Microsoft.Resources deployments

Template format

To create a Microsoft.Resources/deployments resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Resources/deployments",
  "apiVersion": "2021-04-01",
  "location": "string",
  "scope": "string",
  "subscriptionId": "string",
  "resourceGroup": "string",
  "properties": {
    "template": {},
    "templateLink": {
      "uri": "string",
      "id": "string",
      "relativePath": "string",
      "contentVersion": "string",
      "queryString": "string"
    },
    "parameters": {},
    "parametersLink": {
      "uri": "string",
      "contentVersion": "string"
    },
    "mode": "string",
    "debugSetting": {
      "detailLevel": "string"
    },
    "onErrorDeployment": {
      "type": "string",
      "deploymentName": "string"
    },
    "expressionEvaluationOptions": {
      "scope": "string"
    }
  },
  "tags": {}
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Resources/deployments object

Note

In Bicep, type and apiVersion are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>. Don't set those properties in the resource body.

Name Type Required Value
name string Yes The name of the deployment.
type enum Yes For JSON - Microsoft.Resources/deployments
apiVersion enum Yes For JSON - 2021-04-01
location string No The location to store the deployment data.
scope string No In tenant and management group deployments, provide the management group ID to target. Use the format Microsoft.Management/managementGroups/{managementGroupID}.
subscriptionId string No The ID of the subscription to deploy to. If not provided, uses the subscription of the deployment operation.
resourceGroup string No The name of the resource group to deploy to. If not provided, uses the resource group of the deployment operation.
properties object Yes The deployment properties. - DeploymentProperties object
tags object No Deployment tags

DeploymentProperties object

Name Type Required Value
template object No The template content. You use this element when you want to pass the template syntax directly in the request rather than link to an existing template. It can be a JObject or well-formed JSON string. Use either the templateLink property or the template property, but not both.
templateLink object No The URI of the template. Use either the templateLink property or the template property, but not both. - TemplateLink object
parameters object No Name and value pairs that define the deployment parameters for the template. You use this element when you want to provide the parameter values directly in the request rather than link to an existing parameter file. Use either the parametersLink property or the parameters property, but not both. It can be a JObject or a well formed JSON string.
parametersLink object No The URI of parameters file. You use this element to link to an existing parameters file. Use either the parametersLink property or the parameters property, but not both. - ParametersLink object
mode enum Yes The mode that is used to deploy resources. This value can be either Incremental or Complete. In Incremental mode, resources are deployed without deleting existing resources that are not included in the template. In Complete mode, resources are deployed and existing resources in the resource group that are not included in the template are deleted. Be careful when using Complete mode as you may unintentionally delete resources. - Incremental or Complete
debugSetting object No The debug setting of the deployment. - DebugSetting object
onErrorDeployment object No The deployment on error behavior. - OnErrorDeployment object
expressionEvaluationOptions object No Specifies whether template expressions are evaluated within the scope of the parent template or nested template. Only applicable to nested templates. If not specified, default value is outer. - ExpressionEvaluationOptions object

Name Type Required Value
uri string No The URI of the template to deploy. Use either the uri or id property, but not both.
id string No The resource id of a Template Spec. Use either the id or uri property, but not both.
relativePath string No The relativePath property can be used to deploy a linked template at a location relative to the parent. If the parent template was linked with a TemplateSpec, this will reference an artifact in the TemplateSpec. If the parent was linked with a URI, the child deployment will be a combination of the parent and relativePath URIs
contentVersion string No If included, must match the ContentVersion in the template.
queryString string No The query string (for example, a SAS token) to be used with the templateLink URI.

Name Type Required Value
uri string Yes The URI of the parameters file.
contentVersion string No If included, must match the ContentVersion in the template.

DebugSetting object

Name Type Required Value
detailLevel string No Specifies the type of information to log for debugging. The permitted values are none, requestContent, responseContent, or both requestContent and responseContent separated by a comma. The default is none. When setting this value, carefully consider the type of information you are passing in during deployment. By logging information about the request or response, you could potentially expose sensitive data that is retrieved through the deployment operations.

OnErrorDeployment object

Name Type Required Value
type enum No The deployment on error behavior type. Possible values are LastSuccessful and SpecificDeployment. - LastSuccessful or SpecificDeployment
deploymentName string No The deployment to be used on error case.

ExpressionEvaluationOptions object

Name Type Required Value
scope enum No The scope to be used for evaluation of parameters, variables and functions in a nested template. - NotSpecified, Outer, Inner

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Moesif API Analytics and Monitoring

Deploy to Azure
The template will deploy an EventHub and WebJob that will log API calls from Azure API Management to Moesif API analytics so you can understand customer API usage and debug issues quickly.
Deploy a simple Azure Spring Cloud microservice application

Deploy to Azure
This template deploys a simple Azure Spring Cloud microservice application to run on Azure.
Server managed by Desired State Configuration service

Deploy to Azure
This template provides an example of how to deliver a virtual machine and and Automation account to manage the machine, in a single deployment
Redis cluster on Ubuntu VMs

Deploy to Azure
This template creates a Redis cluster on Ubuntu virtual machine images, configures persistence and applies well known optimizations and proven practices
Creates an encrypted managed disk from an encrypted VHD.

