSettings",
+ "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]"
+ },
+ "type": "Microsoft.Insights/diagnosticSettings",
+ "apiVersion": "2021-05-01-preview",
+ "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]",
+ "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]",
+ "properties": {
+ "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]",
+ "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]",
+ "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]",
+ "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]",
+ "metrics": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics', 'timeGrain', null(), 'enabled', true())))]",
+ "logs": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'AllLogs', 'enabled', true())))]",
+ "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]",
+ "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]"
+ },
+ "dependsOn": [
+ "publicIpAddress"
+ ]
+ },
+ "publicIpAddress_roleAssignments": {
+ "copy": {
+ "name": "publicIpAddress_roleAssignments",
+ "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
+ },
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2022-04-01",
+ "name": "[guid(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
+ "properties": {
+ "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
+ "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
+ "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
+ "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
+ "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
+ "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
+ "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
+ },
+ "dependsOn": [
+ "publicIpAddress"
+ ]
+ }
+ },
+ "outputs": {
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource group the public IP address was deployed into."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the public IP address."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the public IP address."
+ },
+ "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]"
+ },
+ "ipAddress": {
+ "type": "string",
+ "metadata": {
+ "description": "The public IP address of the public IP address resource."
+ },
+ "value": "[if(contains(reference('publicIpAddress'), 'ipAddress'), reference('publicIpAddress').ipAddress, '')]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('publicIpAddress', '2023-04-01', 'full').location]"
+ }
+ }
+ }
+ }
+ },
+ "networkInterface": {
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-NetworkInterface', deployment().name)]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "name": {
+ "value": "[parameters('networkInterfaceName')]"
+ },
+ "ipConfigurations": {
+ "copy": [
+ {
+ "name": "value",
+ "count": "[length(parameters('ipConfigurations'))]",
+ "input": "[createObject('name', if(not(empty(parameters('ipConfigurations')[copyIndex('value')].name)), parameters('ipConfigurations')[copyIndex('value')].name, null()), 'primary', equals(copyIndex('value'), 0), 'privateIPAllocationMethod', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'privateIPAllocationMethod'), if(not(empty(parameters('ipConfigurations')[copyIndex('value')].privateIPAllocationMethod)), parameters('ipConfigurations')[copyIndex('value')].privateIPAllocationMethod, null()), null()), 'privateIPAddress', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'privateIPAddress'), if(not(empty(parameters('ipConfigurations')[copyIndex('value')].privateIPAddress)), parameters('ipConfigurations')[copyIndex('value')].privateIPAddress, null()), null()), 'publicIPAddressResourceId', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'pipconfiguration'), resourceId('Microsoft.Network/publicIPAddresses', format('{0}{1}', parameters('virtualMachineName'), parameters('ipConfigurations')[copyIndex('value')].pipconfiguration.publicIpNameSuffix)), null()), 'subnetResourceId', parameters('ipConfigurations')[copyIndex('value')].subnetResourceId, 'loadBalancerBackendAddressPools', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'loadBalancerBackendAddressPools'), parameters('ipConfigurations')[copyIndex('value')].loadBalancerBackendAddressPools, null()), 'applicationSecurityGroups', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'applicationSecurityGroups'), parameters('ipConfigurations')[copyIndex('value')].applicationSecurityGroups, null()), 'applicationGatewayBackendAddressPools', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'applicationGatewayBackendAddressPools'), parameters('ipConfigurations')[copyIndex('value')].applicationGatewayBackendAddressPools, null()), 'gatewayLoadBalancer', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'gatewayLoadBalancer'), parameters('ipConfigurations')[copyIndex('value')].gatewayLoadBalancer, null()), 'loadBalancerInboundNatRules', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'loadBalancerInboundNatRules'), parameters('ipConfigurations')[copyIndex('value')].loadBalancerInboundNatRules, null()), 'privateIPAddressVersion', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'privateIPAddressVersion'), parameters('ipConfigurations')[copyIndex('value')].privateIPAddressVersion, null()), 'virtualNetworkTaps', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'virtualNetworkTaps'), parameters('ipConfigurations')[copyIndex('value')].virtualNetworkTaps, null()))]"
+ }
+ ]
+ },
+ "location": {
+ "value": "[parameters('location')]"
+ },
+ "tags": {
+ "value": "[parameters('tags')]"
+ },
+ "diagnosticSettings": {
+ "value": "[parameters('diagnosticSettings')]"
+ },
+ "dnsServers": "[if(not(empty(parameters('dnsServers'))), createObject('value', parameters('dnsServers')), createObject('value', createArray()))]",
+ "enableAcceleratedNetworking": {
+ "value": "[parameters('enableAcceleratedNetworking')]"
+ },
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ },
+ "enableIPForwarding": {
+ "value": "[parameters('enableIPForwarding')]"
+ },
+ "lock": {
+ "value": "[parameters('lock')]"
+ },
+ "networkSecurityGroupResourceId": "[if(not(empty(parameters('networkSecurityGroupResourceId'))), createObject('value', parameters('networkSecurityGroupResourceId')), createObject('value', ''))]",
+ "roleAssignments": "[if(not(empty(parameters('roleAssignments'))), createObject('value', parameters('roleAssignments')), createObject('value', createArray()))]"
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "2212030554483009866"
+ },
+ "name": "Network Interface",
+ "description": "This module deploys a Network Interface.",
+ "owner": "Azure/module-maintainers"
+ },
+ "definitions": {
+ "lockType": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the name of lock."
+ }
+ },
+ "kind": {
+ "type": "string",
+ "allowedValues": [
+ "CanNotDelete",
+ "None",
+ "ReadOnly"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the type of lock."
+ }
+ }
+ },
+ "nullable": true
+ },
+ "roleAssignmentType": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "roleDefinitionIdOrName": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
+ }
+ },
+ "principalId": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
+ }
+ },
+ "principalType": {
+ "type": "string",
+ "allowedValues": [
+ "Device",
+ "ForeignGroup",
+ "Group",
+ "ServicePrincipal",
+ "User"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The principal type of the assigned principal ID."
+ }
+ },
+ "description": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The description of the role assignment."
+ }
+ },
+ "condition": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
+ }
+ },
+ "conditionVersion": {
+ "type": "string",
+ "allowedValues": [
+ "2.0"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Version of the condition."
+ }
+ },
+ "delegatedManagedIdentityResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The Resource Id of the delegated managed identity resource."
+ }
+ }
+ }
+ },
+ "nullable": true
+ },
+ "diagnosticSettingType": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of diagnostic setting."
+ }
+ },
+ "metricCategories": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "category": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics."
+ }
+ }
+ }
+ },
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
+ }
+ },
+ "logAnalyticsDestinationType": {
+ "type": "string",
+ "allowedValues": [
+ "AzureDiagnostics",
+ "Dedicated"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type."
+ }
+ },
+ "workspaceResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "storageAccountResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "eventHubAuthorizationRuleResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
+ }
+ },
+ "eventHubName": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "marketplacePartnerResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs."
+ }
+ }
+ }
+ },
+ "nullable": true
+ }
+ },
+ "parameters": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the network interface."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. Location for all resources."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Tags of the resource."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ },
+ "enableIPForwarding": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether IP forwarding is enabled on this network interface."
+ }
+ },
+ "enableAcceleratedNetworking": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. If the network interface is accelerated networking enabled."
+ }
+ },
+ "dnsServers": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection."
+ }
+ },
+ "networkSecurityGroupResourceId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. The network security group (NSG) to attach to the network interface."
+ }
+ },
+ "auxiliaryMode": {
+ "type": "string",
+ "defaultValue": "None",
+ "allowedValues": [
+ "Floating",
+ "MaxConnections",
+ "None"
+ ],
+ "metadata": {
+ "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic."
+ }
+ },
+ "auxiliarySku": {
+ "type": "string",
+ "defaultValue": "None",
+ "allowedValues": [
+ "A1",
+ "A2",
+ "A4",
+ "A8",
+ "None"
+ ],
+ "metadata": {
+ "description": "Optional. Auxiliary sku of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic."
