diff --git a/settings/remarks/microsoft.alertsmanagement/remarks.json b/settings/remarks/microsoft.alertsmanagement/remarks.json
index 8de5df3d..f919bc5c 100644
--- a/settings/remarks/microsoft.alertsmanagement/remarks.json
+++ b/settings/remarks/microsoft.alertsmanagement/remarks.json
@@ -24,5 +24,22 @@
       "Path": "samples/smartdetectoralertrules/main.tf",
       "Description": "A basic example of deploying Monitor Smart Detector Alert Rule."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.AlertsManagement/actionRules",
+      "Path": "samples/actionrules/main.bicep",
+      "Description": "A basic example of deploying Alert Processing Rule which apply action group."
+    },
+    {
+      "ResourceType": "Microsoft.AlertsManagement/prometheusRuleGroups",
+      "Path": "samples/prometheusrulegroups/main.bicep",
+      "Description": "A basic example of deploying Alert Management Prometheus Rule Group."
+    },
+    {
+      "ResourceType": "Microsoft.AlertsManagement/smartDetectorAlertRules",
+      "Path": "samples/smartdetectoralertrules/main.bicep",
+      "Description": "A basic example of deploying Monitor Smart Detector Alert Rule."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.alertsmanagement/samples/actionrules/main.bicep b/settings/remarks/microsoft.alertsmanagement/samples/actionrules/main.bicep
new file mode 100644
index 00000000..c6fba9b9
--- /dev/null
+++ b/settings/remarks/microsoft.alertsmanagement/samples/actionrules/main.bicep
@@ -0,0 +1,18 @@
+param resourceName string = 'acctest0001'
+
+resource actionRule 'Microsoft.AlertsManagement/actionRules@2021-08-08' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    actions: [
+      {
+        actionType: 'RemoveAllActionGroups'
+      }
+    ]
+    description: ''
+    enabled: true
+    scopes: [
+      resourceGroup().id
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.alertsmanagement/samples/prometheusrulegroups/main.bicep b/settings/remarks/microsoft.alertsmanagement/samples/prometheusrulegroups/main.bicep
new file mode 100644
index 00000000..3ef991c6
--- /dev/null
+++ b/settings/remarks/microsoft.alertsmanagement/samples/prometheusrulegroups/main.bicep
@@ -0,0 +1,34 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource account 'Microsoft.Monitor/accounts@2023-04-03' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+  }
+}
+
+resource prometheusRuleGroup 'Microsoft.AlertsManagement/prometheusRuleGroups@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    clusterName: ''
+    description: ''
+    enabled: false
+    rules: [
+      {
+        enabled: false
+        expression: '''histogram_quantile(0.99, sum(rate(jobs_duration_seconds_bucket{service="billing-processing"}[5m])) by (job_type))
+'''
+        labels: {
+          team: 'prod'
+        }
+        record: 'job_type:billing_jobs_duration_seconds:99p5m'
+      }
+    ]
+    scopes: [
+      account.id
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.alertsmanagement/samples/smartdetectoralertrules/main.bicep b/settings/remarks/microsoft.alertsmanagement/samples/smartdetectoralertrules/main.bicep
new file mode 100644
index 00000000..7c2efcf8
--- /dev/null
+++ b/settings/remarks/microsoft.alertsmanagement/samples/smartdetectoralertrules/main.bicep
@@ -0,0 +1,62 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource actionGroup 'Microsoft.Insights/actionGroups@2023-01-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    armRoleReceivers: []
+    automationRunbookReceivers: []
+    azureAppPushReceivers: []
+    azureFunctionReceivers: []
+    emailReceivers: []
+    enabled: true
+    eventHubReceivers: []
+    groupShortName: 'acctestag'
+    itsmReceivers: []
+    logicAppReceivers: []
+    smsReceivers: []
+    voiceReceivers: []
+    webhookReceivers: []
+  }
+}
+
+resource component 'Microsoft.Insights/components@2020-02-02' = {
+  name: resourceName
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    DisableIpMasking: false
+    DisableLocalAuth: false
+    ForceCustomerStorageForProfiler: false
+    RetentionInDays: 90
+    SamplingPercentage: 100
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+  }
+}
+
+resource smartDetectorAlertRule 'microsoft.alertsManagement/smartDetectorAlertRules@2019-06-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    actionGroups: {
+      customEmailSubject: ''
+      customWebhookPayload: ''
+      groupIds: [
+        actionGroup.id
+      ]
+    }
+    description: ''
+    detector: {
+      id: 'FailureAnomaliesDetector'
+    }
+    frequency: 'PT1M'
+    scope: [
+      component.id
+    ]
+    severity: 'Sev0'
+    state: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.analysisservices/remarks.json b/settings/remarks/microsoft.analysisservices/remarks.json
index 16c5e89e..a5982b5c 100644
--- a/settings/remarks/microsoft.analysisservices/remarks.json
+++ b/settings/remarks/microsoft.analysisservices/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/servers/main.tf",
       "Description": "A basic example of deploying Analysis Services Server."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.AnalysisServices/servers",
+      "Path": "samples/servers/main.bicep",
+      "Description": "A basic example of deploying Analysis Services Server."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.analysisservices/samples/servers/main.bicep b/settings/remarks/microsoft.analysisservices/samples/servers/main.bicep
new file mode 100644
index 00000000..828a8406
--- /dev/null
+++ b/settings/remarks/microsoft.analysisservices/samples/servers/main.bicep
@@ -0,0 +1,19 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource server 'Microsoft.AnalysisServices/servers@2017-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    asAdministrators: {
+      members: []
+    }
+    ipV4FirewallSettings: {
+      enablePowerBIService: false
+      firewallRules: []
+    }
+  }
+  sku: {
+    name: 'B1'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/remarks.json b/settings/remarks/microsoft.apimanagement/remarks.json
index 8a9f84c8..e967190b 100644
--- a/settings/remarks/microsoft.apimanagement/remarks.json
+++ b/settings/remarks/microsoft.apimanagement/remarks.json
@@ -166,5 +166,162 @@
       "Path": "samples/service/users/main.tf",
       "Description": "A basic example of deploying API Management User."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.ApiManagement/service",
+      "Path": "samples/service/main.bicep",
+      "Description": "A basic example of deploying API Management Service."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/apiVersionSets",
+      "Path": "samples/service/apiversionsets/main.bicep",
+      "Description": "A basic example of deploying API Version Set within an API Management Service."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/apis",
+      "Path": "samples/service/apis/main.bicep",
+      "Description": "A basic example of deploying API within an API Management Service."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/apis/diagnostics",
+      "Path": "samples/service/apis/diagnostics/main.bicep",
+      "Description": "A basic example of deploying API Management Service API Diagnostics Logs."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/apis/operations",
+      "Path": "samples/service/apis/operations/main.bicep",
+      "Description": "A basic example of deploying API Operation within an API Management Service."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/apis/policies",
+      "Path": "samples/service/apis/policies/main.bicep",
+      "Description": "A basic example of deploying API Management Service APIs Policies."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/apis/schemas",
+      "Path": "samples/service/apis/schemas/main.bicep",
+      "Description": "A basic example of deploying API Schema within an API Management Service."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/apis/tagDescriptions",
+      "Path": "samples/service/apis/tagdescriptions/main.bicep",
+      "Description": "A basic example of deploying API Tag Description within an API Management Service."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/apis/tags",
+      "Path": "samples/service/apis/tags/main.bicep",
+      "Description": "A basic example of deploying API Management API Tag."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/authorizationServers",
+      "Path": "samples/service/authorizationservers/main.bicep",
+      "Description": "A basic example of deploying Authorization Server within an API Management Service."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/backends",
+      "Path": "samples/service/backends/main.bicep",
+      "Description": "A basic example of deploying backend within an API Management Service."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/caches",
+      "Path": "samples/service/caches/main.bicep",
+      "Description": "A basic example of deploying API Management Redis Cache."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/certificates",
+      "Path": "samples/service/certificates/main.bicep",
+      "Description": "A basic example of deploying Certificate within an API Management Service."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/diagnostics",
+      "Path": "samples/service/diagnostics/main.bicep",
+      "Description": "A basic example of deploying API Management Service Diagnostic."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/gateways",
+      "Path": "samples/service/gateways/main.bicep",
+      "Description": "A basic example of deploying API Management Gateway."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/gateways/certificateAuthorities",
+      "Path": "samples/service/gateways/certificateauthorities/main.bicep",
+      "Description": "A basic example of deploying API Management Gateway Certificate Authority."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/gateways/hostnameConfigurations",
+      "Path": "samples/service/gateways/hostnameconfigurations/main.bicep",
+      "Description": "A basic example of deploying API Management Gateway Host Name Configuration."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/groups",
+      "Path": "samples/service/groups/main.bicep",
+      "Description": "A basic example of deploying API Management Group."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/identityProviders",
+      "Path": "samples/service/identityproviders/main.bicep",
+      "Description": "A basic example of deploying API Management Identity Provider."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/loggers",
+      "Path": "samples/service/loggers/main.bicep",
+      "Description": "A basic example of deploying Logger within an API Management Service."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/namedValues",
+      "Path": "samples/service/namedvalues/main.bicep",
+      "Description": "A basic example of deploying API Management Named Value."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/openidConnectProviders",
+      "Path": "samples/service/openidconnectproviders/main.bicep",
+      "Description": "A basic example of deploying OpenID Connect Provider within a API Management Service."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/policyFragments",
+      "Path": "samples/service/policyfragments/main.bicep",
+      "Description": "A basic example of deploying API Management Service Policy Fragments."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/portalsettings",
+      "Path": "samples/service/portalsettings/main.bicep",
+      "Description": "A basic example of deploying API Management Service Portal Settings."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/products",
+      "Path": "samples/service/products/main.bicep",
+      "Description": "A basic example of deploying API Management Product."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/products/policies",
+      "Path": "samples/service/products/policies/main.bicep",
+      "Description": "A basic example of deploying API Management Service Products Policies."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/products/tags",
+      "Path": "samples/service/products/tags/main.bicep",
+      "Description": "A basic example of deploying API Management Product tag."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/schemas",
+      "Path": "samples/service/schemas/main.bicep",
+      "Description": "A basic example of deploying Global Schema within an API Management Service."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/subscriptions",
+      "Path": "samples/service/subscriptions/main.bicep",
+      "Description": "A basic example of deploying Subscription within a API Management Service."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/tags",
+      "Path": "samples/service/tags/main.bicep",
+      "Description": "A basic example of deploying API Management Tag."
+    },
+    {
+      "ResourceType": "Microsoft.ApiManagement/service/users",
+      "Path": "samples/service/users/main.bicep",
+      "Description": "A basic example of deploying API Management User."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/apis/diagnostics/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/apis/diagnostics/main.bicep
new file mode 100644
index 00000000..6e6d91b8
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/apis/diagnostics/main.bicep
@@ -0,0 +1,77 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource component 'Microsoft.Insights/components@2020-02-02' = {
+  name: resourceName
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    DisableIpMasking: false
+    DisableLocalAuth: false
+    ForceCustomerStorageForProfiler: false
+    RetentionInDays: 90
+    SamplingPercentage: 100
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+  }
+}
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource api 'Microsoft.ApiManagement/service/apis@2021-08-01' = {
+  parent: service
+  name: '${resourceName};rev=1'
+  properties: {
+    apiType: 'http'
+    apiVersion: ''
+    format: 'swagger-link-json'
+    path: 'test'
+    type: 'http'
+    value: 'http://conferenceapi.azurewebsites.net/?format=json'
+  }
+}
+
+resource logger 'Microsoft.ApiManagement/service/loggers@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    credentials: {
+      instrumentationKey: component.properties.InstrumentationKey
+    }
+    description: ''
+    isBuffered: true
+    loggerType: 'applicationInsights'
+  }
+}
+
+resource diagnostic 'Microsoft.ApiManagement/service/apis/diagnostics@2021-08-01' = {
+  parent: api
+  name: 'applicationinsights'
+  properties: {
+    loggerId: logger.id
+    operationNameFormat: 'Name'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/apis/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/apis/main.bicep
new file mode 100644
index 00000000..c15f73f6
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/apis/main.bicep
@@ -0,0 +1,47 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource api 'Microsoft.ApiManagement/service/apis@2021-08-01' = {
+  parent: service
+  name: '${resourceName};rev=1'
+  properties: {
+    apiRevisionDescription: ''
+    apiType: 'http'
+    apiVersion: ''
+    apiVersionDescription: ''
+    authenticationSettings: {}
+    description: ''
+    displayName: 'api1'
+    path: 'api1'
+    protocols: [
+      'https'
+    ]
+    serviceUrl: ''
+    subscriptionRequired: true
+    type: 'http'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/apis/operations/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/apis/operations/main.bicep
new file mode 100644
index 00000000..28df9ff6
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/apis/operations/main.bicep
@@ -0,0 +1,64 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource service 'Microsoft.ApiManagement/service@2022-08-01' = {
+  name: '${resourceName}-am'
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource api 'Microsoft.ApiManagement/service/apis@2022-08-01' = {
+  parent: service
+  name: '${resourceName}-api;rev=1'
+  properties: {
+    apiRevisionDescription: ''
+    apiType: 'http'
+    apiVersionDescription: ''
+    authenticationSettings: {}
+    description: 'What is my purpose? You parse butter.'
+    displayName: 'Butter Parser'
+    path: 'butter-parser'
+    protocols: [
+      'http'
+      'https'
+    ]
+    serviceUrl: 'https://example.com/foo/bar'
+    subscriptionKeyParameterNames: {
+      header: 'X-Butter-Robot-API-Key'
+      query: 'location'
+    }
+    subscriptionRequired: true
+    type: 'http'
+  }
+}
+
+resource operation 'Microsoft.ApiManagement/service/apis/operations@2022-08-01' = {
+  parent: api
+  name: '${resourceName}-operation'
+  properties: {
+    description: ''
+    displayName: 'DELETE Resource'
+    method: 'DELETE'
+    responses: []
+    templateParameters: []
+    urlTemplate: '/resource'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/apis/policies/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/apis/policies/main.bicep
new file mode 100644
index 00000000..181e1961
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/apis/policies/main.bicep
@@ -0,0 +1,62 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource api 'Microsoft.ApiManagement/service/apis@2021-08-01' = {
+  parent: service
+  name: '${resourceName};rev=1'
+  properties: {
+    apiRevisionDescription: ''
+    apiType: 'http'
+    apiVersion: ''
+    apiVersionDescription: ''
+    authenticationSettings: {}
+    description: ''
+    displayName: 'api1'
+    path: 'api1'
+    protocols: [
+      'https'
+    ]
+    serviceUrl: ''
+    subscriptionRequired: true
+    type: 'http'
+  }
+}
+
+resource policy 'Microsoft.ApiManagement/service/apis/policies@2021-08-01' = {
+  parent: api
+  name: 'policy'
+  properties: {
+    format: 'xml'
+    value: '''<policies>
+  <inbound>
+    <set-variable name="abc" value="@(context.Request.Headers.GetValueOrDefault(&quot;X-Header-Name&quot;, &quot;&quot;))" />
+    <find-and-replace from="xyz" to="abc" />
+  </inbound>
+</policies>
+'''
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/apis/schemas/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/apis/schemas/main.bicep
new file mode 100644
index 00000000..e62d1103
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/apis/schemas/main.bicep
@@ -0,0 +1,63 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource api 'Microsoft.ApiManagement/service/apis@2021-08-01' = {
+  parent: service
+  name: '${resourceName};rev=1'
+  properties: {
+    apiRevisionDescription: ''
+    apiType: 'http'
+    apiVersion: ''
+    apiVersionDescription: ''
+    authenticationSettings: {}
+    description: ''
+    displayName: 'api1'
+    path: 'api1'
+    protocols: [
+      'https'
+    ]
+    serviceUrl: ''
+    subscriptionRequired: true
+    type: 'http'
+  }
+}
+
+resource schema 'Microsoft.ApiManagement/service/apis/schemas@2021-08-01' = {
+  parent: api
+  name: resourceName
+  properties: {
+    contentType: 'application/vnd.ms-azure-apim.xsd+xml'
+    document: {
+      value: '''<!--
+ Copyright (c) HashiCorp, Inc.
+ SPDX-License-Identifier: MPL-2.0
+-->
+
+<s:schema elementFormDefault="qualified" targetNamespace="http://ws.cdyne.com/WeatherWS/" xmlns:tns="http://ws.cdyne.com/WeatherWS/" xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tm="http://microsoft.com/wsdl/mime/textMatching/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:apim-wsdltns="http://ws.cdyne.com/WeatherWS/"> <s:element name="GetWeatherInformation"> <s:complexType /> </s:element> <s:element name="GetWeatherInformationResponse"> <s:complexType> <s:sequence> <s:element minOccurs="0" maxOccurs="1" name="GetWeatherInformationResult" type="tns:ArrayOfWeatherDescription" /> </s:sequence> </s:complexType> </s:element> <s:complexType name="ArrayOfWeatherDescription"> <s:sequence> <s:element minOccurs="0" maxOccurs="unbounded" name="WeatherDescription" type="tns:WeatherDescription" /> </s:sequence> </s:complexType> <s:complexType name="WeatherDescription"> <s:sequence> <s:element minOccurs="1" maxOccurs="1" name="WeatherID" type="s:short" /> <s:element minOccurs="0" maxOccurs="1" name="Description" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="PictureURL" type="s:string" /> </s:sequence> </s:complexType> <s:element name="GetCityForecastByZIP"> <s:complexType> <s:sequence> <s:element minOccurs="0" maxOccurs="1" name="ZIP" type="s:string" /> </s:sequence> </s:complexType> </s:element> <s:element name="GetCityForecastByZIPResponse"> <s:complexType> <s:sequence> <s:element minOccurs="0" maxOccurs="1" name="GetCityForecastByZIPResult" type="tns:ForecastReturn" /> </s:sequence> </s:complexType> </s:element> <s:complexType name="ForecastReturn"> <s:sequence> <s:element minOccurs="1" maxOccurs="1" name="Success" type="s:boolean" /> <s:element minOccurs="0" maxOccurs="1" name="ResponseText" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="State" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="City" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="WeatherStationCity" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="ForecastResult" type="tns:ArrayOfForecast" /> </s:sequence> </s:complexType> <s:complexType name="ArrayOfForecast"> <s:sequence> <s:element minOccurs="0" maxOccurs="unbounded" name="Forecast" nillable="true" type="tns:Forecast" /> </s:sequence> </s:complexType> <s:complexType name="Forecast"> <s:sequence> <s:element minOccurs="1" maxOccurs="1" name="Date" type="s:dateTime" /> <s:element minOccurs="1" maxOccurs="1" name="WeatherID" type="s:short" /> <s:element minOccurs="0" maxOccurs="1" name="Desciption" type="s:string" /> <s:element minOccurs="1" maxOccurs="1" name="Temperatures" type="tns:temp" /> <s:element minOccurs="1" maxOccurs="1" name="ProbabilityOfPrecipiation" type="tns:POP" /> </s:sequence> </s:complexType> <s:complexType name="temp"> <s:sequence> <s:element minOccurs="0" maxOccurs="1" name="MorningLow" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="DaytimeHigh" type="s:string" /> </s:sequence> </s:complexType> <s:complexType name="POP"> <s:sequence> <s:element minOccurs="0" maxOccurs="1" name="Nighttime" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="Daytime" type="s:string" /> </s:sequence> </s:complexType> <s:element name="GetCityWeatherByZIP"> <s:complexType> <s:sequence> <s:element minOccurs="0" maxOccurs="1" name="ZIP" type="s:string" /> </s:sequence> </s:complexType> </s:element> <s:element name="GetCityWeatherByZIPResponse"> <s:complexType> <s:sequence> <s:element minOccurs="1" maxOccurs="1" name="GetCityWeatherByZIPResult" type="tns:WeatherReturn" /> </s:sequence> </s:complexType> </s:element> <s:complexType name="WeatherReturn"> <s:sequence> <s:element minOccurs="1" maxOccurs="1" name="Success" type="s:boolean" /> <s:element minOccurs="0" maxOccurs="1" name="ResponseText" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="State" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="City" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="WeatherStationCity" type="s:string" /> <s:element minOccurs="1" maxOccurs="1" name="WeatherID" type="s:short" /> <s:element minOccurs="0" maxOccurs="1" name="Description" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="Temperature" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="RelativeHumidity" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="Wind" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="Pressure" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="Visibility" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="WindChill" type="s:string" /> <s:element minOccurs="0" maxOccurs="1" name="Remarks" type="s:string" /> </s:sequence> </s:complexType> <s:element name="ArrayOfWeatherDescription" nillable="true" type="tns:ArrayOfWeatherDescription" /> <s:element name="ForecastReturn" nillable="true" type="tns:ForecastReturn" /> <s:element name="WeatherReturn" type="tns:WeatherReturn" /> </s:schema>'''
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/apis/tagdescriptions/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/apis/tagdescriptions/main.bicep
new file mode 100644
index 00000000..4f4c4267
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/apis/tagdescriptions/main.bicep
@@ -0,0 +1,67 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource service 'Microsoft.ApiManagement/service@2022-08-01' = {
+  name: '${resourceName}-service'
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource api 'Microsoft.ApiManagement/service/apis@2022-08-01' = {
+  parent: service
+  name: '${resourceName}-api;rev=1'
+  properties: {
+    apiRevisionDescription: ''
+    apiType: 'http'
+    apiVersionDescription: ''
+    authenticationSettings: {}
+    displayName: 'api1'
+    path: 'api1'
+    protocols: [
+      'https'
+    ]
+    subscriptionRequired: true
+    type: 'http'
+  }
+}
+
+resource tag 'Microsoft.ApiManagement/service/tags@2022-08-01' = {
+  parent: service
+  name: '${resourceName}-tag'
+  properties: {
+    displayName: 'acctest0001-tag'
+  }
+}
+
+resource tagDescription 'Microsoft.ApiManagement/service/apis/tagDescriptions@2022-08-01' = {
+  parent: api
+  name: '${resourceName}-tag'
+  properties: {
+    description: 'tag description'
+    externalDocsDescription: 'external tag description'
+    externalDocsUrl: 'https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs'
+  }
+}
+
+resource tag1 'Microsoft.ApiManagement/service/apis/tags@2022-08-01' = {
+  parent: api
+  name: '${resourceName}-tag'
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/apis/tags/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/apis/tags/main.bicep
new file mode 100644
index 00000000..9263f2e8
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/apis/tags/main.bicep
@@ -0,0 +1,52 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource service 'Microsoft.ApiManagement/service@2022-08-01' = {
+  name: '${resourceName}-service'
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource api 'Microsoft.ApiManagement/service/apis@2022-08-01' = {
+  parent: service
+  name: '${resourceName}-api;rev=1'
+  properties: {
+    apiRevisionDescription: ''
+    apiType: 'http'
+    apiVersionDescription: ''
+    authenticationSettings: {}
+    displayName: 'api1'
+    path: 'api1'
+    protocols: [
+      'https'
+    ]
+    subscriptionRequired: true
+    type: 'http'
+  }
+}
+
+resource tag 'Microsoft.ApiManagement/service/tags@2022-08-01' = {
+  parent: service
+  name: '${resourceName}-tag'
+  properties: {
+    displayName: 'acctest0001-tag'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/apiversionsets/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/apiversionsets/main.bicep
new file mode 100644
index 00000000..079e3fb3
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/apiversionsets/main.bicep
@@ -0,0 +1,36 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource apiVersionSet 'Microsoft.ApiManagement/service/apiVersionSets@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    description: 'TestDescription1'
+    displayName: 'TestApiVersionSet1230630032559674766'
+    versioningScheme: 'Segment'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/authorizationservers/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/authorizationservers/main.bicep
new file mode 100644
index 00000000..244a30d9
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/authorizationservers/main.bicep
@@ -0,0 +1,56 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The OAuth client ID for the authorization server')
+param oauthClientId string
+@secure()
+@description('The OAuth client secret for the authorization server')
+param oauthClientSecret string
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource authorizationServer 'Microsoft.ApiManagement/service/authorizationServers@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    authorizationEndpoint: 'https://azacceptance.hashicorptest.com/client/authorize'
+    authorizationMethods: [
+      'GET'
+    ]
+    clientAuthenticationMethod: []
+    clientId: null
+    clientRegistrationEndpoint: 'https://azacceptance.hashicorptest.com/client/register'
+    clientSecret: null
+    defaultScope: ''
+    description: ''
+    displayName: 'Test Group'
+    grantTypes: [
+      'implicit'
+    ]
+    resourceOwnerPassword: ''
+    resourceOwnerUsername: ''
+    supportState: false
+    tokenBodyParameters: []
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/backends/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/backends/main.bicep
new file mode 100644
index 00000000..aa963401
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/backends/main.bicep
@@ -0,0 +1,35 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource backend 'Microsoft.ApiManagement/service/backends@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    protocol: 'http'
+    url: 'https://acctest'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/caches/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/caches/main.bicep
new file mode 100644
index 00000000..63f1096f
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/caches/main.bicep
@@ -0,0 +1,48 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource redis 'Microsoft.Cache/redis@2023-04-01' = {
+  name: resourceName
+  properties: {
+    enableNonSslPort: true
+    minimumTlsVersion: '1.2'
+    sku: {
+      capacity: 2
+      family: 'C'
+      name: 'Standard'
+    }
+  }
+}
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource cache 'Microsoft.ApiManagement/service/caches@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    connectionString: '${redis.name}.redis.cache.windows.net:6380,password=redis.listKeys().primaryKey,ssl=true,abortConnect=False'
+    useFromLocation: 'default'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/certificates/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/certificates/main.bicep
new file mode 100644
index 00000000..9fa37d0f
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/certificates/main.bicep
@@ -0,0 +1,35 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource certificate 'Microsoft.ApiManagement/service/certificates@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    data: 'MIIKmQIBAzCCCl8GCSqGSIb3DQEHAaCCClAEggpMMIIKSDCCBP8GCSqGSIb3DQEHBqCCBPAwggTsAgEAMIIE5QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIp1c0ydxiVG0CAggAgIIEuA5qATScE+dBHsldt+cfd/PjV+FAei7+lyYXm2IN1TZ1mFEce3T6MlGaqXoHMlYlIEVtvxNp2qpbYyGbboCRYTmB1tHbDbwDAg0bO8J8ing2xOvkoKx+sFX7L0I+FcGz5ucJRoDus6K6GdMgWOi+vlEdliBpH7Lgk+8+SXpFf/JadnEY49Dr4XMUBs/fXe6BxB89b9H/5mUg1SQFuxnGQrdvEW7tNFJR7k9BUO/95X8b4mQZdqfXBzgayOKTcB7JShXA9gjyAbxsF2g5EXlmWNJoRVo8xPcybPgarDdfjM4L0eEzvB4mgn6JimCaHxt9Gb3PGhPJ0mFzVbJTPQgiFpjpREwDWVYk7LeKvjyLn70O9pQyCi8tjZGw5XfIHlt7P+EHEdXXYR7z7gbgNQmWFMjYEX2puAKjYyjYsZ3ZxlWWNsrWZA/lNE5BgIBAcNAT2NBGAGbe4floniM8RPpQJ/Tj53nFQxav2sY/toWRSA8z7/bMGmQZEh9Dun61YJc+yb0dzn0K98FlEw1+Uu4fR8l6/e4xvmpdH3tOVak0xFRJLdILlO9VwJ3Ins8CODFHV4J4DnuMyINonctjTl9qy66+pVf6ePX0Io5k+49hU3u19jZy/oN8xxTGDMGVQinZ19yNC5TJ7RJ4fb682Jk+P8dwc+1icbBydZo3a/n1JdglMjPJK4+f0iW/+KIBFD2oZlEt8/Hi+IzyXT2BJHuZJmPa61vxHurA/urGH06ybpcrSEkBC0Lcm07Ie5Ov/UQVcdwF2MM3f3Iv5hrdRogBmB5pe1sYwNGJanCy4dABwpu+qVrtBGZEdBRl4h6IUTTzFDJltVcAmi60blvB8pCufDnD+PdJobAD5FIcsMDl0hiB7AgDbtOWygE1i/b5GnoVsfOGt4iUclikKxCig4m500IgX/XgUBiY1RwkHIXZQ1mXyWBAnaFgPA7BOt70Qbj9wy9S60FvrElVG9NWXuTdGY+ECWkoEzjiGnCEL+T1Cv43b8SlL5GCCftIUHlM/ss8oBzcJmUJsUsv/ZHTcj3GKyHud5cIT4rli542dDkoZj0O6fsvE+yFM7kZaQrTzuPlstfnvi5OeJQ4+aJBeL+rEXvEspLn02i2Rg1afZAll6fk+epPJOxW2pkrVslDMj/0RfLr4dRi5uzBiJb3pILfCDJs9Nqzj2GMWOFudQn5OHbcbx6dtoB1RcdsZHSGTn+MrjoXey2nmIlg372aLR7tCH06Z66U9FagAr51DZAKq2ry0T6gR4sWtzHlS063xFH4JeCHAJouWqEwgxeBu1zSZneDlMaC1ifcB0fOML8658vi1B697wLP0Muc6UW4mqfuN7AMl1fJQ7vO5oTDgWbPd6bSrLk46zmN3vC3VzMqQVa/1BbKgGkTOaVIZJuK0OuN2hyaVLNvm8XQ2O5QWE6aY2l3fm7m4hbT2AXRd/ulquZRhbQa7jIyjTb6SwLZG9wpvRJ5pR/C1V/QitI4GrViMOgEX+LV2TzXZxmkBV45/dDJ9Vh+2LEUKvcbkWjxZEbgltyCOdDHbTA5ydcNCHi/t/L371N6mCcXJH4FC7za1LpNmXeRIZa4lUuW602YH0DCYTnZ95UqMNyXMIIFQQYJKoZIhvcNAQcBoIIFMgSCBS4wggUqMIIFJgYLKoZIhvcNAQwKAQKgggTuMIIE6jAcBgoqhkiG9w0BDAEDMA4ECMwUHG/3/JVkAgIIAASCBMivDxcmzXtuXLPeu468SGYRJk994sSYqjK6fKP4090KXsDgX+IkggKJWqZqyRb0Dq7EusKpMyrSJNtz9Cfl3+S/vsbX6mGz4TY1g4VNvkyJyUjqUjKIDL2SlULRa7ldEvpOciy0Ms/6PBQXOTyVr5Rd1dFUFSbkLAruIWTULK0OfQoFjuQXmDvunRBrqSbHtjID9m1OwdcTfzMGHjsXth3iSWSTTh5+Eg/6H+/9kGC9VEEURqFD3Gx2kWKjqSlZyf/LSOTBcQ6+qRQZT1B1ZnPAVBU9Xn9Z6Tq0EMNfNg9+pv1GlLBUg1Hqo8RAW1nNOBSBHXS0nq062j48luQOotthKOc1rkjQd91Q9qTLFlU12gllQw+ejHVVvEEPHtxJ7HVr/lvM/5mt2oObTJb01JcfVnYrnI3NnNSWRULx/tznhB2yoKqjtrnZAW3zNU9TQQVyLVjt2lIXhE4oXk0I+Cxmvbh+YJF6XLrATGc6yuL02ZInrC59ufkclcnjnTSGnXWr9gzIndZ6wSS0B+6bMpLxamvE4XDhAQCn6MEGGVcY9nMydxaWU3o7Is0J1nd/KZWgfXeOoZx10olSR22+PBKy8Gsge2mMbR2QvhUKNyXLTV3pOnxtjGf88PhseqDpwZ5++DOSFfi0spsDvfXJNO0F0f0JYrMNXbqlxO4uExj146thivXZVlR1n5Bo4eL0OoVIXn1w/MuU0suQvZm+kD8uVuajyBnJsnhsCWx2eTZ2vzHQTKB2EtYeDPioWSomTVVjIdg8A9pTzvvhe8MzFXvRMXFc9+ToN+uLjJqHRSmpZIGJvZQXCKrlCC9KRjP1HIhJhyfuYoEjTkF3IVeXS1tnA5CH5oilOG+guLKXNPWsrCXEpewz6i907ugx/VWTAmEMzYwMCDzCnW2l+mI8P56nWrwI0vDuk1GhIs6nn+Nhc6FPHD1996zyZ7hfmO7h25tto00IoVgI9QlhwtWLz10ZltLG581JvO7jEwT4u/nYxD7aO0Llb3ytNKihalFZMaY20a1dhVBsPwiWUpZcMmPoYySSiukyw350WiV/Z2NAsyeGRTWpdKcBi7gna0NN6fn0QLSdTcPKutASCplNExnI1IkkBFb3TmlF5HrrwmVht+vqxEHbRjDwEnKkvGcUbLWdjUjSWVNNbCbo8KbLAXcBPcjTHxIRw3gkLcS+yL0//uSENgo/LpHBZsO5d6as820lpYmHIjvyxhAMpMNlOPmUIW+cOgcf328wNaHaVWalIwfSGJdqGgC4msvP8vOcGWYgLkdrqJGWjhDs40x7LuFEBWgpgu6E2FfPOPTsqs5QxNKTgCw/eXjK92dZkdqO0Y7oLavU3OaJeWFJpAuZcC84Rwup2K0d4CXvZ0bOtpISSTr3VZeXRl8SkN2bQtgit9BJ2qGAy9blNObk1q8yOaVppercZMgG96DK23ZQ9uLRmliqytE1tXFKNKegwxGorKodoMwpRzClBz37KIYGJvFOYVya11v3gdcfeMcRTPdZG5dbI6US9DNk6fbShBJpc7PvYgMc8Vr+xEfzZXPnY2M8d+uJJomrU5ZQXcjy9jtyE4ToBz5ajh4Hq6Khlv6v5y2C+GrXb5+2KoSkcAYpTxlzAnjk9pYMZkwxJTAjBgkqhkiG9w0BCRUxFgQURdOwIJIHIprOPt5IqfZOf/7JJoQwMTAhMAkGBSsOAwIaBQAEFCaYzKHAOxuYPxNGezkbQ8Tp9cGsBAiTp8/jb7QK5AICCAAK'
+    password: ''
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/diagnostics/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/diagnostics/main.bicep
new file mode 100644
index 00000000..247cece4
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/diagnostics/main.bicep
@@ -0,0 +1,64 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource component 'Microsoft.Insights/components@2020-02-02' = {
+  name: resourceName
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    DisableIpMasking: false
+    DisableLocalAuth: false
+    ForceCustomerStorageForProfiler: false
+    RetentionInDays: 90
+    SamplingPercentage: 100
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+  }
+}
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource diagnostic 'Microsoft.ApiManagement/service/diagnostics@2021-08-01' = {
+  parent: service
+  name: 'applicationinsights'
+  properties: {
+    loggerId: logger.id
+    operationNameFormat: 'Name'
+  }
+}
+
+resource logger 'Microsoft.ApiManagement/service/loggers@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    credentials: {
+      instrumentationKey: component.properties.InstrumentationKey
+    }
+    description: ''
+    isBuffered: true
+    loggerType: 'applicationInsights'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/gateways/certificateauthorities/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/gateways/certificateauthorities/main.bicep
new file mode 100644
index 00000000..d400e9d2
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/gateways/certificateauthorities/main.bicep
@@ -0,0 +1,75 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The base64-encoded certificate data')
+param certificateData string
+@secure()
+@description('The password for the certificate')
+param certificatePassword string
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_GCM_SHA384': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 1
+    name: 'Developer'
+  }
+}
+
+resource certificate 'Microsoft.ApiManagement/service/certificates@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    data: null
+    password: null
+  }
+}
+
+resource gateway 'Microsoft.ApiManagement/service/gateways@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    description: ''
+    locationData: {
+      city: ''
+      countryOrRegion: ''
+      district: ''
+      name: 'test'
+    }
+  }
+}
+
+resource certificateAuthority 'Microsoft.ApiManagement/service/gateways/certificateAuthorities@2021-08-01' = {
+  parent: gateway
+  name: 'certificate.name'
+  properties: {
+    isTrusted: false
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/gateways/hostnameconfigurations/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/gateways/hostnameconfigurations/main.bicep
new file mode 100644
index 00000000..30472942
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/gateways/hostnameconfigurations/main.bicep
@@ -0,0 +1,74 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_GCM_SHA384': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 1