Deploy to Azure
This template allows you to create an encrypted managed disk using an existing encrypted VHD and encryption settings.
Disable encryption on a running Windows VM.

Deploy to Azure
This template disables encryption on a running windows vm
Enable encryption on a running Windows VM.

Deploy to Azure
This template enables encryption on a running windows vm using AAD client cert thumbprint. The certificate should have been deployed to the VM earlier
GlassFish on SUSE

Deploy to Azure
This template deploys a load balanced GlassFish (v3 or v4) cluster, consisting of a user defined number of SUSE (OpenSUSE or SLES) VMs.
Deploy multiple VM Scale Sets of Linux VMs.

Deploy to Azure
This template allows you to deploy multiple VM Scale Sets of Linux VMs.
Deploy multiple VM Scale Sets of Windows VMs.

Deploy to Azure
This template allows you to deploy multiple VM Scale Sets of Windows VMs.
Deploy a simple Linux VM and update private IP to static

Deploy to Azure
This template allows you to deploy a simple Linux VM using Ubuntu from the marketplace. This will deploy a VNET, Subnet, and an A1 size VM in the resource group location with a dynamically assigned IP address and then convert it to static IP.
Use output from a Custom Script Extension during Deployment

Deploy to Azure
This is useful to the VM's compute to perform some task during deployment that Azure Resource Manager does not provide. The output of that compute (script) can then be leveraged elsewhere in the deployment. This is useful if the compute resource is needed in the deployment (e.g. a jumpbox, DC, etc), a bit wasteful if it is not.
Deploy a Linux or Windows VM with MSI

Deploy to Azure
This template allows you to deploy a Linux or Windows VM with a Managed Service Identity.
Linux VM with MSI Accessing Storage

Deploy to Azure
This template deploys a linux VM with a system assigned managed identity that has access to a storage account in a different resource group.
SQL Server 2014 SP2 Enterprise with Auto Backup

Deploy to Azure
This template will create a SQL Server 2014 SP2 Enterprise edition with Auto Backup feature enabled
SQL Server 2014 SP1 Enterprise with Azure Key Vault

Deploy to Azure
This template will create a SQL Server 2014 SP1 Enterprise edition with Azure Key Vault Integration feature enabled.
Virus attack on Virtual Machines Scenario

Deploy to Azure
This will deploy 2 virtual machines, OMS and other network resources. One virtual machine without endpoint protection and other with enpoint protection installed. Perform the virus attack by following the guidlines and execute the scenario for mitigation and prevention of a virus attack.
Create a data management gateway and install on an Azure VM

Deploy to Azure
This template deploys a virtual machine and creates a workable data management gateway
Self-host Integration Runtime on Azure VMs

Deploy to Azure
This template creates a selfhost integration runtime and registers it on Azure virtual machines
VM Scale Set Configuration managed by Azure Automation

Deploy to Azure
Deploy a VM Scale Set where virtual machines are deployed as registered nodes in the Azure Automation Desired State Configuration service, and node configuration is guaranteed consistency after deployment. NOTE: Required prerequisites Registration Key and Registration URL are available only after successful creation of an Azure Automation Account for Azure Automation DSC.
Deploy a Linux or Windows VMSS with MSI

Deploy to Azure
This template allows you to deploy a Linux or Windows Virtual Machine Scale Set with a Managed Service Identity. That identity is then used to access Azure services.
On-demand SFTP Server using an existing storage account

Deploy to Azure
This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI).
Deploy a managed Kubernetes Cluster (AKS).

Deploy to Azure
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster.
Deploy a managed Kubernetes Cluster (AKS).

Deploy to Azure
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network and Azure AD Integeration. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster.
Extend Existing Azure Resources with Custom Providers

Deploy to Azure
This sample will go into detail on how to extend existing Azure resources and Resource Manager templates to add in custom workloads.
Deploy an Azure Databricks Workspace and configure CMK

Deploy to Azure
This template allows you to create an Azure Databricks workspace and configure CMK.
Use script extensions to install Mongo DB on Ubuntu VM

Deploy to Azure
This template deploys Configures and Installs Mongo DB on a Ubuntu Virtual Machine in two separate scripts. This template is a good example that showcases how to express dependencies between two scripts running on the same virtual machine. This template also deploys a Storage Account, Virtual Network, Public IP addresses and a Network Interface.
Create HA data management gateway and install on an Azure VMs

Deploy to Azure
This template deploys multiple virtual machines with workable HA data management gateway
Deploy Data Lake Store account with encryption(Key Vault)