+ }
+ },
+ "disableTcpStateTracking": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether to disable tcp state tracking. Subscription must be registered for the Microsoft.Network/AllowDisableTcpStateTracking feature before this property can be set to true."
+ }
+ },
+ "ipConfigurations": {
+ "type": "array",
+ "metadata": {
+ "description": "Required. A list of IPConfigurations of the network interface."
+ }
+ },
+ "lock": {
+ "$ref": "#/definitions/lockType",
+ "metadata": {
+ "description": "Optional. The lock settings of the service."
+ }
+ },
+ "roleAssignments": {
+ "$ref": "#/definitions/roleAssignmentType",
+ "metadata": {
+ "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
+ }
+ },
+ "diagnosticSettings": {
+ "$ref": "#/definitions/diagnosticSettingType",
+ "metadata": {
+ "description": "Optional. The diagnostic settings of the service."
+ }
+ }
+ },
+ "variables": {
+ "builtInRoleNames": {
+ "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
+ "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
+ "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
+ "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]",
+ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
+ "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
+ "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]"
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "networkInterface": {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "2023-04-01",
+ "name": "[parameters('name')]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tags')]",
+ "properties": {
+ "copy": [
+ {
+ "name": "ipConfigurations",
+ "count": "[length(parameters('ipConfigurations'))]",
+ "input": {
+ "name": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'name'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].name, format('ipconfig0{0}', add(copyIndex('ipConfigurations'), 1)))]",
+ "properties": {
+ "primary": "[if(equals(copyIndex('ipConfigurations'), 0), true(), false())]",
+ "privateIPAllocationMethod": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'privateIPAllocationMethod'), if(not(empty(parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAllocationMethod)), parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAllocationMethod, null()), null())]",
+ "privateIPAddress": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'privateIPAddress'), if(not(empty(parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAddress)), parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAddress, null()), null())]",
+ "publicIPAddress": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'publicIPAddressResourceId'), if(not(equals(parameters('ipConfigurations')[copyIndex('ipConfigurations')].publicIPAddressResourceId, null())), createObject('id', parameters('ipConfigurations')[copyIndex('ipConfigurations')].publicIPAddressResourceId), null()), null())]",
+ "subnet": {
+ "id": "[parameters('ipConfigurations')[copyIndex('ipConfigurations')].subnetResourceId]"
+ },
+ "loadBalancerBackendAddressPools": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'loadBalancerBackendAddressPools'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].loadBalancerBackendAddressPools, null())]",
+ "applicationSecurityGroups": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'applicationSecurityGroups'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].applicationSecurityGroups, null())]",
+ "applicationGatewayBackendAddressPools": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'applicationGatewayBackendAddressPools'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].applicationGatewayBackendAddressPools, null())]",
+ "gatewayLoadBalancer": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'gatewayLoadBalancer'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].gatewayLoadBalancer, null())]",
+ "loadBalancerInboundNatRules": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'loadBalancerInboundNatRules'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].loadBalancerInboundNatRules, null())]",
+ "privateIPAddressVersion": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'privateIPAddressVersion'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAddressVersion, null())]",
+ "virtualNetworkTaps": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'virtualNetworkTaps'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].virtualNetworkTaps, null())]"
+ }
+ }
+ }
+ ],
+ "auxiliaryMode": "[parameters('auxiliaryMode')]",
+ "auxiliarySku": "[parameters('auxiliarySku')]",
+ "disableTcpStateTracking": "[parameters('disableTcpStateTracking')]",
+ "dnsSettings": "[if(not(empty(parameters('dnsServers'))), createObject('dnsServers', parameters('dnsServers')), null())]",
+ "enableAcceleratedNetworking": "[parameters('enableAcceleratedNetworking')]",
+ "enableIPForwarding": "[parameters('enableIPForwarding')]",
+ "networkSecurityGroup": "[if(not(empty(parameters('networkSecurityGroupResourceId'))), createObject('id', parameters('networkSecurityGroupResourceId')), null())]"
+ }
+ },
+ "networkInterface_diagnosticSettings": {
+ "copy": {
+ "name": "networkInterface_diagnosticSettings",
+ "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]"
+ },
+ "type": "Microsoft.Insights/diagnosticSettings",
+ "apiVersion": "2021-05-01-preview",
+ "scope": "[format('Microsoft.Network/networkInterfaces/{0}', parameters('name'))]",
+ "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]",
+ "properties": {
+ "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]",
+ "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]",
+ "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]",
+ "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]",
+ "metrics": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics', 'timeGrain', null(), 'enabled', true())))]",
+ "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]",
+ "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]"
+ },
+ "dependsOn": [
+ "networkInterface"
+ ]
+ },
+ "networkInterface_lock": {
+ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
+ "type": "Microsoft.Authorization/locks",
+ "apiVersion": "2020-05-01",
+ "scope": "[format('Microsoft.Network/networkInterfaces/{0}', parameters('name'))]",
+ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
+ "properties": {
+ "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
+ "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
+ },
+ "dependsOn": [
+ "networkInterface"
+ ]
+ },
+ "networkInterface_roleAssignments": {
+ "copy": {
+ "name": "networkInterface_roleAssignments",
+ "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
+ },
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2022-04-01",
+ "name": "[guid(resourceId('Microsoft.Network/networkInterfaces', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
+ "properties": {
+ "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
+ "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
+ "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
+ "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
+ "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
+ "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
+ "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
+ },
+ "dependsOn": [
+ "networkInterface"
+ ]
+ }
+ },
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the deployed resource."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the deployed resource."
+ },
+ "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource group of the deployed resource."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('networkInterface', '2023-04-01', 'full').location]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "networkInterface_publicIPAddresses"
+ ]
+ }
+ }
+ }
+ }
+ },
+ "vm_aadJoinExtension": {
+ "condition": "[parameters('extensionAadJoinConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VM-AADLogin', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "AADLogin"
+ },
+ "publisher": {
+ "value": "Microsoft.Azure.ActiveDirectory"
+ },
+ "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'AADLoginForWindows'), createObject('value', 'AADSSHLoginforLinux'))]",
+ "typeHandlerVersion": "[if(contains(parameters('extensionAadJoinConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAadJoinConfig').typeHandlerVersion), createObject('value', '1.0'))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAadJoinConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAadJoinConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionAadJoinConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAadJoinConfig').enableAutomaticUpgrade), createObject('value', false()))]",
+ "settings": "[if(contains(parameters('extensionAadJoinConfig'), 'settings'), createObject('value', parameters('extensionAadJoinConfig').settings), createObject('value', createObject()))]",
+ "tags": {
+ "value": "[coalesce(tryGet(parameters('extensionAadJoinConfig'), 'tags'), parameters('tags'))]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "3950506887759942356"
+ },
+ "name": "Virtual Machine Extensions",
+ "description": "This module deploys a Virtual Machine Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine extension."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. The location the extension is deployed to."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Tags of the resource."
+ }
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "virtualMachine": {
+ "existing": true,
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "2022-11-01",
+ "name": "[parameters('virtualMachineName')]"
+ },
+ "extension": {
+ "type": "Microsoft.Compute/virtualMachines/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tags')]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ },
+ "dependsOn": [
+ "virtualMachine"
+ ]
+ }
+ },
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('extension', '2022-11-01', 'full').location]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vm"
+ ]
+ },
+ "vm_domainJoinExtension": {
+ "condition": "[parameters('extensionDomainJoinConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VM-DomainJoin', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "DomainJoin"
+ },
+ "publisher": {
+ "value": "Microsoft.Compute"
+ },
+ "type": {
+ "value": "JsonADDomainExtension"
+ },
+ "typeHandlerVersion": "[if(contains(parameters('extensionDomainJoinConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDomainJoinConfig').typeHandlerVersion), createObject('value', '1.3'))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDomainJoinConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDomainJoinConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionDomainJoinConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDomainJoinConfig').enableAutomaticUpgrade), createObject('value', false()))]",
+ "settings": {
+ "value": "[parameters('extensionDomainJoinConfig').settings]"
+ },
+ "tags": {
+ "value": "[coalesce(tryGet(parameters('extensionDomainJoinConfig'), 'tags'), parameters('tags'))]"
+ },
+ "protectedSettings": {
+ "value": {
+ "Password": "[parameters('extensionDomainJoinPassword')]"
+ }
+ },
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "3950506887759942356"
+ },
+ "name": "Virtual Machine Extensions",
+ "description": "This module deploys a Virtual Machine Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine extension."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. The location the extension is deployed to."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Tags of the resource."