+    name: 'Developer'
+  }
+}
+
+resource certificate 'Microsoft.ApiManagement/service/certificates@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    data: 'MIIKmQIBAzCCCl8GCSqGSIb3DQEHAaCCClAEggpMMIIKSDCCBP8GCSqGSIb3DQEHBqCCBPAwggTsAgEAMIIE5QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIp1c0ydxiVG0CAggAgIIEuA5qATScE+dBHsldt+cfd/PjV+FAei7+lyYXm2IN1TZ1mFEce3T6MlGaqXoHMlYlIEVtvxNp2qpbYyGbboCRYTmB1tHbDbwDAg0bO8J8ing2xOvkoKx+sFX7L0I+FcGz5ucJRoDus6K6GdMgWOi+vlEdliBpH7Lgk+8+SXpFf/JadnEY49Dr4XMUBs/fXe6BxB89b9H/5mUg1SQFuxnGQrdvEW7tNFJR7k9BUO/95X8b4mQZdqfXBzgayOKTcB7JShXA9gjyAbxsF2g5EXlmWNJoRVo8xPcybPgarDdfjM4L0eEzvB4mgn6JimCaHxt9Gb3PGhPJ0mFzVbJTPQgiFpjpREwDWVYk7LeKvjyLn70O9pQyCi8tjZGw5XfIHlt7P+EHEdXXYR7z7gbgNQmWFMjYEX2puAKjYyjYsZ3ZxlWWNsrWZA/lNE5BgIBAcNAT2NBGAGbe4floniM8RPpQJ/Tj53nFQxav2sY/toWRSA8z7/bMGmQZEh9Dun61YJc+yb0dzn0K98FlEw1+Uu4fR8l6/e4xvmpdH3tOVak0xFRJLdILlO9VwJ3Ins8CODFHV4J4DnuMyINonctjTl9qy66+pVf6ePX0Io5k+49hU3u19jZy/oN8xxTGDMGVQinZ19yNC5TJ7RJ4fb682Jk+P8dwc+1icbBydZo3a/n1JdglMjPJK4+f0iW/+KIBFD2oZlEt8/Hi+IzyXT2BJHuZJmPa61vxHurA/urGH06ybpcrSEkBC0Lcm07Ie5Ov/UQVcdwF2MM3f3Iv5hrdRogBmB5pe1sYwNGJanCy4dABwpu+qVrtBGZEdBRl4h6IUTTzFDJltVcAmi60blvB8pCufDnD+PdJobAD5FIcsMDl0hiB7AgDbtOWygE1i/b5GnoVsfOGt4iUclikKxCig4m500IgX/XgUBiY1RwkHIXZQ1mXyWBAnaFgPA7BOt70Qbj9wy9S60FvrElVG9NWXuTdGY+ECWkoEzjiGnCEL+T1Cv43b8SlL5GCCftIUHlM/ss8oBzcJmUJsUsv/ZHTcj3GKyHud5cIT4rli542dDkoZj0O6fsvE+yFM7kZaQrTzuPlstfnvi5OeJQ4+aJBeL+rEXvEspLn02i2Rg1afZAll6fk+epPJOxW2pkrVslDMj/0RfLr4dRi5uzBiJb3pILfCDJs9Nqzj2GMWOFudQn5OHbcbx6dtoB1RcdsZHSGTn+MrjoXey2nmIlg372aLR7tCH06Z66U9FagAr51DZAKq2ry0T6gR4sWtzHlS063xFH4JeCHAJouWqEwgxeBu1zSZneDlMaC1ifcB0fOML8658vi1B697wLP0Muc6UW4mqfuN7AMl1fJQ7vO5oTDgWbPd6bSrLk46zmN3vC3VzMqQVa/1BbKgGkTOaVIZJuK0OuN2hyaVLNvm8XQ2O5QWE6aY2l3fm7m4hbT2AXRd/ulquZRhbQa7jIyjTb6SwLZG9wpvRJ5pR/C1V/QitI4GrViMOgEX+LV2TzXZxmkBV45/dDJ9Vh+2LEUKvcbkWjxZEbgltyCOdDHbTA5ydcNCHi/t/L371N6mCcXJH4FC7za1LpNmXeRIZa4lUuW602YH0DCYTnZ95UqMNyXMIIFQQYJKoZIhvcNAQcBoIIFMgSCBS4wggUqMIIFJgYLKoZIhvcNAQwKAQKgggTuMIIE6jAcBgoqhkiG9w0BDAEDMA4ECMwUHG/3/JVkAgIIAASCBMivDxcmzXtuXLPeu468SGYRJk994sSYqjK6fKP4090KXsDgX+IkggKJWqZqyRb0Dq7EusKpMyrSJNtz9Cfl3+S/vsbX6mGz4TY1g4VNvkyJyUjqUjKIDL2SlULRa7ldEvpOciy0Ms/6PBQXOTyVr5Rd1dFUFSbkLAruIWTULK0OfQoFjuQXmDvunRBrqSbHtjID9m1OwdcTfzMGHjsXth3iSWSTTh5+Eg/6H+/9kGC9VEEURqFD3Gx2kWKjqSlZyf/LSOTBcQ6+qRQZT1B1ZnPAVBU9Xn9Z6Tq0EMNfNg9+pv1GlLBUg1Hqo8RAW1nNOBSBHXS0nq062j48luQOotthKOc1rkjQd91Q9qTLFlU12gllQw+ejHVVvEEPHtxJ7HVr/lvM/5mt2oObTJb01JcfVnYrnI3NnNSWRULx/tznhB2yoKqjtrnZAW3zNU9TQQVyLVjt2lIXhE4oXk0I+Cxmvbh+YJF6XLrATGc6yuL02ZInrC59ufkclcnjnTSGnXWr9gzIndZ6wSS0B+6bMpLxamvE4XDhAQCn6MEGGVcY9nMydxaWU3o7Is0J1nd/KZWgfXeOoZx10olSR22+PBKy8Gsge2mMbR2QvhUKNyXLTV3pOnxtjGf88PhseqDpwZ5++DOSFfi0spsDvfXJNO0F0f0JYrMNXbqlxO4uExj146thivXZVlR1n5Bo4eL0OoVIXn1w/MuU0suQvZm+kD8uVuajyBnJsnhsCWx2eTZ2vzHQTKB2EtYeDPioWSomTVVjIdg8A9pTzvvhe8MzFXvRMXFc9+ToN+uLjJqHRSmpZIGJvZQXCKrlCC9KRjP1HIhJhyfuYoEjTkF3IVeXS1tnA5CH5oilOG+guLKXNPWsrCXEpewz6i907ugx/VWTAmEMzYwMCDzCnW2l+mI8P56nWrwI0vDuk1GhIs6nn+Nhc6FPHD1996zyZ7hfmO7h25tto00IoVgI9QlhwtWLz10ZltLG581JvO7jEwT4u/nYxD7aO0Llb3ytNKihalFZMaY20a1dhVBsPwiWUpZcMmPoYySSiukyw350WiV/Z2NAsyeGRTWpdKcBi7gna0NN6fn0QLSdTcPKutASCplNExnI1IkkBFb3TmlF5HrrwmVht+vqxEHbRjDwEnKkvGcUbLWdjUjSWVNNbCbo8KbLAXcBPcjTHxIRw3gkLcS+yL0//uSENgo/LpHBZsO5d6as820lpYmHIjvyxhAMpMNlOPmUIW+cOgcf328wNaHaVWalIwfSGJdqGgC4msvP8vOcGWYgLkdrqJGWjhDs40x7LuFEBWgpgu6E2FfPOPTsqs5QxNKTgCw/eXjK92dZkdqO0Y7oLavU3OaJeWFJpAuZcC84Rwup2K0d4CXvZ0bOtpISSTr3VZeXRl8SkN2bQtgit9BJ2qGAy9blNObk1q8yOaVppercZMgG96DK23ZQ9uLRmliqytE1tXFKNKegwxGorKodoMwpRzClBz37KIYGJvFOYVya11v3gdcfeMcRTPdZG5dbI6US9DNk6fbShBJpc7PvYgMc8Vr+xEfzZXPnY2M8d+uJJomrU5ZQXcjy9jtyE4ToBz5ajh4Hq6Khlv6v5y2C+GrXb5+2KoSkcAYpTxlzAnjk9pYMZkwxJTAjBgkqhkiG9w0BCRUxFgQURdOwIJIHIprOPt5IqfZOf/7JJoQwMTAhMAkGBSsOAwIaBQAEFCaYzKHAOxuYPxNGezkbQ8Tp9cGsBAiTp8/jb7QK5AICCAAK'
+    password: ''
+  }
+}
+
+resource gateway 'Microsoft.ApiManagement/service/gateways@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    description: ''
+    locationData: {
+      city: ''
+      countryOrRegion: ''
+      district: ''
+      name: 'test'
+    }
+  }
+}
+
+resource hostnameConfiguration 'Microsoft.ApiManagement/service/gateways/hostnameConfigurations@2021-08-01' = {
+  parent: gateway
+  name: resourceName
+  properties: {
+    certificateId: certificate.id
+    hostname: 'host-name-230630032559671742'
+    http2Enabled: true
+    negotiateClientCertificate: false
+    tls10Enabled: false
+    tls11Enabled: false
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/gateways/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/gateways/main.bicep
new file mode 100644
index 00000000..e8c528a7
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/gateways/main.bicep
@@ -0,0 +1,52 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_GCM_SHA384': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 1
+    name: 'Developer'
+  }
+}
+
+resource gateway 'Microsoft.ApiManagement/service/gateways@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    description: ''
+    locationData: {
+      city: ''
+      countryOrRegion: ''
+      district: ''
+      name: 'test'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/groups/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/groups/main.bicep
new file mode 100644
index 00000000..dd41d7a0
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/groups/main.bicep
@@ -0,0 +1,49 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_GCM_SHA384': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 1
+    name: 'Developer'
+  }
+}
+
+resource group 'Microsoft.ApiManagement/service/groups@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    description: ''
+    displayName: 'Test Group'
+    externalId: ''
+    type: 'custom'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/identityproviders/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/identityproviders/main.bicep
new file mode 100644
index 00000000..53ae60d6
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/identityproviders/main.bicep
@@ -0,0 +1,53 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The client ID for the Twitter identity provider')
+param identityProviderClientId string
+@secure()
+@description('The client secret for the Twitter identity provider')
+param identityProviderClientSecret string
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_GCM_SHA384': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 1
+    name: 'Developer'
+  }
+}
+
+resource identityProvider 'Microsoft.ApiManagement/service/identityProviders@2021-08-01' = {
+  parent: service
+  name: 'twitter'
+  properties: {
+    clientId: null
+    clientSecret: null
+    type: 'twitter'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/loggers/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/loggers/main.bicep
new file mode 100644
index 00000000..5c044a15
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/loggers/main.bicep
@@ -0,0 +1,55 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource component 'Microsoft.Insights/components@2020-02-02' = {
+  name: resourceName
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    DisableIpMasking: false
+    DisableLocalAuth: false
+    ForceCustomerStorageForProfiler: false
+    RetentionInDays: 90
+    SamplingPercentage: 100
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+  }
+}
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource logger 'Microsoft.ApiManagement/service/loggers@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    credentials: {
+      instrumentationKey: component.properties.InstrumentationKey
+    }
+    description: ''
+    isBuffered: true
+    loggerType: 'applicationInsights'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/main.bicep
new file mode 100644
index 00000000..6d40bf73
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/main.bicep
@@ -0,0 +1,38 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_GCM_SHA384': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 1
+    name: 'Developer'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/namedvalues/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/namedvalues/main.bicep
new file mode 100644
index 00000000..872f016c
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/namedvalues/main.bicep
@@ -0,0 +1,40 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource namedValue 'Microsoft.ApiManagement/service/namedValues@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    displayName: 'TestProperty230630032559683679'
+    secret: false
+    tags: [
+      'tag1'
+      'tag2'
+    ]
+    value: 'Test Value'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/openidconnectproviders/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/openidconnectproviders/main.bicep
new file mode 100644
index 00000000..5ca9141b
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/openidconnectproviders/main.bicep
@@ -0,0 +1,43 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The client ID for the OpenID Connect provider')
+param openidClientId string
+@secure()
+@description('The client secret for the OpenID Connect provider')
+param openidClientSecret string
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource openidConnectProvider 'Microsoft.ApiManagement/service/openidConnectProviders@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    clientId: null
+    clientSecret: null
+    description: ''
+    displayName: 'Initial Name'
+    metadataEndpoint: 'https://azacceptance.hashicorptest.com/example/foo'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/policyfragments/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/policyfragments/main.bicep
new file mode 100644
index 00000000..b0ee6500
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/policyfragments/main.bicep
@@ -0,0 +1,52 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_GCM_SHA384': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 1
+    name: 'Developer'
+  }
+}
+
+resource policyFragment 'Microsoft.ApiManagement/service/policyFragments@2021-12-01-preview' = {
+  parent: service
+  name: 'error-handler'
+  properties: {
+    description: 'Fragment for Error Handling'
+    format: 'xml'
+    value: '''    <fragment>
+        <set-variable name="abc" value="abc" />
+        <find-and-replace from="xyz" to="foo" />
+    </fragment>
+'''
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/portalsettings/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/portalsettings/main.bicep
new file mode 100644
index 00000000..5b803d1a
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/portalsettings/main.bicep
@@ -0,0 +1,51 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_GCM_SHA384': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 1
+    name: 'Developer'
+  }
+}
+
+resource portalsetting 'Microsoft.ApiManagement/service/portalsettings@2021-08-01' = {
+  parent: service
+  name: 'signup'
+  properties: {
+    enabled: false
+    termsOfService: {
+      consentRequired: false
+      enabled: false
+      text: ''
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/products/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/products/main.bicep
new file mode 100644
index 00000000..f85e8ff6
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/products/main.bicep
@@ -0,0 +1,38 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource product 'Microsoft.ApiManagement/service/products@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    description: ''
+    displayName: 'Test Product'
+    state: 'notPublished'
+    subscriptionRequired: false
+    terms: ''
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/products/policies/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/products/policies/main.bicep
new file mode 100644
index 00000000..3fdf411f
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/products/policies/main.bicep
@@ -0,0 +1,47 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource product 'Microsoft.ApiManagement/service/products@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    description: ''
+    displayName: 'Test Product'
+    state: 'notPublished'
+    subscriptionRequired: false
+    terms: ''
+  }
+}
+
+resource policy2 'Microsoft.ApiManagement/service/products/policies@2021-08-01' = {
+  parent: product
+  name: 'policy'
+  properties: {
+    format: 'rawxml-link'
+    value: 'https://gist.githubusercontent.com/riordanp/ca22f8113afae0eb38cc12d718fd048d/raw/d6ac89a2f35a6881a7729f8cb4883179dc88eea1/example.xml'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/products/tags/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/products/tags/main.bicep
new file mode 100644
index 00000000..b7bc916b
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/products/tags/main.bicep
@@ -0,0 +1,51 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource product 'Microsoft.ApiManagement/service/products@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    description: ''
+    displayName: 'Test Product'
+    state: 'notPublished'
+    subscriptionRequired: false
+    terms: ''
+  }
+}
+
+resource serviceTag 'Microsoft.ApiManagement/service/tags@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    displayName: 'acctest0001'
+  }
+}
+
+resource tag 'Microsoft.ApiManagement/service/products/tags@2021-08-01' = {
+  parent: product
+  name: 'service_tag.name'
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/schemas/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/schemas/main.bicep
new file mode 100644
index 00000000..beda098c
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/schemas/main.bicep
@@ -0,0 +1,57 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource schema 'Microsoft.ApiManagement/service/schemas@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    description: ''
+    schemaType: 'xml'
+    value: '''    <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+    xmlns:tns="http://tempuri.org/PurchaseOrderSchema.xsd" targetNamespace="http://tempuri.org/PurchaseOrderSchema.xsd" elementFormDefault="qualified">
+    <xsd:element name="PurchaseOrder" type="tns:PurchaseOrderType"/>
+    <xsd:complexType name="PurchaseOrderType">
+        <xsd:sequence>
+            <xsd:element name="ShipTo" type="tns:USAddress" maxOccurs="2"/>
+            <xsd:element name="BillTo" type="tns:USAddress"/>
+        </xsd:sequence>
+        <xsd:attribute name="OrderDate" type="xsd:date"/>
+    </xsd:complexType>
+    <xsd:complexType name="USAddress">
+        <xsd:sequence>
+            <xsd:element name="name" type="xsd:string"/>
+            <xsd:element name="street" type="xsd:string"/>
+            <xsd:element name="city" type="xsd:string"/>
+            <xsd:element name="state" type="xsd:string"/>
+            <xsd:element name="zip" type="xsd:integer"/>
+        </xsd:sequence>
+        <xsd:attribute name="country" type="xsd:NMTOKEN" fixed="US"/>
+    </xsd:complexType>
+</xsd:schema>
+'''
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/subscriptions/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/subscriptions/main.bicep
new file mode 100644
index 00000000..bd723fb6
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/subscriptions/main.bicep
@@ -0,0 +1,72 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_GCM_SHA384': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 1
+    name: 'Developer'
+  }
+}
+
+resource product 'Microsoft.ApiManagement/service/products@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    description: ''
+    displayName: 'Test Product'
+    state: 'published'
+    subscriptionRequired: true
+    terms: ''
+  }
+}
+
+resource subscription 'Microsoft.ApiManagement/service/subscriptions@2021-08-01' = {
+  parent: service
+  name: '0f393927-8f2d-499d-906f-c03943328d31'
+  properties: {
+    allowTracing: true
+    displayName: 'Butter Parser API Enterprise Edition'
+    ownerId: user.id
+    scope: product.id
+    state: 'submitted'
+  }
+}
+
+resource user 'Microsoft.ApiManagement/service/users@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    email: 'azure-acctest230630032559695401@example.com'
+    firstName: 'Acceptance'
+    lastName: 'Test'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/tags/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/tags/main.bicep
new file mode 100644
index 00000000..bcdae209
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/tags/main.bicep
@@ -0,0 +1,34 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 0
+    name: 'Consumption'
+  }
+}
+
+resource tag 'Microsoft.ApiManagement/service/tags@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    displayName: 'acctest0001'
+  }
+}
diff --git a/settings/remarks/microsoft.apimanagement/samples/service/users/main.bicep b/settings/remarks/microsoft.apimanagement/samples/service/users/main.bicep
new file mode 100644
index 00000000..cbb54ba1
--- /dev/null
+++ b/settings/remarks/microsoft.apimanagement/samples/service/users/main.bicep
@@ -0,0 +1,48 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.ApiManagement/service@2021-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    certificates: []
+    customProperties: {
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_GCM_SHA384': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
+      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
+    }
+    disableGateway: false
+    publicNetworkAccess: 'Enabled'
+    publisherEmail: 'pub1@email.com'
+    publisherName: 'pub1'
+    virtualNetworkType: 'None'
+  }
+  sku: {
+    capacity: 1
+    name: 'Developer'
+  }
+}
+
+resource user 'Microsoft.ApiManagement/service/users@2021-08-01' = {
+  parent: service
+  name: resourceName
+  properties: {
+    email: 'azure-acctest230630032559695401@example.com'
+    firstName: 'Acceptance'
+    lastName: 'Test'
+  }
+}
diff --git a/settings/remarks/microsoft.app/remarks.json b/settings/remarks/microsoft.app/remarks.json
index c703cfab..a83a5c1b 100644
--- a/settings/remarks/microsoft.app/remarks.json
+++ b/settings/remarks/microsoft.app/remarks.json
@@ -41,5 +41,42 @@
       "Path": "samples/managedenvironments/storages/main.tf",
       "Description": "A basic example of deploying Container App Environment Storage."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.App/containerApps",
+      "Path": "samples/containerapps/main.bicep",
+      "Description": "A basic example of deploying Container App."
+    },
+    {
+      "ResourceType": "Microsoft.App/jobs",
+      "Path": "samples/jobs/main.bicep",
+      "Description": "A basic example of deploying Container App Job."
+    },
+    {
+      "ResourceType": "Microsoft.App/managedEnvironments",
+      "Path": "samples/managedenvironments/main.bicep",
+      "Description": "A basic example of deploying Container App Environment."
+    },
+    {
+      "ResourceType": "Microsoft.App/managedEnvironments/certificates",
+      "Path": "samples/managedenvironments/certificates/main.bicep",
+      "Description": "A basic example of deploying Container App Environment Certificate."
+    },
+    {
+      "ResourceType": "Microsoft.App/managedEnvironments/daprComponents",
+      "Path": "samples/managedenvironments/daprcomponents/main.bicep",
+      "Description": "A basic example of deploying Dapr Component for a Container App Environment."
+    },
+    {
+      "ResourceType": "Microsoft.App/managedEnvironments/dotNetComponents",
+      "Path": "samples/managedenvironments/dotnetcomponents/main.bicep",
+      "Description": "A basic example of deploying App Managed Environments .NET Components."
+    },
+    {
+      "ResourceType": "Microsoft.App/managedEnvironments/storages",
+      "Path": "samples/managedenvironments/storages/main.bicep",
+      "Description": "A basic example of deploying Container App Environment Storage."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.app/samples/containerapps/main.bicep b/settings/remarks/microsoft.app/samples/containerapps/main.bicep
new file mode 100644
index 00000000..91f538b1
--- /dev/null
+++ b/settings/remarks/microsoft.app/samples/containerapps/main.bicep
@@ -0,0 +1,68 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource containerApp 'Microsoft.App/containerApps@2022-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    configuration: {
+      activeRevisionsMode: 'Single'
+    }
+    managedEnvironmentId: managedEnvironment.id
+    template: {
+      containers: [
+        {
+          env: []
+          image: 'jackofallops/azure-containerapps-python-acctest:v0.0.1'
+          name: 'acctest-cont-230630032906865620'
+          probes: []
+          resources: {
+            cpu: any('0.25')
+            ephemeralStorage: '1Gi'
+            memory: '0.5Gi'
+          }
+          volumeMounts: []
+        }
+      ]
+      scale: {
+        maxReplicas: 10
+      }
+      volumes: []
+    }
+  }
+}
+
+resource managedEnvironment 'Microsoft.App/managedEnvironments@2022-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    appLogsConfiguration: {
+      destination: 'log-analytics'
+      logAnalyticsConfiguration: {
+        customerId: workspace.properties.customerId
+        sharedKey: workspace.listKeys().primarySharedKey
+      }
+    }
+    vnetConfiguration: {}
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.app/samples/jobs/main.bicep b/settings/remarks/microsoft.app/samples/jobs/main.bicep
new file mode 100644
index 00000000..890a500a
--- /dev/null
+++ b/settings/remarks/microsoft.app/samples/jobs/main.bicep
@@ -0,0 +1,61 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource job 'Microsoft.App/jobs@2025-01-01' = {
+  name: '${resourceName}-cajob'
+  location: location
+  properties: {
+    configuration: {
+      manualTriggerConfig: {
+        parallelism: 4
+        replicaCompletionCount: 1
+      }
+      replicaRetryLimit: 10
+      replicaTimeout: 10
+      triggerType: 'Manual'
+    }
+    environmentId: managedEnvironment.id
+    template: {
+      containers: [
+        {
+          env: []
+          image: 'jackofallops/azure-containerapps-python-acctest:v0.0.1'
+          name: 'testcontainerappsjob0'
+          probes: []
+          resources: {
+            cpu: any('0.5')
+            memory: '1Gi'
+          }
+          volumeMounts: []
+        }
+      ]
+      initContainers: []
+      volumes: []
+    }
+  }
+}
+
+resource managedEnvironment 'Microsoft.App/managedEnvironments@2025-01-01' = {
+  name: '${resourceName}-env'
+  location: location
+  properties: {
+    appLogsConfiguration: {
+      destination: 'log-analytics'
+      logAnalyticsConfiguration: {
+        customerId: workspace.properties.customerId
+        sharedKey: workspace.listKeys().primarySharedKey
+      }
+    }
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' = {
+  name: '${resourceName}-law'
+  location: location
+  properties: {
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.app/samples/managedenvironments/certificates/main.bicep b/settings/remarks/microsoft.app/samples/managedenvironments/certificates/main.bicep
new file mode 100644
index 00000000..eb160a33
--- /dev/null
+++ b/settings/remarks/microsoft.app/samples/managedenvironments/certificates/main.bicep
@@ -0,0 +1,50 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The password for the certificate used in the managed environment')
+param certificatePassword string
+
+resource managedEnvironment 'Microsoft.App/managedEnvironments@2022-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    appLogsConfiguration: {
+      destination: 'log-analytics'
+      logAnalyticsConfiguration: {
+        customerId: workspace.properties.customerId
+        sharedKey: workspace.listKeys().primarySharedKey
+      }
+    }
+    vnetConfiguration: {}
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
+
+resource certificate 'Microsoft.App/managedEnvironments/certificates@2022-03-01' = {
+  parent: managedEnvironment
+  name: resourceName
+  location: location
+  properties: {
+    password: null
+    value: 'MIIKEQIBAzCCCdcGCSqGSIb3DQEHAaCCCcgEggnEMIIJwDCCBHcGCSqGSIb3DQEHBqCCBGgwggRkAgEAMIIEXQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIC/GU56w4YWICAggAgIIEME9dVUOUs44yTqMunA5mEqo8YC4evKVXEA8ESnlfh8QVNEpyWzxwx83t6tg0Dfjk4INCGnDrAxqhQ/685mWQ9IM7J944BTznoN6uK9EqMtDVwavqwapvVR+yCCzqCMIQWUrrAiUzNPFQELCaMg1S13pjHOVd0iJSxvJ98Dga35baMyheYnLYksz1OObCyrn4yAHoyVnenqZd46He0ZmQS3pUrnTYe3U56fZDapRE6peRL5ItIpFrytaV7+KLisQdpQKDPkeew/zaf+p1hT57EHfUFgBYWFMgN4f1egqkKKDrh112Z+C6CUlps5N0AYGZ+ozLMNd1t/x87gCH5AuNeQEIBfDkmhLvZWZ5vLOiEKAoAQxFaMK+U+Vih6msysaQ7NhFA+h/NMmdt9RPm9pV7X+Qq7KNKHnhMZ7mNqxKvdidPOj5UGqhnN/OXrY8MykoedDakwwE9ZCY3ZQS9IN8kjwl2m9gJy18A2hZK+m3jEYGfn6tDayN6eAod1q/OnP7Tujp06pZFZ8HyXIbTPApuFYXSbAWhdBuCHGj0PzthLRzN8iv3T1d46oaEjjQddpM683RWH+daFtXLX7gMH4QjHxRND3IxEzHOiehLwOr2w6bgzIEeXksDPqitz/RGLgs4f10B6cvkCuGTXUCAQcel2IN4fM7dpD5uyg40q+xaFjmF/OLRdjS1vCezDvxVbRpazZOxMFMPQykBFcInP4vKURZ09MujElbBHSiglNjYGEC8k1Ehcqmz9GqU5o+9JHYFr2AgRqIIyz7jIjCZxsD0psdVjIPSYac6Qze5BK+qq/cH/ilIaNq3WGgwCtPA1pcicVYAYwB4czTHUfteO1FjlGYqbGu1b4GA4HzPLBUjTaFla4FgnO7je4PT7A3u3xaVAsCC1rZWKM4atYmkckboC4XE14mYlU625Hoap/xvKW6cbVAucBRkxMps/bV1Pik6N3YLeG2KUMQ77yNDGgv3qZ6XpgJ1Um7QZyW1XdQqtktZBror0bNUsG3Kkp/XPNxWhJLPI3baY84dqoRsXaDIh7k+iV+UuX/Tz70PqWThwANHJ2BmkwXUY1cyiHqJ4mBnu9t/oitjVVYr3a5UGKDzQY6Tcjrp22npiDrnEKpdwqUeShqb0mO4cCAksYy6jh7Eirk1Gdlk/tbMBMCN16Wbsh3kk/i9utQAc4R6+VFq5+/26noW/Q24a4onRGjZ5+rUXlGDUjzssJPxXM6906qMZIpdMB2nZMUp4P6UcPgB3t8FQa8SJs3gIFTxmf9Dce1qloHeXGX7UZ3IGZRZPqxXuBOzCbKf5/M2c3Pe6Vl3Jt/LTN22ghKR4VrVz7Ron71NU+CCvH4LbOyEnnzWe1ePO6RCdpRcN1bUJYa1htvWKb9WUMywfLiKjC6Cx+ezfFZ1DYvXsjq6MzKq22/XE4/fM0wggVBBgkqhkiG9w0BBwGgggUyBIIFLjCCBSowggUmBgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEMAQMwDgQIGRXiBvDEL+QCAggABIIEyLn7jmjZLfuFF366QMW9j8TolTxeyuMxsaPnEmw1sIc9Y6IlKzCqzGt3qAgSgdTPV6flNJBcoI4oQFhes7EDcpNfrAxzIRBQYS7i2JC/T68GNfkTIlb0sq8oU4JgoGMXDPjhgQ3yUNkn4xnxfpxy7N1mo41LfJVovG8JsBtg0boV2OovxKYTVFg4X1W4KD+BcJMkI+gjlmHcrnWkDFEycEddxznZINaf9LiZsoSh6gvSGXSRBrmFkG5nWXB/Q25r6cxHm4ZNIKYLFyCV8waq5R1fnvuiT62BI8vYyD1NO+Py2FGFO3vqV/7KrrD8x9eijSv2+ooe220Lqi2lR8HNlwrgh9my4Fak6SzQC5E2iAStzZrRtUr3Xfs4di8ixwgpC6HAt/egOCocKI6aJhouJJoihrow4axeKYdsjKgXairNElIu0/aTdKXptdfXuAos2ct42AHDP3TVngH6q+2B8HPyokQjegr+WE6Jfw9aHeLIBIPK3pFAUqH7hDHFt2OM4GZDaDMesNYhFaX+IJqdIbvr97eaLDFgrhVhB4kvRw7E2VW2K9aXDmDlIRP2XmXEcbC31cKzV19A4W7rEuTdJ9IJb06sCmU/jIGSdm9g+fKKXd15K9D+U+kyhCwqzEZt0JYsJIzypq15nL+QQX61renMUwfU13H0RYjjvqU3CGH3shUGcl0FvQoMPQy1a04ZvOsGiqLlR3lkiEbov7a/prJCkH1AAwezUHiSrn/Y7rVWGLHyd4k6Hd7wBvzRia3MmYDertXdEiinyMqPBiVRdd/NkSkjiBgLpHl3VleKJzmrlLfENnMt2iLSr3ZbhmVpJfn6wMhsqdIbkQT3CcSIoVo91U8JL6U38s4kArKtjgHgSUtST6Aw2o06EOWvVSp2BpsLNth/s21vK7Z1xnrZ06fO/msj+ElzsmLpPVGFpG3D8MW1ULZd2VqtK6cPFPyaYjUE3ZahGn50/DIVaSikvv6Yh4YjMBksiBfsLdndvfIit29i/eRTd3T28WPmvY87k6uG8xgYoDlwXmrBHdl57NktM8ND+Z9HUww4/issZkvvh7MdU2YbDOQsBs2kIYf6h2udRpztXBpecyI2WmFW8tsKXhv4vdx+xldEwtHQL4/UWgofkNl2LeABpn00kRjZ+rybD2p7cCmXKQbM+I6Yu564hC1lffAMBrMT5yUFgzCdmkRJT+8xp1C/zxWGx16dFImpTIPNmjGBU6UcfBg+fpFocybQ8s+yb2Xoq/s/NxpYDO5vqQT/rpPtKCQls8DLMssGgGAyvZ+e0qCnfK5BKUKtxA0tz/mXZrt+Ty6w6KjdZ6Ntmjt546tXTBeRrCJZlwJmPKehpeN5HopDQ7LyWqrKXLGlArCLmB1Xz1LUR1vL4KD7RdO/93LWN5EWQDRtoZCVFU/tCqRh+s4Ljw5jsiFBCczoF3z3dDSid3VL864bXB2neq/wHHhChSnODo6HhdaPfGYSFw7m4kFh7tn3MimFyTdJGqtPdLckFCqckZsliZyCqEAu05xgQJqjrnBEH8B/z3Aq3hHWiR0z1v8jPc8MUlBGeaTjl29c8DSx7gBh7c0Qs0yTxHd1TcELijPvy5dwzEenBYXDCbaxPW0Vm9AHsHVF2A2iuzElMCMGCSqGSIb3DQEJFTEWBBRwppPHAzTboDcfcZuQ6/YqIKiy2zAxMCEwCQYFKw4DAhoFAAQUNIuVDYFIRiHWnbIWwMphIFjOWckECND1GYVTSUGNAgIIAA=='
+  }
+}
diff --git a/settings/remarks/microsoft.app/samples/managedenvironments/daprcomponents/main.bicep b/settings/remarks/microsoft.app/samples/managedenvironments/daprcomponents/main.bicep
new file mode 100644
index 00000000..225e48b5
--- /dev/null
+++ b/settings/remarks/microsoft.app/samples/managedenvironments/daprcomponents/main.bicep
@@ -0,0 +1,49 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource managedEnvironment 'Microsoft.App/managedEnvironments@2022-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    appLogsConfiguration: {
+      destination: 'log-analytics'
+      logAnalyticsConfiguration: {
+        customerId: workspace.properties.customerId
+        sharedKey: workspace.listKeys().primarySharedKey
+      }
+    }
+    vnetConfiguration: {}
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
+
+resource daprComponent 'Microsoft.App/managedEnvironments/daprComponents@2022-03-01' = {
+  parent: managedEnvironment
+  name: resourceName
+  properties: {
+    componentType: 'state.azure.blobstorage'
+    ignoreErrors: false
+    initTimeout: '5s'
+    scopes: null
+    version: 'v1'
+  }
+}
diff --git a/settings/remarks/microsoft.app/samples/managedenvironments/dotnetcomponents/main.bicep b/settings/remarks/microsoft.app/samples/managedenvironments/dotnetcomponents/main.bicep
new file mode 100644
index 00000000..9e0a93f6
--- /dev/null
+++ b/settings/remarks/microsoft.app/samples/managedenvironments/dotnetcomponents/main.bicep
@@ -0,0 +1,47 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource managedEnvironment 'Microsoft.App/managedEnvironments@2022-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    appLogsConfiguration: {
+      destination: 'log-analytics'
+      logAnalyticsConfiguration: {
+        customerId: workspace.properties.customerId
+        sharedKey: workspace.listKeys().primarySharedKey
+      }
+    }
+    vnetConfiguration: {}
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
+
+resource aspireDashboard 'Microsoft.App/managedEnvironments/dotNetComponents@2024-10-02-preview' = {
+  parent: managedEnvironment
+  name: resourceName
+  properties: {
+    componentType: 'AspireDashboard'
+    configurations: []
+    serviceBinds: []
+  }
+}
diff --git a/settings/remarks/microsoft.app/samples/managedenvironments/main.bicep b/settings/remarks/microsoft.app/samples/managedenvironments/main.bicep
new file mode 100644
index 00000000..88753ea0
--- /dev/null
+++ b/settings/remarks/microsoft.app/samples/managedenvironments/main.bicep
@@ -0,0 +1,37 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource managedEnvironment 'Microsoft.App/managedEnvironments@2022-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    appLogsConfiguration: {
+      destination: 'log-analytics'
+      logAnalyticsConfiguration: {
+        customerId: workspace.properties.customerId
+        sharedKey: workspace.listKeys().primarySharedKey
+      }
+    }
+    vnetConfiguration: {}
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.app/samples/managedenvironments/storages/main.bicep b/settings/remarks/microsoft.app/samples/managedenvironments/storages/main.bicep
new file mode 100644
index 00000000..c819d4ca
--- /dev/null
+++ b/settings/remarks/microsoft.app/samples/managedenvironments/storages/main.bicep
@@ -0,0 +1,89 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource managedEnvironment 'Microsoft.App/managedEnvironments@2022-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    appLogsConfiguration: {
+      destination: 'log-analytics'
+      logAnalyticsConfiguration: {
+        customerId: workspace.properties.customerId
+        sharedKey: workspace.listKeys().primarySharedKey
+      }
+    }
+    vnetConfiguration: {}
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+  tags: {
+    environment: 'accTest'
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
+
+resource storage 'Microsoft.App/managedEnvironments/storages@2022-03-01' = {
+  parent: managedEnvironment
+  name: resourceName
+  properties: {
+    azureFile: {
+      accessMode: 'ReadWrite'
+      accountKey: storageAccount.listKeys().keys[0].value
+      accountName: storageAccount.properties.name
+      shareName: 'testsharehkez7'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.appconfiguration/remarks.json b/settings/remarks/microsoft.appconfiguration/remarks.json
index f71266a7..15311af2 100644
--- a/settings/remarks/microsoft.appconfiguration/remarks.json
+++ b/settings/remarks/microsoft.appconfiguration/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/configurationstores/main.tf",
       "Description": "A basic example of deploying Azure App Configuration."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.AppConfiguration/configurationStores",
+      "Path": "samples/configurationstores/main.bicep",
+      "Description": "A basic example of deploying Azure App Configuration."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.appconfiguration/samples/configurationstores/main.bicep b/settings/remarks/microsoft.appconfiguration/samples/configurationstores/main.bicep
new file mode 100644
index 00000000..e443bc1f
--- /dev/null
+++ b/settings/remarks/microsoft.appconfiguration/samples/configurationstores/main.bicep
@@ -0,0 +1,14 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource configurationStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    enablePurgeProtection: false
+  }
+  sku: {
+    name: 'standard'
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/remarks.json b/settings/remarks/microsoft.appplatform/remarks.json
index e6232f4d..4147aeed 100644
--- a/settings/remarks/microsoft.appplatform/remarks.json
+++ b/settings/remarks/microsoft.appplatform/remarks.json
@@ -223,5 +223,102 @@
       "Path": "samples/spring/storages/main.tf",
       "Description": "A basic example of deploying Spring Cloud Storage."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring",
+      "Path": "samples/spring/main.bicep",
+      "Description": "A basic example of deploying Azure Spring Cloud Service."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/DevToolPortals",
+      "Path": "samples/spring/devtoolportals/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud Dev Tool Portal."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/apiPortals",
+      "Path": "samples/spring/apiportals/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud API Portal."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/apiPortals/domains",
+      "Path": "samples/spring/apiportals/domains/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud API Portal Domain."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/applicationAccelerators",
+      "Path": "samples/spring/applicationaccelerators/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud Accelerator."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/applicationAccelerators/customizedAccelerators",
+      "Path": "samples/spring/applicationaccelerators/customizedaccelerators/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud Customized Accelerator."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/applicationLiveViews",
+      "Path": "samples/spring/applicationliveviews/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud Application Live View."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/apps",
+      "Path": "samples/spring/apps/main.bicep",
+      "Description": "A basic example of deploying an Azure Spring Cloud Application."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/apps/bindings",
+      "Path": "samples/spring/apps/bindings/main.bicep",
+      "Description": "A basic example of deploying Associates a Spring Cloud Application with a resource."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/apps/deployments",
+      "Path": "samples/spring/apps/deployments/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud Deployment."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/buildServices/builders",
+      "Path": "samples/spring/buildservices/builders/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud Builder."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings",
+      "Path": "samples/spring/buildservices/builders/buildpackbindings/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud Build Pack Binding."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/configServers",
+      "Path": "samples/spring/configservers/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud Config Server."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/configurationServices",
+      "Path": "samples/spring/configurationservices/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud Configuration Service."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/gateways",
+      "Path": "samples/spring/gateways/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud Gateway."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/gateways/domains",
+      "Path": "samples/spring/gateways/domains/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud Gateway Custom Domain."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/gateways/routeConfigs",
+      "Path": "samples/spring/gateways/routeconfigs/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud Gateway Route Config."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/monitoringSettings",
+      "Path": "samples/spring/monitoringsettings/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud Monitoring Settings."