Deploy to Azure
This template allows you to deploy an Azure Data Lake Store account with data encryption enabled. This account uses Azure Key Vault to manage the encryption key.
Performs ETL job using Azure services

Deploy to Azure
This template provides an example of how to perform analytics on the historic as well as real time streaming data stored in Azure Blob Storage. The data from the event hub is taken by the Azure Stream Analytics Job to perform transformation and the output is stored in Azure Blob Storage and is visualized in PowerBI. The analytics is applied on the historic data stored in Blob storage by Azure Data Analytics and the movement of extracted, transformed and published data and the orchestration is done by Data Factory. The published data is further visualized in PowerBI
HDInsight with custom Ambari + Hive Metastore DB in VNET

Deploy to Azure
This template allows you to create an HDInsight cluster in an existing virtual network with a new SQL DB that serves as both a custom Ambari DB and Hive Metastore. You must have an existing SQL Sever, storage account, and VNET.
Use KeyVault with a Dynamic resourceId

Deploy to Azure
This template creates a SQL Server and uses an admin password from Key Vault. The reference parameter for the Key Vault secret is created at deployment time using a nested template. This allows the user to simply pass parameter values to the template rather than create a reference parameter in the parameter file.
Run timer jobs that execute on a schedule using Logic Apps.

Deploy to Azure
This template creates a pair of Logic Apps that allows you to create scheduled timer job instances.
Advanced template for Azure Machine Learning workspace

Deploy to Azure
A template that creates Azure Machine Learning workspace with private endpoints and resources behind VNET
User assigned identity role assignment template

Deploy to Azure
A template that creates role assignments of user assigned identity on resources that Azure Machine Learning workspace depends on
Create new ANF resource with SMB volume

Deploy to Azure
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol.
Application Gateway for a Web App with IP Restriction

Deploy to Azure
This template creates an application gateway in front of an Azure Web App with IP restriction enabled on the Web App.
Front Door Premium with App Service origin and Private Link

Deploy to Azure
This template creates a Front Door Premium (Preview) and an App Service, and uses a private endpoint for Front Door to send traffic to the application.
Front Door Premium with Azure Functions and Private Link

Deploy to Azure
This template creates a Front Door Premium (Preview) and an Azure Functions app, and uses a private endpoint for Front Door to send traffic to the function app.
Front Door Premium with blob origin and Private Link

Deploy to Azure
This template creates a Front Door Premium (Preview) and an Azure Storage blob container, and uses a private endpoint for Front Door to send traffic to the storage account.
Front Door Premium with VM and Private Link service

Deploy to Azure
This template creates a Front Door Premium (Preview) and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM.
Front Door Standard/Premium with API Management origin

Deploy to Azure
This template creates a Front Door Premium (Preview) and an API Management instance, and uses an NSG and global API Management policy to validate that traffic has come through the Front Door origin.
Front Door Standard/Premium with Application Gateway origin

Deploy to Azure
This template creates a Front Door Standard/Premium (Preview) and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin.
Front Door with Container Instances and Application Gateway

Deploy to Azure
This template creates a Front Door Standard/Premium (Preview) with a container group and Application Gateway.
Front Door Standard/Premium with Azure Functions origin

Deploy to Azure
This template creates a Front Door Standard/Premium (Preview), an Azure Functions app, and configures the function app to validate that traffic has come through the Front Door origin.
Front Door Standard/Premium with static website origin

Deploy to Azure
This template creates a Front Door Standard/Premium (Preview) and an Azure Storage static website, and configured Front Door to send traffic to the static website.
Enable NSG Flow Logs

Deploy to Azure
This template create an NSG Flow Logs resource
Apply a NSG to an existing subnet

Deploy to Azure
This template applies a newly created NSG to an existing subnet
Add an NSG with Redis security rules to an existing subnet

Deploy to Azure
This template allows you to add an NSG with preconfigured Azure Redis Cache security rules to an existing subnet within a VNET. Deploy into the resource group of the existing VNET.
Create ssh-keys and store in KeyVault

Deploy to Azure
This template uses the deploymentScript resource to generate ssh keys and stores the private key in keyVault.
Create and Deploy a templateSpec

Deploy to Azure
This sample creates and deploys a templateSpec resource within the same template. This is not a typical pattern just meant to show how the templateSpec and the deployment resources are meant to work together.
Create TemplateSpecs from Template Gallery Templates

Deploy to Azure
This sample contains a script to easily migrate template gallery templates to templateSpec resources. The template provide will deploy all templates that can be exported using the migration script.
Deploy SQL Always ON setup with existing SQL Virtual Machines

Deploy to Azure
Deploy SQL Always ON setup with existing SQL Virtual Machines. The virtual machines should already be joined to an existing domain and must be running enterprise version of SQL Server.
Azure Synapse Proof-of-Concept

Deploy to Azure
This template creates a proof of concept environment for Azure Synapse, including SQL Pools and optional Apache Spark Pools