+ }
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "virtualMachine": {
+ "existing": true,
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "2022-11-01",
+ "name": "[parameters('virtualMachineName')]"
+ },
+ "extension": {
+ "type": "Microsoft.Compute/virtualMachines/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tags')]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ },
+ "dependsOn": [
+ "virtualMachine"
+ ]
+ }
+ },
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('extension', '2022-11-01', 'full').location]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vm"
+ ]
+ },
+ "vm_microsoftAntiMalwareExtension": {
+ "condition": "[parameters('extensionAntiMalwareConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VM-MicrosoftAntiMalware', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "MicrosoftAntiMalware"
+ },
+ "publisher": {
+ "value": "Microsoft.Azure.Security"
+ },
+ "type": {
+ "value": "IaaSAntimalware"
+ },
+ "typeHandlerVersion": "[if(contains(parameters('extensionAntiMalwareConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAntiMalwareConfig').typeHandlerVersion), createObject('value', '1.3'))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAntiMalwareConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAntiMalwareConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionAntiMalwareConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAntiMalwareConfig').enableAutomaticUpgrade), createObject('value', false()))]",
+ "settings": {
+ "value": "[parameters('extensionAntiMalwareConfig').settings]"
+ },
+ "tags": {
+ "value": "[coalesce(tryGet(parameters('extensionAntiMalwareConfig'), 'tags'), parameters('tags'))]"
+ },
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "3950506887759942356"
+ },
+ "name": "Virtual Machine Extensions",
+ "description": "This module deploys a Virtual Machine Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine extension."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. The location the extension is deployed to."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Tags of the resource."
+ }
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "virtualMachine": {
+ "existing": true,
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "2022-11-01",
+ "name": "[parameters('virtualMachineName')]"
+ },
+ "extension": {
+ "type": "Microsoft.Compute/virtualMachines/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tags')]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ },
+ "dependsOn": [
+ "virtualMachine"
+ ]
+ }
+ },
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('extension', '2022-11-01', 'full').location]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vm"
+ ]
+ },
+ "vm_microsoftMonitoringAgentExtension": {
+ "condition": "[parameters('extensionMonitoringAgentConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VM-MicrosoftMonitoringAgent', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "MicrosoftMonitoringAgent"
+ },
+ "publisher": {
+ "value": "Microsoft.EnterpriseCloud.Monitoring"
+ },
+ "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'MicrosoftMonitoringAgent'), createObject('value', 'OmsAgentForLinux'))]",
+ "typeHandlerVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '1.0'), createObject('value', '1.7')))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionMonitoringAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]",
+ "settings": {
+ "value": {
+ "workspaceId": "[if(not(empty(parameters('monitoringWorkspaceId'))), reference('vm_logAnalyticsWorkspace').customerId, '')]"
+ }
+ },
+ "tags": {
+ "value": "[coalesce(tryGet(parameters('extensionMonitoringAgentConfig'), 'tags'), parameters('tags'))]"
+ },
+ "protectedSettings": {
+ "value": {
+ "workspaceKey": "[if(not(empty(parameters('monitoringWorkspaceId'))), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '//'), '/')[2], split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), '////'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(if(not(empty(parameters('monitoringWorkspaceId'))), parameters('monitoringWorkspaceId'), 'law'), '/'))), '2021-06-01').primarySharedKey, '')]"
+ }
+ },
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "3950506887759942356"
+ },
+ "name": "Virtual Machine Extensions",
+ "description": "This module deploys a Virtual Machine Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine extension."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. The location the extension is deployed to."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Tags of the resource."
+ }
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "virtualMachine": {
+ "existing": true,
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "2022-11-01",
+ "name": "[parameters('virtualMachineName')]"
+ },
+ "extension": {
+ "type": "Microsoft.Compute/virtualMachines/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tags')]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ },
+ "dependsOn": [
+ "virtualMachine"
+ ]
+ }
+ },
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('extension', '2022-11-01', 'full').location]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vm",
+ "vm_logAnalyticsWorkspace"
+ ]
+ },
+ "vm_dependencyAgentExtension": {
+ "condition": "[parameters('extensionDependencyAgentConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VM-DependencyAgent', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "DependencyAgent"
+ },
+ "publisher": {
+ "value": "Microsoft.Azure.Monitoring.DependencyAgent"
+ },
+ "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'DependencyAgentWindows'), createObject('value', 'DependencyAgentLinux'))]",
+ "typeHandlerVersion": "[if(contains(parameters('extensionDependencyAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDependencyAgentConfig').typeHandlerVersion), createObject('value', '9.5'))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDependencyAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDependencyAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionDependencyAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDependencyAgentConfig').enableAutomaticUpgrade), createObject('value', true()))]",
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ },
+ "tags": {
+ "value": "[coalesce(tryGet(parameters('extensionDependencyAgentConfig'), 'tags'), parameters('tags'))]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "3950506887759942356"
+ },
+ "name": "Virtual Machine Extensions",
+ "description": "This module deploys a Virtual Machine Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine extension."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. The location the extension is deployed to."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Tags of the resource."
+ }
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "virtualMachine": {
+ "existing": true,
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "2022-11-01",
+ "name": "[parameters('virtualMachineName')]"
+ },
+ "extension": {
+ "type": "Microsoft.Compute/virtualMachines/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tags')]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ },
+ "dependsOn": [
+ "virtualMachine"
+ ]
+ }
+ },
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('extension', '2022-11-01', 'full').location]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vm"
+ ]
+ },
+ "vm_networkWatcherAgentExtension": {
+ "condition": "[parameters('extensionNetworkWatcherAgentConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VM-NetworkWatcherAgent', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "NetworkWatcherAgent"
+ },
+ "publisher": {
+ "value": "Microsoft.Azure.NetworkWatcher"
+ },
+ "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'NetworkWatcherAgentWindows'), createObject('value', 'NetworkWatcherAgentLinux'))]",
+ "typeHandlerVersion": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').typeHandlerVersion), createObject('value', '1.4'))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]",
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ },
+ "tags": {
+ "value": "[coalesce(tryGet(parameters('extensionNetworkWatcherAgentConfig'), 'tags'), parameters('tags'))]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "3950506887759942356"
+ },
+ "name": "Virtual Machine Extensions",
+ "description": "This module deploys a Virtual Machine Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine extension."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. The location the extension is deployed to."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Tags of the resource."
+ }
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "virtualMachine": {
+ "existing": true,
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "2022-11-01",
+ "name": "[parameters('virtualMachineName')]"
+ },
+ "extension": {
+ "type": "Microsoft.Compute/virtualMachines/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tags')]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ },
+ "dependsOn": [
+ "virtualMachine"
+ ]
+ }
+ },
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('extension', '2022-11-01', 'full').location]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vm"
+ ]
+ },
+ "vm_desiredStateConfigurationExtension": {
+ "condition": "[parameters('extensionDSCConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VM-DesiredStateConfiguration', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "DesiredStateConfiguration"
+ },
+ "publisher": {
+ "value": "Microsoft.Powershell"
+ },
+ "type": {
+ "value": "DSC"
+ },
+ "typeHandlerVersion": "[if(contains(parameters('extensionDSCConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDSCConfig').typeHandlerVersion), createObject('value', '2.77'))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDSCConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDSCConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionDSCConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDSCConfig').enableAutomaticUpgrade), createObject('value', false()))]",
+ "settings": "[if(contains(parameters('extensionDSCConfig'), 'settings'), createObject('value', parameters('extensionDSCConfig').settings), createObject('value', createObject()))]",
+ "tags": {
+ "value": "[coalesce(tryGet(parameters('extensionDSCConfig'), 'tags'), parameters('tags'))]"
+ },
+ "protectedSettings": "[if(contains(parameters('extensionDSCConfig'), 'protectedSettings'), createObject('value', parameters('extensionDSCConfig').protectedSettings), createObject('value', createObject()))]",
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "3950506887759942356"
+ },
+ "name": "Virtual Machine Extensions",
+ "description": "This module deploys a Virtual Machine Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine extension."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. The location the extension is deployed to."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Tags of the resource."