+    },
+    {
+      "ResourceType": "Microsoft.AppPlatform/Spring/storages",
+      "Path": "samples/spring/storages/main.bicep",
+      "Description": "A basic example of deploying Spring Cloud Storage."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/apiportals/domains/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/apiportals/domains/main.bicep
new file mode 100644
index 00000000..f7d61a68
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/apiportals/domains/main.bicep
@@ -0,0 +1,36 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'E0'
+  }
+}
+
+resource apiPortal 'Microsoft.AppPlatform/Spring/apiPortals@2023-05-01-preview' = {
+  parent: spring
+  name: 'default'
+  properties: {
+    gatewayIds: []
+    httpsOnly: false
+    public: false
+  }
+  sku: {
+    capacity: 1
+    name: 'E0'
+    tier: 'Enterprise'
+  }
+}
+
+resource domain 'Microsoft.AppPlatform/Spring/apiPortals/domains@2023-05-01-preview' = {
+  parent: apiPortal
+  name: '${resourceName}.azuremicroservices.io'
+  properties: {
+    thumbprint: ''
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/apiportals/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/apiportals/main.bicep
new file mode 100644
index 00000000..8397c83d
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/apiportals/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'E0'
+  }
+}
+
+resource apiPortal 'Microsoft.AppPlatform/Spring/apiPortals@2023-05-01-preview' = {
+  parent: spring
+  name: 'default'
+  properties: {
+    gatewayIds: []
+    httpsOnly: false
+    public: false
+  }
+  sku: {
+    capacity: 1
+    name: 'E0'
+    tier: 'Enterprise'
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/applicationaccelerators/customizedaccelerators/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/applicationaccelerators/customizedaccelerators/main.bicep
new file mode 100644
index 00000000..cae0847c
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/applicationaccelerators/customizedaccelerators/main.bicep
@@ -0,0 +1,37 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'E0'
+  }
+}
+
+resource applicationAccelerator 'Microsoft.AppPlatform/Spring/applicationAccelerators@2023-05-01-preview' = {
+  parent: spring
+  name: 'default'
+}
+
+resource customizedAccelerator 'Microsoft.AppPlatform/Spring/applicationAccelerators/customizedAccelerators@2023-05-01-preview' = {
+  parent: applicationAccelerator
+  name: resourceName
+  properties: {
+    description: ''
+    displayName: ''
+    gitRepository: {
+      authSetting: {
+        authType: 'Public'
+      }
+      branch: 'master'
+      commit: ''
+      gitTag: ''
+      url: 'https://github.com/Azure-Samples/piggymetrics'
+    }
+    iconUrl: ''
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/applicationaccelerators/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/applicationaccelerators/main.bicep
new file mode 100644
index 00000000..63c0908a
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/applicationaccelerators/main.bicep
@@ -0,0 +1,18 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'E0'
+  }
+}
+
+resource applicationAccelerator 'Microsoft.AppPlatform/Spring/applicationAccelerators@2023-05-01-preview' = {
+  parent: spring
+  name: 'default'
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/applicationliveviews/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/applicationliveviews/main.bicep
new file mode 100644
index 00000000..bfd66a0c
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/applicationliveviews/main.bicep
@@ -0,0 +1,18 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'E0'
+  }
+}
+
+resource applicationLiveView 'Microsoft.AppPlatform/Spring/applicationLiveViews@2023-05-01-preview' = {
+  parent: spring
+  name: 'default'
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/apps/bindings/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/apps/bindings/main.bicep
new file mode 100644
index 00000000..f1b5e915
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/apps/bindings/main.bicep
@@ -0,0 +1,50 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'S0'
+  }
+}
+
+resource redis 'Microsoft.Cache/redis@2023-04-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableNonSslPort: true
+    minimumTlsVersion: '1.2'
+    sku: {
+      capacity: 2
+      family: 'C'
+      name: 'Standard'
+    }
+  }
+}
+
+resource app 'Microsoft.AppPlatform/Spring/apps@2023-05-01-preview' = {
+  parent: spring
+  name: resourceName
+  location: location
+  properties: {
+    customPersistentDisks: []
+    enableEndToEndTLS: false
+    public: false
+  }
+}
+
+resource binding 'Microsoft.AppPlatform/Spring/apps/bindings@2023-05-01-preview' = {
+  parent: app
+  name: resourceName
+  properties: {
+    bindingParameters: {
+      useSsl: 'true'
+    }
+    key: 'redis.listKeys().primaryKey'
+    resourceId: redis.id
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/apps/deployments/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/apps/deployments/main.bicep
new file mode 100644
index 00000000..0d143257
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/apps/deployments/main.bicep
@@ -0,0 +1,49 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'E0'
+  }
+}
+
+resource app 'Microsoft.AppPlatform/Spring/apps@2023-05-01-preview' = {
+  parent: spring
+  name: resourceName
+  location: location
+  properties: {
+    customPersistentDisks: []
+    enableEndToEndTLS: false
+    public: false
+  }
+}
+
+resource deployment 'Microsoft.AppPlatform/Spring/apps/deployments@2023-05-01-preview' = {
+  parent: app
+  name: resourceName
+  properties: {
+    deploymentSettings: {
+      environmentVariables: {}
+    }
+    source: {
+      customContainer: {
+        args: []
+        command: []
+        containerImage: 'springio/gs-spring-boot-docker'
+        languageFramework: ''
+        server: 'docker.io'
+      }
+      type: 'Container'
+    }
+  }
+  sku: {
+    capacity: 1
+    name: 'E0'
+    tier: 'Enterprise'
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/apps/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/apps/main.bicep
new file mode 100644
index 00000000..f0248f20
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/apps/main.bicep
@@ -0,0 +1,24 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'E0'
+  }
+}
+
+resource app 'Microsoft.AppPlatform/Spring/apps@2023-05-01-preview' = {
+  parent: spring
+  name: resourceName
+  location: location
+  properties: {
+    customPersistentDisks: []
+    enableEndToEndTLS: false
+    public: false
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/buildservices/builders/buildpackbindings/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/buildservices/builders/buildpackbindings/main.bicep
new file mode 100644
index 00000000..21a9abab
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/buildservices/builders/buildpackbindings/main.bicep
@@ -0,0 +1,47 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'E0'
+  }
+}
+
+resource buildService 'Microsoft.AppPlatform/Spring/buildServices@2023-05-01-preview' = {
+  parent: spring
+  name: 'default'
+  properties: {}
+}
+
+resource builder 'Microsoft.AppPlatform/Spring/buildServices/builders@2023-05-01-preview' = {
+  name: resourceName
+  properties: {
+    buildpackGroups: [
+      {
+        buildpacks: [
+          {
+            id: 'tanzu-buildpacks/java-azure'
+          }
+        ]
+        name: 'mix'
+      }
+    ]
+    stack: {
+      id: 'io.buildpacks.stacks.bionic'
+      version: 'base'
+    }
+  }
+}
+
+resource buildpackBinding 'Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings@2023-05-01-preview' = {
+  parent: builder
+  name: resourceName
+  properties: {
+    bindingType: 'ApplicationInsights'
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/buildservices/builders/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/buildservices/builders/main.bicep
new file mode 100644
index 00000000..649a93ba
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/buildservices/builders/main.bicep
@@ -0,0 +1,39 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'E0'
+  }
+}
+
+resource buildService 'Microsoft.AppPlatform/Spring/buildServices@2023-05-01-preview' = {
+  parent: spring
+  name: 'default'
+  properties: {}
+}
+
+resource builder 'Microsoft.AppPlatform/Spring/buildServices/builders@2023-05-01-preview' = {
+  name: resourceName
+  properties: {
+    buildpackGroups: [
+      {
+        buildpacks: [
+          {
+            id: 'tanzu-buildpacks/java-azure'
+          }
+        ]
+        name: 'mix'
+      }
+    ]
+    stack: {
+      id: 'io.buildpacks.stacks.bionic'
+      version: 'base'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/configservers/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/configservers/main.bicep
new file mode 100644
index 00000000..d683b9a9
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/configservers/main.bicep
@@ -0,0 +1,21 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'S0'
+  }
+}
+
+resource configServer 'Microsoft.AppPlatform/Spring/configServers@2023-05-01-preview' = {
+  parent: spring
+  name: 'default'
+  properties: {
+    configServer: {}
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/configurationservices/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/configurationservices/main.bicep
new file mode 100644
index 00000000..9650fb4d
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/configurationservices/main.bicep
@@ -0,0 +1,23 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'E0'
+  }
+}
+
+resource configurationService 'Microsoft.AppPlatform/Spring/configurationServices@2023-05-01-preview' = {
+  parent: spring
+  name: 'default'
+  properties: {
+    settings: {
+      gitProperty: {}
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/devtoolportals/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/devtoolportals/main.bicep
new file mode 100644
index 00000000..95f0bda9
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/devtoolportals/main.bicep
@@ -0,0 +1,29 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'E0'
+  }
+}
+
+resource devtoolportal 'Microsoft.AppPlatform/Spring/DevToolPortals@2023-05-01-preview' = {
+  parent: spring
+  name: 'default'
+  properties: {
+    features: {
+      applicationAccelerator: {
+        state: 'Disabled'
+      }
+      applicationLiveView: {
+        state: 'Disabled'
+      }
+    }
+    public: false
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/gateways/domains/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/gateways/domains/main.bicep
new file mode 100644
index 00000000..e0e7e5ac
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/gateways/domains/main.bicep
@@ -0,0 +1,35 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'E0'
+  }
+}
+
+resource gateway 'Microsoft.AppPlatform/Spring/gateways@2023-05-01-preview' = {
+  parent: spring
+  name: 'default'
+  properties: {
+    httpsOnly: false
+    public: false
+  }
+  sku: {
+    capacity: 1
+    name: 'E0'
+    tier: 'Enterprise'
+  }
+}
+
+resource domain 'Microsoft.AppPlatform/Spring/gateways/domains@2023-05-01-preview' = {
+  parent: gateway
+  name: '${resourceName}.azuremicroservices.io'
+  properties: {
+    thumbprint: ''
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/gateways/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/gateways/main.bicep
new file mode 100644
index 00000000..4d3c60fa
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/gateways/main.bicep
@@ -0,0 +1,27 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'E0'
+  }
+}
+
+resource gateway 'Microsoft.AppPlatform/Spring/gateways@2023-05-01-preview' = {
+  parent: spring
+  name: 'default'
+  properties: {
+    httpsOnly: false
+    public: false
+  }
+  sku: {
+    capacity: 1
+    name: 'E0'
+    tier: 'Enterprise'
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/gateways/routeconfigs/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/gateways/routeconfigs/main.bicep
new file mode 100644
index 00000000..dd36bcdb
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/gateways/routeconfigs/main.bicep
@@ -0,0 +1,49 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'E0'
+  }
+}
+
+resource app 'Microsoft.AppPlatform/Spring/apps@2023-05-01-preview' = {
+  parent: spring
+  name: resourceName
+  location: location
+  properties: {
+    customPersistentDisks: []
+    enableEndToEndTLS: false
+    public: false
+  }
+}
+
+resource gateway 'Microsoft.AppPlatform/Spring/gateways@2023-05-01-preview' = {
+  parent: spring
+  name: 'default'
+  properties: {
+    httpsOnly: false
+    public: false
+  }
+  sku: {
+    capacity: 1
+    name: 'E0'
+    tier: 'Enterprise'
+  }
+}
+
+resource routeConfig 'Microsoft.AppPlatform/Spring/gateways/routeConfigs@2023-05-01-preview' = {
+  parent: gateway
+  name: resourceName
+  properties: {
+    appResourceId: app.id
+    protocol: 'HTTP'
+    routes: []
+    ssoEnabled: false
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/main.bicep
new file mode 100644
index 00000000..0a56e401
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/main.bicep
@@ -0,0 +1,13 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'S0'
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/monitoringsettings/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/monitoringsettings/main.bicep
new file mode 100644
index 00000000..78031b28
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/monitoringsettings/main.bicep
@@ -0,0 +1,21 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'S0'
+  }
+}
+
+resource monitoringSetting 'Microsoft.AppPlatform/Spring/monitoringSettings@2023-05-01-preview' = {
+  parent: spring
+  name: 'default'
+  properties: {
+    traceEnabled: false
+  }
+}
diff --git a/settings/remarks/microsoft.appplatform/samples/spring/storages/main.bicep b/settings/remarks/microsoft.appplatform/samples/spring/storages/main.bicep
new file mode 100644
index 00000000..caebb15d
--- /dev/null
+++ b/settings/remarks/microsoft.appplatform/samples/spring/storages/main.bicep
@@ -0,0 +1,59 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'S0'
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_GRS'
+  }
+}
+
+resource storage 'Microsoft.AppPlatform/Spring/storages@2023-05-01-preview' = {
+  parent: spring
+  name: resourceName
+  properties: {
+    accountKey: storageAccount.listKeys().keys[0].value
+    accountName: storageAccount.name
+    storageType: 'StorageAccount'
+  }
+}
diff --git a/settings/remarks/microsoft.attestation/remarks.json b/settings/remarks/microsoft.attestation/remarks.json
index 7bc95a0b..5e5b9a6e 100644
--- a/settings/remarks/microsoft.attestation/remarks.json
+++ b/settings/remarks/microsoft.attestation/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/attestationproviders/main.tf",
       "Description": "A basic example of deploying Attestation Provider."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Attestation/attestationProviders",
+      "Path": "samples/attestationproviders/main.bicep",
+      "Description": "A basic example of deploying Attestation Provider."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.attestation/samples/attestationproviders/main.bicep b/settings/remarks/microsoft.attestation/samples/attestationproviders/main.bicep
new file mode 100644
index 00000000..945985a0
--- /dev/null
+++ b/settings/remarks/microsoft.attestation/samples/attestationproviders/main.bicep
@@ -0,0 +1,8 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource attestationProvider 'Microsoft.Attestation/attestationProviders@2020-10-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.authorization/remarks.json b/settings/remarks/microsoft.authorization/remarks.json
index c207fa30..db17acb5 100644
--- a/settings/remarks/microsoft.authorization/remarks.json
+++ b/settings/remarks/microsoft.authorization/remarks.json
@@ -50,5 +50,42 @@
       "Path": "samples/roledefinitions/main.tf",
       "Description": "A basic example of deploying custom Role Definition."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Authorization/locks",
+      "Path": "samples/locks/main.bicep",
+      "Description": "A basic example of deploying Management Lock which is scoped to a Subscription, Resource Group or Resource."
+    },
+    {
+      "ResourceType": "Microsoft.Authorization/policyAssignments",
+      "Path": "samples/policyassignments/main.bicep",
+      "Description": "A basic example of deploying Policy Assignment."
+    },
+    {
+      "ResourceType": "Microsoft.Authorization/policyDefinitions",
+      "Path": "samples/policydefinitions/main.bicep",
+      "Description": "A basic example of deploying Authorization Policy Definitions."
+    },
+    {
+      "ResourceType": "Microsoft.Authorization/policyExemptions",
+      "Path": "samples/policyexemptions/main.bicep",
+      "Description": "A basic example of deploying Policy Exemption."
+    },
+    {
+      "ResourceType": "Microsoft.Authorization/policySetDefinitions",
+      "Path": "samples/policysetdefinitions/main.bicep",
+      "Description": "A basic example of deploying policy set definition."
+    },
+    {
+      "ResourceType": "Microsoft.Authorization/resourceManagementPrivateLinks",
+      "Path": "samples/resourcemanagementprivatelinks/main.bicep",
+      "Description": "A basic example of deploying Resource Management Private Link to restrict access for managing resources in the tenant."
+    },
+    {
+      "ResourceType": "Microsoft.Authorization/roleDefinitions",
+      "Path": "samples/roledefinitions/main.bicep",
+      "Description": "A basic example of deploying custom Role Definition."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.authorization/samples/locks/main.bicep b/settings/remarks/microsoft.authorization/samples/locks/main.bicep
new file mode 100644
index 00000000..01847652
--- /dev/null
+++ b/settings/remarks/microsoft.authorization/samples/locks/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource lock 'Microsoft.Authorization/locks@2020-05-01' = {
+  scope: publicIPAddress
+  name: resourceName
+  properties: {
+    level: 'CanNotDelete'
+    notes: ''
+  }
+}
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 30
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+  }
+  sku: {
+    name: 'Basic'
+    tier: 'Regional'
+  }
+}
diff --git a/settings/remarks/microsoft.authorization/samples/policyassignments/main.bicep b/settings/remarks/microsoft.authorization/samples/policyassignments/main.bicep
new file mode 100644
index 00000000..13204f20
--- /dev/null
+++ b/settings/remarks/microsoft.authorization/samples/policyassignments/main.bicep
@@ -0,0 +1,53 @@
+targetScope = 'subscription'
+
+param resourceName string = 'acctest0001'
+
+resource policyAssignment 'Microsoft.Authorization/policyAssignments@2022-06-01' = {
+  name: resourceName
+  properties: {
+    displayName: ''
+    enforcementMode: 'Default'
+    parameters: {
+      listOfAllowedLocations: {
+        value: [
+          'West Europe'
+          'West US 2'
+          'East US 2'
+        ]
+      }
+    }
+    policyDefinitionId: policyDefinition.id
+    scope: subscription().id
+  }
+}
+
+resource policyDefinition 'Microsoft.Authorization/policyDefinitions@2021-06-01' = {
+  name: resourceName
+  properties: {
+    description: ''
+    displayName: 'my-policy-definition'
+    mode: 'All'
+    parameters: {
+      allowedLocations: {
+        metadata: {
+          description: 'The list of allowed locations for resources.'
+          displayName: 'Allowed locations'
+          strongType: 'location'
+        }
+        type: 'Array'
+      }
+    }
+    policyRule: {
+      if: {
+        not: {
+          field: 'location'
+          in: '[parameters(\'allowedLocations\')]'
+        }
+      }
+      then: {
+        effect: 'audit'
+      }
+    }
+    policyType: 'Custom'
+  }
+}
diff --git a/settings/remarks/microsoft.authorization/samples/policydefinitions/main.bicep b/settings/remarks/microsoft.authorization/samples/policydefinitions/main.bicep
new file mode 100644
index 00000000..e4cd4a97
--- /dev/null
+++ b/settings/remarks/microsoft.authorization/samples/policydefinitions/main.bicep
@@ -0,0 +1,34 @@
+targetScope = 'subscription'
+
+param resourceName string = 'acctest0001'
+
+resource policyDefinition 'Microsoft.Authorization/policyDefinitions@2021-06-01' = {
+  name: resourceName
+  properties: {
+    description: ''
+    displayName: 'my-policy-definition'
+    mode: 'All'
+    parameters: {
+      allowedLocations: {
+        metadata: {
+          description: 'The list of allowed locations for resources.'
+          displayName: 'Allowed locations'
+          strongType: 'location'
+        }
+        type: 'Array'
+      }
+    }
+    policyRule: {
+      if: {
+        not: {
+          field: 'location'
+          in: '[parameters(\'allowedLocations\')]'
+        }
+      }
+      then: {
+        effect: 'audit'
+      }
+    }
+    policyType: 'Custom'
+  }
+}
diff --git a/settings/remarks/microsoft.authorization/samples/policyexemptions/main.bicep b/settings/remarks/microsoft.authorization/samples/policyexemptions/main.bicep
new file mode 100644
index 00000000..0b94be00
--- /dev/null
+++ b/settings/remarks/microsoft.authorization/samples/policyexemptions/main.bicep
@@ -0,0 +1,53 @@
+targetScope = 'subscription'
+
+param resourceName string = 'acctest0001'
+
+resource policyAssignment 'Microsoft.Authorization/policyAssignments@2022-06-01' = {
+  name: resourceName
+  properties: {
+    displayName: ''
+    enforcementMode: 'Default'
+    policyDefinitionId: policyDefinition.id
+    scope: subscription().id
+  }
+}
+
+resource policyDefinition 'Microsoft.Authorization/policyDefinitions@2021-06-01' = {
+  name: resourceName
+  properties: {
+    description: ''
+    displayName: 'my-policy-definition'
+    mode: 'All'
+    parameters: {
+      allowedLocations: {
+        metadata: {
+          description: 'The list of allowed locations for resources.'
+          displayName: 'Allowed locations'
+          strongType: 'location'
+        }
+        type: 'Array'
+      }
+    }
+    policyRule: {
+      if: {
+        not: {
+          field: 'location'
+          in: '[parameters(\'allowedLocations\')]'
+        }
+      }
+      then: {
+        effect: 'audit'
+      }
+    }
+    policyType: 'Custom'
+  }
+}
+
+resource policyExemption 'Microsoft.Authorization/policyExemptions@2020-07-01-preview' = {
+  name: resourceName
+  properties: {
+    exemptionCategory: 'Mitigated'
+    policyAssignmentId: policyAssignment.id
+    policyDefinitionReferenceIds: []
+  }
+}
diff --git a/settings/remarks/microsoft.authorization/samples/policysetdefinitions/main.bicep b/settings/remarks/microsoft.authorization/samples/policysetdefinitions/main.bicep
new file mode 100644
index 00000000..9dd7d3ef
--- /dev/null
+++ b/settings/remarks/microsoft.authorization/samples/policysetdefinitions/main.bicep
@@ -0,0 +1,65 @@
+targetScope = 'subscription'
+
+param resourceName string = 'acctest0001'
+
+resource policyDefinition 'Microsoft.Authorization/policyDefinitions@2021-06-01' = {
+  name: resourceName
+  properties: {
+    description: ''
+    displayName: 'my-policy-definition'
+    mode: 'All'
+    parameters: {
+      allowedLocations: {
+        metadata: {
+          description: 'The list of allowed locations for resources.'
+          displayName: 'Allowed locations'
+          strongType: 'location'
+        }
+        type: 'Array'
+      }
+    }
+    policyRule: {
+      if: {
+        not: {
+          field: 'location'
+          in: '[parameters(\'allowedLocations\')]'
+        }
+      }
+      then: {
+        effect: 'audit'
+      }
+    }
+    policyType: 'Custom'
+  }
+}
+
+resource policySetDefinition 'Microsoft.Authorization/policySetDefinitions@2025-01-01' = {
+  name: 'acctestpolset-${resourceName}'
+  properties: {
+    description: ''
+    displayName: 'acctestpolset-acctest0001'
+    parameters: {
+      allowedLocations: {
+        metadata: {
+          description: 'The list of allowed locations for resources.'
+          displayName: 'Allowed locations'
+          strongType: 'location'
+        }
+        type: 'Array'
+      }
+    }
+    policyDefinitions: [
+      {
+        groupNames: []
+        parameters: {
+          listOfAllowedLocations: {
+            value: '[parameters(\'allowedLocations\')]'
+          }
+        }
+        policyDefinitionId: policyDefinition.id
+        policyDefinitionReferenceId: ''
+      }
+    ]
+    policyType: 'Custom'
+  }
+}
diff --git a/settings/remarks/microsoft.authorization/samples/resourcemanagementprivatelinks/main.bicep b/settings/remarks/microsoft.authorization/samples/resourcemanagementprivatelinks/main.bicep
new file mode 100644
index 00000000..11d69aa8
--- /dev/null
+++ b/settings/remarks/microsoft.authorization/samples/resourcemanagementprivatelinks/main.bicep
@@ -0,0 +1,7 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource resourceManagementPrivateLink 'Microsoft.Authorization/resourceManagementPrivateLinks@2020-05-01' = {
+  name: resourceName
+  location: location
+}
diff --git a/settings/remarks/microsoft.authorization/samples/roledefinitions/main.bicep b/settings/remarks/microsoft.authorization/samples/roledefinitions/main.bicep
new file mode 100644
index 00000000..5f726a3e
--- /dev/null
+++ b/settings/remarks/microsoft.authorization/samples/roledefinitions/main.bicep
@@ -0,0 +1,25 @@
+targetScope = 'subscription'
+
+param resourceName string = 'acctest0001'
+
+resource roleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
+  name: '6faae21a-0cd6-4536-8c23-a278823d12ed'
+  properties: {
+    assignableScopes: [
+      subscription().id
+    ]
+    description: ''
+    permissions: [
+      {
+        actions: [
+          '*'
+        ]
+        dataActions: []
+        notActions: []
+        notDataActions: []
+      }
+    ]
+    roleName: 'acctest0001'
+    type: 'CustomRole'
+  }
+}
diff --git a/settings/remarks/microsoft.automanage/remarks.json b/settings/remarks/microsoft.automanage/remarks.json
index 6aa6d550..7aabf1a7 100644
--- a/settings/remarks/microsoft.automanage/remarks.json
+++ b/settings/remarks/microsoft.automanage/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/configurationprofiles/main.tf",
       "Description": "A basic example of deploying Automanage Configuration."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Automanage/configurationProfiles",
+      "Path": "samples/configurationprofiles/main.bicep",
+      "Description": "A basic example of deploying Automanage Configuration."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.automanage/samples/configurationprofiles/main.bicep b/settings/remarks/microsoft.automanage/samples/configurationprofiles/main.bicep
new file mode 100644
index 00000000..c9c9fb65
--- /dev/null
+++ b/settings/remarks/microsoft.automanage/samples/configurationprofiles/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource configurationProfile 'Microsoft.Automanage/configurationProfiles@2022-05-04' = {
+  name: resourceName
+  location: location
+  properties: {
+    configuration: {}
+  }
+}
diff --git a/settings/remarks/microsoft.automation/remarks.json b/settings/remarks/microsoft.automation/remarks.json
index 6041ba91..28e5e196 100644
--- a/settings/remarks/microsoft.automation/remarks.json
+++ b/settings/remarks/microsoft.automation/remarks.json
@@ -101,5 +101,92 @@
       "Path": "samples/automationaccounts/webhooks/main.tf",
       "Description": "A basic example of deploying Automation Runbook's Webhook."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts",
+      "Path": "samples/automationaccounts/main.bicep",
+      "Description": "A basic example of deploying Automation Account."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/certificates",
+      "Path": "samples/automationaccounts/certificates/main.bicep",
+      "Description": "A basic example of deploying Automation Certificate."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/configurations",
+      "Path": "samples/automationaccounts/configurations/main.bicep",
+      "Description": "A basic example of deploying Automation DSC Configuration."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/connectionTypes",
+      "Path": "samples/automationaccounts/connectiontypes/main.bicep",
+      "Description": "A basic example of deploying Automation Connection Type."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/connections",
+      "Path": "samples/automationaccounts/connections/main.bicep",
+      "Description": "A basic example of deploying Automation Connection."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/credentials",
+      "Path": "samples/automationaccounts/credentials/main.bicep",
+      "Description": "A basic example of deploying Automation Credential."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups",
+      "Path": "samples/automationaccounts/hybridrunbookworkergroups/main.bicep",
+      "Description": "A basic example of deploying Automation Account Runbook Worker Group."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/hybridRunbookWorkers",
+      "Path": "samples/automationaccounts/hybridrunbookworkergroups/hybridrunbookworkers/main.bicep",
+      "Description": "A basic example of deploying Automation."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/modules",
+      "Path": "samples/automationaccounts/modules/main.bicep",
+      "Description": "A basic example of deploying Automation Module."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/powershell72Modules",
+      "Path": "samples/automationaccounts/powershell72modules/main.bicep",
+      "Description": "A basic example of deploying Automation Powershell 7.2 Module."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/python3Packages",
+      "Path": "samples/automationaccounts/python3packages/main.bicep",
+      "Description": "A basic example of deploying Automation Python3 Package."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/runbooks",
+      "Path": "samples/automationaccounts/runbooks/main.bicep",
+      "Description": "A basic example of deploying Automation Runbook."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/runbooks/draft",
+      "Path": "samples/automationaccounts/runbooks/draft/main.bicep",
+      "Description": "A basic example of deploying Automation Accounts Runbooks Draft."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/schedules",
+      "Path": "samples/automationaccounts/schedules/main.bicep",
+      "Description": "A basic example of deploying Automation Schedule."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/softwareUpdateConfigurations",
+      "Path": "samples/automationaccounts/softwareupdateconfigurations/main.bicep",
+      "Description": "A basic example of deploying Automation Software Update Configuration."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/sourceControls",
+      "Path": "samples/automationaccounts/sourcecontrols/main.bicep",
+      "Description": "A basic example of deploying Automation Source Control."