+ }
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "virtualMachine": {
+ "existing": true,
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "2022-11-01",
+ "name": "[parameters('virtualMachineName')]"
+ },
+ "extension": {
+ "type": "Microsoft.Compute/virtualMachines/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tags')]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ },
+ "dependsOn": [
+ "virtualMachine"
+ ]
+ }
+ },
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('extension', '2022-11-01', 'full').location]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vm"
+ ]
+ },
+ "vm_customScriptExtension": {
+ "condition": "[parameters('extensionCustomScriptConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VM-CustomScriptExtension', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "CustomScriptExtension"
+ },
+ "publisher": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'Microsoft.Compute'), createObject('value', 'Microsoft.Azure.Extensions'))]",
+ "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'CustomScriptExtension'), createObject('value', 'CustomScript'))]",
+ "typeHandlerVersion": "[if(contains(parameters('extensionCustomScriptConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionCustomScriptConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '1.10'), createObject('value', '2.1')))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionCustomScriptConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionCustomScriptConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionCustomScriptConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionCustomScriptConfig').enableAutomaticUpgrade), createObject('value', false()))]",
+ "settings": {
+ "value": {
+ "copy": [
+ {
+ "name": "fileUris",
+ "count": "[length(parameters('extensionCustomScriptConfig').fileData)]",
+ "input": "[if(contains(parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')], 'storageAccountId'), format('{0}?{1}', parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].uri, listAccountSas(parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].storageAccountId, '2019-04-01', variables('accountSasProperties')).accountSasToken), parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].uri)]"
+ }
+ ]
+ }
+ },
+ "tags": {
+ "value": "[coalesce(tryGet(parameters('extensionCustomScriptConfig'), 'tags'), parameters('tags'))]"
+ },
+ "protectedSettings": {
+ "value": "[parameters('extensionCustomScriptProtectedSetting')]"
+ },
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "3950506887759942356"
+ },
+ "name": "Virtual Machine Extensions",
+ "description": "This module deploys a Virtual Machine Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine extension."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. The location the extension is deployed to."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Tags of the resource."
+ }
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "virtualMachine": {
+ "existing": true,
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "2022-11-01",
+ "name": "[parameters('virtualMachineName')]"
+ },
+ "extension": {
+ "type": "Microsoft.Compute/virtualMachines/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tags')]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ },
+ "dependsOn": [
+ "virtualMachine"
+ ]
+ }
+ },
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('extension', '2022-11-01', 'full').location]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vm",
+ "vm_desiredStateConfigurationExtension"
+ ]
+ },
+ "vm_azureDiskEncryptionExtension": {
+ "condition": "[parameters('extensionAzureDiskEncryptionConfig').enabled]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VM-AzureDiskEncryption', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "virtualMachineName": {
+ "value": "[parameters('name')]"
+ },
+ "name": {
+ "value": "AzureDiskEncryption"
+ },
+ "publisher": {
+ "value": "Microsoft.Azure.Security"
+ },
+ "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'AzureDiskEncryption'), createObject('value', 'AzureDiskEncryptionForLinux'))]",
+ "typeHandlerVersion": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '2.2'), createObject('value', '1.1')))]",
+ "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').autoUpgradeMinorVersion), createObject('value', true()))]",
+ "enableAutomaticUpgrade": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').enableAutomaticUpgrade), createObject('value', false()))]",
+ "forceUpdateTag": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'forceUpdateTag'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').forceUpdateTag), createObject('value', '1.0'))]",
+ "settings": {
+ "value": "[parameters('extensionAzureDiskEncryptionConfig').settings]"
+ },
+ "tags": {
+ "value": "[coalesce(tryGet(parameters('extensionAzureDiskEncryptionConfig'), 'tags'), parameters('tags'))]"
+ },
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "3950506887759942356"
+ },
+ "name": "Virtual Machine Extensions",
+ "description": "This module deploys a Virtual Machine Extension.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "virtualMachineName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the virtual machine extension."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. The location the extension is deployed to."
+ }
+ },
+ "publisher": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the extension handler publisher."
+ }
+ },
+ "type": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"."
+ }
+ },
+ "typeHandlerVersion": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Specifies the version of the script handler."
+ }
+ },
+ "autoUpgradeMinorVersion": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true."
+ }
+ },
+ "forceUpdateTag": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed."
+ }
+ },
+ "settings": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific settings."
+ }
+ },
+ "protectedSettings": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Any object that contains the extension specific protected settings."
+ }
+ },
+ "supressFailures": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false."
+ }
+ },
+ "enableAutomaticUpgrade": {
+ "type": "bool",
+ "metadata": {
+ "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Tags of the resource."
+ }
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "virtualMachine": {
+ "existing": true,
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "2022-11-01",
+ "name": "[parameters('virtualMachineName')]"
+ },
+ "extension": {
+ "type": "Microsoft.Compute/virtualMachines/extensions",
+ "apiVersion": "2022-11-01",
+ "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tags')]",
+ "properties": {
+ "publisher": "[parameters('publisher')]",
+ "type": "[parameters('type')]",
+ "typeHandlerVersion": "[parameters('typeHandlerVersion')]",
+ "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]",
+ "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]",
+ "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]",
+ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]",
+ "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]",
+ "suppressFailures": "[parameters('supressFailures')]"
+ },
+ "dependsOn": [
+ "virtualMachine"
+ ]
+ }
+ },
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the extension."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the extension."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the extension was created in."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('extension', '2022-11-01', 'full').location]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vm",
+ "vm_customScriptExtension",
+ "vm_microsoftMonitoringAgentExtension"
+ ]
+ },
+ "vm_backup": {
+ "condition": "[not(empty(parameters('backupVaultName')))]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-VM-Backup', uniqueString(deployment().name, parameters('location')))]",
+ "resourceGroup": "[parameters('backupVaultResourceGroup')]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "name": {
+ "value": "[format('vm;iaasvmcontainerv2;{0};{1}', resourceGroup().name, parameters('name'))]"
+ },
+ "policyId": {
+ "value": "[resourceId('Microsoft.RecoveryServices/vaults/backupPolicies', parameters('backupVaultName'), parameters('backupPolicyName'))]"
+ },
+ "protectedItemType": {
+ "value": "Microsoft.Compute/virtualMachines"
+ },
+ "protectionContainerName": {
+ "value": "[format('iaasvmcontainer;iaasvmcontainerv2;{0};{1}', resourceGroup().name, parameters('name'))]"
+ },
+ "recoveryVaultName": {
+ "value": "[parameters('backupVaultName')]"
+ },
+ "sourceResourceId": {
+ "value": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]"
+ },
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.24.24.22086",
+ "templateHash": "9748368160737147237"
+ },
+ "name": "Recovery Service Vaults Protection Container Protected Item",
+ "description": "This module deploys a Recovery Services Vault Protection Container Protected Item.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Name of the resource."
+ }
+ },
+ "protectionContainerName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. Name of the Azure Recovery Service Vault Protection Container. Required if the template is used in a standalone deployment."
+ }
+ },
+ "recoveryVaultName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. Location for all resources."