+    },
+    {
+      "ResourceType": "Microsoft.Automation/automationAccounts/variables",
+      "Path": "samples/automationaccounts/variables/main.bicep",
+      "Description": "A basic example of deploying variable in Azure Automation."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/certificates/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/certificates/main.bicep
new file mode 100644
index 00000000..e4863be0
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/certificates/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource certificate 'Microsoft.Automation/automationAccounts/certificates@2020-01-13-preview' = {
+  parent: automationAccount
+  name: resourceName
+  properties: {
+    base64Value: 'MIIJXQIBAzCCCSMGCSqGSIb3DQEHAaCCCRQEggkQMIIJDDCCA0cGCSqGSIb3DQEHBqCCAzgwggM0AgEAMIIDLQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIgZpS0MR7AtwCAggAgIIDABD/o+pR2WXdr9RKUXVH3+L5/iNcSEAf5IFtBs2DftFE4wF+y32TUsp67M0LY4YfGLs3UEyv6qL2Mf1/nHRL87CaKWza9Dzz1H+TWIffA2fj/AsqLr+6QDJ4Ur9cvmvqdL2xL0hfmWt3RwCn7F0JLBfwLeColacsLkEqwqStGkFvjQ8r2CJ+E0xZ8GRzOdT8TOz0cGNzDl3dkSeRGYqDQ5/5NlGE6n3MJTqhullbff61hM6NBEZyB9xhNNs6zkT5j6Askx40YFpEStdFJ1TQSRMLDoCEpb6lqYY+HQ07ezoxYKvK/XMq43eN15sZz320ktkEkUF5ICyAry+ud1Cd6ReSV6ai4JvOaZGNwLVuFxinAq8TXqpBlqLOQSJCA6dItWo1O4snfPKTqblj8LxRYecLR8Pl9R55iVf2rh6p70b89UviTWrdlnUxhz3Ilb2CDC1dFIZCy8/qVA7pT0NwfNrhCIqv+qUrIRdhMAJkifa61EIQPUKJaWJutpnBHg82T1FKKpuIqgQvHnsctrQegW1KdF1WJKa/p8knRbKKeID4TQxM/c5+GdP+wAfsNjEedoZ4Z9Ud69ZMGYHrv21CgdafSzfhSecuz89kDzG8XNVXjIjhRA3aRkxMXK+xPD2ikmy0kZjBchpTbzy7zfC8SHfKypUkYTSqbQKakgqSQY9Ydd0XxGS+GovQ4TgCDr1qHCP8KYhtYbuW8PPDUblhLOxJzP3AzDbmMuZfFrRzUrq24F8FgOVvFiGrvLVgOXzMOX+mah+cli5fw3XqnBeu72yYhhXi/jxCHZ4C8I2T0okcCu016f4a0T9+dx///F7HsEjIkGI/Vrpiqiwclu1BXdiUwGpWBDvMHjTa0nD/2mqMZzSD6KclmeuQEzGLcgbVUzcg2VYGMfw8PHlDJNCJVZKf6TaK39+M+tW1BRB4/vSjBeZ2rSHDHzIykUGWmowPnb8mb50CaRa3k1iqhGmzcIaGbsDupPc+lTXB+VuaDQT+WAquINnhKQqIsgopDvmh1zCCBb0GCSqGSIb3DQEHAaCCBa4EggWqMIIFpjCCBaIGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZIhvcNAQwBAzAOBAicxAYjkBRUlAICCAAEggTI6TAZVzV4qOBs34TeAIembvZyAxzknzIMB1jdKWQJgRXbeICY9v4ch68ilhKJGkzexOwqaEcOuB7rG8GKw4f+DIimLTSpHdKXpqVlUbhapQxnKvOvrcX3jJrfBmXu7cqaEXwol5b6Sx4zKbryAyNqACHxD2XOeUFG0man/aoVrJVfyLgv4i+K/I3hNwtaX4NY4Yegmlm05MH+pInHmt2lNKLKJhwgMiImarmoixFymSvt/4bqBfZMzXf4iWzacK+MjHVLZL6B7AeY026AGEOmlH/yEQCpee/LXzkpG3iAABQlVPuioYTv7svTiEi9IQa3qg2xjLQKAC8rsaUabNZ4rRJgmU2BNrzhgkNpKCjtLqpXMUB+hGi8njlLVciIxjElG3xpu829sNCm/hnXUyTiGvamNbQ0LfsFBttXX0OtnYeWoaBQMUsPsnc7HqsPVo2TD29PMs6Pgh2k6H6L7HSUWv5TN7kRFujDGCG79AKjSHTlF6htrioo3ZZRxUMOAWB4KBrLxLrR3Fs1B5etvvUd+nG2GY4sKZf2ezwblfjCqNYX2CmbH8xT+2L0WRBfp+QsOEZP8VnBpO1uSLhqogIr4fs10sWq9CZ8fnE4NRGgb1Di++8OSeXxSiIJox4zsME8HjePUKTajO2l/q22D29CCMh6aPW2cWQSDBbHE80UMrb2ewa/lKohviqm1Z/BaHRyqAf4J5szrroQe0KrFGk/7ju3s4xZ3qagg+vhgQin8csHrolq1mW2RiTSzNgPyTP54axZqAXO75LxcYoexsxZi1anvubc8L49kuD6Sra8SU9Op0GYSLQwtVug0IqYaQbZFiN8CW5cxG6T1F6CBSM91xBBld3Cq8xwTltOBG1u1jXgMHWTeXCBzBPADC8zmJ8Xth4ZBRdOj8krUQI07feTz+xFhVRs4FHgimJBzv9HtqvDaZFUajQyBLRucTqC5pj4bVcZCKPAwTr4dpgb0C4OvYJD92YDI5h1lUgdC1oRERf9gv0j+gfOJwnDNPq8WwmdvHbYdoATPqIqLcfFig5bElX1BRQGnP6CmfUzU/yiN48saHoYw0Xsg/C6pBvI9daxz/8qpsAjacJw/SkUveqLxkSvrRyiDm6mnTb0L/tl/wk0KwOT5SkR7viD7GvG5ChSr9nhfIjcOXEuorNEe8bEgrwrQqinCz9Q3UGZI0ZdsvI+2eK9YRgyp4p2Z4skXlPZP2p9MbTJDLdIAwFsvtwCBfM/SQc93YkkIvT6JQvAs9krhnWbMg5jpgQR7gRZvUyLkscxq1Q0hFmWQ9eeyACgOmC8iC6tjANLaAM9gu6i8PnTWIgy5DKzxyCi8ql0JgCtT+oMVz9bA8HY9sxB5v+qSssQB2j110URUTw77XFHfmas8vR7fajhuOTgBN5ohyidHSC3LlKv6l5r1NbI+66nYDabJn/DEk2VpkJ2+0HhmiW6mTqGSTf2P1prHzGXKnQpxodr5s5Z/X94Nwc3jyhZcDkOOEDpw0DvrwBjjhaTRnMvA7x1Re8aBQC9+5cXnG45x6AGMI1kB/wwE9PLZM7EiyTh2mj2cqZQ84H9uG2MhSBMMKC8fDxB/rezV+2HF4gBHOYbLw6YBZKXVvL1sb07yMOhirBcs1eOMYGgMCMGCSqGSIb3DQEJFTEWBBSuuXuBpo6JiIUJcpFqi4ts2POYEzB5BgkrBgEEAYI3EQExbB5qAE0AaQBjAHIAbwBzAG8AZgB0ACAARQBuAGgAYQBuAGMAZQBkACAAUgBTAEEAIABhAG4AZAAgAEEARQBTACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcjAxMCEwCQYFKw4DAhoFAAQUbe4FrGhxVExQjYdlCaXBHX2nbG4ECAHH8i4dQCJDAgIIAA=='
+    description: ''
+    isExportable: false
+  }
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/configurations/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/configurations/main.bicep
new file mode 100644
index 00000000..bb8b1030
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/configurations/main.bicep
@@ -0,0 +1,33 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource configuration 'Microsoft.Automation/automationAccounts/configurations@2022-08-08' = {
+  parent: automationAccount
+  name: resourceName
+  location: location
+  properties: {
+    description: 'test'
+    logVerbose: false
+    source: {
+      type: 'embeddedContent'
+      value: 'configuration acctest {}'
+    }
+  }
+  tags: {
+    ENV: 'prod'
+  }
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/connections/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/connections/main.bicep
new file mode 100644
index 00000000..d8df2325
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/connections/main.bicep
@@ -0,0 +1,36 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The Application ID of the Azure service principal for the automation account connection')
+param servicePrincipalApplicationId string
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource connection 'Microsoft.Automation/automationAccounts/connections@2020-01-13-preview' = {
+  parent: automationAccount
+  name: resourceName
+  properties: {
+    connectionType: {
+      name: 'AzureServicePrincipal'
+    }
+    description: ''
+    fieldDefinitionValues: {
+      ApplicationId: null
+      CertificateThumbprint: '''AEB97B81A68E8988850972916A8B8B6CD8F39813
+'''
+      SubscriptionId: subscription().subscriptionId
+      TenantId: deployer().tenantId
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/connectiontypes/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/connectiontypes/main.bicep
new file mode 100644
index 00000000..192e8d59
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/connectiontypes/main.bicep
@@ -0,0 +1,31 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource connectionType 'Microsoft.Automation/automationAccounts/connectionTypes@2020-01-13-preview' = {
+  parent: automationAccount
+  name: resourceName
+  properties: {
+    fieldDefinitions: {
+      my_def: {
+        isEncrypted: false
+        isOptional: false
+        type: 'string'
+      }
+    }
+    isGlobal: false
+  }
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/credentials/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/credentials/main.bicep
new file mode 100644
index 00000000..92ad0950
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/credentials/main.bicep
@@ -0,0 +1,29 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The password for the automation account credential')
+param automationCredentialPassword string
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource credential 'Microsoft.Automation/automationAccounts/credentials@2020-01-13-preview' = {
+  parent: automationAccount
+  name: resourceName
+  properties: {
+    description: ''
+    password: null
+    userName: 'test_user'
+  }
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/hybridrunbookworkergroups/hybridrunbookworkers/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/hybridrunbookworkergroups/hybridrunbookworkers/main.bicep
new file mode 100644
index 00000000..7782f89a
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/hybridrunbookworkergroups/hybridrunbookworkers/main.bicep
@@ -0,0 +1,167 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The password for the automation account hybrid runbook worker')
+param automationWorkerPassword string
+@secure()
+@description('The administrator password for the virtual machine')
+param vmAdminPassword string
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'testconfiguration1'
+        properties: {
+          primary: true
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    additionalCapabilities: {}
+    applicationProfile: {
+      galleryApplications: []
+    }
+    diagnosticsProfile: {
+      bootDiagnostics: {
+        enabled: false
+        storageUri: ''
+      }
+    }
+    extensionsTimeBudget: 'PT1H30M'
+    hardwareProfile: {
+      vmSize: 'Standard_D2s_v3'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: true
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminPassword: null
+      adminUsername: 'adminuser'
+      allowExtensionOperations: true
+      computerName: 'acctest0001'
+      linuxConfiguration: {
+        disablePasswordAuthentication: false
+        patchSettings: {
+          assessmentMode: 'ImageDefault'
+          patchMode: 'ImageDefault'
+        }
+        provisionVMAgent: true
+        ssh: {
+          publicKeys: []
+        }
+      }
+      secrets: []
+    }
+    priority: 'Regular'
+    storageProfile: {
+      dataDisks: []
+      imageReference: {
+        offer: 'UbuntuServer'
+        publisher: 'Canonical'
+        sku: '16.04-LTS'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'FromImage'
+        managedDisk: {
+          storageAccountType: 'Standard_LRS'
+        }
+        osType: 'Linux'
+        writeAcceleratorEnabled: false
+      }
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource credential 'Microsoft.Automation/automationAccounts/credentials@2020-01-13-preview' = {
+  parent: automationAccount
+  name: resourceName
+  properties: {
+    description: ''
+    password: null
+    userName: 'test_user'
+  }
+}
+
+resource hybridRunbookWorkerGroup 'Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups@2021-06-22' = {
+  parent: automationAccount
+  name: resourceName
+  credential: {
+    name: credential.name
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'internal'
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
+
+resource hybridRunbookWorker 'Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/hybridRunbookWorkers@2021-06-22' = {
+  parent: hybridRunbookWorkerGroup
+  name: 'c7714056-5ba8-4bbe-920e-2993171164eb'
+  properties: {
+    vmResourceId: virtualMachine.id
+  }
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/hybridrunbookworkergroups/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/hybridrunbookworkergroups/main.bicep
new file mode 100644
index 00000000..07bf40b6
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/hybridrunbookworkergroups/main.bicep
@@ -0,0 +1,37 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The password for the automation account credential')
+param credentialPassword string
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource credential 'Microsoft.Automation/automationAccounts/credentials@2020-01-13-preview' = {
+  parent: automationAccount
+  name: resourceName
+  properties: {
+    description: ''
+    password: null
+    userName: 'test_user'
+  }
+}
+
+resource hybridRunbookWorkerGroup 'Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups@2021-06-22' = {
+  parent: automationAccount
+  name: resourceName
+  credential: {
+    name: credential.name
+  }
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/main.bicep
new file mode 100644
index 00000000..a0e7dac9
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/main.bicep
@@ -0,0 +1,16 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/modules/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/modules/main.bicep
new file mode 100644
index 00000000..d664d2d8
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/modules/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource module 'Microsoft.Automation/automationAccounts/modules@2020-01-13-preview' = {
+  parent: automationAccount
+  name: 'xActiveDirectory'
+  properties: {
+    contentLink: {
+      uri: 'https://devopsgallerystorage.blob.core.windows.net/packages/xactivedirectory.2.19.0.nupkg'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/powershell72modules/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/powershell72modules/main.bicep
new file mode 100644
index 00000000..64a0d1b0
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/powershell72modules/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource powerShell72Module 'Microsoft.Automation/automationAccounts/powerShell72Modules@2020-01-13-preview' = {
+  parent: automationAccount
+  name: 'xActiveDirectory'
+  properties: {
+    contentLink: {
+      uri: 'https://devopsgallerystorage.blob.core.windows.net/packages/xactivedirectory.2.19.0.nupkg'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/python3packages/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/python3packages/main.bicep
new file mode 100644
index 00000000..656fe259
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/python3packages/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2023-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource python3Package 'Microsoft.Automation/automationAccounts/python3Packages@2023-11-01' = {
+  parent: automationAccount
+  name: resourceName
+  properties: {
+    contentLink: {
+      uri: 'https://files.pythonhosted.org/packages/py3/r/requests/requests-2.31.0-py3-none-any.whl'
+      version: '2.31.0'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/runbooks/draft/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/runbooks/draft/main.bicep
new file mode 100644
index 00000000..645c6422
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/runbooks/draft/main.bicep
@@ -0,0 +1,35 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource runbook 'Microsoft.Automation/automationAccounts/runbooks@2019-06-01' = {
+  parent: automationAccount
+  name: 'Get-AzureVMTutorial'
+  location: location
+  properties: {
+    description: 'This is a test runbook for terraform acceptance test'
+    draft: {}
+    logActivityTrace: 0
+    logProgress: true
+    logVerbose: true
+    runbookType: 'PowerShell'
+  }
+}
+
+resource draft 'Microsoft.Automation/automationAccounts/runbooks/draft@2018-06-30' = {
+  parent: runbook
+  name: 'content'
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/runbooks/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/runbooks/main.bicep
new file mode 100644
index 00000000..3e84d9ce
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/runbooks/main.bicep
@@ -0,0 +1,30 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource runbook 'Microsoft.Automation/automationAccounts/runbooks@2019-06-01' = {
+  parent: automationAccount
+  name: 'Get-AzureVMTutorial'
+  location: location
+  properties: {
+    description: 'This is a test runbook for terraform acceptance test'
+    draft: {}
+    logActivityTrace: 0
+    logProgress: true
+    logVerbose: true
+    runbookType: 'PowerShell'
+  }
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/schedules/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/schedules/main.bicep
new file mode 100644
index 00000000..bf571ec0
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/schedules/main.bicep
@@ -0,0 +1,27 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource schedule 'Microsoft.Automation/automationAccounts/schedules@2020-01-13-preview' = {
+  parent: automationAccount
+  name: resourceName
+  properties: {
+    description: ''
+    frequency: 'OneTime'
+    startTime: '2024-07-05T08:51:00+00:00'
+    timeZone: 'Etc/UTC'
+  }
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/softwareupdateconfigurations/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/softwareupdateconfigurations/main.bicep
new file mode 100644
index 00000000..020e8583
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/softwareupdateconfigurations/main.bicep
@@ -0,0 +1,55 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource softwareUpdateConfiguration 'Microsoft.Automation/automationAccounts/softwareUpdateConfigurations@2019-06-01' = {
+  parent: automationAccount
+  name: resourceName
+  properties: {
+    scheduleInfo: {
+      description: ''
+      expiryTimeOffsetMinutes: 0
+      frequency: 'OneTime'
+      interval: 0
+      isEnabled: true
+      nextRunOffsetMinutes: 0
+      startTimeOffsetMinutes: 0
+      timeZone: 'Etc/UTC'
+    }
+    updateConfiguration: {
+      duration: 'PT2H'
+      linux: {
+        excludedPackageNameMasks: []
+        includedPackageClassifications: 'Security'
+        includedPackageNameMasks: []
+        rebootSetting: 'IfRequired'
+      }
+      operatingSystem: 'Linux'
+      targets: {
+        azureQueries: [
+          {
+            locations: [
+              'westeurope'
+            ]
+            scope: [
+              resourceGroup().id
+            ]
+          }
+        ]
+      }
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/sourcecontrols/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/sourcecontrols/main.bicep
new file mode 100644
index 00000000..5a18a7a3
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/sourcecontrols/main.bicep
@@ -0,0 +1,36 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('GitHub Personal Access Token')
+param pat string
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2023-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource sourceControl 'Microsoft.Automation/automationAccounts/sourceControls@2023-11-01' = {
+  parent: automationAccount
+  name: resourceName
+  properties: {
+    autoSync: false
+    branch: 'master'
+    folderPath: '/'
+    publishRunbook: false
+    repoUrl: 'https://github.com/Azure-Samples/acr-build-helloworld-node.git'
+    securityToken: {
+      accessToken: null
+      tokenType: 'PersonalAccessToken'
+    }
+    sourceType: 'GitHub'
+  }
+}
diff --git a/settings/remarks/microsoft.automation/samples/automationaccounts/variables/main.bicep b/settings/remarks/microsoft.automation/samples/automationaccounts/variables/main.bicep
new file mode 100644
index 00000000..b64904b1
--- /dev/null
+++ b/settings/remarks/microsoft.automation/samples/automationaccounts/variables/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource variable 'Microsoft.Automation/automationAccounts/variables@2020-01-13-preview' = {
+  parent: automationAccount
+  name: resourceName
+  properties: {
+    description: ''
+    isEncrypted: false
+    value: '"Hello, Terraform Basic Test."'
+  }
+}
diff --git a/settings/remarks/microsoft.avs/remarks.json b/settings/remarks/microsoft.avs/remarks.json
index fd5a9d9f..3ab29a98 100644
--- a/settings/remarks/microsoft.avs/remarks.json
+++ b/settings/remarks/microsoft.avs/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/privateclouds/authorizations/main.tf",
       "Description": "A basic example of deploying Azure VMware Solution ExpressRoute Circuit Authorization."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.AVS/privateClouds",
+      "Path": "samples/privateclouds/main.bicep",
+      "Description": "A basic example of deploying Azure VMware Solution Private Cloud."
+    },
+    {
+      "ResourceType": "Microsoft.AVS/privateClouds/authorizations",
+      "Path": "samples/privateclouds/authorizations/main.bicep",
+      "Description": "A basic example of deploying Azure VMware Solution ExpressRoute Circuit Authorization."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.avs/samples/privateclouds/authorizations/main.bicep b/settings/remarks/microsoft.avs/samples/privateclouds/authorizations/main.bicep
new file mode 100644
index 00000000..afde51c0
--- /dev/null
+++ b/settings/remarks/microsoft.avs/samples/privateclouds/authorizations/main.bicep
@@ -0,0 +1,22 @@
+param resourceName string = 'acctest0001'
+param location string = 'centralus'
+
+resource privateCloud 'Microsoft.AVS/privateClouds@2022-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    internet: 'Disabled'
+    managementCluster: {
+      clusterSize: 3
+    }
+    networkBlock: '192.168.48.0/22'
+  }
+  sku: {
+    name: 'av36'
+  }
+}
+
+resource authorization 'Microsoft.AVS/privateClouds/authorizations@2022-05-01' = {
+  parent: privateCloud
+  name: resourceName
+}
diff --git a/settings/remarks/microsoft.avs/samples/privateclouds/main.bicep b/settings/remarks/microsoft.avs/samples/privateclouds/main.bicep
new file mode 100644
index 00000000..96933b18
--- /dev/null
+++ b/settings/remarks/microsoft.avs/samples/privateclouds/main.bicep
@@ -0,0 +1,17 @@
+param resourceName string = 'acctest0001'
+param location string = 'centralus'
+
+resource privateCloud 'Microsoft.AVS/privateClouds@2022-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    internet: 'Disabled'
+    managementCluster: {
+      clusterSize: 3
+    }
+    networkBlock: '192.168.48.0/22'
+  }
+  sku: {
+    name: 'av36'
+  }
+}
diff --git a/settings/remarks/microsoft.azureactivedirectory/remarks.json b/settings/remarks/microsoft.azureactivedirectory/remarks.json
index 1c84cec4..3a2d9f66 100644
--- a/settings/remarks/microsoft.azureactivedirectory/remarks.json
+++ b/settings/remarks/microsoft.azureactivedirectory/remarks.json
@@ -14,5 +14,12 @@
       "Path": "samples/b2cdirectories/main.tf",
       "Description": "A basic example of deploying AAD B2C Directory."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.AzureActiveDirectory/b2cDirectories",
+      "Path": "samples/b2cdirectories/main.bicep",
+      "Description": "A basic example of deploying AAD B2C Directory."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.azureactivedirectory/samples/b2cdirectories/main.bicep b/settings/remarks/microsoft.azureactivedirectory/samples/b2cdirectories/main.bicep
new file mode 100644
index 00000000..5a6c877c
--- /dev/null
+++ b/settings/remarks/microsoft.azureactivedirectory/samples/b2cdirectories/main.bicep
@@ -0,0 +1,24 @@
+targetScope = 'subscription'
+
+param resourceName string = 'acctest0003'
+param location string = 'westeurope'
+
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2020-06-01' = {
+  name: resourceName
+  location: location
+}
+
+resource b2cDirectory 'Microsoft.AzureActiveDirectory/b2cDirectories@2021-04-01-preview' = {
+  name: '${resourceName}.onmicrosoft.com'
+  location: 'United States'
+  properties: {
+    createTenantProperties: {
+      countryCode: 'US'
+      displayName: 'acctest0003'
+    }
+  }
+  sku: {
+    name: 'PremiumP1'
+    tier: 'A0'
+  }
+}
diff --git a/settings/remarks/microsoft.batch/remarks.json b/settings/remarks/microsoft.batch/remarks.json
index 48fd9f2d..26bfad86 100644
--- a/settings/remarks/microsoft.batch/remarks.json
+++ b/settings/remarks/microsoft.batch/remarks.json
@@ -21,5 +21,27 @@
       "Path": "samples/batchaccounts/pools/main.tf",
       "Description": "A basic example of deploying Azure Batch pool."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Batch/batchAccounts",
+      "Path": "samples/batchaccounts/main.bicep",
+      "Description": "A basic example of deploying Azure Batch account."
+    },
+    {
+      "ResourceType": "Microsoft.Batch/batchAccounts/applications",
+      "Path": "samples/batchaccounts/applications/main.bicep",
+      "Description": "A basic example of deploying Azure Batch Application instance."
+    },
+    {
+      "ResourceType": "Microsoft.Batch/batchAccounts/certificates",
+      "Path": "samples/batchaccounts/certificates/main.bicep",
+      "Description": "A basic example of deploying certificate in an Azure Batch account."
+    },
+    {
+      "ResourceType": "Microsoft.Batch/batchAccounts/pools",
+      "Path": "samples/batchaccounts/pools/main.bicep",
+      "Description": "A basic example of deploying Azure Batch pool."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.batch/samples/batchaccounts/applications/main.bicep b/settings/remarks/microsoft.batch/samples/batchaccounts/applications/main.bicep
new file mode 100644
index 00000000..1ab86d68
--- /dev/null
+++ b/settings/remarks/microsoft.batch/samples/batchaccounts/applications/main.bicep
@@ -0,0 +1,64 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource batchAccount 'Microsoft.Batch/batchAccounts@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    autoStorage: {
+      authenticationMode: 'StorageKeys'
+      storageAccountId: storageAccount.id
+    }
+    encryption: {
+      keySource: 'Microsoft.Batch'
+    }
+    poolAllocationMode: 'BatchService'
+    publicNetworkAccess: 'Enabled'
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource application 'Microsoft.Batch/batchAccounts/applications@2022-10-01' = {
+  parent: batchAccount
+  name: resourceName
+  properties: {
+    allowUpdates: true
+    defaultVersion: ''
+    displayName: ''
+  }
+}
diff --git a/settings/remarks/microsoft.batch/samples/batchaccounts/certificates/main.bicep b/settings/remarks/microsoft.batch/samples/batchaccounts/certificates/main.bicep
new file mode 100644
index 00000000..52dc66f5
--- /dev/null
+++ b/settings/remarks/microsoft.batch/samples/batchaccounts/certificates/main.bicep
@@ -0,0 +1,30 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The base64-encoded certificate data')
+param certificateData string
+@description('The thumbprint of the certificate')
+param certificateThumbprint string
+
+resource batchAccount 'Microsoft.Batch/batchAccounts@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Batch'
+    }
+    poolAllocationMode: 'BatchService'
+    publicNetworkAccess: 'Enabled'
+  }
+}
+
+resource certificate 'Microsoft.Batch/batchAccounts/certificates@2022-10-01' = {
+  parent: batchAccount
+  name: 'SHA1-${certificateThumbprint}'
+  properties: {
+    data: null
+    format: 'Cer'
+    thumbprint: null
+    thumbprintAlgorithm: 'sha1'
+  }
+}
diff --git a/settings/remarks/microsoft.batch/samples/batchaccounts/main.bicep b/settings/remarks/microsoft.batch/samples/batchaccounts/main.bicep
new file mode 100644
index 00000000..7d5bccd0
--- /dev/null
+++ b/settings/remarks/microsoft.batch/samples/batchaccounts/main.bicep
@@ -0,0 +1,14 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource batchAccount 'Microsoft.Batch/batchAccounts@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Batch'
+    }
+    poolAllocationMode: 'BatchService'
+    publicNetworkAccess: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.batch/samples/batchaccounts/pools/main.bicep b/settings/remarks/microsoft.batch/samples/batchaccounts/pools/main.bicep
new file mode 100644
index 00000000..f4661451
--- /dev/null
+++ b/settings/remarks/microsoft.batch/samples/batchaccounts/pools/main.bicep
@@ -0,0 +1,51 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource batchAccount 'Microsoft.Batch/batchAccounts@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Batch'
+    }
+    poolAllocationMode: 'BatchService'
+    publicNetworkAccess: 'Enabled'
+  }
+}
+
+resource pool 'Microsoft.Batch/batchAccounts/pools@2022-10-01' = {
+  parent: batchAccount
+  name: resourceName
+  properties: {
+    certificates: null
+    deploymentConfiguration: {
+      virtualMachineConfiguration: {
+        imageReference: {
+          offer: 'UbuntuServer'
+          publisher: 'Canonical'
+          sku: '18.04-lts'
+          version: 'latest'
+        }
+        nodeAgentSkuId: 'batch.node.ubuntu 18.04'
+        osDisk: {
+          ephemeralOSDiskSettings: {
+            placement: ''
+          }
+        }
+      }
+    }
+    displayName: ''
+    interNodeCommunication: 'Enabled'
+    metadata: []
+    scaleSettings: {
+      fixedScale: {
+        nodeDeallocationOption: ''
+        resizeTimeout: 'PT15M'
+        targetDedicatedNodes: 1
+        targetLowPriorityNodes: 0
+      }
+    }
+    taskSlotsPerNode: 1
+    vmSize: 'STANDARD_A1'
+  }
+}
diff --git a/settings/remarks/microsoft.botservice/remarks.json b/settings/remarks/microsoft.botservice/remarks.json
index 5f614c30..714eb44c 100644
--- a/settings/remarks/microsoft.botservice/remarks.json
+++ b/settings/remarks/microsoft.botservice/remarks.json
@@ -16,5 +16,17 @@
       "Path": "samples/botservices/connections/main.tf",
       "Description": "A basic example of deploying Bot Connection."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.BotService/botServices",
+      "Path": "samples/botservices/main.bicep",
+      "Description": "A basic example of deploying Azure Bot Service."
+    },
+    {
+      "ResourceType": "Microsoft.BotService/botServices/channels",
+      "Path": "samples/botservices/channels/main.bicep",
+      "Description": "A basic example of deploying integration for a Bot Channel."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.botservice/samples/botservices/channels/main.bicep b/settings/remarks/microsoft.botservice/samples/botservices/channels/main.bicep
new file mode 100644
index 00000000..2b1fa1b6
--- /dev/null
+++ b/settings/remarks/microsoft.botservice/samples/botservices/channels/main.bicep
@@ -0,0 +1,38 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource botService 'Microsoft.BotService/botServices@2021-05-01-preview' = {
+  name: resourceName
+  location: location
+  kind: 'bot'
+  properties: {
+    cmekKeyVaultUrl: ''
+    description: ''
+    developerAppInsightKey: ''
+    developerAppInsightsApiKey: ''
+    developerAppInsightsApplicationId: ''
+    displayName: 'acctest0001'
+    endpoint: ''
+    iconUrl: 'https://docs.botframework.com/static/devportal/client/images/bot-framework-default.png'
+    isCmekEnabled: false
+    isStreamingSupported: false
+    msaAppId: '12345678-1234-1234-1234-123456789012'
+  }
+  sku: {
+    name: 'F0'
+  }
+}
+
+resource channel 'Microsoft.BotService/botServices/channels@2021-05-01-preview' = {
+  parent: botService
+  name: 'AlexaChannel'
+  location: location
+  kind: 'bot'
+  properties: {
+    channelName: 'AlexaChannel'
+    properties: {
+      alexaSkillId: 'amzn1.ask.skill.19126e57-867f-4553-b953-ad0a720dddec'
+      isEnabled: true
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.botservice/samples/botservices/main.bicep b/settings/remarks/microsoft.botservice/samples/botservices/main.bicep
new file mode 100644
index 00000000..f369a978
--- /dev/null
+++ b/settings/remarks/microsoft.botservice/samples/botservices/main.bicep
@@ -0,0 +1,23 @@
+param resourceName string = 'acctest0001'
+
+resource botService 'Microsoft.BotService/botServices@2021-05-01-preview' = {
+  name: resourceName
+  location: 'global'
+  kind: 'sdk'
+  properties: {
+    developerAppInsightKey: ''
+    developerAppInsightsApiKey: ''
+    developerAppInsightsApplicationId: ''
+    displayName: 'acctest0001'
+    endpoint: ''
+    luisAppIds: []
+    luisKey: ''
+    msaAppId: deployer().objectId
+  }
+  sku: {
+    name: 'F0'
+  }
+  tags: {
+    environment: 'production'
+  }
+}
diff --git a/settings/remarks/microsoft.cache/remarks.json b/settings/remarks/microsoft.cache/remarks.json
index 45d6fa4f..fd40d222 100644
--- a/settings/remarks/microsoft.cache/remarks.json
+++ b/settings/remarks/microsoft.cache/remarks.json
@@ -44,5 +44,37 @@
       "Path": "samples/redisenterprise/databases/main.tf",
       "Description": "A basic example of deploying Redis Enterprise Database."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Cache/redis",
+      "Path": "samples/redis/main.bicep",
+      "Description": "A basic example of deploying Redis Cache."
+    },
+    {
+      "ResourceType": "Microsoft.Cache/redis/accessPolicies",
+      "Path": "samples/redis/accesspolicies/main.bicep",
+      "Description": "A basic example of deploying Redis Cache Access Policy."
+    },
+    {
+      "ResourceType": "Microsoft.Cache/redis/accessPolicyAssignments",
+      "Path": "samples/redis/accesspolicyassignments/main.bicep",
+      "Description": "A basic example of deploying Redis Cache Access Policy Assignment."
+    },
+    {
+      "ResourceType": "Microsoft.Cache/redis/firewallRules",
+      "Path": "samples/redis/firewallrules/main.bicep",
+      "Description": "A basic example of deploying Firewall Rule associated with a Redis Cache."
+    },
+    {
+      "ResourceType": "Microsoft.Cache/redisEnterprise",
+      "Path": "samples/redisenterprise/main.bicep",
+      "Description": "A basic example of deploying Redis Enterprise Cluster."
+    },
+    {
+      "ResourceType": "Microsoft.Cache/redisEnterprise/databases",
+      "Path": "samples/redisenterprise/databases/main.bicep",
+      "Description": "A basic example of deploying Redis Enterprise Database."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.cache/samples/redis/accesspolicies/main.bicep b/settings/remarks/microsoft.cache/samples/redis/accesspolicies/main.bicep
new file mode 100644
index 00000000..81125cb5
--- /dev/null
+++ b/settings/remarks/microsoft.cache/samples/redis/accesspolicies/main.bicep
@@ -0,0 +1,31 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource redis 'Microsoft.Cache/redis@2024-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableAccessKeyAuthentication: false
+    enableNonSslPort: true
+    minimumTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    redisConfiguration: {
+      'maxmemory-policy': 'volatile-lru'
+      'preferred-data-persistence-auth-method': ''
+    }
+    redisVersion: '6'
+    sku: {
+      capacity: 1
+      family: 'C'
+      name: 'Basic'
+    }
+  }
+}
+
+resource accessPolicy 'Microsoft.Cache/redis/accessPolicies@2024-11-01' = {
+  parent: redis
+  name: '${resourceName}-accessPolicy'
+  properties: {
+    permissions: '+@read +@connection +cluster|info allkeys'
+  }
+}
diff --git a/settings/remarks/microsoft.cache/samples/redis/accesspolicyassignments/main.bicep b/settings/remarks/microsoft.cache/samples/redis/accesspolicyassignments/main.bicep
new file mode 100644
index 00000000..512d5360
--- /dev/null
+++ b/settings/remarks/microsoft.cache/samples/redis/accesspolicyassignments/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource redis 'Microsoft.Cache/redis@2023-04-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableNonSslPort: true
+    minimumTlsVersion: '1.2'
+    sku: {
+      capacity: 2
+      family: 'C'
+      name: 'Standard'
+    }
+  }
+}
+
+resource accessPolicyAssignment 'Microsoft.Cache/redis/accessPolicyAssignments@2024-03-01' = {
+  parent: redis
+  name: resourceName
+  properties: {
+    accessPolicyName: 'Data Contributor'
+    objectId: deployer().objectId
+    objectIdAlias: 'ServicePrincipal'
+  }
+}
diff --git a/settings/remarks/microsoft.cache/samples/redis/firewallrules/main.bicep b/settings/remarks/microsoft.cache/samples/redis/firewallrules/main.bicep
new file mode 100644
index 00000000..7785eb12
--- /dev/null
+++ b/settings/remarks/microsoft.cache/samples/redis/firewallrules/main.bicep
@@ -0,0 +1,34 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource redis 'Microsoft.Cache/redis@2024-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableAccessKeyAuthentication: false
+    enableNonSslPort: false
+    minimumTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    redisConfiguration: {
+      'maxmemory-delta': '642'
+      'maxmemory-policy': 'allkeys-lru'
+      'maxmemory-reserved': '642'
+      'preferred-data-persistence-auth-method': ''
+    }
+    redisVersion: '6.0'
+    sku: {
+      capacity: 1
+      family: 'P'
+      name: 'Premium'
+    }
+  }
+}
+
+resource firewallRule 'Microsoft.Cache/redis/firewallRules@2024-11-01' = {
+  parent: redis
+  name: '${resourceName}_fwrule'
+  properties: {
+    endIP: '2.3.4.5'
+    startIP: '1.2.3.4'
+  }
+}
diff --git a/settings/remarks/microsoft.cache/samples/redis/main.bicep b/settings/remarks/microsoft.cache/samples/redis/main.bicep
new file mode 100644
index 00000000..b4171f1a
--- /dev/null
+++ b/settings/remarks/microsoft.cache/samples/redis/main.bicep
@@ -0,0 +1,16 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource redis 'Microsoft.Cache/redis@2023-04-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableNonSslPort: true
+    minimumTlsVersion: '1.2'
+    sku: {
+      capacity: 2
+      family: 'C'
+      name: 'Standard'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.cache/samples/redisenterprise/databases/main.bicep b/settings/remarks/microsoft.cache/samples/redisenterprise/databases/main.bicep
new file mode 100644
index 00000000..332151c3
--- /dev/null
+++ b/settings/remarks/microsoft.cache/samples/redisenterprise/databases/main.bicep
@@ -0,0 +1,27 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource redisEnterprise 'Microsoft.Cache/redisEnterprise@2025-04-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {}
+    highAvailability: 'Enabled'
+    minimumTlsVersion: '1.2'
+  }
+  sku: {
+    name: 'Balanced_B0'
+  }
+}
+
+resource defaultDatabase 'Microsoft.Cache/redisEnterprise/databases@2025-04-01' = {
+  parent: redisEnterprise
+  name: 'default'
+  properties: {
+    clientProtocol: 'Encrypted'
+    clusteringPolicy: 'OSSCluster'
+    evictionPolicy: 'VolatileLRU'
+    modules: []
+    port: 10000
+  }
+}
diff --git a/settings/remarks/microsoft.cache/samples/redisenterprise/main.bicep b/settings/remarks/microsoft.cache/samples/redisenterprise/main.bicep
new file mode 100644
index 00000000..1e337bec
--- /dev/null
+++ b/settings/remarks/microsoft.cache/samples/redisenterprise/main.bicep
@@ -0,0 +1,15 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource redisEnterprise 'Microsoft.Cache/redisEnterprise@2025-04-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {}
+    highAvailability: 'Enabled'
+    minimumTlsVersion: '1.2'
+  }
+  sku: {
+    name: 'Balanced_B0'
+  }
+}
diff --git a/settings/remarks/microsoft.cdn/remarks.json b/settings/remarks/microsoft.cdn/remarks.json
index 5c9f6b17..25c2620c 100644
--- a/settings/remarks/microsoft.cdn/remarks.json
+++ b/settings/remarks/microsoft.cdn/remarks.json
@@ -56,5 +56,57 @@
       "Path": "samples/profiles/securitypolicies/main.tf",
       "Description": "A basic example of deploying Front Door (standard/premium) Security Policy."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Cdn/profiles",
+      "Path": "samples/profiles/main.bicep",
+      "Description": "A basic example of deploying Front Door (standard/premium) Profile."
+    },
+    {
+      "ResourceType": "Microsoft.Cdn/profiles/afdEndpoints",
+      "Path": "samples/profiles/afdendpoints/main.bicep",
+      "Description": "A basic example of deploying Front Door (standard/premium) Endpoint."
+    },
+    {
+      "ResourceType": "Microsoft.Cdn/profiles/afdEndpoints/routes",
+      "Path": "samples/profiles/afdendpoints/routes/main.bicep",
+      "Description": "A basic example of deploying Front Door (standard/premium) Route."
+    },
+    {
+      "ResourceType": "Microsoft.Cdn/profiles/customDomains",
+      "Path": "samples/profiles/customdomains/main.bicep",
+      "Description": "A basic example of deploying Front Door (standard/premium) Custom Domain."
+    },
+    {
+      "ResourceType": "Microsoft.Cdn/profiles/endpoints",
+      "Path": "samples/profiles/endpoints/main.bicep",
+      "Description": "A basic example of deploying CDN Endpoint."
+    },
+    {
+      "ResourceType": "Microsoft.Cdn/profiles/originGroups",
+      "Path": "samples/profiles/origingroups/main.bicep",
+      "Description": "A basic example of deploying Front Door (standard/premium) Origin Group."
+    },
+    {
+      "ResourceType": "Microsoft.Cdn/profiles/originGroups/origins",
+      "Path": "samples/profiles/origingroups/origins/main.bicep",
+      "Description": "A basic example of deploying Front Door (standard/premium) Origin."
+    },
+    {
+      "ResourceType": "Microsoft.Cdn/profiles/ruleSets",
+      "Path": "samples/profiles/rulesets/main.bicep",
+      "Description": "A basic example of deploying Front Door (standard/premium) Rule Set."
+    },
+    {
+      "ResourceType": "Microsoft.Cdn/profiles/ruleSets/rules",
+      "Path": "samples/profiles/rulesets/rules/main.bicep",
+      "Description": "A basic example of deploying Front Door (standard/premium) Rule."
+    },
+    {
+      "ResourceType": "Microsoft.Cdn/profiles/securityPolicies",
+      "Path": "samples/profiles/securitypolicies/main.bicep",
+      "Description": "A basic example of deploying Front Door (standard/premium) Security Policy."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.cdn/samples/profiles/afdendpoints/main.bicep b/settings/remarks/microsoft.cdn/samples/profiles/afdendpoints/main.bicep
new file mode 100644
index 00000000..2e318bc4
--- /dev/null
+++ b/settings/remarks/microsoft.cdn/samples/profiles/afdendpoints/main.bicep
@@ -0,0 +1,21 @@
+param resourceName string = 'acctest0001'
+
+resource profile 'Microsoft.Cdn/profiles@2021-06-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    originResponseTimeoutSeconds: 120
+  }
+  sku: {
+    name: 'Standard_AzureFrontDoor'
+  }
+}
+
+resource afdEndpoint 'Microsoft.Cdn/profiles/afdEndpoints@2021-06-01' = {
+  parent: profile
+  name: resourceName
+  location: 'global'
+  properties: {
+    enabledState: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.cdn/samples/profiles/afdendpoints/routes/main.bicep b/settings/remarks/microsoft.cdn/samples/profiles/afdendpoints/routes/main.bicep
new file mode 100644
index 00000000..76b591ce
--- /dev/null
+++ b/settings/remarks/microsoft.cdn/samples/profiles/afdendpoints/routes/main.bicep
@@ -0,0 +1,71 @@
+param resourceName string = 'acctest0001'
+
+resource profile 'Microsoft.Cdn/profiles@2021-06-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    originResponseTimeoutSeconds: 120
+  }
+  sku: {
+    name: 'Standard_AzureFrontDoor'
+  }
+}
+
+resource afdEndpoint 'Microsoft.Cdn/profiles/afdEndpoints@2021-06-01' = {
+  parent: profile
+  name: resourceName
+  location: 'global'
+  properties: {
+    enabledState: 'Enabled'
+  }
+}
+
+resource originGroup 'Microsoft.Cdn/profiles/originGroups@2021-06-01' = {
+  parent: profile
+  name: resourceName
+  properties: {
+    loadBalancingSettings: {
+      additionalLatencyInMilliseconds: 0
+      sampleSize: 16
+      successfulSamplesRequired: 3
+    }
+    sessionAffinityState: 'Enabled'
+    trafficRestorationTimeToHealedOrNewEndpointsInMinutes: 10
+  }
+}
+
+resource origin 'Microsoft.Cdn/profiles/originGroups/origins@2021-06-01' = {
+  parent: originGroup
+  name: resourceName
+  properties: {
+    enabledState: 'Enabled'
+    enforceCertificateNameCheck: false
+    hostName: 'contoso.com'
+    httpPort: 80
+    httpsPort: 443
+    originHostHeader: 'www.contoso.com'
+    priority: 1
+    weight: 1
+  }
+}
+
+resource route 'Microsoft.Cdn/profiles/afdEndpoints/routes@2021-06-01' = {
+  parent: afdEndpoint
+  name: resourceName
+  properties: {
+    enabledState: 'Enabled'
+    forwardingProtocol: 'MatchRequest'
+    httpsRedirect: 'Enabled'
+    linkToDefaultDomain: 'Enabled'
+    originGroup: {
+      id: originGroup.id
+    }
+    patternsToMatch: [
+      '/*'
+    ]
+    supportedProtocols: [
+      'Https'
+      'Http'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.cdn/samples/profiles/customdomains/main.bicep b/settings/remarks/microsoft.cdn/samples/profiles/customdomains/main.bicep
new file mode 100644
index 00000000..96d9bbca
--- /dev/null
+++ b/settings/remarks/microsoft.cdn/samples/profiles/customdomains/main.bicep
@@ -0,0 +1,32 @@
+param resourceName string = 'acctest0001'
+
+resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource profile 'Microsoft.Cdn/profiles@2021-06-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    originResponseTimeoutSeconds: 120
+  }
+  sku: {
+    name: 'Premium_AzureFrontDoor'
+  }
+}
+
+resource customDomain 'Microsoft.Cdn/profiles/customDomains@2021-06-01' = {
+  parent: profile
+  name: resourceName
+  properties: {
+    azureDnsZone: {
+      id: dnsZone.id
+    }
+    hostName: 'fabrikam.acctest0001.com'
+    tlsSettings: {
+      certificateType: 'ManagedCertificate'
+      minimumTlsVersion: 'TLS12'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.cdn/samples/profiles/endpoints/main.bicep b/settings/remarks/microsoft.cdn/samples/profiles/endpoints/main.bicep
new file mode 100644
index 00000000..572ff490
--- /dev/null
+++ b/settings/remarks/microsoft.cdn/samples/profiles/endpoints/main.bicep
@@ -0,0 +1,31 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource profile 'Microsoft.Cdn/profiles@2020-09-01' = {
+  name: resourceName
+  location: location
+  sku: {
+    name: 'Standard_Verizon'
+  }
+}
+
+resource endpoint 'Microsoft.Cdn/profiles/endpoints@2020-09-01' = {
+  parent: profile
+  name: resourceName
+  location: location
+  properties: {
+    isHttpAllowed: true
+    isHttpsAllowed: true
+    origins: [
+      {
+        name: 'acceptanceTestCdnOrigin1'
+        properties: {
+          hostName: 'www.contoso.com'
+          httpPort: 80
+          httpsPort: 443
+        }
+      }
+    ]
+    queryStringCachingBehavior: 'IgnoreQueryString'
+  }
+}
diff --git a/settings/remarks/microsoft.cdn/samples/profiles/main.bicep b/settings/remarks/microsoft.cdn/samples/profiles/main.bicep
new file mode 100644
index 00000000..dbd2929d
--- /dev/null
+++ b/settings/remarks/microsoft.cdn/samples/profiles/main.bicep
@@ -0,0 +1,12 @@
+param resourceName string = 'acctest0001'
+
+resource profile 'Microsoft.Cdn/profiles@2021-06-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    originResponseTimeoutSeconds: 120
+  }
+  sku: {
+    name: 'Premium_AzureFrontDoor'
+  }
+}
diff --git a/settings/remarks/microsoft.cdn/samples/profiles/origingroups/main.bicep b/settings/remarks/microsoft.cdn/samples/profiles/origingroups/main.bicep
new file mode 100644
index 00000000..4294b4ed
--- /dev/null
+++ b/settings/remarks/microsoft.cdn/samples/profiles/origingroups/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+
+resource profile 'Microsoft.Cdn/profiles@2021-06-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    originResponseTimeoutSeconds: 120
+  }
+  sku: {
+    name: 'Standard_AzureFrontDoor'
+  }
+}
+
+resource originGroup 'Microsoft.Cdn/profiles/originGroups@2021-06-01' = {
+  parent: profile
+  name: resourceName
+  properties: {
+    loadBalancingSettings: {
+      additionalLatencyInMilliseconds: 0
+      sampleSize: 16
+      successfulSamplesRequired: 3
+    }
+    sessionAffinityState: 'Enabled'
+    trafficRestorationTimeToHealedOrNewEndpointsInMinutes: 10
+  }
+}
diff --git a/settings/remarks/microsoft.cdn/samples/profiles/origingroups/origins/main.bicep b/settings/remarks/microsoft.cdn/samples/profiles/origingroups/origins/main.bicep
new file mode 100644
index 00000000..a76d00b7
--- /dev/null
+++ b/settings/remarks/microsoft.cdn/samples/profiles/origingroups/origins/main.bicep
@@ -0,0 +1,41 @@
+param resourceName string = 'acctest0001'
+
+resource profile 'Microsoft.Cdn/profiles@2021-06-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    originResponseTimeoutSeconds: 120
+  }
+  sku: {
+    name: 'Standard_AzureFrontDoor'
+  }
+}
+
+resource originGroup 'Microsoft.Cdn/profiles/originGroups@2021-06-01' = {
+  parent: profile
+  name: resourceName
+  properties: {
+    loadBalancingSettings: {
+      additionalLatencyInMilliseconds: 0
+      sampleSize: 16
+      successfulSamplesRequired: 3
+    }
+    sessionAffinityState: 'Enabled'
+    trafficRestorationTimeToHealedOrNewEndpointsInMinutes: 10
+  }
+}
+
+resource origin 'Microsoft.Cdn/profiles/originGroups/origins@2021-06-01' = {
+  parent: originGroup
+  name: resourceName
+  properties: {
+    enabledState: 'Enabled'
+    enforceCertificateNameCheck: false
+    hostName: 'contoso.com'
+    httpPort: 80
+    httpsPort: 443
+    originHostHeader: 'www.contoso.com'
+    priority: 1
+    weight: 1
+  }
+}
diff --git a/settings/remarks/microsoft.cdn/samples/profiles/rulesets/main.bicep b/settings/remarks/microsoft.cdn/samples/profiles/rulesets/main.bicep
new file mode 100644
index 00000000..2ee48591
--- /dev/null
+++ b/settings/remarks/microsoft.cdn/samples/profiles/rulesets/main.bicep
@@ -0,0 +1,17 @@
+param resourceName string = 'acctest0001'
+
+resource profile 'Microsoft.Cdn/profiles@2021-06-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    originResponseTimeoutSeconds: 120
+  }
+  sku: {
+    name: 'Standard_AzureFrontDoor'
+  }
+}
+
+resource ruleSet 'Microsoft.Cdn/profiles/ruleSets@2021-06-01' = {
+  parent: profile
+  name: resourceName
+}
diff --git a/settings/remarks/microsoft.cdn/samples/profiles/rulesets/rules/main.bicep b/settings/remarks/microsoft.cdn/samples/profiles/rulesets/rules/main.bicep
new file mode 100644
index 00000000..7908e707
--- /dev/null
+++ b/settings/remarks/microsoft.cdn/samples/profiles/rulesets/rules/main.bicep
@@ -0,0 +1,77 @@
+param resourceName string = 'acctest0001'
+param cdnLocation string = 'global'
+
+resource profile 'Microsoft.Cdn/profiles@2024-09-01' = {
+  name: '${resourceName}-profile'
+  properties: {
+    originResponseTimeoutSeconds: 120
+  }
+  sku: {
+    name: 'Standard_AzureFrontDoor'
+  }
+}
+
+resource originGroup 'Microsoft.Cdn/profiles/originGroups@2024-09-01' = {
+  parent: profile
+  name: '${resourceName}-origingroup'
+  properties: {
+    loadBalancingSettings: {
+      additionalLatencyInMilliseconds: 0
+      sampleSize: 16
+      successfulSamplesRequired: 3
+    }
+    sessionAffinityState: 'Enabled'
+    trafficRestorationTimeToHealedOrNewEndpointsInMinutes: 10
+  }
+}
+
+resource ruleSet 'Microsoft.Cdn/profiles/ruleSets@2024-09-01' = {
+  parent: profile
+  name: 'ruleSet${substring(resourceName, length(resourceName) - 4, 4)}'
+}
+
+resource origin 'Microsoft.Cdn/profiles/originGroups/origins@2024-09-01' = {
+  parent: originGroup
+  name: '${resourceName}-origin'
+  properties: {
+    enabledState: 'Enabled'
+    enforceCertificateNameCheck: false
+    hostName: 'contoso.com'
+    httpPort: 80
+    httpsPort: 443
+    originHostHeader: 'www.contoso.com'
+    priority: 1
+    weight: 1
+  }
+}
+
+resource rule 'Microsoft.Cdn/profiles/ruleSets/rules@2024-09-01' = {
+  parent: ruleSet
+  name: 'rule${substring(resourceName, length(resourceName) - 4, 4)}'
+  properties: {
+    actions: [
+      {
+        name: 'RouteConfigurationOverride'
+        parameters: {
+          cacheConfiguration: {
+            cacheBehavior: 'OverrideIfOriginMissing'
+            cacheDuration: '23:59:59'
+            isCompressionEnabled: 'Disabled'
+            queryParameters: 'clientIp={client_ip}'
+            queryStringCachingBehavior: 'IgnoreSpecifiedQueryStrings'
+          }
+          originGroupOverride: {
+            forwardingProtocol: 'HttpsOnly'
+            originGroup: {
+              id: originGroup.id
+            }
+          }
+          typeName: 'DeliveryRuleRouteConfigurationOverrideActionParameters'
+        }
+      }
+    ]
+    conditions: []
+    matchProcessingBehavior: 'Continue'
+    order: 1
+  }
+}
diff --git a/settings/remarks/microsoft.cdn/samples/profiles/securitypolicies/main.bicep b/settings/remarks/microsoft.cdn/samples/profiles/securitypolicies/main.bicep
new file mode 100644
index 00000000..59c3d517
--- /dev/null
+++ b/settings/remarks/microsoft.cdn/samples/profiles/securitypolicies/main.bicep
@@ -0,0 +1,124 @@
+param resourceName string = 'acctest0001'
+
+resource frontdoorwebapplicationfirewallpolicy 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies@2020-11-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    customRules: {
+      rules: [
+        {
+          action: 'Block'
+          enabledState: 'Enabled'
+          matchConditions: [
+            {
+              matchValue: [
+                '192.168.1.0/24'
+                '10.0.0.0/24'
+              ]
+              matchVariable: 'RemoteAddr'
+              negateCondition: false
+              operator: 'IPMatch'
+            }
+          ]
+          name: 'Rule1'
+          priority: 1
+          rateLimitDurationInMinutes: 1
+          rateLimitThreshold: 10
+          ruleType: 'MatchRule'
+        }
+      ]
+    }
+    managedRules: {
+      managedRuleSets: [
+        {
+          ruleGroupOverrides: [
+            {
+              ruleGroupName: 'PHP'
+              rules: [
+                {
+                  action: 'Block'
+                  enabledState: 'Disabled'
+                  ruleId: '933111'
+                }
+              ]
+            }
+          ]
+          ruleSetAction: 'Block'
+          ruleSetType: 'DefaultRuleSet'
+          ruleSetVersion: 'preview-0.1'
+        }
+        {
+          ruleSetAction: 'Block'
+          ruleSetType: 'BotProtection'
+          ruleSetVersion: 'preview-0.1'
+        }
+      ]
+    }
+    policySettings: {
+      customBlockResponseBody: 'PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=='
+      customBlockResponseStatusCode: 403
+      enabledState: 'Enabled'
+      mode: 'Prevention'
+      redirectUrl: 'https://www.fabrikam.com'
+    }
+  }
+  sku: {
+    name: 'Premium_AzureFrontDoor'
+  }
+}
+
+resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource profile 'Microsoft.Cdn/profiles@2021-06-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    originResponseTimeoutSeconds: 120
+  }
+  sku: {
+    name: 'Premium_AzureFrontDoor'
+  }
+}
+
+resource customDomain 'Microsoft.Cdn/profiles/customDomains@2021-06-01' = {
+  parent: profile
+  name: resourceName
+  properties: {
+    azureDnsZone: {
+      id: dnsZone.id
+    }
+    hostName: 'fabrikam.acctest0001.com'
+    tlsSettings: {
+      certificateType: 'ManagedCertificate'
+      minimumTlsVersion: 'TLS12'
+    }
+  }
+}
+
+resource securityPolicy 'Microsoft.Cdn/profiles/securityPolicies@2021-06-01' = {
+  parent: profile
+  name: resourceName
+  properties: {
+    parameters: {
+      associations: [
+        {
+          domains: [
+            {
+              id: customDomain.id
+            }
+          ]
+          patternsToMatch: [
+            '/*'
+          ]
+        }
+      ]
+      type: 'WebApplicationFirewall'
+      wafPolicy: {
+        id: frontdoorwebapplicationfirewallpolicy.id
+      }
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.certificateregistration/remarks.json b/settings/remarks/microsoft.certificateregistration/remarks.json
index c69ce770..43ff1f7e 100644
--- a/settings/remarks/microsoft.certificateregistration/remarks.json
+++ b/settings/remarks/microsoft.certificateregistration/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/certificateorders/main.tf",
       "Description": "A basic example of deploying App Service Certificate Order."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.CertificateRegistration/certificateOrders",
+      "Path": "samples/certificateorders/main.bicep",
+      "Description": "A basic example of deploying App Service Certificate Order."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.certificateregistration/samples/certificateorders/main.bicep b/settings/remarks/microsoft.certificateregistration/samples/certificateorders/main.bicep
new file mode 100644
index 00000000..9d9cd839
--- /dev/null
+++ b/settings/remarks/microsoft.certificateregistration/samples/certificateorders/main.bicep
@@ -0,0 +1,13 @@
+param resourceName string = 'acctest0001'
+
+resource certificateOrder 'Microsoft.CertificateRegistration/certificateOrders@2021-02-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    autoRenew: true
+    distinguishedName: 'CN=example.com'
+    keySize: 2048
+    productType: 'StandardDomainValidatedSsl'
+    validityInYears: 1
+  }
+}
diff --git a/settings/remarks/microsoft.codesigning/remarks.json b/settings/remarks/microsoft.codesigning/remarks.json
index b3b10cc1..7dbcc42c 100644
--- a/settings/remarks/microsoft.codesigning/remarks.json
+++ b/settings/remarks/microsoft.codesigning/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/codesigningaccounts/main.tf",
       "Description": "A basic example of deploying Trusted Signing Account."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.CodeSigning/codeSigningAccounts",
+      "Path": "samples/codesigningaccounts/main.bicep",
+      "Description": "A basic example of deploying Trusted Signing Account."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.codesigning/samples/codesigningaccounts/main.bicep b/settings/remarks/microsoft.codesigning/samples/codesigningaccounts/main.bicep
new file mode 100644
index 00000000..6fc40d4d
--- /dev/null
+++ b/settings/remarks/microsoft.codesigning/samples/codesigningaccounts/main.bicep
@@ -0,0 +1,12 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource codeSigningAccount 'Microsoft.CodeSigning/codeSigningAccounts@2024-09-30-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.cognitiveservices/remarks.json b/settings/remarks/microsoft.cognitiveservices/remarks.json
index 9f79d9f6..01e41b4b 100644
--- a/settings/remarks/microsoft.cognitiveservices/remarks.json
+++ b/settings/remarks/microsoft.cognitiveservices/remarks.json
@@ -31,5 +31,32 @@
       "Path": "samples/accounts/raipolicies/main.tf",
       "Description": "A basic example of deploying Cognitive Services Accounts Responsible AI Policies."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.CognitiveServices/accounts",
+      "Path": "samples/accounts/main.bicep",
+      "Description": "A basic example of deploying Cognitive Services Account."
+    },
+    {
+      "ResourceType": "Microsoft.CognitiveServices/accounts/deployments",
+      "Path": "samples/accounts/deployments/main.bicep",
+      "Description": "A basic example of deploying Cognitive Services Account Deployment."
+    },
+    {
+      "ResourceType": "Microsoft.CognitiveServices/accounts/projects",
+      "Path": "samples/accounts/projects/main.bicep",
+      "Description": "A basic example of deploying Cognitive Services Account Project."
+    },
+    {
+      "ResourceType": "Microsoft.CognitiveServices/accounts/raiBlocklists",
+      "Path": "samples/accounts/raiblocklists/main.bicep",
+      "Description": "A basic example of deploying Cognitive Services Accounts Responsible AI Blocklists."
+    },
+    {
+      "ResourceType": "Microsoft.CognitiveServices/accounts/raiPolicies",
+      "Path": "samples/accounts/raipolicies/main.bicep",
+      "Description": "A basic example of deploying Cognitive Services Accounts Responsible AI Policies."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.cognitiveservices/samples/accounts/deployments/main.bicep b/settings/remarks/microsoft.cognitiveservices/samples/accounts/deployments/main.bicep
new file mode 100644
index 00000000..a8ce9a6c
--- /dev/null
+++ b/settings/remarks/microsoft.cognitiveservices/samples/accounts/deployments/main.bicep
@@ -0,0 +1,32 @@
+param resourceName string = 'acctest0003'
+param location string = 'eastus'
+
+resource account 'Microsoft.CognitiveServices/accounts@2022-10-01' = {
+  name: resourceName
+  location: location
+  identity: {
+    type: 'None'
+    userAssignedIdentities: null
+  }
+  kind: 'OpenAI'
+  properties: {
+    disableLocalAuth: false
+    dynamicThrottlingEnabled: false
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: false
+  }
+  sku: {
+    name: 'S0'
+  }
+}
+
+resource deployment 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = {
+  parent: account
+  name: 'testdep'
+  properties: {
+    model: {
+      format: 'OpenAI'
+      name: 'text-embedding-ada-002'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.cognitiveservices/samples/accounts/main.bicep b/settings/remarks/microsoft.cognitiveservices/samples/accounts/main.bicep
new file mode 100644
index 00000000..f5ae4140
--- /dev/null
+++ b/settings/remarks/microsoft.cognitiveservices/samples/accounts/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus2'
+
+resource account 'Microsoft.CognitiveServices/accounts@2022-10-01' = {
+  name: resourceName
+  location: location
+  kind: 'SpeechServices'
+  properties: {
+    allowedFqdnList: []
+    apiProperties: {}
+    customSubDomainName: 'acctest-cogacc-230630032807723157'
+    disableLocalAuth: false
+    dynamicThrottlingEnabled: false
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: false
+  }
+  sku: {
+    name: 'S0'
+    tier: 'Standard'
+  }
+}
+
+resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: resourceName
+  location: location
+}
diff --git a/settings/remarks/microsoft.cognitiveservices/samples/accounts/projects/main.bicep b/settings/remarks/microsoft.cognitiveservices/samples/accounts/projects/main.bicep
new file mode 100644
index 00000000..9c0ebd8c
--- /dev/null
+++ b/settings/remarks/microsoft.cognitiveservices/samples/accounts/projects/main.bicep
@@ -0,0 +1,29 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus2'
+
+resource account 'Microsoft.CognitiveServices/accounts@2025-06-01' = {
+  name: resourceName
+  location: location
+  kind: 'AIServices'
+  properties: {
+    allowProjectManagement: true
+    customSubDomainName: 'cog-acctest0001'
+    disableLocalAuth: false
+    dynamicThrottlingEnabled: false
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: false
+  }
+  sku: {
+    name: 'S0'
+  }
+}
+
+resource project 'Microsoft.CognitiveServices/accounts/projects@2025-06-01' = {
+  parent: account
+  name: resourceName
+  location: location
+  properties: {
+    description: 'test project'
+    displayName: 'project-acctest0001'
+  }
+}
diff --git a/settings/remarks/microsoft.cognitiveservices/samples/accounts/raiblocklists/main.bicep b/settings/remarks/microsoft.cognitiveservices/samples/accounts/raiblocklists/main.bicep
new file mode 100644
index 00000000..de03fb57
--- /dev/null
+++ b/settings/remarks/microsoft.cognitiveservices/samples/accounts/raiblocklists/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource account 'Microsoft.CognitiveServices/accounts@2024-10-01' = {
+  name: '${resourceName}-ca'
+  location: location
+  kind: 'OpenAI'
+  properties: {
+    allowedFqdnList: []
+    apiProperties: {}
+    customSubDomainName: ''
+    disableLocalAuth: false
+    dynamicThrottlingEnabled: false
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: false
+  }
+  sku: {
+    name: 'S0'
+  }
+}
+
+resource raiBlocklist 'Microsoft.CognitiveServices/accounts/raiBlocklists@2024-10-01' = {
+  parent: account
+  name: '${resourceName}-crb'
+  properties: {
+    description: 'Acceptance test data new azurerm resource'
+  }
+}
diff --git a/settings/remarks/microsoft.cognitiveservices/samples/accounts/raipolicies/main.bicep b/settings/remarks/microsoft.cognitiveservices/samples/accounts/raipolicies/main.bicep
new file mode 100644
index 00000000..8aba460d
--- /dev/null
+++ b/settings/remarks/microsoft.cognitiveservices/samples/accounts/raipolicies/main.bicep
@@ -0,0 +1,34 @@
+param resourceName string = 'acctest0003'
+param location string = 'eastus'
+
+resource account 'Microsoft.CognitiveServices/accounts@2022-10-01' = {
+  name: resourceName
+  location: location
+  kind: 'OpenAI'
+  properties: {
+    disableLocalAuth: false
+    dynamicThrottlingEnabled: false
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: false
+  }
+  sku: {
+    name: 'S0'
+  }
+}
+
+resource raiPolicy 'Microsoft.CognitiveServices/accounts/raiPolicies@2024-10-01' = {
+  parent: account
+  name: 'NoModerationPolicy'
+  properties: {
+    basePolicyName: 'Microsoft.Default'
+    contentFilters: [
+      {
+        blocking: true
+        enabled: true
+        name: 'Hate'
+        severityThreshold: 'High'
+        source: 'Prompt'
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.communication/remarks.json b/settings/remarks/microsoft.communication/remarks.json
index f56f13c2..a558661a 100644
--- a/settings/remarks/microsoft.communication/remarks.json
+++ b/settings/remarks/microsoft.communication/remarks.json
@@ -21,5 +21,27 @@
       "Path": "samples/emailservices/domains/senderusernames/main.tf",
       "Description": "A basic example of deploying Communication Email Services Domains Sender Usernames."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Communication/communicationServices",
+      "Path": "samples/communicationservices/main.bicep",
+      "Description": "A basic example of deploying Communication Service."
+    },
+    {
+      "ResourceType": "Microsoft.Communication/emailServices",
+      "Path": "samples/emailservices/main.bicep",
+      "Description": "A basic example of deploying Email Communication Service."
+    },
+    {
+      "ResourceType": "Microsoft.Communication/emailServices/domains",
+      "Path": "samples/emailservices/domains/main.bicep",
+      "Description": "A basic example of deploying Email Communication Service Domain."
+    },
+    {
+      "ResourceType": "Microsoft.Communication/emailServices/domains/senderUsernames",
+      "Path": "samples/emailservices/domains/senderusernames/main.bicep",
+      "Description": "A basic example of deploying Communication Email Services Domains Sender Usernames."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.communication/samples/communicationservices/main.bicep b/settings/remarks/microsoft.communication/samples/communicationservices/main.bicep
new file mode 100644
index 00000000..df28431d
--- /dev/null
+++ b/settings/remarks/microsoft.communication/samples/communicationservices/main.bicep
@@ -0,0 +1,9 @@
+param resourceName string = 'acctest0001'
+
+resource communicationService 'Microsoft.Communication/communicationServices@2023-03-31' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    dataLocation: 'United States'
+  }
+}
diff --git a/settings/remarks/microsoft.communication/samples/emailservices/domains/main.bicep b/settings/remarks/microsoft.communication/samples/emailservices/domains/main.bicep
new file mode 100644
index 00000000..f41783c0
--- /dev/null
+++ b/settings/remarks/microsoft.communication/samples/emailservices/domains/main.bicep
@@ -0,0 +1,19 @@
+param resourceName string = 'acctest0001'
+
+resource emailService 'Microsoft.Communication/emailServices@2023-04-01-preview' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    dataLocation: 'United States'
+  }
+}
+
+resource domain 'Microsoft.Communication/emailServices/domains@2023-04-01-preview' = {
+  parent: emailService
+  name: 'example.com'
+  location: 'global'
+  properties: {
+    domainManagement: 'CustomerManaged'
+    userEngagementTracking: 'Disabled'
+  }
+}
diff --git a/settings/remarks/microsoft.communication/samples/emailservices/domains/senderusernames/main.bicep b/settings/remarks/microsoft.communication/samples/emailservices/domains/senderusernames/main.bicep
new file mode 100644
index 00000000..f31ba812
--- /dev/null
+++ b/settings/remarks/microsoft.communication/samples/emailservices/domains/senderusernames/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+
+resource emailService 'Microsoft.Communication/emailServices@2023-04-01-preview' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    dataLocation: 'United States'
+  }
+}
+
+resource domain 'Microsoft.Communication/emailServices/domains@2023-04-01-preview' = {
+  parent: emailService
+  name: 'example.com'
+  location: 'global'
+  properties: {
+    domainManagement: 'CustomerManaged'
+    userEngagementTracking: 'Disabled'
+  }
+}
+
+resource senderUsername 'Microsoft.Communication/emailServices/domains/senderUsernames@2023-04-01-preview' = {
+  parent: domain
+  name: 'TestSenderUserName'
+  properties: {
+    displayName: 'TestDisplayName'
+    username: 'TestSenderUserName'
+  }
+}
diff --git a/settings/remarks/microsoft.communication/samples/emailservices/main.bicep b/settings/remarks/microsoft.communication/samples/emailservices/main.bicep
new file mode 100644
index 00000000..f1ddb214
--- /dev/null
+++ b/settings/remarks/microsoft.communication/samples/emailservices/main.bicep
@@ -0,0 +1,9 @@
+param resourceName string = 'acctest0001'
+
+resource emailService 'Microsoft.Communication/emailServices@2023-03-31' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    dataLocation: 'United States'
+  }
+}
diff --git a/settings/remarks/microsoft.compute/remarks.json b/settings/remarks/microsoft.compute/remarks.json
index 0e2c137c..a52ed21b 100644
--- a/settings/remarks/microsoft.compute/remarks.json
+++ b/settings/remarks/microsoft.compute/remarks.json
@@ -126,5 +126,127 @@
       "Path": "samples/virtualmachines/runcommands/main.tf",
       "Description": "A basic example of deploying Virtual Machine Run Command."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Compute/availabilitySets",
+      "Path": "samples/availabilitysets/main.bicep",
+      "Description": "A basic example of deploying Availability Set for Virtual Machines."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/capacityReservationGroups",
+      "Path": "samples/capacityreservationgroups/main.bicep",
+      "Description": "A basic example of deploying Capacity Reservation Group."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/capacityReservationGroups/capacityReservations",
+      "Path": "samples/capacityreservationgroups/capacityreservations/main.bicep",
+      "Description": "A basic example of deploying Capacity Reservation within a Capacity Reservation Group."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/diskAccesses",
+      "Path": "samples/diskaccesses/main.bicep",
+      "Description": "A basic example of deploying Disk Access."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/diskEncryptionSets",
+      "Path": "samples/diskencryptionsets/main.bicep",
+      "Description": "A basic example of deploying Disk Encryption Set."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/disks",
+      "Path": "samples/disks/main.bicep",
+      "Description": "A basic example of deploying Managed Disk."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/galleries",
+      "Path": "samples/galleries/main.bicep",
+      "Description": "A basic example of deploying Shared Image Gallery."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/galleries/applications",
+      "Path": "samples/galleries/applications/main.bicep",
+      "Description": "A basic example of deploying Gallery Application."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/galleries/applications/versions",
+      "Path": "samples/galleries/applications/versions/main.bicep",
+      "Description": "A basic example of deploying Gallery Application Version."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/galleries/images",
+      "Path": "samples/galleries/images/main.bicep",
+      "Description": "A basic example of deploying Shared Image within a Shared Image Gallery."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/hostGroups",
+      "Path": "samples/hostgroups/main.bicep",
+      "Description": "A basic example of deploying Dedicated Host Group."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/hostGroups/hosts",
+      "Path": "samples/hostgroups/hosts/main.bicep",
+      "Description": "A basic example of deploying Dedicated Host within a Dedicated Host Group."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/proximityPlacementGroups",
+      "Path": "samples/proximityplacementgroups/main.bicep",
+      "Description": "A basic example of deploying proximity placement group for virtual machines, virtual machine scale sets and availability sets."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/restorePointCollections",
+      "Path": "samples/restorepointcollections/main.bicep",
+      "Description": "A basic example of deploying Virtual Machine Restore Point Collection."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/restorePointCollections/restorePoints",
+      "Path": "samples/restorepointcollections/restorepoints/main.bicep",
+      "Description": "A basic example of deploying Virtual Machine Restore Point."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/snapshots",
+      "Path": "samples/snapshots/main.bicep",
+      "Description": "A basic example of deploying Disk Snapshot."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/sshPublicKeys",
+      "Path": "samples/sshpublickeys/main.bicep",
+      "Description": "A basic example of deploying SSH Public Key."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/virtualMachineScaleSets",
+      "Path": "samples/virtualmachinescalesets/main.bicep",
+      "Description": "A basic example of deploying Virtual Machine scale set."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/virtualMachineScaleSets/extensions",
+      "Path": "samples/virtualmachinescalesets/extensions/main.bicep",
+      "Description": "A basic example of deploying Extension for a Virtual Machine Scale Set."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/virtualMachines",
+      "Path": "samples/virtualmachines/attachdatadisk/main.bicep",
+      "Description": "A attachdatadisk example of deploying Virtual Machine."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/virtualMachines",
+      "Path": "samples/virtualmachines/attachosdisk/main.bicep",
+      "Description": "A attachosdisk example of deploying Virtual Machine."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/virtualMachines",
+      "Path": "samples/virtualmachines/basic/main.bicep",
+      "Description": "A basic example of deploying Virtual Machine."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/virtualMachines/extensions",
+      "Path": "samples/virtualmachines/extensions/main.bicep",
+      "Description": "A basic example of deploying Virtual Machine Extension to provide post deployment."