+ }
+ },
+ "protectedItemType": {
+ "type": "string",
+ "allowedValues": [
+ "AzureFileShareProtectedItem",
+ "AzureVmWorkloadSAPAseDatabase",
+ "AzureVmWorkloadSAPHanaDatabase",
+ "AzureVmWorkloadSQLDatabase",
+ "DPMProtectedItem",
+ "GenericProtectedItem",
+ "MabFileFolderProtectedItem",
+ "Microsoft.ClassicCompute/virtualMachines",
+ "Microsoft.Compute/virtualMachines",
+ "Microsoft.Sql/servers/databases"
+ ],
+ "metadata": {
+ "description": "Required. The backup item type."
+ }
+ },
+ "policyId": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. ID of the backup policy with which this item is backed up."
+ }
+ },
+ "sourceResourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Resource ID of the resource to back up."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ }
+ },
+ "resources": [
+ {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems",
+ "apiVersion": "2023-01-01",
+ "name": "[format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name'))]",
+ "location": "[parameters('location')]",
+ "properties": {
+ "protectedItemType": "[parameters('protectedItemType')]",
+ "policyId": "[parameters('policyId')]",
+ "sourceResourceId": "[parameters('sourceResourceId')]"
+ }
+ }
+ ],
+ "outputs": {
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Resource Group the protected item was created in."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the protected item."
+ },
+ "value": "[resourceId('Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems', split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[0], split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[1], split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[2], split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[3])]"
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The Name of the protected item."
+ },
+ "value": "[format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name'))]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "vm",
+ "vm_aadJoinExtension",
+ "vm_customScriptExtension",
+ "vm_dependencyAgentExtension",
+ "vm_desiredStateConfigurationExtension",
+ "vm_domainJoinExtension",
+ "vm_microsoftAntiMalwareExtension",
+ "vm_microsoftMonitoringAgentExtension",
+ "vm_networkWatcherAgentExtension"
+ ]
+ }
+ },
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the VM."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the VM."
+ },
+ "value": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the resource group the VM was created in."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "systemAssignedMIPrincipalId": {
+ "type": "string",
+ "metadata": {
+ "description": "The principal ID of the system assigned identity."
+ },
+ "value": "[if(and(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), contains(reference('vm', '2022-11-01', 'full').identity, 'principalId')), reference('vm', '2022-11-01', 'full').identity.principalId, '')]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('vm', '2022-11-01', 'full').location]"
+ }
+ }
}
\ No newline at end of file
Parameter JSON format
-
-```json
-"imageReference": {
- "value": {
- "publisher": "MicrosoftWindowsServer",
- "offer": "WindowsServer",
- "sku": "2022-datacenter-azure-edition",
- "version": "latest"
- }
-}
-```
-
-Bicep format
-
-```bicep
-imageReference: {
- publisher: 'MicrosoftWindowsServer'
- offer: 'WindowsServer'
- sku: '2022-datacenter-azure-edition'
- version: 'latest'
-}
-```
-
-Parameter JSON format
-
-```json
-"imageReference": {
- "value": {
- "id": "/subscriptions/12345-6789-1011-1213-15161718/resourceGroups/rg-name/providers/Microsoft.Compute/images/imagename"
- }
-}
-```
-
-Bicep format
-
-```bicep
-imageReference: {
- id: '/subscriptions/12345-6789-1011-1213-15161718/resourceGroups/rg-name/providers/Microsoft.Compute/images/imagename'
-}
-```
-
-Parameter JSON format
-
-```json
-"plan": {
- "value": {
- "name": "qvsa-25",
- "product": "qualys-virtual-scanner",
- "publisher": "qualysguard"
- }
-}
-```
-
-Bicep format
-
-```bicep
-plan: {
- name: 'qvsa-25'
- product: 'qualys-virtual-scanner'
- publisher: 'qualysguard'
-}
-```
-
-Parameter JSON format
-
-```json
-"osDisk": {
- "value": {
- "createOption": "fromImage",
- "deleteOption": "Delete", // Optional. Can be 'Delete' or 'Detach'
- "diskSizeGB": "128",
- "managedDisk": {
- "storageAccountType": "Premium_LRS",
- "diskEncryptionSet": { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
- "id": "/subscriptions/Bicep format
-
-```bicep
-osDisk: {
- createOption: 'fromImage'
- deleteOption: 'Delete' // Optional. Can be 'Delete' or 'Detach'
- diskSizeGB: '128'
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- diskEncryptionSet: { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
- id: '/subscriptions/Parameter JSON format
-
-```json
-"dataDisks": {
- "value": [
- {
- "caching": "ReadOnly",
- "createOption": "Empty",
- "deleteOption": "Delete", // Optional. Can be 'Delete' or 'Detach'
- "diskSizeGB": "256",
- "managedDisk": {
- "storageAccountType": "Premium_LRS",
- "diskEncryptionSet": { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
- "id": "/subscriptions/Bicep format
-
-```bicep
-dataDisks: [
- {
- caching: 'ReadOnly'
- createOption: 'Empty'
- deleteOption: 'Delete' // Optional. Can be 'Delete' or 'Detach'
- diskSizeGB: '256'
- managedDisk: {
- storageAccountType: 'Premium_LRS'
- diskEncryptionSet: { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
- id: '/subscriptions/Parameter JSON format
-
-```json
-"nicConfigurations": {
- "value": [
- {
- "nicSuffix": "-nic-01",
- "deleteOption": "Delete", // Optional. Can be 'Delete' or 'Detach'
- "ipConfigurations": [
- {
- "name": "ipconfig1",
- "subnetResourceId": "/subscriptions/Bicep format
-
-```bicep
-nicConfigurations: {
- value: [
- {
- nicSuffix: '-nic-01'
- deleteOption: 'Delete' // Optional. Can be 'Delete' or 'Detach'
- ipConfigurations: [
- {
- name: 'ipconfig1'
- subnetResourceId: '/subscriptions/Parameter JSON format
-
-```json
-"configurationProfileAssignments": {
- "value": [
- "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction",
- "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest"
- ]
-}
-```
-
-Bicep format
-
-```bicep
-configurationProfileAssignments: [
- '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
- '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest'
-]
-```
-
-Parameter JSON format
-
-```json
-"extensionDomainJoinConfig": {
- "value": {
- "enabled": true,
- "settings": {
- "name": "contoso.com",
- "user": "test.user@testcompany.com",
- "ouPath": "OU=testOU; DC=contoso; DC=com",
- "restart": true,
- "options": 3
- }
- }
-},
-"extensionDomainJoinPassword": {
- "reference": {
- "keyVault": {
- "id": "/subscriptions/<Bicep format
-
-```bicep
-extensionDomainJoinConfig: {
- enabled: true
- settings: {
- name: 'contoso.com'
- user: 'test.user@testcompany.com'
- ouPath: 'OU=testOU; DC=contoso; DC=com'
- restart: true
- options: 3
- }
-}
-
-resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
- name: 'adp-[[namePrefix]]-az-kv-x-001'
- scope: resourceGroup('[[subscriptionId]]','validation-rg')
-}
-
-extensionDomainJoinPassword: kv1.getSecret('domainJoinUser02-Password')
-```
-
-Parameter JSON format
-
-```json
-"extensionAntiMalwareConfig": {
- "value": {
- "enabled": true,
- "settings": {
- "AntimalwareEnabled": true,
- "Exclusions": {
- "Extensions": ".log;.ldf",
- "Paths": "D:\\IISlogs;D:\\DatabaseLogs",
- "Processes": "mssence.svc"
- },
- "RealtimeProtectionEnabled": true,
- "ScheduledScanSettings": {
- "isEnabled": "true",
- "scanType": "Quick",
- "day": "7",
- "time": "120"
- }
- }
- }
-}
-```
-
-Bicep format
-
-```bicep
-extensionAntiMalwareConfig: {
- enabled: true
- settings: {
- AntimalwareEnabled: true
- Exclusions: {
- Extensions: '.log;.ldf'
- Paths: 'D:\\IISlogs;D:\\DatabaseLogs'
- Processes: 'mssence.svc'
- }
- RealtimeProtectionEnabled: true
- ScheduledScanSettings: {
- isEnabled: 'true'
- scanType: 'Quick'
- day: '7'
- time: '120'
- }
- }
-}
-```
-
-Parameter JSON format
-
-```json
-"extensionAzureDiskEncryptionConfig": {
- // Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.