+    },
+    {
+      "ResourceType": "Microsoft.Compute/virtualMachines/runCommands",
+      "Path": "samples/virtualmachines/runcommands/main.bicep",
+      "Description": "A basic example of deploying Virtual Machine Run Command."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.compute/samples/availabilitysets/main.bicep b/settings/remarks/microsoft.compute/samples/availabilitysets/main.bicep
new file mode 100644
index 00000000..52496255
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/availabilitysets/main.bicep
@@ -0,0 +1,14 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource availabilitySet 'Microsoft.Compute/availabilitySets@2021-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    platformFaultDomainCount: 3
+    platformUpdateDomainCount: 5
+  }
+  sku: {
+    name: 'Aligned'
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/capacityreservationgroups/capacityreservations/main.bicep b/settings/remarks/microsoft.compute/samples/capacityreservationgroups/capacityreservations/main.bicep
new file mode 100644
index 00000000..db2d3eeb
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/capacityreservationgroups/capacityreservations/main.bicep
@@ -0,0 +1,17 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource capacityReservationGroup 'Microsoft.Compute/capacityReservationGroups@2022-03-01' = {
+  name: '${resourceName}-ccrg'
+  location: location
+}
+
+resource capacityReservation 'Microsoft.Compute/capacityReservationGroups/capacityReservations@2022-03-01' = {
+  parent: capacityReservationGroup
+  name: '${resourceName}-ccr'
+  location: location
+  sku: {
+    capacity: 2
+    name: 'Standard_F2'
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/capacityreservationgroups/main.bicep b/settings/remarks/microsoft.compute/samples/capacityreservationgroups/main.bicep
new file mode 100644
index 00000000..1a49be09
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/capacityreservationgroups/main.bicep
@@ -0,0 +1,7 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource capacityReservationGroup 'Microsoft.Compute/capacityReservationGroups@2022-03-01' = {
+  name: resourceName
+  location: location
+}
diff --git a/settings/remarks/microsoft.compute/samples/diskaccesses/main.bicep b/settings/remarks/microsoft.compute/samples/diskaccesses/main.bicep
new file mode 100644
index 00000000..d194267d
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/diskaccesses/main.bicep
@@ -0,0 +1,11 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource diskAccess 'Microsoft.Compute/diskAccesses@2022-03-02' = {
+  name: resourceName
+  location: location
+  tags: {
+    'cost-center': 'ops'
+    environment: 'acctest'
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/diskencryptionsets/main.bicep b/settings/remarks/microsoft.compute/samples/diskencryptionsets/main.bicep
new file mode 100644
index 00000000..bcc6162e
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/diskencryptionsets/main.bicep
@@ -0,0 +1,48 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource diskEncryptionSet 'Microsoft.Compute/diskEncryptionSets@2022-03-02' = {
+  name: resourceName
+  location: location
+  properties: {
+    activeKey: {
+      keyUrl: key.properties.keyUriWithVersion
+      sourceVault: {
+        id: vault.id
+      }
+    }
+    encryptionType: 'EncryptionAtRestWithCustomerKey'
+    rotationToLatestKeyVersionEnabled: false
+  }
+}
+
+resource vault 'Microsoft.KeyVault/vaults@2023-02-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    accessPolicies: []
+    enableSoftDelete: true
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    tenantId: deployer().tenantId
+  }
+}
+
+resource key 'Microsoft.KeyVault/vaults/keys@2023-02-01' = {
+  parent: vault
+  name: resourceName
+  properties: {
+    keyOps: [
+      'encrypt'
+      'decrypt'
+      'sign'
+      'verify'
+      'wrapKey'
+      'unwrapKey'
+    ]
+    keySize: 2048
+    kty: 'RSA'
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/disks/main.bicep b/settings/remarks/microsoft.compute/samples/disks/main.bicep
new file mode 100644
index 00000000..9da32a6f
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/disks/main.bicep
@@ -0,0 +1,22 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource disk 'Microsoft.Compute/disks@2022-03-02' = {
+  name: resourceName
+  location: location
+  properties: {
+    creationData: {
+      createOption: 'Empty'
+    }
+    diskSizeGB: 10
+    encryption: {
+      type: 'EncryptionAtRestWithPlatformKey'
+    }
+    networkAccessPolicy: 'AllowAll'
+    osType: ''
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/galleries/applications/main.bicep b/settings/remarks/microsoft.compute/samples/galleries/applications/main.bicep
new file mode 100644
index 00000000..1f8ab269
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/galleries/applications/main.bicep
@@ -0,0 +1,19 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource gallery 'Microsoft.Compute/galleries@2022-03-03' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+  }
+}
+
+resource application 'Microsoft.Compute/galleries/applications@2022-03-03' = {
+  parent: gallery
+  name: resourceName
+  location: location
+  properties: {
+    supportedOSType: 'Linux'
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/galleries/applications/versions/main.bicep b/settings/remarks/microsoft.compute/samples/galleries/applications/versions/main.bicep
new file mode 100644
index 00000000..cbc629ca
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/galleries/applications/versions/main.bicep
@@ -0,0 +1,109 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource gallery 'Microsoft.Compute/galleries@2022-03-03' = {
+  name: '${resourceName}sig'
+  location: location
+  properties: {
+    description: ''
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' = {
+  name: '${resourceName}acc'
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: false
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    dnsEndpointType: 'Standard'
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isLocalUserEnabled: true
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      bypass: 'AzureServices'
+      defaultAction: 'Allow'
+      ipRules: []
+      resourceAccessRules: []
+      virtualNetworkRules: []
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource application 'Microsoft.Compute/galleries/applications@2022-03-03' = {
+  parent: gallery
+  name: '${resourceName}-app'
+  location: location
+  properties: {
+    supportedOSType: 'Linux'
+  }
+}
+
+// The blob service is a singleton named 'default' under the storage account
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2023-05-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-05-01' = {
+  parent: blobService
+  name: 'mycontainer'
+  properties: {
+    publicAccess: 'Blob'
+  }
+}
+
+resource version 'Microsoft.Compute/galleries/applications/versions@2022-03-03' = {
+  parent: application
+  name: '0.0.1'
+  location: location
+  properties: {
+    publishingProfile: {
+      enableHealthCheck: false
+      excludeFromLatest: false
+      manageActions: {
+        install: '[install command]'
+        remove: '[remove command]'
+        update: ''
+      }
+      source: {
+        defaultConfigurationLink: ''
+        mediaLink: 'https://${storageAccount.name}.blob.core.windows.net/mycontainer/myblob'
+      }
+      targetRegions: [
+        {
+          name: 'westus'
+          regionalReplicaCount: 1
+          storageAccountType: 'Standard_LRS'
+        }
+      ]
+    }
+    safetyProfile: {
+      allowDeletionOfReplicatedLocations: true
+    }
+  }
+  dependsOn: [
+    container
+  ]
+}
diff --git a/settings/remarks/microsoft.compute/samples/galleries/images/main.bicep b/settings/remarks/microsoft.compute/samples/galleries/images/main.bicep
new file mode 100644
index 00000000..58285d6e
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/galleries/images/main.bicep
@@ -0,0 +1,38 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource gallery 'Microsoft.Compute/galleries@2022-03-03' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+  }
+}
+
+resource image 'Microsoft.Compute/galleries/images@2022-03-03' = {
+  parent: gallery
+  name: resourceName
+  location: location
+  properties: {
+    architecture: 'x64'
+    description: ''
+    disallowed: {
+      diskTypes: []
+    }
+    features: null
+    hyperVGeneration: 'V1'
+    identifier: {
+      offer: 'AccTesOffer230630032848825313'
+      publisher: 'AccTesPublisher230630032848825313'
+      sku: 'AccTesSku230630032848825313'
+    }
+    osState: 'Generalized'
+    osType: 'Linux'
+    privacyStatementUri: ''
+    recommended: {
+      memory: {}
+      vCPUs: {}
+    }
+    releaseNoteUri: ''
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/galleries/main.bicep b/settings/remarks/microsoft.compute/samples/galleries/main.bicep
new file mode 100644
index 00000000..af5d9fe9
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/galleries/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource gallery 'Microsoft.Compute/galleries@2022-03-03' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/hostgroups/hosts/main.bicep b/settings/remarks/microsoft.compute/samples/hostgroups/hosts/main.bicep
new file mode 100644
index 00000000..7d01a4fb
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/hostgroups/hosts/main.bicep
@@ -0,0 +1,24 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource hostGroup 'Microsoft.Compute/hostGroups@2021-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    platformFaultDomainCount: 2
+  }
+}
+
+resource host 'Microsoft.Compute/hostGroups/hosts@2021-11-01' = {
+  parent: hostGroup
+  name: resourceName
+  location: location
+  properties: {
+    autoReplaceOnFailure: true
+    licenseType: 'None'
+    platformFaultDomain: 1
+  }
+  sku: {
+    name: 'DSv3-Type1'
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/hostgroups/main.bicep b/settings/remarks/microsoft.compute/samples/hostgroups/main.bicep
new file mode 100644
index 00000000..b9bf1dcc
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/hostgroups/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource hostGroup 'Microsoft.Compute/hostGroups@2021-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    platformFaultDomainCount: 2
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/proximityplacementgroups/main.bicep b/settings/remarks/microsoft.compute/samples/proximityplacementgroups/main.bicep
new file mode 100644
index 00000000..44d43f35
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/proximityplacementgroups/main.bicep
@@ -0,0 +1,8 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource proximityPlacementGroup 'Microsoft.Compute/proximityPlacementGroups@2022-03-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.compute/samples/restorepointcollections/main.bicep b/settings/remarks/microsoft.compute/samples/restorepointcollections/main.bicep
new file mode 100644
index 00000000..1963c586
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/restorepointcollections/main.bicep
@@ -0,0 +1,137 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2024-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'internal'
+        properties: {
+          primary: false
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource restorePointCollection 'Microsoft.Compute/restorePointCollections@2024-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    source: {
+      id: virtualMachine.id
+    }
+  }
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2024-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    additionalCapabilities: {}
+    applicationProfile: {
+      galleryApplications: []
+    }
+    diagnosticsProfile: {
+      bootDiagnostics: {
+        enabled: false
+        storageUri: ''
+      }
+    }
+    extensionsTimeBudget: 'PT1H30M'
+    hardwareProfile: {
+      vmSize: 'Standard_F2'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: true
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminUsername: 'adminuser'
+      allowExtensionOperations: true
+      computerName: 'acctest0001'
+      linuxConfiguration: {
+        disablePasswordAuthentication: true
+        patchSettings: {
+          assessmentMode: 'ImageDefault'
+          patchMode: 'ImageDefault'
+        }
+        provisionVMAgent: true
+        ssh: {
+          publicKeys: [
+            {
+              keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+wWK73dCr+jgQOAxNsHAnNNNMEMWOHYEccp6wJm2gotpr9katuF/ZAdou5AaW1C61slRkHRkpRRX9FA9CYBiitZgvCCz+3nWNN7l/Up54Zps/pHWGZLHNJZRYyAB6j5yVLMVHIHriY49d/GZTZVNB8GoJv9Gakwc/fuEZYYl4YDFiGMBP///TzlI4jhiJzjKnEvqPFki5p2ZRJqcbCiF4pJrxUQR/RXqVFQdbRLZgYfJ8xGB878RENq3yQ39d8dVOkq4edbkzwcUmwwwkYVPIoDGsYLaRHnG+To7FvMeyO7xDVQkMKzopTQV8AuKpyvpqu0a9pWOMaiCyDytO7GGN you@me.com'
+              path: '/home/adminuser/.ssh/authorized_keys'
+            }
+          ]
+        }
+      }
+      secrets: []
+    }
+    priority: 'Regular'
+    storageProfile: {
+      dataDisks: []
+      imageReference: {
+        offer: '0001-com-ubuntu-server-jammy'
+        publisher: 'Canonical'
+        sku: '22_04-lts'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'FromImage'
+        managedDisk: {
+          storageAccountType: 'Standard_LRS'
+        }
+        osType: 'Linux'
+        writeAcceleratorEnabled: false
+      }
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    privateEndpointVNetPolicies: 'Disabled'
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.0.0/24'
+    defaultOutboundAccess: true
+    delegations: []
+    privateEndpointNetworkPolicies: 'Disabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/restorepointcollections/restorepoints/main.bicep b/settings/remarks/microsoft.compute/samples/restorepointcollections/restorepoints/main.bicep
new file mode 100644
index 00000000..79442794
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/restorepointcollections/restorepoints/main.bicep
@@ -0,0 +1,143 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2024-05-01' = {
+  name: '${resourceName}-nic'
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'internal'
+        properties: {
+          primary: false
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource restorePointCollection 'Microsoft.Compute/restorePointCollections@2024-03-01' = {
+  name: '${resourceName}-rpc'
+  location: location
+  properties: {
+    source: {
+      id: virtualMachine.id
+    }
+  }
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2024-03-01' = {
+  name: '${resourceName}-vm'
+  location: location
+  properties: {
+    additionalCapabilities: {}
+    applicationProfile: {
+      galleryApplications: []
+    }
+    diagnosticsProfile: {
+      bootDiagnostics: {
+        enabled: false
+        storageUri: ''
+      }
+    }
+    extensionsTimeBudget: 'PT1H30M'
+    hardwareProfile: {
+      vmSize: 'Standard_F2'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: true
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminUsername: 'adminuser'
+      allowExtensionOperations: true
+      computerName: 'acctest0001-vm'
+      linuxConfiguration: {
+        disablePasswordAuthentication: true
+        patchSettings: {
+          assessmentMode: 'ImageDefault'
+          patchMode: 'ImageDefault'
+        }
+        provisionVMAgent: true
+        ssh: {
+          publicKeys: [
+            {
+              keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+wWK73dCr+jgQOAxNsHAnNNNMEMWOHYEccp6wJm2gotpr9katuF/ZAdou5AaW1C61slRkHRkpRRX9FA9CYBiitZgvCCz+3nWNN7l/Up54Zps/pHWGZLHNJZRYyAB6j5yVLMVHIHriY49d/GZTZVNB8GoJv9Gakwc/fuEZYYl4YDFiGMBP///TzlI4jhiJzjKnEvqPFki5p2ZRJqcbCiF4pJrxUQR/RXqVFQdbRLZgYfJ8xGB878RENq3yQ39d8dVOkq4edbkzwcUmwwwkYVPIoDGsYLaRHnG+To7FvMeyO7xDVQkMKzopTQV8AuKpyvpqu0a9pWOMaiCyDytO7GGN you@me.com'
+              path: '/home/adminuser/.ssh/authorized_keys'
+            }
+          ]
+        }
+      }
+      secrets: []
+    }
+    priority: 'Regular'
+    storageProfile: {
+      dataDisks: []
+      imageReference: {
+        offer: '0001-com-ubuntu-server-jammy'
+        publisher: 'Canonical'
+        sku: '22_04-lts'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'FromImage'
+        managedDisk: {
+          storageAccountType: 'Standard_LRS'
+        }
+        osType: 'Linux'
+        writeAcceleratorEnabled: false
+      }
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
+  name: '${resourceName}-vnet'
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    privateEndpointVNetPolicies: 'Disabled'
+    subnets: []
+  }
+}
+
+resource restorePoint 'Microsoft.Compute/restorePointCollections/restorePoints@2024-03-01' = {
+  parent: restorePointCollection
+  name: '${resourceName}-rp'
+  properties: {}
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
+  parent: virtualNetwork
+  name: '${resourceName}-subnet'
+  properties: {
+    addressPrefix: '10.0.0.0/24'
+    defaultOutboundAccess: true
+    delegations: []
+    privateEndpointNetworkPolicies: 'Disabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/snapshots/main.bicep b/settings/remarks/microsoft.compute/samples/snapshots/main.bicep
new file mode 100644
index 00000000..a79e0b2c
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/snapshots/main.bicep
@@ -0,0 +1,38 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource disk 'Microsoft.Compute/disks@2023-04-02' = {
+  name: '${resourceName}disk'
+  location: location
+  properties: {
+    creationData: {
+      createOption: 'Empty'
+      performancePlus: false
+    }
+    diskSizeGB: 10
+    encryption: {
+      type: 'EncryptionAtRestWithPlatformKey'
+    }
+    networkAccessPolicy: 'AllowAll'
+    optimizedForFrequentAttach: false
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource snapshot 'Microsoft.Compute/snapshots@2022-03-02' = {
+  name: '${resourceName}snapshot'
+  location: location
+  properties: {
+    creationData: {
+      createOption: 'Copy'
+      sourceUri: disk.id
+    }
+    diskSizeGB: 20
+    incremental: false
+    networkAccessPolicy: 'AllowAll'
+    publicNetworkAccess: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/sshpublickeys/main.bicep b/settings/remarks/microsoft.compute/samples/sshpublickeys/main.bicep
new file mode 100644
index 00000000..b4259318
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/sshpublickeys/main.bicep
@@ -0,0 +1,13 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource sshPublicKey 'Microsoft.Compute/sshPublicKeys@2021-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicKey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+wWK73dCr+jgQOAxNsHAnNNNMEMWOHYEccp6wJm2gotpr9katuF/ZAdou5AaW1C61slRkHRkpRRX9FA9CYBiitZgvCCz+3nWNN7l/Up54Zps/pHWGZLHNJZRYyAB6j5yVLMVHIHriY49d/GZTZVNB8GoJv9Gakwc/fuEZYYl4YDFiGMBP///TzlI4jhiJzjKnEvqPFki5p2ZRJqcbCiF4pJrxUQR/RXqVFQdbRLZgYfJ8xGB878RENq3yQ39d8dVOkq4edbkzwcUmwwwkYVPIoDGsYLaRHnG+To7FvMeyO7xDVQkMKzopTQV8AuKpyvpqu0a9pWOMaiCyDytO7GGN you@me.com'
+  }
+  tags: {
+    'test-tag': 'test-value-230630032848837073'
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/virtualmachines/attachdatadisk/main.bicep b/settings/remarks/microsoft.compute/samples/virtualmachines/attachdatadisk/main.bicep
new file mode 100644
index 00000000..f176ad72
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/virtualmachines/attachdatadisk/main.bicep
@@ -0,0 +1,145 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator username for the virtual machine')
+param adminUsername string
+@secure()
+@description('The administrator password for the virtual machine')
+param adminPassword string
+
+var attachedDataDiskName = 'myattacheddatadisk1'
+var osDiskName = 'myosdisk1'
+var dataDiskName = 'mydatadisk1'
+
+resource attachedDisk 'Microsoft.Compute/disks@2022-03-02' = {
+  name: attachedDataDiskName
+  location: location
+  properties: {
+    creationData: {
+      createOption: 'Empty'
+    }
+    diskSizeGB: 1
+    encryption: {
+      type: 'EncryptionAtRestWithPlatformKey'
+    }
+    networkAccessPolicy: 'AllowAll'
+    osType: 'Linux'
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'testconfiguration1'
+        properties: {
+          primary: true
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    hardwareProfile: {
+      vmSize: 'Standard_F2'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: false
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminPassword: adminPassword
+      adminUsername: adminUsername
+      computerName: 'hostname230630032848831819'
+      linuxConfiguration: {
+        disablePasswordAuthentication: false
+      }
+    }
+    storageProfile: {
+      imageReference: {
+        offer: 'UbuntuServer'
+        publisher: 'Canonical'
+        sku: '16.04-LTS'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'FromImage'
+        name: osDiskName
+        writeAcceleratorEnabled: false
+      }
+      dataDisks: [
+        {
+          caching: 'ReadWrite'
+          createOption: 'Empty'
+          name: dataDiskName
+          diskSizeGB: 1
+          lun: 1
+          managedDisk: {
+            storageAccountType: 'Standard_LRS'
+          }
+        }
+        {
+          caching: 'ReadWrite'
+          createOption: 'Attach'
+          name: attachedDisk.name
+          lun: 2
+          managedDisk: {
+            id: attachedDisk.id
+          }
+        }
+      ]
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/virtualmachines/attachosdisk/main.bicep b/settings/remarks/microsoft.compute/samples/virtualmachines/attachosdisk/main.bicep
new file mode 100644
index 00000000..f066b25c
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/virtualmachines/attachosdisk/main.bicep
@@ -0,0 +1,216 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator username for the virtual machine')
+param adminUsername string
+@secure()
+@description('The administrator password for the virtual machine')
+param adminPassword string
+param attachedResourceName string = 'acctest0002'
+
+var osDiskName = 'myosdisk1'
+var attachedOsDiskName = 'myosdisk2'
+
+resource managedDisk 'Microsoft.Compute/disks@2023-10-02' existing = {
+  name: osDiskName
+}
+
+resource attachedManagedDisk 'Microsoft.Compute/disks@2023-10-02' = {
+  name: attachedOsDiskName
+  location: location
+  properties: {
+    creationData: {
+      createOption: 'Copy'
+      sourceResourceId: snapshot.id
+    }
+    diskSizeGB: 30
+    encryption: {
+      type: 'EncryptionAtRestWithPlatformKey'
+    }
+    hyperVGeneration: 'V1'
+    networkAccessPolicy: 'AllowAll'
+    osType: 'Linux'
+    publicNetworkAccess: 'Enabled'
+    supportedCapabilities: {
+      architecture: 'x64'
+    }
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+  zones: [
+    '1'
+  ]
+}
+
+resource attachedNetworkInterface 'Microsoft.Network/networkInterfaces@2022-07-01' = {
+  name: attachedResourceName
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'testconfiguration2'
+        properties: {
+          primary: true
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource attachedVirtualMachine 'Microsoft.Compute/virtualMachines@2023-03-01' = {
+  name: attachedResourceName
+  location: location
+  properties: {
+    hardwareProfile: {
+      vmSize: 'Standard_F2'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: attachedNetworkInterface.id
+          properties: {
+            primary: false
+          }
+        }
+      ]
+    }
+    storageProfile: {
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'Attach'
+        name: attachedOsDiskName
+        osType: 'Linux'
+        writeAcceleratorEnabled: false
+        managedDisk: {
+          id: attachedManagedDisk.id
+        }
+      }
+    }
+  }
+}
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'testconfiguration1'
+        properties: {
+          primary: true
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource snapshot 'Microsoft.Compute/snapshots@2023-10-02' = {
+  name: resourceName
+  location: location
+  properties: {
+    creationData: {
+      createOption: 'Copy'
+      sourceResourceId: managedDisk.id
+    }
+    diskSizeGB: 30
+    encryption: {
+      type: 'EncryptionAtRestWithPlatformKey'
+    }
+    hyperVGeneration: 'V1'
+    incremental: true
+    networkAccessPolicy: 'AllowAll'
+    osType: 'Linux'
+    publicNetworkAccess: 'Enabled'
+    supportedCapabilities: {
+      architecture: 'x64'
+    }
+  }
+  sku: {
+    name: 'Standard_ZRS'
+  }
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    hardwareProfile: {
+      vmSize: 'Standard_F2'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: false
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminPassword: adminPassword
+      adminUsername: adminUsername
+      computerName: 'hostname230630032848831819'
+      linuxConfiguration: {
+        disablePasswordAuthentication: false
+      }
+    }
+    storageProfile: {
+      imageReference: {
+        offer: 'UbuntuServer'
+        publisher: 'Canonical'
+        sku: '16.04-LTS'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'FromImage'
+        name: osDiskName
+        writeAcceleratorEnabled: false
+      }
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/virtualmachines/basic/main.bicep b/settings/remarks/microsoft.compute/samples/virtualmachines/basic/main.bicep
new file mode 100644
index 00000000..93a31595
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/virtualmachines/basic/main.bicep
@@ -0,0 +1,100 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator username for the virtual machine')
+param adminUsername string
+@secure()
+@description('The administrator password for the virtual machine')
+param adminPassword string
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'testconfiguration1'
+        properties: {
+          primary: true
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    hardwareProfile: {
+      vmSize: 'Standard_F2'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: false
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminPassword: null
+      adminUsername: null
+      computerName: 'hostname230630032848831819'
+      linuxConfiguration: {
+        disablePasswordAuthentication: false
+      }
+    }
+    storageProfile: {
+      imageReference: {
+        offer: 'UbuntuServer'
+        publisher: 'Canonical'
+        sku: '16.04-LTS'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'FromImage'
+        name: 'myosdisk1'
+        writeAcceleratorEnabled: false
+      }
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/virtualmachines/extensions/main.bicep b/settings/remarks/microsoft.compute/samples/virtualmachines/extensions/main.bicep
new file mode 100644
index 00000000..1092716f
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/virtualmachines/extensions/main.bicep
@@ -0,0 +1,118 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the virtual machine')
+param vmAdminPassword string
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'testconfiguration1'
+        properties: {
+          primary: true
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    hardwareProfile: {
+      vmSize: 'Standard_F2'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: false
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminPassword: null
+      adminUsername: 'testadmin'
+      computerName: 'hostname230630032848831819'
+      linuxConfiguration: {
+        disablePasswordAuthentication: false
+      }
+    }
+    storageProfile: {
+      imageReference: {
+        offer: 'UbuntuServer'
+        publisher: 'Canonical'
+        sku: '16.04-LTS'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'FromImage'
+        name: 'myosdisk1'
+        writeAcceleratorEnabled: false
+      }
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource extension 'Microsoft.Compute/virtualMachines/extensions@2023-03-01' = {
+  parent: virtualMachine
+  name: resourceName
+  location: location
+  properties: {
+    autoUpgradeMinorVersion: false
+    enableAutomaticUpgrade: false
+    publisher: 'Microsoft.Azure.Extensions'
+    settings: {
+      commandToExecute: 'hostname'
+    }
+    suppressFailures: false
+    type: 'CustomScript'
+    typeHandlerVersion: '2.0'
+  }
+  tags: {
+    environment: 'Production'
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/virtualmachines/runcommands/main.bicep b/settings/remarks/microsoft.compute/samples/virtualmachines/runcommands/main.bicep
new file mode 100644
index 00000000..7a26f542
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/virtualmachines/runcommands/main.bicep
@@ -0,0 +1,151 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+@secure()
+@description('The administrator password for the virtual machine')
+param adminPassword string
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2024-05-01' = {
+  name: '${resourceName}-nic'
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'internal'
+        properties: {
+          primary: false
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: '${resourceName}-uai'
+  location: location
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2024-03-01' = {
+  name: '${resourceName}-vm'
+  location: location
+  properties: {
+    additionalCapabilities: {}
+    applicationProfile: {
+      galleryApplications: []
+    }
+    diagnosticsProfile: {
+      bootDiagnostics: {
+        enabled: false
+        storageUri: ''
+      }
+    }
+    extensionsTimeBudget: 'PT1H30M'
+    hardwareProfile: {
+      vmSize: 'Standard_B2s'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: true
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminPassword: null
+      adminUsername: 'adminuser'
+      allowExtensionOperations: true
+      computerName: 'acctest0001-vm'
+      linuxConfiguration: {
+        disablePasswordAuthentication: false
+        patchSettings: {
+          assessmentMode: 'ImageDefault'
+          patchMode: 'ImageDefault'
+        }
+        provisionVMAgent: true
+        ssh: {
+          publicKeys: []
+        }
+      }
+      secrets: []
+    }
+    priority: 'Regular'
+    storageProfile: {
+      dataDisks: []
+      imageReference: {
+        offer: '0001-com-ubuntu-server-jammy'
+        publisher: 'Canonical'
+        sku: '22_04-lts'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'FromImage'
+        managedDisk: {
+          storageAccountType: 'Premium_LRS'
+        }
+        osType: 'Linux'
+        writeAcceleratorEnabled: false
+      }
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
+  name: '${resourceName}-vnet'
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    privateEndpointVNetPolicies: 'Disabled'
+    subnets: []
+  }
+}
+
+resource runCommand 'Microsoft.Compute/virtualMachines/runCommands@2023-03-01' = {
+  parent: virtualMachine
+  name: '${resourceName}-runcommand'
+  location: location
+  properties: {
+    asyncExecution: false
+    errorBlobUri: ''
+    outputBlobUri: ''
+    parameters: []
+    protectedParameters: []
+    runAsPassword: ''
+    runAsUser: ''
+    source: {
+      script: 'echo \'hello world\''
+    }
+    timeoutInSeconds: 1200
+    treatFailureAsDeploymentFailure: true
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
+  parent: virtualNetwork
+  name: 'internal'
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    defaultOutboundAccess: true
+    delegations: []
+    privateEndpointNetworkPolicies: 'Disabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/virtualmachinescalesets/extensions/main.bicep b/settings/remarks/microsoft.compute/samples/virtualmachinescalesets/extensions/main.bicep
new file mode 100644
index 00000000..7fd25e57
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/virtualmachinescalesets/extensions/main.bicep
@@ -0,0 +1,152 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource virtualMachineScaleSet 'Microsoft.Compute/virtualMachineScaleSets@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    additionalCapabilities: {}
+    doNotRunExtensionsOnOverprovisionedVMs: false
+    orchestrationMode: 'Uniform'
+    overprovision: true
+    scaleInPolicy: {
+      forceDeletion: false
+      rules: [
+        'Default'
+      ]
+    }
+    singlePlacementGroup: true
+    upgradePolicy: {
+      mode: 'Manual'
+    }
+    virtualMachineProfile: {
+      diagnosticsProfile: {
+        bootDiagnostics: {
+          enabled: false
+          storageUri: ''
+        }
+      }
+      extensionProfile: {
+        extensionsTimeBudget: 'PT1H30M'
+      }
+      networkProfile: {
+        networkInterfaceConfigurations: [
+          {
+            name: 'example'
+            properties: {
+              dnsSettings: {
+                dnsServers: []
+              }
+              enableAcceleratedNetworking: false
+              enableIPForwarding: false
+              ipConfigurations: [
+                {
+                  name: 'internal'
+                  properties: {
+                    applicationGatewayBackendAddressPools: []
+                    applicationSecurityGroups: []
+                    loadBalancerBackendAddressPools: []
+                    loadBalancerInboundNatPools: []
+                    primary: true
+                    privateIPAddressVersion: 'IPv4'
+                    subnet: {
+                      id: subnet.id
+                    }
+                  }
+                }
+              ]
+              primary: true
+            }
+          }
+        ]
+      }
+      osProfile: {
+        adminUsername: 'adminuser'
+        computerNamePrefix: 'acctest0001'
+        linuxConfiguration: {
+          disablePasswordAuthentication: true
+          provisionVMAgent: true
+          ssh: {
+            publicKeys: [
+              {
+                keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+wWK73dCr+jgQOAxNsHAnNNNMEMWOHYEccp6wJm2gotpr9katuF/ZAdou5AaW1C61slRkHRkpRRX9FA9CYBiitZgvCCz+3nWNN7l/Up54Zps/pHWGZLHNJZRYyAB6j5yVLMVHIHriY49d/GZTZVNB8GoJv9Gakwc/fuEZYYl4YDFiGMBP///TzlI4jhiJzjKnEvqPFki5p2ZRJqcbCiF4pJrxUQR/RXqVFQdbRLZgYfJ8xGB878RENq3yQ39d8dVOkq4edbkzwcUmwwwkYVPIoDGsYLaRHnG+To7FvMeyO7xDVQkMKzopTQV8AuKpyvpqu0a9pWOMaiCyDytO7GGN you@me.com'
+                path: '/home/adminuser/.ssh/authorized_keys'
+              }
+            ]
+          }
+        }
+        secrets: []
+      }
+      priority: 'Regular'
+      storageProfile: {
+        dataDisks: []
+        imageReference: {
+          offer: 'UbuntuServer'
+          publisher: 'Canonical'
+          sku: '16.04-LTS'
+          version: 'latest'
+        }
+        osDisk: {
+          caching: 'ReadWrite'
+          createOption: 'FromImage'
+          managedDisk: {
+            storageAccountType: 'Standard_LRS'
+          }
+          osType: 'Linux'
+          writeAcceleratorEnabled: false
+        }
+      }
+    }
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard_F2'
+    tier: 'Standard'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource extension 'Microsoft.Compute/virtualMachineScaleSets/extensions@2023-03-01' = {
+  parent: virtualMachineScaleSet
+  name: resourceName
+  properties: {
+    autoUpgradeMinorVersion: true
+    enableAutomaticUpgrade: false
+    provisionAfterExtensions: []
+    publisher: 'Microsoft.Azure.Extensions'
+    settings: {
+      commandToExecute: 'echo $HOSTNAME'
+    }
+    suppressFailures: false
+    type: 'CustomScript'
+    typeHandlerVersion: '2.0'
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'internal'
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.compute/samples/virtualmachinescalesets/main.bicep b/settings/remarks/microsoft.compute/samples/virtualmachinescalesets/main.bicep
new file mode 100644
index 00000000..149cea35
--- /dev/null
+++ b/settings/remarks/microsoft.compute/samples/virtualmachinescalesets/main.bicep
@@ -0,0 +1,135 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource virtualMachineScaleSet 'Microsoft.Compute/virtualMachineScaleSets@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    additionalCapabilities: {}
+    doNotRunExtensionsOnOverprovisionedVMs: false
+    orchestrationMode: 'Uniform'
+    overprovision: true
+    scaleInPolicy: {
+      forceDeletion: false
+      rules: [
+        'Default'
+      ]
+    }
+    singlePlacementGroup: true
+    upgradePolicy: {
+      mode: 'Manual'
+    }
+    virtualMachineProfile: {
+      diagnosticsProfile: {
+        bootDiagnostics: {
+          enabled: false
+          storageUri: ''
+        }
+      }
+      extensionProfile: {
+        extensionsTimeBudget: 'PT1H30M'
+      }
+      networkProfile: {
+        networkInterfaceConfigurations: [
+          {
+            name: 'example'
+            properties: {
+              dnsSettings: {
+                dnsServers: []
+              }
+              enableAcceleratedNetworking: false
+              enableIPForwarding: false
+              ipConfigurations: [
+                {
+                  name: 'internal'
+                  properties: {
+                    applicationGatewayBackendAddressPools: []
+                    applicationSecurityGroups: []
+                    loadBalancerBackendAddressPools: []
+                    loadBalancerInboundNatPools: []
+                    primary: true
+                    privateIPAddressVersion: 'IPv4'
+                    subnet: {
+                      id: subnet.id
+                    }
+                  }
+                }
+              ]
+              primary: true
+            }
+          }
+        ]
+      }
+      osProfile: {
+        adminUsername: 'adminuser'
+        computerNamePrefix: 'acctest0001'
+        linuxConfiguration: {
+          disablePasswordAuthentication: true
+          provisionVMAgent: true
+          ssh: {
+            publicKeys: [
+              {
+                keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+wWK73dCr+jgQOAxNsHAnNNNMEMWOHYEccp6wJm2gotpr9katuF/ZAdou5AaW1C61slRkHRkpRRX9FA9CYBiitZgvCCz+3nWNN7l/Up54Zps/pHWGZLHNJZRYyAB6j5yVLMVHIHriY49d/GZTZVNB8GoJv9Gakwc/fuEZYYl4YDFiGMBP///TzlI4jhiJzjKnEvqPFki5p2ZRJqcbCiF4pJrxUQR/RXqVFQdbRLZgYfJ8xGB878RENq3yQ39d8dVOkq4edbkzwcUmwwwkYVPIoDGsYLaRHnG+To7FvMeyO7xDVQkMKzopTQV8AuKpyvpqu0a9pWOMaiCyDytO7GGN you@me.com'
+                path: '/home/adminuser/.ssh/authorized_keys'
+              }
+            ]
+          }
+        }
+        secrets: []
+      }
+      priority: 'Regular'
+      storageProfile: {
+        dataDisks: []
+        imageReference: {
+          offer: 'UbuntuServer'
+          publisher: 'Canonical'
+          sku: '16.04-LTS'
+          version: 'latest'
+        }
+        osDisk: {
+          caching: 'ReadWrite'
+          createOption: 'FromImage'
+          managedDisk: {
+            storageAccountType: 'Standard_LRS'
+          }
+          osType: 'Linux'
+          writeAcceleratorEnabled: false
+        }
+      }
+    }
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard_F2'
+    tier: 'Standard'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'internal'
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.confidentialledger/remarks.json b/settings/remarks/microsoft.confidentialledger/remarks.json
index ac498dbe..925728fc 100644
--- a/settings/remarks/microsoft.confidentialledger/remarks.json
+++ b/settings/remarks/microsoft.confidentialledger/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/ledgers/main.tf",
       "Description": "A basic example of deploying Confidential Ledger."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.ConfidentialLedger/ledgers",
+      "Path": "samples/ledgers/main.bicep",
+      "Description": "A basic example of deploying Confidential Ledger."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.confidentialledger/samples/ledgers/main.bicep b/settings/remarks/microsoft.confidentialledger/samples/ledgers/main.bicep
new file mode 100644
index 00000000..248c723d
--- /dev/null
+++ b/settings/remarks/microsoft.confidentialledger/samples/ledgers/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The PEM-encoded certificate for the confidential ledger administrator')
+param ledgerCertificate string
+
+resource ledger 'Microsoft.ConfidentialLedger/ledgers@2022-05-13' = {
+  name: resourceName
+  location: location
+  properties: {
+    aadBasedSecurityPrincipals: [
+      {
+        ledgerRoleName: 'Administrator'
+        principalId: deployer().objectId
+        tenantId: deployer().tenantId
+      }
+    ]
+    certBasedSecurityPrincipals: [
+      {
+        cert: null
+        ledgerRoleName: 'Administrator'
+      }
+    ]
+    ledgerType: 'Private'
+  }
+}
diff --git a/settings/remarks/microsoft.consumption/remarks.json b/settings/remarks/microsoft.consumption/remarks.json
index 3a2ba343..1f6698c8 100644
--- a/settings/remarks/microsoft.consumption/remarks.json
+++ b/settings/remarks/microsoft.consumption/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/budgets/main.tf",
       "Description": "A basic example of deploying Consumption Budget."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Consumption/budgets",
+      "Path": "samples/budgets/main.bicep",
+      "Description": "A basic example of deploying Consumption Budget."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.consumption/samples/budgets/main.bicep b/settings/remarks/microsoft.consumption/samples/budgets/main.bicep
new file mode 100644
index 00000000..d8ab99ee
--- /dev/null
+++ b/settings/remarks/microsoft.consumption/samples/budgets/main.bicep
@@ -0,0 +1,36 @@
+param resourceName string = 'acctest0001'
+
+resource budget 'Microsoft.Consumption/budgets@2019-10-01' = {
+  name: resourceName
+  properties: {
+    amount: 1000
+    category: 'Cost'
+    filter: {
+      tags: {
+        name: 'foo'
+        operator: 'In'
+        values: [
+          'bar'
+        ]
+      }
+    }
+    notifications: {
+      'Actual_EqualTo_90.000000_Percent': {
+        contactEmails: [
+          'foo@example.com'
+          'bar@example.com'
+        ]
+        contactGroups: []
+        contactRoles: []
+        enabled: true
+        operator: 'EqualTo'
+        threshold: 90
+        thresholdType: 'Actual'
+      }
+    }
+    timeGrain: 'Monthly'
+    timePeriod: {
+      startDate: '2025-08-01T00:00:00Z'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.containerinstance/remarks.json b/settings/remarks/microsoft.containerinstance/remarks.json
index dfe3fabb..f67c27b0 100644
--- a/settings/remarks/microsoft.containerinstance/remarks.json
+++ b/settings/remarks/microsoft.containerinstance/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/containergroups/main.tf",
       "Description": "A basic example of deploying Azure Container Group instance."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.ContainerInstance/containerGroups",
+      "Path": "samples/containergroups/main.bicep",
+      "Description": "A basic example of deploying Azure Container Group instance."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.containerinstance/samples/containergroups/main.bicep b/settings/remarks/microsoft.containerinstance/samples/containergroups/main.bicep
new file mode 100644
index 00000000..cd16892d
--- /dev/null
+++ b/settings/remarks/microsoft.containerinstance/samples/containergroups/main.bicep
@@ -0,0 +1,49 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource containerGroup 'Microsoft.ContainerInstance/containerGroups@2023-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    containers: [
+      {
+        name: 'hw'
+        properties: {
+          command: []
+          environmentVariables: []
+          image: 'ubuntu:20.04'
+          ports: [
+            {
+              port: 80
+              protocol: 'TCP'
+            }
+          ]
+          resources: {
+            requests: {
+              cpu: any('0.5')
+              memoryInGB: any('0.5')
+            }
+          }
+        }
+      }
+    ]
+    initContainers: []
+    ipAddress: {
+      autoGeneratedDomainNameLabelScope: 'Unsecure'
+      ports: [
+        {
+          port: 80
+          protocol: 'TCP'
+        }
+      ]
+      type: 'Public'
+    }
+    osType: 'Linux'
+    restartPolicy: 'Always'
+    volumes: []
+  }
+  tags: {
+    environment: 'Testing'
+  }
+  zones: []
+}
diff --git a/settings/remarks/microsoft.containerregistry/remarks.json b/settings/remarks/microsoft.containerregistry/remarks.json
index 1f30451c..e908251c 100644
--- a/settings/remarks/microsoft.containerregistry/remarks.json
+++ b/settings/remarks/microsoft.containerregistry/remarks.json
@@ -51,5 +51,57 @@
       "Path": "samples/registries/webhooks/main.tf",
       "Description": "A basic example of deploying Azure Container Registry Webhook."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.ContainerRegistry/registries",
+      "Path": "samples/registries/main.bicep",
+      "Description": "A basic example of deploying Azure Container Registry."
+    },
+    {
+      "ResourceType": "Microsoft.ContainerRegistry/registries/agentPools",
+      "Path": "samples/registries/agentpools/main.bicep",
+      "Description": "A basic example of deploying Azure Container Registry Agent Pool."
+    },
+    {
+      "ResourceType": "Microsoft.ContainerRegistry/registries/cacheRules",
+      "Path": "samples/registries/cacherules/main.bicep",
+      "Description": "A basic example of deploying Azure Container Registry Cache Rule."
+    },
+    {
+      "ResourceType": "Microsoft.ContainerRegistry/registries/connectedRegistries",
+      "Path": "samples/registries/connectedregistries/main.bicep",
+      "Description": "A basic example of deploying Container Connected Registry."
+    },
+    {
+      "ResourceType": "Microsoft.ContainerRegistry/registries/credentialSets",
+      "Path": "samples/registries/credentialsets/main.bicep",
+      "Description": "A basic example of deploying Container Registry Credential Set."
+    },
+    {
+      "ResourceType": "Microsoft.ContainerRegistry/registries/scopeMaps",
+      "Path": "samples/registries/scopemaps/main.bicep",
+      "Description": "A basic example of deploying Azure Container Registry scope map."
+    },
+    {
+      "ResourceType": "Microsoft.ContainerRegistry/registries/taskRuns",
+      "Path": "samples/registries/taskruns/main.bicep",
+      "Description": "A basic example of deploying Container Registry Task Runs."
+    },
+    {
+      "ResourceType": "Microsoft.ContainerRegistry/registries/tasks",
+      "Path": "samples/registries/tasks/main.bicep",
+      "Description": "A basic example of deploying Container Registry Task."
+    },
+    {
+      "ResourceType": "Microsoft.ContainerRegistry/registries/tokens",
+      "Path": "samples/registries/tokens/main.bicep",
+      "Description": "A basic example of deploying Azure Container Registry token."
+    },
+    {
+      "ResourceType": "Microsoft.ContainerRegistry/registries/webHooks",
+      "Path": "samples/registries/webhooks/main.bicep",
+      "Description": "A basic example of deploying Azure Container Registry Webhook."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.containerregistry/samples/registries/agentpools/main.bicep b/settings/remarks/microsoft.containerregistry/samples/registries/agentpools/main.bicep
new file mode 100644
index 00000000..d5cfa193
--- /dev/null
+++ b/settings/remarks/microsoft.containerregistry/samples/registries/agentpools/main.bicep
@@ -0,0 +1,47 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource registry 'Microsoft.ContainerRegistry/registries@2021-08-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    adminUserEnabled: false
+    anonymousPullEnabled: false
+    dataEndpointEnabled: false
+    encryption: {
+      status: 'disabled'
+    }
+    networkRuleBypassOptions: 'AzureServices'
+    policies: {
+      exportPolicy: {
+        status: 'enabled'
+      }
+      quarantinePolicy: {
+        status: 'disabled'
+      }
+      retentionPolicy: {
+        status: 'disabled'
+      }
+      trustPolicy: {
+        status: 'disabled'
+      }
+    }
+    publicNetworkAccess: 'Enabled'
+    zoneRedundancy: 'Disabled'
+  }
+  sku: {
+    name: 'Premium'
+    tier: 'Premium'
+  }
+}
+
+resource agentPool 'Microsoft.ContainerRegistry/registries/agentPools@2019-06-01-preview' = {
+  parent: registry
+  name: resourceName
+  location: location
+  properties: {
+    count: 1
+    os: 'Linux'
+    tier: 'S1'
+  }
+}
diff --git a/settings/remarks/microsoft.containerregistry/samples/registries/cacherules/main.bicep b/settings/remarks/microsoft.containerregistry/samples/registries/cacherules/main.bicep
new file mode 100644
index 00000000..a4ecf510
--- /dev/null
+++ b/settings/remarks/microsoft.containerregistry/samples/registries/cacherules/main.bicep
@@ -0,0 +1,37 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource registry 'Microsoft.ContainerRegistry/registries@2023-11-01-preview' = {
+  name: '${resourceName}registry'
+  location: location
+  properties: {
+    adminUserEnabled: false
+    anonymousPullEnabled: false
+    dataEndpointEnabled: false
+    networkRuleBypassOptions: 'AzureServices'
+    policies: {
+      exportPolicy: {
+        status: 'enabled'
+      }
+      quarantinePolicy: {
+        status: 'disabled'
+      }
+      retentionPolicy: {}
+      trustPolicy: {}
+    }
+    publicNetworkAccess: 'Enabled'
+    zoneRedundancy: 'Disabled'
+  }
+  sku: {
+    name: 'Basic'
+  }
+}
+
+resource cacheRule 'Microsoft.ContainerRegistry/registries/cacheRules@2023-07-01' = {
+  parent: registry
+  name: '${resourceName}-cache-rule'
+  properties: {
+    sourceRepository: 'mcr.microsoft.com/hello-world'
+    targetRepository: 'target'
+  }
+}
diff --git a/settings/remarks/microsoft.containerregistry/samples/registries/connectedregistries/main.bicep b/settings/remarks/microsoft.containerregistry/samples/registries/connectedregistries/main.bicep
new file mode 100644
index 00000000..e709e2a0
--- /dev/null
+++ b/settings/remarks/microsoft.containerregistry/samples/registries/connectedregistries/main.bicep
@@ -0,0 +1,77 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource registry 'Microsoft.ContainerRegistry/registries@2023-11-01-preview' = {
+  name: '${resourceName}registry'
+  location: location
+  properties: {
+    adminUserEnabled: false
+    anonymousPullEnabled: false
+    dataEndpointEnabled: true
+    networkRuleBypassOptions: 'AzureServices'
+    policies: {
+      exportPolicy: {
+        status: 'enabled'
+      }
+      quarantinePolicy: {
+        status: 'disabled'
+      }
+      retentionPolicy: {}
+      trustPolicy: {}
+    }
+    publicNetworkAccess: 'Enabled'
+    zoneRedundancy: 'Disabled'
+  }
+  sku: {
+    name: 'Premium'
+  }
+}
+
+resource connectedRegistry 'Microsoft.ContainerRegistry/registries/connectedRegistries@2023-11-01-preview' = {
+  parent: registry
+  name: '${resourceName}connectedregistry'
+  properties: {
+    clientTokenIds: null
+    logging: {
+      auditLogStatus: 'Disabled'
+      logLevel: 'None'
+    }
+    mode: 'ReadWrite'
+    parent: {
+      syncProperties: {
+        messageTtl: 'P1D'
+        schedule: '* * * * *'
+        syncWindow: ''
+        tokenId: token.id
+      }
+    }
+  }
+}
+
+resource scopeMap 'Microsoft.ContainerRegistry/registries/scopeMaps@2023-11-01-preview' = {
+  parent: registry
+  name: '${resourceName}scopemap'
+  properties: {
+    actions: [
+      'repositories/hello-world/content/delete'
+      'repositories/hello-world/content/read'
+      'repositories/hello-world/content/write'
+      'repositories/hello-world/metadata/read'
+      'repositories/hello-world/metadata/write'
+      'gateway/acctest0001connectedregistry/config/read'
+      'gateway/acctest0001connectedregistry/config/write'
+      'gateway/acctest0001connectedregistry/message/read'
+      'gateway/acctest0001connectedregistry/message/write'
+    ]
+    description: ''
+  }
+}
+
+resource token 'Microsoft.ContainerRegistry/registries/tokens@2023-11-01-preview' = {
+  parent: registry
+  name: '${resourceName}token'
+  properties: {
+    scopeMapId: scopeMap.id
+    status: 'enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.containerregistry/samples/registries/credentialsets/main.bicep b/settings/remarks/microsoft.containerregistry/samples/registries/credentialsets/main.bicep
new file mode 100644
index 00000000..83e8da41
--- /dev/null
+++ b/settings/remarks/microsoft.containerregistry/samples/registries/credentialsets/main.bicep
@@ -0,0 +1,102 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+@secure()
+@description('The username for the container registry credential')
+param credentialUsername string = 'testuser'
+@secure()
+@description('The password for the container registry credential')
+param credentialPassword string
+
+resource registry 'Microsoft.ContainerRegistry/registries@2023-11-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    adminUserEnabled: false
+    anonymousPullEnabled: false
+    dataEndpointEnabled: false
+    networkRuleBypassOptions: 'AzureServices'
+    policies: {
+      exportPolicy: {
+        status: 'enabled'
+      }
+      quarantinePolicy: {
+        status: 'disabled'
+      }
+      retentionPolicy: {}
+      trustPolicy: {}
+    }
+    publicNetworkAccess: 'Enabled'
+    zoneRedundancy: 'Disabled'
+  }
+  sku: {
+    name: 'Basic'
+  }
+}
+
+resource vault 'Microsoft.KeyVault/vaults@2023-02-01' = {
+  name: '${resourceName}vault'
+  location: location
+  properties: {
+    accessPolicies: [
+      {
+        objectId: deployer().objectId
+        permissions: {
+          certificates: []
+          keys: []
+          secrets: [
+            'Get'
+            'Set'
+            'Delete'
+            'Purge'
+          ]
+          storage: []
+        }
+        tenantId: deployer().tenantId
+      }
+    ]
+    createMode: 'default'
+    enableRbacAuthorization: false
+    enableSoftDelete: true
+    enabledForDeployment: false
+    enabledForDiskEncryption: false
+    enabledForTemplateDeployment: false
+    publicNetworkAccess: 'Enabled'
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    softDeleteRetentionInDays: 7
+    tenantId: deployer().tenantId
+  }
+}
+
+resource credentialSet 'Microsoft.ContainerRegistry/registries/credentialSets@2023-07-01' = {
+  parent: registry
+  name: '${resourceName}-acr-credential-set'
+  properties: {
+    authCredentials: [
+      {
+        name: 'Credential1'
+        passwordSecretIdentifier: 'https://acctest0001vault.vault.azure.net/secrets/password'
+        usernameSecretIdentifier: 'https://acctest0001vault.vault.azure.net/secrets/username'
+      }
+    ]
+    loginServer: 'docker.io'
+  }
+}
+
+resource passwordSecret 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
+  parent: vault
+  name: 'password'
+  properties: {
+    value: null
+  }
+}
+
+resource usernameSecret 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
+  parent: vault
+  name: 'username'
+  properties: {
+    value: 'testuser'
+  }
+}
diff --git a/settings/remarks/microsoft.containerregistry/samples/registries/main.bicep b/settings/remarks/microsoft.containerregistry/samples/registries/main.bicep
new file mode 100644
index 00000000..b9e3386c
--- /dev/null
+++ b/settings/remarks/microsoft.containerregistry/samples/registries/main.bicep
@@ -0,0 +1,36 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource registry 'Microsoft.ContainerRegistry/registries@2021-08-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    adminUserEnabled: false
+    anonymousPullEnabled: false
+    dataEndpointEnabled: false
+    encryption: {
+      status: 'disabled'
+    }
+    networkRuleBypassOptions: 'AzureServices'
+    policies: {
+      exportPolicy: {
+        status: 'enabled'
+      }
+      quarantinePolicy: {
+        status: 'disabled'
+      }
+      retentionPolicy: {
+        status: 'disabled'
+      }
+      trustPolicy: {
+        status: 'disabled'
+      }
+    }
+    publicNetworkAccess: 'Enabled'
+    zoneRedundancy: 'Disabled'
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
diff --git a/settings/remarks/microsoft.containerregistry/samples/registries/scopemaps/main.bicep b/settings/remarks/microsoft.containerregistry/samples/registries/scopemaps/main.bicep
new file mode 100644
index 00000000..b40cc76a
--- /dev/null
+++ b/settings/remarks/microsoft.containerregistry/samples/registries/scopemaps/main.bicep
@@ -0,0 +1,47 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource registry 'Microsoft.ContainerRegistry/registries@2021-08-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    adminUserEnabled: false
+    anonymousPullEnabled: false
+    dataEndpointEnabled: false
+    encryption: {
+      status: 'disabled'
+    }
+    networkRuleBypassOptions: 'AzureServices'
+    policies: {
+      exportPolicy: {
+        status: 'enabled'
+      }
+      quarantinePolicy: {
+        status: 'disabled'
+      }
+      retentionPolicy: {
+        status: 'disabled'
+      }
+      trustPolicy: {
+        status: 'disabled'
+      }
+    }
+    publicNetworkAccess: 'Enabled'
+    zoneRedundancy: 'Disabled'
+  }
+  sku: {
+    name: 'Premium'
+    tier: 'Premium'
+  }
+}
+
+resource scopeMap 'Microsoft.ContainerRegistry/registries/scopeMaps@2021-08-01-preview' = {
+  parent: registry
+  name: resourceName
+  properties: {
+    actions: [
+      'repositories/testrepo/content/read'
+    ]
+    description: ''
+  }
+}
diff --git a/settings/remarks/microsoft.containerregistry/samples/registries/taskruns/main.bicep b/settings/remarks/microsoft.containerregistry/samples/registries/taskruns/main.bicep
new file mode 100644
index 00000000..0789863e
--- /dev/null
+++ b/settings/remarks/microsoft.containerregistry/samples/registries/taskruns/main.bicep
@@ -0,0 +1,56 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource registry 'Microsoft.ContainerRegistry/registries@2021-08-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    adminUserEnabled: false
+    anonymousPullEnabled: false
+    dataEndpointEnabled: false
+    encryption: {
+      status: 'disabled'
+    }
+    networkRuleBypassOptions: 'AzureServices'
+    policies: {
+      exportPolicy: {
+        status: 'enabled'
+      }
+      quarantinePolicy: {
+        status: 'disabled'
+      }
+      retentionPolicy: {
+        status: 'disabled'
+      }
+      trustPolicy: {
+        status: 'disabled'
+      }
+    }
+    publicNetworkAccess: 'Enabled'
+    zoneRedundancy: 'Disabled'
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource taskRun 'Microsoft.ContainerRegistry/registries/taskRuns@2019-06-01-preview' = {
+  parent: registry
+  name: resourceName
+  location: location
+  properties: {
+    runRequest: {
+      dockerFilePath: 'Dockerfile'
+      imageNames: [
+        'helloworld:{{.Run.ID}}'
+        'helloworld:latest'
+      ]
+      platform: {
+        os: 'Linux'
+      }
+      sourceLocation: 'https://github.com/Azure-Samples/aci-helloworld.git#master'
+      type: 'DockerBuildRequest'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.containerregistry/samples/registries/tasks/main.bicep b/settings/remarks/microsoft.containerregistry/samples/registries/tasks/main.bicep
new file mode 100644
index 00000000..c31bbd8c
--- /dev/null
+++ b/settings/remarks/microsoft.containerregistry/samples/registries/tasks/main.bicep
@@ -0,0 +1,48 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource registry 'Microsoft.ContainerRegistry/registries@2021-08-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    adminUserEnabled: false
+    anonymousPullEnabled: false
+    dataEndpointEnabled: false
+    encryption: {
+      status: 'disabled'
+    }
+    networkRuleBypassOptions: 'AzureServices'
+    policies: {
+      exportPolicy: {
+        status: 'enabled'
+      }
+      quarantinePolicy: {
+        status: 'disabled'
+      }
+      retentionPolicy: {
+        status: 'disabled'
+      }
+      trustPolicy: {
+        status: 'disabled'
+      }
+    }
+    publicNetworkAccess: 'Enabled'
+    zoneRedundancy: 'Disabled'
+  }
+  sku: {
+    name: 'Basic'
+    tier: 'Basic'
+  }
+}
+
+resource task 'Microsoft.ContainerRegistry/registries/tasks@2019-06-01-preview' = {
+  parent: registry
+  name: resourceName
+  location: location
+  properties: {
+    isSystemTask: true
+    status: 'Enabled'
+    step: null
+    timeout: 3600
+  }
+}
diff --git a/settings/remarks/microsoft.containerregistry/samples/registries/tokens/main.bicep b/settings/remarks/microsoft.containerregistry/samples/registries/tokens/main.bicep
new file mode 100644
index 00000000..b4380ac1
--- /dev/null
+++ b/settings/remarks/microsoft.containerregistry/samples/registries/tokens/main.bicep
@@ -0,0 +1,45 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource registry 'Microsoft.ContainerRegistry/registries@2021-08-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    adminUserEnabled: true
+    anonymousPullEnabled: false
+    dataEndpointEnabled: false
+    encryption: {
+      status: 'disabled'
+    }
+    networkRuleBypassOptions: 'AzureServices'
+    policies: {
+      exportPolicy: {
+        status: 'enabled'
+      }
+      quarantinePolicy: {
+        status: 'disabled'
+      }
+      retentionPolicy: {
+        status: 'disabled'
+      }
+      trustPolicy: {
+        status: 'disabled'
+      }
+    }
+    publicNetworkAccess: 'Enabled'
+    zoneRedundancy: 'Disabled'
+  }
+  sku: {
+    name: 'Premium'
+    tier: 'Premium'
+  }
+}
+
+resource token 'Microsoft.ContainerRegistry/registries/tokens@2021-08-01-preview' = {
+  parent: registry
+  name: resourceName
+  properties: {
+    scopeMapId: resourceId('Microsoft.ContainerRegistry/registries/scopeMaps', registry.name, '_repositories_pull')
+    status: 'enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.containerregistry/samples/registries/webhooks/main.bicep b/settings/remarks/microsoft.containerregistry/samples/registries/webhooks/main.bicep
new file mode 100644
index 00000000..23f95fe2
--- /dev/null
+++ b/settings/remarks/microsoft.containerregistry/samples/registries/webhooks/main.bicep
@@ -0,0 +1,51 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource registry 'Microsoft.ContainerRegistry/registries@2021-08-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    adminUserEnabled: false
+    anonymousPullEnabled: false
+    dataEndpointEnabled: false
+    encryption: {
+      status: 'disabled'
+    }
+    networkRuleBypassOptions: 'AzureServices'
+    policies: {
+      exportPolicy: {
+        status: 'enabled'
+      }
+      quarantinePolicy: {
+        status: 'disabled'
+      }
+      retentionPolicy: {
+        status: 'disabled'
+      }
+      trustPolicy: {
+        status: 'disabled'
+      }
+    }
+    publicNetworkAccess: 'Enabled'
+    zoneRedundancy: 'Disabled'
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource webHook 'Microsoft.ContainerRegistry/registries/webHooks@2021-08-01-preview' = {
+  parent: registry
+  name: resourceName
+  location: location
+  properties: {
+    actions: [
+      'push'
+    ]
+    customHeaders: {}
+    scope: ''
+    serviceUri: 'https://mywebhookreceiver.example/mytag'
+    status: 'enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.containerservice/remarks.json b/settings/remarks/microsoft.containerservice/remarks.json
index d721cd24..5adad9d3 100644
--- a/settings/remarks/microsoft.containerservice/remarks.json
+++ b/settings/remarks/microsoft.containerservice/remarks.json
@@ -34,5 +34,32 @@
       "Path": "samples/managedclusters/trustedaccessrolebindings/main.tf",
       "Description": "A basic example of deploying Kubernetes Cluster Trusted Access Role Binding."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.ContainerService/fleets",
+      "Path": "samples/fleets/main.bicep",
+      "Description": "A basic example of deploying Kubernetes Fleet Manager."
+    },
+    {
+      "ResourceType": "Microsoft.ContainerService/fleets/members",
+      "Path": "samples/fleets/members/main.bicep",
+      "Description": "A basic example of deploying Kubernetes Fleet Member."
+    },
+    {
+      "ResourceType": "Microsoft.ContainerService/managedClusters",
+      "Path": "samples/managedclusters/main.bicep",
+      "Description": "A basic example of deploying managed Kubernetes Cluster (also known as AKS / Azure Kubernetes Service)."
+    },
+    {
+      "ResourceType": "Microsoft.ContainerService/managedClusters/agentPools",
+      "Path": "samples/managedclusters/agentpools/main.bicep",
+      "Description": "A basic example of deploying Node Pool within a Kubernetes Cluster."
+    },
+    {
+      "ResourceType": "Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings",
+      "Path": "samples/managedclusters/trustedaccessrolebindings/main.bicep",
+      "Description": "A basic example of deploying Kubernetes Cluster Trusted Access Role Binding."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.containerservice/samples/fleets/main.bicep b/settings/remarks/microsoft.containerservice/samples/fleets/main.bicep
new file mode 100644
index 00000000..67faef51
--- /dev/null
+++ b/settings/remarks/microsoft.containerservice/samples/fleets/main.bicep
@@ -0,0 +1,8 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource fleet 'Microsoft.ContainerService/fleets@2024-04-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.containerservice/samples/fleets/members/main.bicep b/settings/remarks/microsoft.containerservice/samples/fleets/members/main.bicep
new file mode 100644
index 00000000..627308ea
--- /dev/null
+++ b/settings/remarks/microsoft.containerservice/samples/fleets/members/main.bicep
@@ -0,0 +1,83 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource fleet 'Microsoft.ContainerService/fleets@2024-04-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
+
+resource managedCluster 'Microsoft.ContainerService/managedClusters@2025-02-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addonProfiles: {}
+    agentPoolProfiles: [
+      {
+        count: 1
+        enableAutoScaling: false
+        enableEncryptionAtHost: false
+        enableFIPS: false
+        enableNodePublicIP: false
+        enableUltraSSD: false
+        kubeletDiskType: ''
+        mode: 'System'
+        name: 'default'
+        nodeLabels: {}
+        osDiskType: 'Managed'
+        osType: 'Linux'
+        scaleDownMode: 'Delete'
+        tags: {}
+        type: 'VirtualMachineScaleSets'
+        upgradeSettings: {
+          drainTimeoutInMinutes: 0
+          maxSurge: '10%'
+          nodeSoakDurationInMinutes: 0
+        }
+        vmSize: 'Standard_B2s'
+      }
+    ]
+    apiServerAccessProfile: {
+      disableRunCommand: false
+      enablePrivateCluster: false
+      enablePrivateClusterPublicFQDN: false
+    }
+    autoUpgradeProfile: {
+      nodeOSUpgradeChannel: 'NodeImage'
+      upgradeChannel: 'none'
+    }
+    azureMonitorProfile: {
+      metrics: {
+        enabled: false
+      }
+    }
+    disableLocalAccounts: false
+    dnsPrefix: 'acctest0001'
+    enableRBAC: true
+    kubernetesVersion: ''
+    metricsProfile: {
+      costAnalysis: {
+        enabled: false
+      }
+    }
+    nodeResourceGroup: ''
+    securityProfile: {}
+    servicePrincipalProfile: {
+      clientId: 'msi'
+    }
+    supportPlan: 'KubernetesOfficial'
+  }
+  sku: {
+    name: 'Base'
+    tier: 'Free'
+  }
+}
+
+resource member 'Microsoft.ContainerService/fleets/members@2024-04-01' = {
+  parent: fleet
+  name: resourceName
+  properties: {
+    clusterResourceId: managedCluster.id
+    group: 'default'
+  }
+}
diff --git a/settings/remarks/microsoft.containerservice/samples/managedclusters/agentpools/main.bicep b/settings/remarks/microsoft.containerservice/samples/managedclusters/agentpools/main.bicep
new file mode 100644
index 00000000..c752f464
--- /dev/null
+++ b/settings/remarks/microsoft.containerservice/samples/managedclusters/agentpools/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource managedCluster 'Microsoft.ContainerService/managedClusters@2023-04-02-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    agentPoolProfiles: [
+      {
+        count: 1
+        mode: 'System'
+        name: 'default'
+        vmSize: 'Standard_DS2_v2'
+      }
+    ]
+    dnsPrefix: 'acctest0001'
+  }
+}
+
+resource agentPool 'Microsoft.ContainerService/managedClusters/agentPools@2023-04-02-preview' = {
+  parent: managedCluster
+  name: 'internal'
+  properties: {
+    count: 1
+    mode: 'User'
+    vmSize: 'Standard_DS2_v2'
+  }
+}
diff --git a/settings/remarks/microsoft.containerservice/samples/managedclusters/main.bicep b/settings/remarks/microsoft.containerservice/samples/managedclusters/main.bicep
new file mode 100644
index 00000000..786bb9f1
--- /dev/null
+++ b/settings/remarks/microsoft.containerservice/samples/managedclusters/main.bicep
@@ -0,0 +1,18 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource managedCluster 'Microsoft.ContainerService/managedClusters@2023-04-02-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    agentPoolProfiles: [
+      {
+        count: 1
+        mode: 'System'
+        name: 'default'
+        vmSize: 'Standard_DS2_v2'
+      }
+    ]
+    dnsPrefix: 'acctest0001'
+  }
+}
diff --git a/settings/remarks/microsoft.containerservice/samples/managedclusters/trustedaccessrolebindings/main.bicep b/settings/remarks/microsoft.containerservice/samples/managedclusters/trustedaccessrolebindings/main.bicep
new file mode 100644
index 00000000..25a49290
--- /dev/null
+++ b/settings/remarks/microsoft.containerservice/samples/managedclusters/trustedaccessrolebindings/main.bicep
@@ -0,0 +1,174 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource component 'Microsoft.Insights/components@2020-02-02' = {
+  name: 'ai-${resourceName}'
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    DisableIpMasking: false
+    DisableLocalAuth: false
+    ForceCustomerStorageForProfiler: false
+    RetentionInDays: 90
+    SamplingPercentage: 100
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+  }
+}
+
+resource managedCluster 'Microsoft.ContainerService/managedClusters@2025-02-01' = {
+  name: 'aks-${resourceName}'
+  location: location
+  properties: {
+    addonProfiles: {}
+    agentPoolProfiles: [
+      {
+        count: 1
+        enableAutoScaling: false
+        enableEncryptionAtHost: false
+        enableFIPS: false
+        enableNodePublicIP: false
+        enableUltraSSD: false
+        kubeletDiskType: ''
+        mode: 'System'
+        name: 'default'
+        nodeLabels: {}
+        osDiskType: 'Managed'
+        osType: 'Linux'
+        scaleDownMode: 'Delete'
+        tags: {}
+        type: 'VirtualMachineScaleSets'
+        upgradeSettings: {
+          drainTimeoutInMinutes: 0
+          maxSurge: '10%'
+          nodeSoakDurationInMinutes: 0
+        }
+        vmSize: 'Standard_B2s'
+      }
+    ]
+    apiServerAccessProfile: {
+      disableRunCommand: false
+      enablePrivateCluster: false
+      enablePrivateClusterPublicFQDN: false
+    }
+    autoUpgradeProfile: {
+      nodeOSUpgradeChannel: 'NodeImage'
+      upgradeChannel: 'none'
+    }
+    azureMonitorProfile: {
+      metrics: {
+        enabled: false
+      }
+    }
+    disableLocalAccounts: false
+    dnsPrefix: 'aks-acctest0001'
+    enableRBAC: true
+    kubernetesVersion: ''
+    metricsProfile: {
+      costAnalysis: {
+        enabled: false
+      }
+    }
+    nodeResourceGroup: ''
+    securityProfile: {}
+    servicePrincipalProfile: {
+      clientId: 'msi'
+    }
+    supportPlan: 'KubernetesOfficial'
+  }
+  sku: {
+    name: 'Base'
+    tier: 'Free'
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' = {
+  name: 'st${resourceName}'
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: false
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    dnsEndpointType: 'Standard'
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isLocalUserEnabled: true
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      bypass: 'AzureServices'
+      defaultAction: 'Allow'
+      ipRules: []
+      resourceAccessRules: []
+      virtualNetworkRules: []
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource vault 'Microsoft.KeyVault/vaults@2023-02-01' = {
+  name: 'kv${resourceName}'
+  location: location
+  properties: {
+    accessPolicies: []
+    createMode: 'default'
+    enableRbacAuthorization: false
+    enabledForDeployment: false
+    enabledForDiskEncryption: false
+    enabledForTemplateDeployment: false
+    publicNetworkAccess: 'Enabled'
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    softDeleteRetentionInDays: 7
+    tenantId: deployer().tenantId
+  }
+}
+
+resource workspace 'Microsoft.MachineLearningServices/workspaces@2024-04-01' = {
+  name: 'mlw-${resourceName}'
+  location: location
+  kind: 'Default'
+  properties: {
+    applicationInsights: component.id
+    keyVault: vault.id
+    publicNetworkAccess: 'Enabled'
+    storageAccount: storageAccount.id
+    v1LegacyMode: false
+  }
+  sku: {
+    name: 'Basic'
+    tier: 'Basic'
+  }
+}
+
+resource trustedAccessRoleBinding 'Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings@2025-02-01' = {
+  parent: managedCluster
+  name: 'tarb-${resourceName}'
+  properties: {
+    roles: [
+      'Microsoft.MachineLearningServices/workspaces/mlworkload'
+    ]
+    sourceResourceId: workspace.id
+  }
+}
diff --git a/settings/remarks/microsoft.costmanagement/remarks.json b/settings/remarks/microsoft.costmanagement/remarks.json
index 5b06e19f..d248c4c5 100644
--- a/settings/remarks/microsoft.costmanagement/remarks.json
+++ b/settings/remarks/microsoft.costmanagement/remarks.json
@@ -21,5 +21,17 @@
       "Path": "samples/views/main.tf",
       "Description": "A basic example of deploying Azure Cost Management View."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.CostManagement/scheduledActions",
+      "Path": "samples/scheduledactions/main.bicep",
+      "Description": "A basic example of deploying Azure Cost Management Scheduled Action."
+    },
+    {
+      "ResourceType": "Microsoft.CostManagement/views",
+      "Path": "samples/views/main.bicep",
+      "Description": "A basic example of deploying Azure Cost Management View."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.costmanagement/samples/scheduledactions/main.bicep b/settings/remarks/microsoft.costmanagement/samples/scheduledactions/main.bicep
new file mode 100644
index 00000000..1eb2dc82
--- /dev/null
+++ b/settings/remarks/microsoft.costmanagement/samples/scheduledactions/main.bicep
@@ -0,0 +1,34 @@
+targetScope = 'subscription'
+
+param resourceName string = 'acctest0001'
+
+resource scheduledAction 'Microsoft.CostManagement/scheduledActions@2022-10-01' = {
+  name: resourceName
+  kind: 'Email'
+  properties: {
+    displayName: 'CostByServiceViewerz3k'
+    fileDestination: {
+      fileFormats: []
+    }
+    notification: {
+      message: ''
+      subject: 'Cost Management Report for Terraform Testing on Azure with TTL = 2 Day'
+      to: [
+        'test@test.com'
+        'hashicorp@test.com'
+      ]
+    }
+    notificationEmail: 'test@test.com'
+    schedule: {
+      dayOfMonth: 0
+      daysOfWeek: null
+      endDate: '2023-07-02T00:00:00Z'
+      frequency: 'Daily'
+      hourOfDay: 0
+      startDate: '2023-07-01T00:00:00Z'
+      weeksOfMonth: null
+    }
+    status: 'Enabled'
+    viewId: resourceId('Microsoft.CostManagement/views', 'ms:CostByService')
+  }
+}
diff --git a/settings/remarks/microsoft.costmanagement/samples/views/main.bicep b/settings/remarks/microsoft.costmanagement/samples/views/main.bicep
new file mode 100644
index 00000000..be056d90
--- /dev/null
+++ b/settings/remarks/microsoft.costmanagement/samples/views/main.bicep
@@ -0,0 +1,61 @@
+targetScope = 'subscription'
+
+param resourceName string = 'acctest0001'
+
+resource view 'Microsoft.CostManagement/views@2022-10-01' = {
+  name: resourceName
+  properties: {
+    accumulated: 'False'
+    chart: 'StackedColumn'
+    displayName: 'Test View wgvtl'
+    kpis: [
+      {
+        enabled: true
+        type: 'Forecast'
+      }
+    ]
+    pivots: [
+      {
+        name: 'ServiceName'
+        type: 'Dimension'
+      }
+      {
+        name: 'ResourceLocation'
+        type: 'Dimension'
+      }
+      {
+        name: 'ResourceGroupName'
+        type: 'Dimension'
+      }
+    ]
+    query: {
+      dataSet: {
+        aggregation: {
+          totalCost: {
+            function: 'Sum'
+            name: 'Cost'
+          }
+          totalCostUSD: {
+            function: 'Sum'
+            name: 'CostUSD'
+          }
+        }
+        granularity: 'Monthly'
+        grouping: [
+          {
+            name: 'ResourceGroupName'
+            type: 'Dimension'
+          }
+        ]
+        sorting: [
+          {
+            direction: 'Ascending'
+            name: 'BillingMonth'
+          }
+        ]
+      }
+      timeframe: 'MonthToDate'
+      type: 'Usage'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.customproviders/remarks.json b/settings/remarks/microsoft.customproviders/remarks.json
index c584475a..e49a7de5 100644
--- a/settings/remarks/microsoft.customproviders/remarks.json
+++ b/settings/remarks/microsoft.customproviders/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/resourceproviders/main.tf",
       "Description": "A basic example of deploying Azure Custom Provider."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.CustomProviders/resourceProviders",
+      "Path": "samples/resourceproviders/main.bicep",
+      "Description": "A basic example of deploying Azure Custom Provider."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.customproviders/samples/resourceproviders/main.bicep b/settings/remarks/microsoft.customproviders/samples/resourceproviders/main.bicep
new file mode 100644
index 00000000..9cfb6695
--- /dev/null
+++ b/settings/remarks/microsoft.customproviders/samples/resourceproviders/main.bicep
@@ -0,0 +1,16 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource resourceProvider 'Microsoft.CustomProviders/resourceProviders@2018-09-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    resourceTypes: [
+      {
+        endpoint: 'https://example.com/'
+        name: 'dEf1'
+        routingType: 'Proxy'
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.dashboard/remarks.json b/settings/remarks/microsoft.dashboard/remarks.json
index 17c18300..24193bdd 100644
--- a/settings/remarks/microsoft.dashboard/remarks.json
+++ b/settings/remarks/microsoft.dashboard/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/grafana/managedprivateendpoints/main.tf",
       "Description": "A basic example of deploying Dashboard Grafana Managed Private Endpoint."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Dashboard/grafana",
+      "Path": "samples/grafana/main.bicep",
+      "Description": "A basic example of deploying Dashboard Grafana."
+    },
+    {
+      "ResourceType": "Microsoft.Dashboard/grafana/managedPrivateEndpoints",
+      "Path": "samples/grafana/managedprivateendpoints/main.bicep",
+      "Description": "A basic example of deploying Dashboard Grafana Managed Private Endpoint."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.dashboard/samples/grafana/main.bicep b/settings/remarks/microsoft.dashboard/samples/grafana/main.bicep
new file mode 100644
index 00000000..042f70ca
--- /dev/null
+++ b/settings/remarks/microsoft.dashboard/samples/grafana/main.bicep
@@ -0,0 +1,17 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource grafana 'Microsoft.Dashboard/grafana@2022-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    apiKey: 'Disabled'
+    autoGeneratedDomainNameLabelScope: 'TenantReuse'
+    deterministicOutboundIP: 'Disabled'
+    publicNetworkAccess: 'Enabled'
+    zoneRedundancy: 'Disabled'
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
diff --git a/settings/remarks/microsoft.dashboard/samples/grafana/managedprivateendpoints/main.bicep b/settings/remarks/microsoft.dashboard/samples/grafana/managedprivateendpoints/main.bicep
new file mode 100644
index 00000000..71e55b93
--- /dev/null
+++ b/settings/remarks/microsoft.dashboard/samples/grafana/managedprivateendpoints/main.bicep
@@ -0,0 +1,41 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource account 'Microsoft.Monitor/accounts@2023-04-03' = {
+  name: '${resourceName}-mw'
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+  }
+}
+
+resource grafana 'Microsoft.Dashboard/grafana@2023-09-01' = {
+  name: '${resourceName}-graf'
+  location: location
+  properties: {
+    apiKey: 'Disabled'
+    autoGeneratedDomainNameLabelScope: 'TenantReuse'
+    deterministicOutboundIP: 'Disabled'
+    grafanaMajorVersion: '11'
+    publicNetworkAccess: 'Enabled'
+    zoneRedundancy: 'Disabled'
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource managedPrivateEndpoint 'Microsoft.Dashboard/grafana/managedPrivateEndpoints@2023-09-01' = {
+  parent: grafana
+  name: '${resourceName}-mpe'
+  location: location
+  properties: {
+    groupIds: [
+      'prometheusMetrics'
+    ]
+    privateLinkResourceId: account.id
+    privateLinkResourceRegion: 'eastus'
+    privateLinkServiceUrl: ''
+    requestMessage: ''
+  }
+}
diff --git a/settings/remarks/microsoft.databoxedge/remarks.json b/settings/remarks/microsoft.databoxedge/remarks.json
index 6415f8e8..cc06e0a1 100644
--- a/settings/remarks/microsoft.databoxedge/remarks.json
+++ b/settings/remarks/microsoft.databoxedge/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/databoxedgedevices/main.tf",
       "Description": "A basic example of deploying Databox Edge Device."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.DataBoxEdge/dataBoxEdgeDevices",
+      "Path": "samples/databoxedgedevices/main.bicep",
+      "Description": "A basic example of deploying Databox Edge Device."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.databoxedge/samples/databoxedgedevices/main.bicep b/settings/remarks/microsoft.databoxedge/samples/databoxedgedevices/main.bicep
new file mode 100644
index 00000000..da5c4132
--- /dev/null
+++ b/settings/remarks/microsoft.databoxedge/samples/databoxedgedevices/main.bicep
@@ -0,0 +1,11 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource dataBoxEdgeDevice 'Microsoft.DataBoxEdge/dataBoxEdgeDevices@2022-03-01' = {
+  name: resourceName
+  location: location
+  sku: {
+    name: 'EdgeP_Base'
+    tier: 'Standard'
+  }
+}
diff --git a/settings/remarks/microsoft.databricks/remarks.json b/settings/remarks/microsoft.databricks/remarks.json
index 05365428..0070788a 100644
--- a/settings/remarks/microsoft.databricks/remarks.json
+++ b/settings/remarks/microsoft.databricks/remarks.json
@@ -16,5 +16,22 @@
       "Path": "samples/workspaces/virtualnetworkpeerings/main.tf",
       "Description": "A basic example of deploying Databricks Virtual Network Peering."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Databricks/accessConnectors",
+      "Path": "samples/accessconnectors/main.bicep",
+      "Description": "A basic example of deploying Databricks Access Connector."
+    },
+    {
+      "ResourceType": "Microsoft.Databricks/workspaces",
+      "Path": "samples/workspaces/main.bicep",
+      "Description": "A basic example of deploying Databricks Workspace."
+    },
+    {
+      "ResourceType": "Microsoft.Databricks/workspaces/virtualNetworkPeerings",
+      "Path": "samples/workspaces/virtualnetworkpeerings/main.bicep",
+      "Description": "A basic example of deploying Databricks Virtual Network Peering."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.databricks/samples/accessconnectors/main.bicep b/settings/remarks/microsoft.databricks/samples/accessconnectors/main.bicep
new file mode 100644
index 00000000..f493107f
--- /dev/null
+++ b/settings/remarks/microsoft.databricks/samples/accessconnectors/main.bicep
@@ -0,0 +1,7 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource accessConnector 'Microsoft.Databricks/accessConnectors@2022-10-01-preview' = {
+  name: resourceName
+  location: location
+}
diff --git a/settings/remarks/microsoft.databricks/samples/workspaces/main.bicep b/settings/remarks/microsoft.databricks/samples/workspaces/main.bicep
new file mode 100644
index 00000000..73fa901d
--- /dev/null
+++ b/settings/remarks/microsoft.databricks/samples/workspaces/main.bicep
@@ -0,0 +1,22 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus2'
+
+resource workspace 'Microsoft.Databricks/workspaces@2023-02-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    managedResourceGroupId: resourceId('Microsoft.Resources/resourceGroups', 'databricks-rg-${resourceName}')
+    parameters: {
+      prepareEncryption: {
+        value: true
+      }
+      requireInfrastructureEncryption: {
+        value: true
+      }
+    }
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    name: 'premium'
+  }
+}
diff --git a/settings/remarks/microsoft.databricks/samples/workspaces/virtualnetworkpeerings/main.bicep b/settings/remarks/microsoft.databricks/samples/workspaces/virtualnetworkpeerings/main.bicep
new file mode 100644
index 00000000..a75f36b6
--- /dev/null
+++ b/settings/remarks/microsoft.databricks/samples/workspaces/virtualnetworkpeerings/main.bicep
@@ -0,0 +1,54 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.1.0/24'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource workspace 'Microsoft.Databricks/workspaces@2023-02-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    managedResourceGroupId: resourceId('Microsoft.Resources/resourceGroups', 'databricks-rg-${resourceName}')
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    name: 'standard'
+  }
+}
+
+resource virtualNetworkPeering 'Microsoft.Databricks/workspaces/virtualNetworkPeerings@2023-02-01' = {
+  parent: workspace
+  name: resourceName
+  properties: {
+    allowForwardedTraffic: false
+    allowGatewayTransit: false
+    allowVirtualNetworkAccess: true
+    databricksAddressSpace: {
+      addressPrefixes: [
+        '10.139.0.0/16'
+      ]
+    }
+    remoteAddressSpace: {
+      addressPrefixes: [
+        '10.0.1.0/24'
+      ]
+    }
+    remoteVirtualNetwork: {
+      id: virtualNetwork.id
+    }
+    useRemoteGateways: false
+  }
+}
diff --git a/settings/remarks/microsoft.datafactory/remarks.json b/settings/remarks/microsoft.datafactory/remarks.json
index d07fa9ca..62dc7e18 100644
--- a/settings/remarks/microsoft.datafactory/remarks.json
+++ b/settings/remarks/microsoft.datafactory/remarks.json
@@ -51,5 +51,57 @@
       "Path": "samples/factories/triggers/main.tf",
       "Description": "A basic example of deploying Trigger inside an Azure Data Factory."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.DataFactory/factories",
+      "Path": "samples/factories/main.bicep",
+      "Description": "A basic example of deploying Azure Data Factory (Version 2)."
+    },
+    {
+      "ResourceType": "Microsoft.DataFactory/factories/credentials",
+      "Path": "samples/factories/credentials/main.bicep",
+      "Description": "A basic example of deploying Data Factory credential resource."
+    },
+    {
+      "ResourceType": "Microsoft.DataFactory/factories/dataflows",
+      "Path": "samples/factories/dataflows/main.bicep",
+      "Description": "A basic example of deploying Data Flow inside an Azure Data Factory."
+    },
+    {
+      "ResourceType": "Microsoft.DataFactory/factories/datasets",
+      "Path": "samples/factories/datasets/main.bicep",
+      "Description": "A basic example of deploying Dataset inside an Azure Data Factory."
+    },
+    {
+      "ResourceType": "Microsoft.DataFactory/factories/integrationRuntimes",
+      "Path": "samples/factories/integrationruntimes/main.bicep",
+      "Description": "A basic example of deploying Data Factory Azure Integration Runtime."
+    },
+    {
+      "ResourceType": "Microsoft.DataFactory/factories/linkedservices",
+      "Path": "samples/factories/linkedservices/main.bicep",
+      "Description": "A basic example of deploying Linked Service (connection) between a resource and Azure Data Factory."
+    },
+    {
+      "ResourceType": "Microsoft.DataFactory/factories/managedVirtualNetworks",
+      "Path": "samples/factories/managedvirtualnetworks/main.bicep",
+      "Description": "A basic example of deploying Data Factory Managed Virtual Networks."