- "value": {
- "enabled": true,
- "settings": {
- "EncryptionOperation": "EnableEncryption",
- "KeyVaultURL": "https://mykeyvault.vault.azure.net/",
- "KeyVaultResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001",
- "KeyEncryptionKeyURL": "https://mykeyvault.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5", // ID must be updated for new keys
- "KekVaultResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001",
- "KeyEncryptionAlgorithm": "RSA-OAEP", //'RSA-OAEP'/'RSA-OAEP-256'/'RSA1_5'
- "VolumeType": "All", //'OS'/'Data'/'All'
- "ResizeOSDisk": "false"
- }
- }
-}
-```
-
-Bicep format
-
-```bicep
-extensionAzureDiskEncryptionConfig: {
- // Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.
- enabled: true
- settings: {
- EncryptionOperation: 'EnableEncryption'
- KeyVaultURL: 'https://mykeyvault.vault.azure.net/'
- KeyVaultResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001'
- KeyEncryptionKeyURL: 'https://mykeyvault.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5' // ID must be updated for new keys
- KekVaultResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001'
- KeyEncryptionAlgorithm: 'RSA-OAEP' //'RSA-OAEP'/'RSA-OAEP-256'/'RSA1_5'
- VolumeType: 'All' //'OS'/'Data'/'All'
- ResizeOSDisk: 'false'
- }
-}
-```
-
-Parameter JSON format
-
-```json
-"extensionDSCConfig": {
- "value": {
- {
- "enabled": true,
- "settings": {
- "wmfVersion": "latest",
- "configuration": {
- "url": "http://validURLToConfigLocation",
- "script": "ConfigurationScript.ps1",
- "function": "ConfigurationFunction"
- },
- "configurationArguments": {
- "argument1": "Value1",
- "argument2": "Value2"
- },
- "configurationData": {
- "url": "https://foo.psd1"
- },
- "privacy": {
- "dataCollection": "enable"
- },
- "advancedOptions": {
- "forcePullAndApply": false,
- "downloadMappings": {
- "specificDependencyKey": "https://myCustomDependencyLocation"
- }
- }
- },
- "protectedSettings": {
- "configurationArguments": {
- "mySecret": "MyPlaceholder"
- },
- "configurationUrlSasToken": "MyPlaceholder",
- "configurationDataUrlSasToken": "MyPlaceholder"
- }
- }
- }
-}
-```
-
-Bicep format
-
-```bicep
-extensionDSCConfig: {
- {
- enabled: true
- settings: {
- wmfVersion: 'latest'
- configuration: {
- url: 'http://validURLToConfigLocation'
- script: 'ConfigurationScript.ps1'
- function: 'ConfigurationFunction'
- }
- configurationArguments: {
- argument1: 'Value1'
- argument2: 'Value2'
- }
- configurationData: {
- url: 'https://foo.psd1'
- }
- privacy: {
- dataCollection: 'enable'
- }
- advancedOptions: {
- forcePullAndApply: false
- downloadMappings: {
- specificDependencyKey: 'https://myCustomDependencyLocation'
- }
- }
- }
- protectedSettings: {
- configurationArguments: {
- mySecret: 'MyPlaceholder'
- }
- configurationUrlSasToken: 'MyPlaceholder'
- configurationDataUrlSasToken: 'MyPlaceholder'
- }
- }
-}
-```
-
-Parameter JSON format
-
-```json
-"extensionCustomScriptConfig": {
- "value": {
- "enabled": true,
- "fileData": [
- //storage accounts with SAS token requirement
- {
- "uri": "https://mystorageaccount.blob.core.windows.net/avdscripts/File1.ps1",
- "storageAccountId": "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName"
- },
- {
- "uri": "https://mystorageaccount.blob.core.windows.net/avdscripts/File2.ps1",
- "storageAccountId": "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName"
- },
- //storage account with public container (no SAS token is required) OR other public URL (not a storage account)
- {
- "uri": "https://github.com/myProject/File3.ps1",
- "storageAccountId": ""
- }
- ],
- "settings": {
- "commandToExecute": "powershell -ExecutionPolicy Unrestricted -File testscript.ps1"
- }
- }
-}
-```
-
-Bicep format
-
-```bicep
-extensionCustomScriptConfig: {
- enabled: true
- fileData: [
- //storage accounts with SAS token requirement
- {
- uri: 'https://mystorageaccount.blob.core.windows.net/avdscripts/File1.ps1'
- storageAccountId: '/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName'
- }
- {
- uri: 'https://mystorageaccount.blob.core.windows.net/avdscripts/File2.ps1'
- storageAccountId: '/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName'
- }
- //storage account with public container (no SAS token is required) OR other public URL (not a storage account)
- {
- uri: 'https://github.com/myProject/File3.ps1'
- storageAccountId: ''
- }
- ]
- settings: {
- commandToExecute: 'powershell -ExecutionPolicy Unrestricted -File testscript.ps1'
- }
-}
-```
-
-Parameter JSON format
-
-```json
-"extensionCustomScriptProtectedSetting": {
- "value": [
- {
- "commandToExecute": "mycommandToRun -someParam MYSECRET"
- }
- ]
-}
-```
-
-Bicep format
-
-```bicep
-extensionCustomScriptProtectedSetting: [
- {
- commandToExecute: 'mycommandToRun -someParam MYSECRET'
- }
-]
-```
-
-via Bicep module
+
+```bicep
+module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-cvmlinatmg'
+ params: {
+ // Required parameters
+ adminUsername: 'localAdminUser'
+ imageReference: {
+ offer: '0001-com-ubuntu-server-jammy'
+ publisher: 'Canonical'
+ sku: '22_04-lts-gen2'
+ version: 'latest'
+ }
+ nicConfigurations: [
+ {
+ ipConfigurations: [
+ {
+ name: 'ipconfig01'
+ pipConfiguration: {
+ publicIpNameSuffix: '-pip-01'
+ tags: {
+ Environment: 'Non-Prod'
+ 'hidden-title': 'This is visible in the resource name'
+ Role: 'DeploymentValidation'
+ }
+ }
+ subnetResourceId: 'via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "localAdminUser"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "0001-com-ubuntu-server-jammy",
+ "publisher": "Canonical",
+ "sku": "22_04-lts-gen2",
+ "version": "latest"
+ }
+ },
+ "nicConfigurations": {
+ "value": [
+ {
+ "ipConfigurations": [
+ {
+ "name": "ipconfig01",
+ "pipConfiguration": {
+ "publicIpNameSuffix": "-pip-01",
+ "tags": {
+ "Environment": "Non-Prod",
+ "hidden-title": "This is visible in the resource name",
+ "Role": "DeploymentValidation"
+ }
+ },
+ "subnetResourceId": "via Bicep module
+
+```bicep
+module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-cvmlinmin'
+ params: {
+ // Required parameters
+ adminUsername: 'localAdminUser'
+ imageReference: {
+ offer: '0001-com-ubuntu-server-jammy'
+ publisher: 'Canonical'
+ sku: '22_04-lts-gen2'
+ version: 'latest'
+ }
+ nicConfigurations: [
+ {
+ ipConfigurations: [
+ {
+ name: 'ipconfig01'
+ pipConfiguration: {
+ publicIpNameSuffix: '-pip-01'
+ }
+ subnetResourceId: 'via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "localAdminUser"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "0001-com-ubuntu-server-jammy",
+ "publisher": "Canonical",
+ "sku": "22_04-lts-gen2",
+ "version": "latest"
+ }
+ },
+ "nicConfigurations": {
+ "value": [
+ {
+ "ipConfigurations": [
+ {
+ "name": "ipconfig01",
+ "pipConfiguration": {
+ "publicIpNameSuffix": "-pip-01"
+ },
+ "subnetResourceId": "via Bicep module
+
+```bicep
+module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-cvmlincom'
+ params: {
+ // Required parameters
+ adminUsername: 'localAdministrator'
+ imageReference: {
+ offer: '0001-com-ubuntu-server-focal'
+ publisher: 'Canonical'
+ sku: 'via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "localAdministrator"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "0001-com-ubuntu-server-focal",
+ "publisher": "Canonical",
+ "sku": "via Bicep module
+
+```bicep
+module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-cvmwinatmg'
+ params: {
+ // Required parameters
+ adminUsername: 'localAdministrator'
+ imageReference: {
+ offer: 'WindowsServer'
+ publisher: 'MicrosoftWindowsServer'
+ sku: '2022-datacenter-azure-edition'
+ version: 'latest'
+ }
+ nicConfigurations: [
+ {
+ ipConfigurations: [
+ {
+ name: 'ipconfig01'
+ subnetResourceId: 'via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "localAdministrator"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "WindowsServer",
+ "publisher": "MicrosoftWindowsServer",
+ "sku": "2022-datacenter-azure-edition",
+ "version": "latest"
+ }
+ },
+ "nicConfigurations": {
+ "value": [
+ {
+ "ipConfigurations": [
+ {
+ "name": "ipconfig01",
+ "subnetResourceId": "via Bicep module
+
+```bicep
+module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-cvmwinmin'
+ params: {
+ // Required parameters
+ adminUsername: 'localAdminUser'
+ imageReference: {
+ offer: 'WindowsServer'
+ publisher: 'MicrosoftWindowsServer'
+ sku: '2022-datacenter-azure-edition'
+ version: 'latest'
+ }
+ nicConfigurations: [
+ {
+ ipConfigurations: [
+ {
+ name: 'ipconfig01'
+ subnetResourceId: 'via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "localAdminUser"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "WindowsServer",
+ "publisher": "MicrosoftWindowsServer",
+ "sku": "2022-datacenter-azure-edition",
+ "version": "latest"
+ }
+ },
+ "nicConfigurations": {
+ "value": [
+ {
+ "ipConfigurations": [
+ {
+ "name": "ipconfig01",
+ "subnetResourceId": "via Bicep module
+
+```bicep
+module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-cvmwincmk'
+ params: {
+ // Required parameters
+ adminUsername: 'VMAdministrator'
+ imageReference: {
+ offer: 'WindowsServer'
+ publisher: 'MicrosoftWindowsServer'
+ sku: '2019-datacenter'
+ version: 'latest'
+ }
+ nicConfigurations: [
+ {
+ ipConfigurations: [
+ {
+ name: 'ipconfig01'
+ subnetResourceId: 'via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "VMAdministrator"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "WindowsServer",
+ "publisher": "MicrosoftWindowsServer",
+ "sku": "2019-datacenter",
+ "version": "latest"
+ }
+ },
+ "nicConfigurations": {
+ "value": [
+ {
+ "ipConfigurations": [
+ {
+ "name": "ipconfig01",
+ "subnetResourceId": "via Bicep module
+
+```bicep
+module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-cvmwincom'
+ params: {
+ // Required parameters
+ adminUsername: 'VMAdmin'
+ imageReference: {
+ offer: 'WindowsServer'
+ publisher: 'MicrosoftWindowsServer'
+ sku: '2019-datacenter'
+ version: 'latest'
+ }
+ nicConfigurations: [
+ {
+ deleteOption: 'Delete'
+ diagnosticSettings: [
+ {
+ eventHubAuthorizationRuleResourceId: 'via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "adminUsername": {
+ "value": "VMAdmin"
+ },
+ "imageReference": {
+ "value": {
+ "offer": "WindowsServer",
+ "publisher": "MicrosoftWindowsServer",
+ "sku": "2019-datacenter",
+ "version": "latest"
+ }
+ },
+ "nicConfigurations": {
+ "value": [
+ {
+ "deleteOption": "Delete",
+ "diagnosticSettings": [
+ {
+ "eventHubAuthorizationRuleResourceId": "Parameter JSON format
+
+```json
+"imageReference": {
+ "value": {
+ "publisher": "MicrosoftWindowsServer",
+ "offer": "WindowsServer",
+ "sku": "2022-datacenter-azure-edition",
+ "version": "latest"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+imageReference: {
+ publisher: 'MicrosoftWindowsServer'
+ offer: 'WindowsServer'
+ sku: '2022-datacenter-azure-edition'
+ version: 'latest'
+}
+```
+
+Parameter JSON format
+
+```json
+"imageReference": {
+ "value": {
+ "id": "/subscriptions/12345-6789-1011-1213-15161718/resourceGroups/rg-name/providers/Microsoft.Compute/images/imagename"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+imageReference: {
+ id: '/subscriptions/12345-6789-1011-1213-15161718/resourceGroups/rg-name/providers/Microsoft.Compute/images/imagename'
+}
+```
+
+Parameter JSON format
+
+```json
+"plan": {
+ "value": {
+ "name": "qvsa-25",
+ "product": "qualys-virtual-scanner",
+ "publisher": "qualysguard"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+plan: {
+ name: 'qvsa-25'
+ product: 'qualys-virtual-scanner'
+ publisher: 'qualysguard'
+}
+```
+
+Parameter JSON format
+
+```json
+"osDisk": {
+ "value": {
+ "createOption": "fromImage",
+ "deleteOption": "Delete", // Optional. Can be 'Delete' or 'Detach'
+ "diskSizeGB": "128",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS",
+ "diskEncryptionSet": { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
+ "id": "/subscriptions/Bicep format
+
+```bicep
+osDisk: {
+ createOption: 'fromImage'
+ deleteOption: 'Delete' // Optional. Can be 'Delete' or 'Detach'
+ diskSizeGB: '128'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ diskEncryptionSet: { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
+ id: '/subscriptions/Parameter JSON format
+
+```json
+"dataDisks": {
+ "value": [
+ {
+ "caching": "ReadOnly",
+ "createOption": "Empty",
+ "deleteOption": "Delete", // Optional. Can be 'Delete' or 'Detach'
+ "diskSizeGB": "256",
+ "managedDisk": {
+ "storageAccountType": "Premium_LRS",
+ "diskEncryptionSet": { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
+ "id": "/subscriptions/Bicep format
+
+```bicep
+dataDisks: [
+ {
+ caching: 'ReadOnly'
+ createOption: 'Empty'
+ deleteOption: 'Delete' // Optional. Can be 'Delete' or 'Detach'
+ diskSizeGB: '256'
+ managedDisk: {
+ storageAccountType: 'Premium_LRS'
+ diskEncryptionSet: { // Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.
+ id: '/subscriptions/Parameter JSON format
+
+```json
+"nicConfigurations": {
+ "value": [
+ {
+ "nicSuffix": "-nic-01",
+ "deleteOption": "Delete", // Optional. Can be 'Delete' or 'Detach'
+ "ipConfigurations": [
+ {
+ "name": "ipconfig1",
+ "subnetResourceId": "/subscriptions/Bicep format
+
+```bicep
+nicConfigurations: {
+ value: [
+ {
+ nicSuffix: '-nic-01'
+ deleteOption: 'Delete' // Optional. Can be 'Delete' or 'Detach'
+ ipConfigurations: [
+ {
+ name: 'ipconfig1'
+ subnetResourceId: '/subscriptions/Parameter JSON format
+
+```json
+"configurationProfileAssignments": {
+ "value": [
+ "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction",
+ "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest"
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+configurationProfileAssignments: [
+ '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
+ '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest'
+]
+```
+
+Parameter JSON format
+
+```json
+"extensionDomainJoinConfig": {
+ "value": {
+ "enabled": true,
+ "settings": {
+ "name": "contoso.com",
+ "user": "test.user@testcompany.com",
+ "ouPath": "OU=testOU; DC=contoso; DC=com",
+ "restart": true,
+ "options": 3
+ }
+ }
+},
+"extensionDomainJoinPassword": {
+ "reference": {
+ "keyVault": {
+ "id": "/subscriptions/<Bicep format
+
+```bicep
+extensionDomainJoinConfig: {
+ enabled: true
+ settings: {
+ name: 'contoso.com'
+ user: 'test.user@testcompany.com'
+ ouPath: 'OU=testOU; DC=contoso; DC=com'
+ restart: true
+ options: 3
+ }
+}
+
+resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
+ name: 'adp-[[namePrefix]]-az-kv-x-001'
+ scope: resourceGroup('[[subscriptionId]]','validation-rg')
+}
+
+extensionDomainJoinPassword: kv1.getSecret('domainJoinUser02-Password')
+```
+
+Parameter JSON format
+
+```json
+"extensionAntiMalwareConfig": {
+ "value": {
+ "enabled": true,
+ "settings": {
+ "AntimalwareEnabled": true,
+ "Exclusions": {
+ "Extensions": ".log;.ldf",
+ "Paths": "D:\\IISlogs;D:\\DatabaseLogs",
+ "Processes": "mssence.svc"
+ },
+ "RealtimeProtectionEnabled": true,
+ "ScheduledScanSettings": {
+ "isEnabled": "true",
+ "scanType": "Quick",
+ "day": "7",
+ "time": "120"
+ }
+ }
+ }
+}
+```
+
+Bicep format
+
+```bicep
+extensionAntiMalwareConfig: {
+ enabled: true
+ settings: {
+ AntimalwareEnabled: true
+ Exclusions: {
+ Extensions: '.log;.ldf'
+ Paths: 'D:\\IISlogs;D:\\DatabaseLogs'
+ Processes: 'mssence.svc'
+ }
+ RealtimeProtectionEnabled: true
+ ScheduledScanSettings: {
+ isEnabled: 'true'
+ scanType: 'Quick'
+ day: '7'
+ time: '120'
+ }
+ }
+}
+```
+
+Parameter JSON format
+
+```json
+"extensionAzureDiskEncryptionConfig": {
+ // Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.
+ "value": {
+ "enabled": true,
+ "settings": {
+ "EncryptionOperation": "EnableEncryption",
+ "KeyVaultURL": "https://mykeyvault.vault.azure.net/",
+ "KeyVaultResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001",
+ "KeyEncryptionKeyURL": "https://mykeyvault.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5", // ID must be updated for new keys
+ "KekVaultResourceId": "/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001",
+ "KeyEncryptionAlgorithm": "RSA-OAEP", //'RSA-OAEP'/'RSA-OAEP-256'/'RSA1_5'
+ "VolumeType": "All", //'OS'/'Data'/'All'
+ "ResizeOSDisk": "false"
+ }
+ }
+}
+```
+
+Bicep format
+
+```bicep
+extensionAzureDiskEncryptionConfig: {
+ // Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys.
+ enabled: true
+ settings: {
+ EncryptionOperation: 'EnableEncryption'
+ KeyVaultURL: 'https://mykeyvault.vault.azure.net/'
+ KeyVaultResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001'
+ KeyEncryptionKeyURL: 'https://mykeyvault.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5' // ID must be updated for new keys
+ KekVaultResourceId: '/subscriptions/[[subscriptionId]]/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001'
+ KeyEncryptionAlgorithm: 'RSA-OAEP' //'RSA-OAEP'/'RSA-OAEP-256'/'RSA1_5'
+ VolumeType: 'All' //'OS'/'Data'/'All'
+ ResizeOSDisk: 'false'
+ }
+}
+```
+
+Parameter JSON format
+
+```json
+"extensionDSCConfig": {
+ "value": {
+ {
+ "enabled": true,
+ "settings": {
+ "wmfVersion": "latest",
+ "configuration": {
+ "url": "http://validURLToConfigLocation",
+ "script": "ConfigurationScript.ps1",
+ "function": "ConfigurationFunction"
+ },
+ "configurationArguments": {
+ "argument1": "Value1",
+ "argument2": "Value2"
+ },
+ "configurationData": {
+ "url": "https://foo.psd1"
+ },
+ "privacy": {
+ "dataCollection": "enable"
+ },
+ "advancedOptions": {
+ "forcePullAndApply": false,
+ "downloadMappings": {
+ "specificDependencyKey": "https://myCustomDependencyLocation"
+ }
+ }
+ },
+ "protectedSettings": {
+ "configurationArguments": {
+ "mySecret": "MyPlaceholder"
+ },
+ "configurationUrlSasToken": "MyPlaceholder",
+ "configurationDataUrlSasToken": "MyPlaceholder"
+ }
+ }
+ }
+}
+```
+
+Bicep format
+
+```bicep
+extensionDSCConfig: {
+ {
+ enabled: true
+ settings: {
+ wmfVersion: 'latest'
+ configuration: {
+ url: 'http://validURLToConfigLocation'
+ script: 'ConfigurationScript.ps1'
+ function: 'ConfigurationFunction'
+ }
+ configurationArguments: {
+ argument1: 'Value1'
+ argument2: 'Value2'
+ }
+ configurationData: {
+ url: 'https://foo.psd1'
+ }
+ privacy: {
+ dataCollection: 'enable'
+ }
+ advancedOptions: {
+ forcePullAndApply: false
+ downloadMappings: {
+ specificDependencyKey: 'https://myCustomDependencyLocation'
+ }
+ }
+ }
+ protectedSettings: {
+ configurationArguments: {
+ mySecret: 'MyPlaceholder'
+ }
+ configurationUrlSasToken: 'MyPlaceholder'
+ configurationDataUrlSasToken: 'MyPlaceholder'
+ }
+ }
+}
+```
+
+Parameter JSON format
+
+```json
+"extensionCustomScriptConfig": {
+ "value": {
+ "enabled": true,
+ "fileData": [
+ //storage accounts with SAS token requirement
+ {
+ "uri": "https://mystorageaccount.blob.core.windows.net/avdscripts/File1.ps1",
+ "storageAccountId": "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName"
+ },
+ {
+ "uri": "https://mystorageaccount.blob.core.windows.net/avdscripts/File2.ps1",
+ "storageAccountId": "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName"
+ },
+ //storage account with public container (no SAS token is required) OR other public URL (not a storage account)
+ {
+ "uri": "https://github.com/myProject/File3.ps1",
+ "storageAccountId": ""
+ }
+ ],
+ "settings": {
+ "commandToExecute": "powershell -ExecutionPolicy Unrestricted -File testscript.ps1"
+ }
+ }
+}
+```
+
+Bicep format
+
+```bicep
+extensionCustomScriptConfig: {
+ enabled: true
+ fileData: [
+ //storage accounts with SAS token requirement
+ {
+ uri: 'https://mystorageaccount.blob.core.windows.net/avdscripts/File1.ps1'
+ storageAccountId: '/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName'
+ }
+ {
+ uri: 'https://mystorageaccount.blob.core.windows.net/avdscripts/File2.ps1'
+ storageAccountId: '/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/rgName/providers/Microsoft.Storage/storageAccounts/storageAccountName'
+ }
+ //storage account with public container (no SAS token is required) OR other public URL (not a storage account)
+ {
+ uri: 'https://github.com/myProject/File3.ps1'
+ storageAccountId: ''
+ }
+ ]
+ settings: {
+ commandToExecute: 'powershell -ExecutionPolicy Unrestricted -File testscript.ps1'
+ }
+}
+```
+
+Parameter JSON format
+
+```json
+"extensionCustomScriptProtectedSetting": {
+ "value": [
+ {
+ "commandToExecute": "mycommandToRun -someParam MYSECRET"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+extensionCustomScriptProtectedSetting: [
+ {
+ commandToExecute: 'mycommandToRun -someParam MYSECRET'
+ }
+]
+```
+
+