+    },
+    {
+      "ResourceType": "Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints",
+      "Path": "samples/factories/managedvirtualnetworks/managedprivateendpoints/main.bicep",
+      "Description": "A basic example of deploying Data Factory Managed Private Endpoint."
+    },
+    {
+      "ResourceType": "Microsoft.DataFactory/factories/pipelines",
+      "Path": "samples/factories/pipelines/main.bicep",
+      "Description": "A basic example of deploying Pipeline inside a Azure Data Factory."
+    },
+    {
+      "ResourceType": "Microsoft.DataFactory/factories/triggers",
+      "Path": "samples/factories/triggers/main.bicep",
+      "Description": "A basic example of deploying Trigger inside an Azure Data Factory."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.datafactory/samples/factories/credentials/main.bicep b/settings/remarks/microsoft.datafactory/samples/factories/credentials/main.bicep
new file mode 100644
index 00000000..74ba3e81
--- /dev/null
+++ b/settings/remarks/microsoft.datafactory/samples/factories/credentials/main.bicep
@@ -0,0 +1,30 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource factory 'Microsoft.DataFactory/factories@2018-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    repoConfiguration: null
+  }
+}
+
+resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: resourceName
+}
+
+resource credential 'Microsoft.DataFactory/factories/credentials@2018-06-01' = {
+  parent: factory
+  name: resourceName
+  properties: {
+    annotations: [
+      'test'
+    ]
+    description: 'this is a test'
+    type: 'ManagedIdentity'
+    typeProperties: {
+      resourceId: userAssignedIdentity.id
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.datafactory/samples/factories/dataflows/main.bicep b/settings/remarks/microsoft.datafactory/samples/factories/dataflows/main.bicep
new file mode 100644
index 00000000..f8f1274a
--- /dev/null
+++ b/settings/remarks/microsoft.datafactory/samples/factories/dataflows/main.bicep
@@ -0,0 +1,104 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource factory 'Microsoft.DataFactory/factories@2018-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    repoConfiguration: null
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource dataflow 'Microsoft.DataFactory/factories/dataflows@2018-06-01' = {
+  parent: factory
+  name: resourceName
+  properties: {
+    description: ''
+    type: 'Flowlet'
+    typeProperties: {
+      script: '''source(
+  allowSchemaDrift: true, 
+  validateSchema: false, 
+  limit: 100, 
+  ignoreNoFilesFound: false, 
+  documentForm: ''documentPerLine'') ~> source1 
+source1 sink(
+  allowSchemaDrift: true, 
+  validateSchema: false, 
+  skipDuplicateMapInputs: true, 
+  skipDuplicateMapOutputs: true) ~> sink1
+'''
+      sinks: [
+        {
+          description: ''
+          linkedService: {
+            parameters: {}
+            referenceName: linkedservice.name
+            type: 'LinkedServiceReference'
+          }
+          name: 'sink1'
+        }
+      ]
+      sources: [
+        {
+          description: ''
+          linkedService: {
+            parameters: {}
+            referenceName: linkedservice.name
+            type: 'LinkedServiceReference'
+          }
+          name: 'source1'
+        }
+      ]
+    }
+  }
+}
+
+resource linkedservice 'Microsoft.DataFactory/factories/linkedservices@2018-06-01' = {
+  parent: factory
+  name: resourceName
+  properties: {
+    description: ''
+    type: 'AzureBlobStorage'
+    typeProperties: {
+      serviceEndpoint: storageAccount.properties.primaryEndpoints.blob
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.datafactory/samples/factories/datasets/main.bicep b/settings/remarks/microsoft.datafactory/samples/factories/datasets/main.bicep
new file mode 100644
index 00000000..8f874454
--- /dev/null
+++ b/settings/remarks/microsoft.datafactory/samples/factories/datasets/main.bicep
@@ -0,0 +1,81 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource factory 'Microsoft.DataFactory/factories@2018-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    repoConfiguration: null
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource dataset 'Microsoft.DataFactory/factories/datasets@2018-06-01' = {
+  parent: factory
+  name: resourceName
+  properties: {
+    description: ''
+    linkedServiceName: {
+      referenceName: linkedservice.name
+      type: 'LinkedServiceReference'
+    }
+    type: 'Json'
+    typeProperties: {
+      encodingName: 'UTF-8'
+      location: {
+        container: 'container'
+        fileName: 'bar.txt'
+        folderPath: 'foo/bar/'
+        type: 'AzureBlobStorageLocation'
+      }
+    }
+  }
+}
+
+resource linkedservice 'Microsoft.DataFactory/factories/linkedservices@2018-06-01' = {
+  parent: factory
+  name: resourceName
+  properties: {
+    description: ''
+    type: 'AzureBlobStorage'
+    typeProperties: {
+      serviceEndpoint: storageAccount.properties.primaryEndpoints.blob
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.datafactory/samples/factories/integrationruntimes/main.bicep b/settings/remarks/microsoft.datafactory/samples/factories/integrationruntimes/main.bicep
new file mode 100644
index 00000000..0b9e810d
--- /dev/null
+++ b/settings/remarks/microsoft.datafactory/samples/factories/integrationruntimes/main.bicep
@@ -0,0 +1,20 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource factory 'Microsoft.DataFactory/factories@2018-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    repoConfiguration: null
+  }
+}
+
+resource integrationRuntime 'Microsoft.DataFactory/factories/integrationRuntimes@2018-06-01' = {
+  parent: factory
+  name: resourceName
+  properties: {
+    description: ''
+    type: 'SelfHosted'
+  }
+}
diff --git a/settings/remarks/microsoft.datafactory/samples/factories/linkedservices/main.bicep b/settings/remarks/microsoft.datafactory/samples/factories/linkedservices/main.bicep
new file mode 100644
index 00000000..6eb10574
--- /dev/null
+++ b/settings/remarks/microsoft.datafactory/samples/factories/linkedservices/main.bicep
@@ -0,0 +1,59 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource factory 'Microsoft.DataFactory/factories@2018-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    repoConfiguration: null
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource linkedservice 'Microsoft.DataFactory/factories/linkedservices@2018-06-01' = {
+  parent: factory
+  name: resourceName
+  properties: {
+    description: ''
+    type: 'AzureBlobStorage'
+    typeProperties: {
+      serviceEndpoint: storageAccount.properties.primaryEndpoints.blob
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.datafactory/samples/factories/main.bicep b/settings/remarks/microsoft.datafactory/samples/factories/main.bicep
new file mode 100644
index 00000000..f41575b8
--- /dev/null
+++ b/settings/remarks/microsoft.datafactory/samples/factories/main.bicep
@@ -0,0 +1,11 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource factory 'Microsoft.DataFactory/factories@2018-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    repoConfiguration: null
+  }
+}
diff --git a/settings/remarks/microsoft.datafactory/samples/factories/managedvirtualnetworks/main.bicep b/settings/remarks/microsoft.datafactory/samples/factories/managedvirtualnetworks/main.bicep
new file mode 100644
index 00000000..bf26c35b
--- /dev/null
+++ b/settings/remarks/microsoft.datafactory/samples/factories/managedvirtualnetworks/main.bicep
@@ -0,0 +1,18 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource factory 'Microsoft.DataFactory/factories@2018-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    globalParameters: {}
+    publicNetworkAccess: 'Enabled'
+    repoConfiguration: null
+  }
+}
+
+resource managedVirtualNetwork 'Microsoft.DataFactory/factories/managedVirtualNetworks@2018-06-01' = {
+  parent: factory
+  name: 'default'
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.datafactory/samples/factories/managedvirtualnetworks/managedprivateendpoints/main.bicep b/settings/remarks/microsoft.datafactory/samples/factories/managedvirtualnetworks/managedprivateendpoints/main.bicep
new file mode 100644
index 00000000..aecaf32e
--- /dev/null
+++ b/settings/remarks/microsoft.datafactory/samples/factories/managedvirtualnetworks/managedprivateendpoints/main.bicep
@@ -0,0 +1,63 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource factory 'Microsoft.DataFactory/factories@2018-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    globalParameters: {}
+    publicNetworkAccess: 'Enabled'
+    repoConfiguration: null
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'BlobStorage'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource managedVirtualNetwork 'Microsoft.DataFactory/factories/managedVirtualNetworks@2018-06-01' = {
+  parent: factory
+  name: 'default'
+  properties: {}
+}
+
+resource managedPrivateEndpoint 'Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints@2018-06-01' = {
+  parent: managedVirtualNetwork
+  name: resourceName
+  properties: {
+    groupId: 'blob'
+    privateLinkResourceId: storageAccount.id
+  }
+}
diff --git a/settings/remarks/microsoft.datafactory/samples/factories/pipelines/main.bicep b/settings/remarks/microsoft.datafactory/samples/factories/pipelines/main.bicep
new file mode 100644
index 00000000..a17dd9d8
--- /dev/null
+++ b/settings/remarks/microsoft.datafactory/samples/factories/pipelines/main.bicep
@@ -0,0 +1,27 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource factory 'Microsoft.DataFactory/factories@2018-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    repoConfiguration: null
+  }
+}
+
+resource pipeline 'Microsoft.DataFactory/factories/pipelines@2018-06-01' = {
+  parent: factory
+  name: resourceName
+  properties: {
+    annotations: []
+    description: ''
+    parameters: {
+      test: {
+        defaultValue: 'testparameter'
+        type: 'String'
+      }
+    }
+    variables: {}
+  }
+}
diff --git a/settings/remarks/microsoft.datafactory/samples/factories/triggers/main.bicep b/settings/remarks/microsoft.datafactory/samples/factories/triggers/main.bicep
new file mode 100644
index 00000000..4921a197
--- /dev/null
+++ b/settings/remarks/microsoft.datafactory/samples/factories/triggers/main.bicep
@@ -0,0 +1,49 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource factory 'Microsoft.DataFactory/factories@2018-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    repoConfiguration: null
+  }
+}
+
+resource pipeline 'Microsoft.DataFactory/factories/pipelines@2018-06-01' = {
+  parent: factory
+  name: resourceName
+  properties: {
+    annotations: []
+    description: ''
+    parameters: {
+      test: {
+        defaultValue: 'testparameter'
+        type: 'String'
+      }
+    }
+    variables: {}
+  }
+}
+
+resource trigger 'Microsoft.DataFactory/factories/triggers@2018-06-01' = {
+  parent: factory
+  name: resourceName
+  properties: {
+    description: ''
+    pipeline: {
+      parameters: {}
+      pipelineReference: {
+        referenceName: pipeline.name
+        type: 'PipelineReference'
+      }
+    }
+    type: 'TumblingWindowTrigger'
+    typeProperties: {
+      frequency: 'Minute'
+      interval: 15
+      maxConcurrency: 50
+      startTime: '2022-09-21T00:00:00Z'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.datamigration/remarks.json b/settings/remarks/microsoft.datamigration/remarks.json
index 489f9a9a..f1e6bd13 100644
--- a/settings/remarks/microsoft.datamigration/remarks.json
+++ b/settings/remarks/microsoft.datamigration/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/services/projects/main.tf",
       "Description": "A basic example of deploying Azure Database Migration Project instance."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.DataMigration/services",
+      "Path": "samples/services/main.bicep",
+      "Description": "A basic example of deploying Azure Database Migration Service."
+    },
+    {
+      "ResourceType": "Microsoft.DataMigration/services/projects",
+      "Path": "samples/services/projects/main.bicep",
+      "Description": "A basic example of deploying Azure Database Migration Project instance."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.datamigration/samples/services/main.bicep b/settings/remarks/microsoft.datamigration/samples/services/main.bicep
new file mode 100644
index 00000000..655e65d7
--- /dev/null
+++ b/settings/remarks/microsoft.datamigration/samples/services/main.bicep
@@ -0,0 +1,43 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.DataMigration/services@2018-04-19' = {
+  name: resourceName
+  location: location
+  kind: 'Cloud'
+  properties: {
+    virtualSubnetId: subnet.id
+  }
+  sku: {
+    name: 'Standard_1vCores'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.1.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.datamigration/samples/services/projects/main.bicep b/settings/remarks/microsoft.datamigration/samples/services/projects/main.bicep
new file mode 100644
index 00000000..097ee330
--- /dev/null
+++ b/settings/remarks/microsoft.datamigration/samples/services/projects/main.bicep
@@ -0,0 +1,53 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource service 'Microsoft.DataMigration/services@2018-04-19' = {
+  name: resourceName
+  location: location
+  kind: 'Cloud'
+  properties: {
+    virtualSubnetId: subnet.id
+  }
+  sku: {
+    name: 'Standard_1vCores'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource project 'Microsoft.DataMigration/services/projects@2018-04-19' = {
+  parent: service
+  name: resourceName
+  location: location
+  properties: {
+    sourcePlatform: 'SQL'
+    targetPlatform: 'SQLDB'
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.1.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.dataprotection/remarks.json b/settings/remarks/microsoft.dataprotection/remarks.json
index 52ff0ef5..be045a22 100644
--- a/settings/remarks/microsoft.dataprotection/remarks.json
+++ b/settings/remarks/microsoft.dataprotection/remarks.json
@@ -21,5 +21,27 @@
       "Path": "samples/resourceguards/main.tf",
       "Description": "A basic example of deploying Resource Guard."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.DataProtection/backupVaults",
+      "Path": "samples/backupvaults/main.bicep",
+      "Description": "A basic example of deploying Backup Vault."
+    },
+    {
+      "ResourceType": "Microsoft.DataProtection/backupVaults/backupInstances",
+      "Path": "samples/backupvaults/backupinstances/main.bicep",
+      "Description": "A basic example of deploying Backup Instance."
+    },
+    {
+      "ResourceType": "Microsoft.DataProtection/backupVaults/backupPolicies",
+      "Path": "samples/backupvaults/backuppolicies/main.bicep",
+      "Description": "A basic example of deploying Backup Policy."
+    },
+    {
+      "ResourceType": "Microsoft.DataProtection/resourceGuards",
+      "Path": "samples/resourceguards/main.bicep",
+      "Description": "A basic example of deploying Resource Guard."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.dataprotection/samples/backupvaults/backupinstances/main.bicep b/settings/remarks/microsoft.dataprotection/samples/backupvaults/backupinstances/main.bicep
new file mode 100644
index 00000000..85769b4f
--- /dev/null
+++ b/settings/remarks/microsoft.dataprotection/samples/backupvaults/backupinstances/main.bicep
@@ -0,0 +1,145 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator login password for the PostgreSQL server')
+param administratorLoginPassword string
+
+resource backupVault 'Microsoft.DataProtection/backupVaults@2022-04-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    storageSettings: [
+      {
+        datastoreType: 'VaultStore'
+        type: 'LocallyRedundant'
+      }
+    ]
+  }
+}
+
+resource server 'Microsoft.DBforPostgreSQL/servers@2017-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: 'psqladmin'
+    administratorLoginPassword: null
+    createMode: 'Default'
+    infrastructureEncryption: 'Disabled'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 5120
+    }
+    version: '9.5'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'B_Gen5_2'
+    tier: 'Basic'
+  }
+}
+
+resource backupInstance 'Microsoft.DataProtection/backupVaults/backupInstances@2022-04-01' = {
+  parent: backupVault
+  name: resourceName
+  properties: {
+    dataSourceInfo: {
+      datasourceType: 'Microsoft.DBforPostgreSQL/servers/databases'
+      objectType: 'Datasource'
+      resourceID: database.id
+      resourceLocation: 'database.location'
+      resourceName: database.name
+      resourceType: 'Microsoft.DBforPostgreSQL/servers/databases'
+      resourceUri: ''
+    }
+    dataSourceSetInfo: {
+      datasourceType: 'Microsoft.DBforPostgreSQL/servers/databases'
+      objectType: 'DatasourceSet'
+      resourceID: server.id
+      resourceLocation: 'server.location'
+      resourceName: server.name
+      resourceType: 'Microsoft.DBForPostgreSQL/servers'
+      resourceUri: ''
+    }
+    datasourceAuthCredentials: null
+    friendlyName: 'acctest0001'
+    objectType: 'BackupInstance'
+    policyInfo: {
+      policyId: backupPolicy.id
+    }
+  }
+}
+
+resource backupPolicy 'Microsoft.DataProtection/backupVaults/backupPolicies@2022-04-01' = {
+  parent: backupVault
+  name: resourceName
+  properties: {
+    datasourceTypes: [
+      'Microsoft.DBforPostgreSQL/servers/databases'
+    ]
+    objectType: 'BackupPolicy'
+    policyRules: [
+      {
+        backupParameters: {
+          backupType: 'Full'
+          objectType: 'AzureBackupParams'
+        }
+        dataStore: {
+          dataStoreType: 'VaultStore'
+          objectType: 'DataStoreInfoBase'
+        }
+        name: 'BackupIntervals'
+        objectType: 'AzureBackupRule'
+        trigger: {
+          objectType: 'ScheduleBasedTriggerContext'
+          schedule: {
+            repeatingTimeIntervals: [
+              'R/2021-05-23T02:30:00+00:00/P1W'
+            ]
+          }
+          taggingCriteria: [
+            {
+              isDefault: true
+              tagInfo: {
+                id: 'Default_'
+                tagName: 'Default'
+              }
+              taggingPriority: 99
+            }
+          ]
+        }
+      }
+      {
+        isDefault: true
+        lifecycles: [
+          {
+            deleteAfter: {
+              duration: 'P4M'
+              objectType: 'AbsoluteDeleteOption'
+            }
+            sourceDataStore: {
+              dataStoreType: 'VaultStore'
+              objectType: 'DataStoreInfoBase'
+            }
+            targetDataStoreCopySettings: []
+          }
+        ]
+        name: 'Default'
+        objectType: 'AzureRetentionRule'
+      }
+    ]
+  }
+}
+
+resource database 'Microsoft.DBforPostgreSQL/servers/databases@2017-12-01' = {
+  parent: server
+  name: resourceName
+  properties: {
+    charset: 'UTF8'
+    collation: 'English_United States.1252'
+  }
+}
diff --git a/settings/remarks/microsoft.dataprotection/samples/backupvaults/backuppolicies/main.bicep b/settings/remarks/microsoft.dataprotection/samples/backupvaults/backuppolicies/main.bicep
new file mode 100644
index 00000000..0e11a48b
--- /dev/null
+++ b/settings/remarks/microsoft.dataprotection/samples/backupvaults/backuppolicies/main.bicep
@@ -0,0 +1,76 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource backupVault 'Microsoft.DataProtection/backupVaults@2022-04-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    storageSettings: [
+      {
+        datastoreType: 'VaultStore'
+        type: 'LocallyRedundant'
+      }
+    ]
+  }
+}
+
+resource backupPolicy 'Microsoft.DataProtection/backupVaults/backupPolicies@2022-04-01' = {
+  parent: backupVault
+  name: resourceName
+  properties: {
+    datasourceTypes: [
+      'Microsoft.DBforPostgreSQL/servers/databases'
+    ]
+    objectType: 'BackupPolicy'
+    policyRules: [
+      {
+        backupParameters: {
+          backupType: 'Full'
+          objectType: 'AzureBackupParams'
+        }
+        dataStore: {
+          dataStoreType: 'VaultStore'
+          objectType: 'DataStoreInfoBase'
+        }
+        name: 'BackupIntervals'
+        objectType: 'AzureBackupRule'
+        trigger: {
+          objectType: 'ScheduleBasedTriggerContext'
+          schedule: {
+            repeatingTimeIntervals: [
+              'R/2021-05-23T02:30:00+00:00/P1W'
+            ]
+          }
+          taggingCriteria: [
+            {
+              isDefault: true
+              tagInfo: {
+                id: 'Default_'
+                tagName: 'Default'
+              }
+              taggingPriority: 99
+            }
+          ]
+        }
+      }
+      {
+        isDefault: true
+        lifecycles: [
+          {
+            deleteAfter: {
+              duration: 'P4M'
+              objectType: 'AbsoluteDeleteOption'
+            }
+            sourceDataStore: {
+              dataStoreType: 'VaultStore'
+              objectType: 'DataStoreInfoBase'
+            }
+            targetDataStoreCopySettings: []
+          }
+        ]
+        name: 'Default'
+        objectType: 'AzureRetentionRule'
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.dataprotection/samples/backupvaults/main.bicep b/settings/remarks/microsoft.dataprotection/samples/backupvaults/main.bicep
new file mode 100644
index 00000000..00c95459
--- /dev/null
+++ b/settings/remarks/microsoft.dataprotection/samples/backupvaults/main.bicep
@@ -0,0 +1,15 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource backupVault 'Microsoft.DataProtection/backupVaults@2022-04-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    storageSettings: [
+      {
+        datastoreType: 'VaultStore'
+        type: 'LocallyRedundant'
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.dataprotection/samples/resourceguards/main.bicep b/settings/remarks/microsoft.dataprotection/samples/resourceguards/main.bicep
new file mode 100644
index 00000000..388188e4
--- /dev/null
+++ b/settings/remarks/microsoft.dataprotection/samples/resourceguards/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource resourceGuard 'Microsoft.DataProtection/resourceGuards@2022-04-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    vaultCriticalOperationExclusionList: []
+  }
+}
diff --git a/settings/remarks/microsoft.datashare/remarks.json b/settings/remarks/microsoft.datashare/remarks.json
index 6f639473..1a76c192 100644
--- a/settings/remarks/microsoft.datashare/remarks.json
+++ b/settings/remarks/microsoft.datashare/remarks.json
@@ -16,5 +16,17 @@
       "Path": "samples/accounts/shares/datasets/main.tf",
       "Description": "A basic example of deploying Data Share Dataset."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.DataShare/accounts",
+      "Path": "samples/accounts/main.bicep",
+      "Description": "A basic example of deploying Data Share Account."
+    },
+    {
+      "ResourceType": "Microsoft.DataShare/accounts/shares",
+      "Path": "samples/accounts/shares/main.bicep",
+      "Description": "A basic example of deploying Data Share."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.datashare/samples/accounts/main.bicep b/settings/remarks/microsoft.datashare/samples/accounts/main.bicep
new file mode 100644
index 00000000..0e694088
--- /dev/null
+++ b/settings/remarks/microsoft.datashare/samples/accounts/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource account 'Microsoft.DataShare/accounts@2019-11-01' = {
+  name: resourceName
+  location: location
+  tags: {
+    env: 'Test'
+  }
+}
diff --git a/settings/remarks/microsoft.datashare/samples/accounts/shares/main.bicep b/settings/remarks/microsoft.datashare/samples/accounts/shares/main.bicep
new file mode 100644
index 00000000..60c29ba6
--- /dev/null
+++ b/settings/remarks/microsoft.datashare/samples/accounts/shares/main.bicep
@@ -0,0 +1,20 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource account 'Microsoft.DataShare/accounts@2019-11-01' = {
+  name: resourceName
+  location: location
+  tags: {
+    env: 'Test'
+  }
+}
+
+resource share 'Microsoft.DataShare/accounts/shares@2019-11-01' = {
+  parent: account
+  name: resourceName
+  properties: {
+    description: ''
+    shareKind: 'CopyBased'
+    terms: ''
+  }
+}
diff --git a/settings/remarks/microsoft.dbformariadb/remarks.json b/settings/remarks/microsoft.dbformariadb/remarks.json
index db9345ff..64e208e2 100644
--- a/settings/remarks/microsoft.dbformariadb/remarks.json
+++ b/settings/remarks/microsoft.dbformariadb/remarks.json
@@ -26,5 +26,32 @@
       "Path": "samples/servers/virtualnetworkrules/main.tf",
       "Description": "A basic example of deploying Database for MariaDB Servers Virtual Network Rules."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.DBforMariaDB/servers",
+      "Path": "samples/servers/main.bicep",
+      "Description": "A basic example of deploying Database for MariaDB Servers."
+    },
+    {
+      "ResourceType": "Microsoft.DBforMariaDB/servers/configurations",
+      "Path": "samples/servers/configurations/main.bicep",
+      "Description": "A basic example of deploying Database for MariaDB Servers Configurations."
+    },
+    {
+      "ResourceType": "Microsoft.DBforMariaDB/servers/databases",
+      "Path": "samples/servers/databases/main.bicep",
+      "Description": "A basic example of deploying Database for MariaDB Servers Databases."
+    },
+    {
+      "ResourceType": "Microsoft.DBforMariaDB/servers/firewallRules",
+      "Path": "samples/servers/firewallrules/main.bicep",
+      "Description": "A basic example of deploying Database for MariaDB Servers Firewall Rules."
+    },
+    {
+      "ResourceType": "Microsoft.DBforMariaDB/servers/virtualNetworkRules",
+      "Path": "samples/servers/virtualnetworkrules/main.bicep",
+      "Description": "A basic example of deploying Database for MariaDB Servers Virtual Network Rules."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.dbformariadb/samples/servers/configurations/main.bicep b/settings/remarks/microsoft.dbformariadb/samples/servers/configurations/main.bicep
new file mode 100644
index 00000000..cd3d6b2e
--- /dev/null
+++ b/settings/remarks/microsoft.dbformariadb/samples/servers/configurations/main.bicep
@@ -0,0 +1,40 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login for the MariaDB server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the MariaDB server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforMariaDB/servers@2018-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '10.2'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource configuration 'Microsoft.DBforMariaDB/servers/configurations@2018-06-01' = {
+  parent: server
+  name: 'character_set_server'
+  properties: {
+    value: 'LATIN1'
+  }
+}
diff --git a/settings/remarks/microsoft.dbformariadb/samples/servers/databases/main.bicep b/settings/remarks/microsoft.dbformariadb/samples/servers/databases/main.bicep
new file mode 100644
index 00000000..deeb5349
--- /dev/null
+++ b/settings/remarks/microsoft.dbformariadb/samples/servers/databases/main.bicep
@@ -0,0 +1,41 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login for the MariaDB server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the MariaDB server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforMariaDB/servers@2018-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '10.2'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'B_Gen5_2'
+    tier: 'Basic'
+  }
+}
+
+resource database 'Microsoft.DBforMariaDB/servers/databases@2018-06-01' = {
+  parent: server
+  name: resourceName
+  properties: {
+    charset: 'utf8'
+    collation: 'utf8_general_ci'
+  }
+}
diff --git a/settings/remarks/microsoft.dbformariadb/samples/servers/firewallrules/main.bicep b/settings/remarks/microsoft.dbformariadb/samples/servers/firewallrules/main.bicep
new file mode 100644
index 00000000..a521dad4
--- /dev/null
+++ b/settings/remarks/microsoft.dbformariadb/samples/servers/firewallrules/main.bicep
@@ -0,0 +1,41 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login for the MariaDB server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the MariaDB server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforMariaDB/servers@2018-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '10.2'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource firewallRule 'Microsoft.DBforMariaDB/servers/firewallRules@2018-06-01' = {
+  parent: server
+  name: resourceName
+  properties: {
+    endIpAddress: '255.255.255.255'
+    startIpAddress: '0.0.0.0'
+  }
+}
diff --git a/settings/remarks/microsoft.dbformariadb/samples/servers/main.bicep b/settings/remarks/microsoft.dbformariadb/samples/servers/main.bicep
new file mode 100644
index 00000000..2f777e9f
--- /dev/null
+++ b/settings/remarks/microsoft.dbformariadb/samples/servers/main.bicep
@@ -0,0 +1,32 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login name for the MariaDB server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the MariaDB server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforMariaDB/servers@2018-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '10.2'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
diff --git a/settings/remarks/microsoft.dbformariadb/samples/servers/virtualnetworkrules/main.bicep b/settings/remarks/microsoft.dbformariadb/samples/servers/virtualnetworkrules/main.bicep
new file mode 100644
index 00000000..a29902eb
--- /dev/null
+++ b/settings/remarks/microsoft.dbformariadb/samples/servers/virtualnetworkrules/main.bicep
@@ -0,0 +1,74 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login for the MariaDB server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the MariaDB server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforMariaDB/servers@2018-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '10.2'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.7.29.0/29'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.7.29.0/29'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: [
+      {
+        service: 'Microsoft.Sql'
+      }
+    ]
+  }
+}
+
+resource virtualNetworkRule 'Microsoft.DBforMariaDB/servers/virtualNetworkRules@2018-06-01' = {
+  parent: server
+  name: resourceName
+  properties: {
+    ignoreMissingVnetServiceEndpoint: false
+    virtualNetworkSubnetId: subnet.id
+  }
+}
diff --git a/settings/remarks/microsoft.dbformysql/remarks.json b/settings/remarks/microsoft.dbformysql/remarks.json
index 653f5b88..e0271284 100644
--- a/settings/remarks/microsoft.dbformysql/remarks.json
+++ b/settings/remarks/microsoft.dbformysql/remarks.json
@@ -70,5 +70,62 @@
       "Path": "samples/servers/virtualnetworkrules/main.tf",
       "Description": "A basic example of deploying Database for MySQL Servers Virtual Network Rules."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.DBforMySQL/flexibleServers",
+      "Path": "samples/flexibleservers/main.bicep",
+      "Description": "A basic example of deploying MySQL Flexible Server."
+    },
+    {
+      "ResourceType": "Microsoft.DBforMySQL/flexibleServers/administrators",
+      "Path": "samples/flexibleservers/administrators/main.bicep",
+      "Description": "A basic example of deploying Active Directory administrator on a MySQL Flexible Server."
+    },
+    {
+      "ResourceType": "Microsoft.DBforMySQL/flexibleServers/configurations",
+      "Path": "samples/flexibleservers/configurations/main.bicep",
+      "Description": "A basic example of deploying Sets a MySQL Flexible Server Configuration value on a MySQL Flexible Server."
+    },
+    {
+      "ResourceType": "Microsoft.DBforMySQL/flexibleServers/databases",
+      "Path": "samples/flexibleservers/databases/main.bicep",
+      "Description": "A basic example of deploying MySQL Database within a MySQL Flexible Server."
+    },
+    {
+      "ResourceType": "Microsoft.DBforMySQL/flexibleServers/firewallRules",
+      "Path": "samples/flexibleservers/firewallrules/main.bicep",
+      "Description": "A basic example of deploying Firewall Rule for a MySQL Flexible Server."
+    },
+    {
+      "ResourceType": "Microsoft.DBforMySQL/servers",
+      "Path": "samples/servers/main.bicep",
+      "Description": "A basic example of deploying Database for MySQL Servers."
+    },
+    {
+      "ResourceType": "Microsoft.DBforMySQL/servers/administrators",
+      "Path": "samples/servers/administrators/main.bicep",
+      "Description": "A basic example of deploying Database for MySQL Servers Administrators."
+    },
+    {
+      "ResourceType": "Microsoft.DBforMySQL/servers/configurations",
+      "Path": "samples/servers/configurations/main.bicep",
+      "Description": "A basic example of deploying Database for MySQL Servers Configurations."
+    },
+    {
+      "ResourceType": "Microsoft.DBforMySQL/servers/databases",
+      "Path": "samples/servers/databases/main.bicep",
+      "Description": "A basic example of deploying Database for MySQL Servers Databases."
+    },
+    {
+      "ResourceType": "Microsoft.DBforMySQL/servers/firewallRules",
+      "Path": "samples/servers/firewallrules/main.bicep",
+      "Description": "A basic example of deploying Database for MySQL Servers Firewall Rules."
+    },
+    {
+      "ResourceType": "Microsoft.DBforMySQL/servers/virtualNetworkRules",
+      "Path": "samples/servers/virtualnetworkrules/main.bicep",
+      "Description": "A basic example of deploying Database for MySQL Servers Virtual Network Rules."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.dbformysql/samples/flexibleservers/administrators/main.bicep b/settings/remarks/microsoft.dbformysql/samples/flexibleservers/administrators/main.bicep
new file mode 100644
index 00000000..e74f865d
--- /dev/null
+++ b/settings/remarks/microsoft.dbformysql/samples/flexibleservers/administrators/main.bicep
@@ -0,0 +1,51 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+@secure()
+@description('The administrator login password for the MySQL flexible server')
+param administratorLoginPassword string
+
+resource flexibleServer 'Microsoft.DBforMySQL/flexibleServers@2023-12-30' = {
+  name: '${resourceName}-mysql'
+  location: location
+  properties: {
+    administratorLogin: 'tfadmin'
+    administratorLoginPassword: null
+    backup: {
+      backupRetentionDays: 7
+      geoRedundantBackup: 'Disabled'
+    }
+    dataEncryption: {
+      type: 'SystemManaged'
+    }
+    highAvailability: {
+      mode: 'Disabled'
+    }
+    version: '8.0.21'
+  }
+  sku: {
+    name: 'Standard_B1ms'
+    tier: 'Burstable'
+  }
+}
+
+resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: '${resourceName}-uai1'
+  location: location
+}
+
+resource userassignedidentity1 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: '${resourceName}-uai2'
+  location: location
+}
+
+resource administrator 'Microsoft.DBforMySQL/flexibleServers/administrators@2023-12-30' = {
+  parent: flexibleServer
+  name: 'ActiveDirectory'
+  properties: {
+    administratorType: 'ActiveDirectory'
+    identityResourceId: userAssignedIdentity.id
+    login: 'sqladmin'
+    sid: deployer().objectId
+    tenantId: deployer().tenantId
+  }
+}
diff --git a/settings/remarks/microsoft.dbformysql/samples/flexibleservers/configurations/main.bicep b/settings/remarks/microsoft.dbformysql/samples/flexibleservers/configurations/main.bicep
new file mode 100644
index 00000000..f6ea8f5b
--- /dev/null
+++ b/settings/remarks/microsoft.dbformysql/samples/flexibleservers/configurations/main.bicep
@@ -0,0 +1,37 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+@secure()
+@description('The administrator login password for the MySQL flexible server')
+param administratorLoginPassword string
+
+resource flexibleServer 'Microsoft.DBforMySQL/flexibleServers@2023-12-30' = {
+  name: '${resourceName}-mysql'
+  location: location
+  properties: {
+    administratorLogin: 'tfadmin'
+    administratorLoginPassword: null
+    backup: {
+      backupRetentionDays: 7
+      geoRedundantBackup: 'Disabled'
+    }
+    dataEncryption: {
+      type: 'SystemManaged'
+    }
+    highAvailability: {
+      mode: 'Disabled'
+    }
+    version: '8.0.21'
+  }
+  sku: {
+    name: 'Standard_B1ms'
+    tier: 'Burstable'
+  }
+}
+
+resource configuration 'Microsoft.DBforMySQL/flexibleServers/configurations@2023-12-30' = {
+  parent: flexibleServer
+  name: 'character_set_server'
+  properties: {
+    value: 'utf8mb4'
+  }
+}
diff --git a/settings/remarks/microsoft.dbformysql/samples/flexibleservers/databases/main.bicep b/settings/remarks/microsoft.dbformysql/samples/flexibleservers/databases/main.bicep
new file mode 100644
index 00000000..463da0ff
--- /dev/null
+++ b/settings/remarks/microsoft.dbformysql/samples/flexibleservers/databases/main.bicep
@@ -0,0 +1,42 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login name for the MySQL flexible server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the MySQL flexible server')
+param administratorLoginPassword string
+
+resource flexibleServer 'Microsoft.DBforMySQL/flexibleServers@2021-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    backup: {
+      backupRetentionDays: 7
+      geoRedundantBackup: 'Disabled'
+    }
+    createMode: ''
+    dataEncryption: {
+      type: 'SystemManaged'
+    }
+    highAvailability: {
+      mode: 'Disabled'
+    }
+    network: {}
+    version: ''
+  }
+  sku: {
+    name: 'Standard_B1s'
+    tier: 'Burstable'
+  }
+}
+
+resource database 'Microsoft.DBforMySQL/flexibleServers/databases@2021-05-01' = {
+  parent: flexibleServer
+  name: resourceName
+  properties: {
+    charset: 'utf8'
+    collation: 'utf8_unicode_ci'
+  }
+}
diff --git a/settings/remarks/microsoft.dbformysql/samples/flexibleservers/firewallrules/main.bicep b/settings/remarks/microsoft.dbformysql/samples/flexibleservers/firewallrules/main.bicep
new file mode 100644
index 00000000..01af1e66
--- /dev/null
+++ b/settings/remarks/microsoft.dbformysql/samples/flexibleservers/firewallrules/main.bicep
@@ -0,0 +1,40 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the MySQL flexible server')
+param mysqlAdministratorPassword string
+
+resource flexibleServer 'Microsoft.DBforMySQL/flexibleServers@2021-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: 'adminTerraform'
+    administratorLoginPassword: null
+    backup: {
+      backupRetentionDays: 7
+      geoRedundantBackup: 'Disabled'
+    }
+    createMode: ''
+    dataEncryption: {
+      type: 'SystemManaged'
+    }
+    highAvailability: {
+      mode: 'Disabled'
+    }
+    network: {}
+    version: '5.7'
+  }
+  sku: {
+    name: 'Standard_B1s'
+    tier: 'Burstable'
+  }
+}
+
+resource firewallRule 'Microsoft.DBforMySQL/flexibleServers/firewallRules@2021-05-01' = {
+  parent: flexibleServer
+  name: resourceName
+  properties: {
+    endIpAddress: '255.255.255.255'
+    startIpAddress: '0.0.0.0'
+  }
+}
diff --git a/settings/remarks/microsoft.dbformysql/samples/flexibleservers/main.bicep b/settings/remarks/microsoft.dbformysql/samples/flexibleservers/main.bicep
new file mode 100644
index 00000000..93c05978
--- /dev/null
+++ b/settings/remarks/microsoft.dbformysql/samples/flexibleservers/main.bicep
@@ -0,0 +1,32 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login name for the MySQL flexible server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the MySQL flexible server')
+param administratorLoginPassword string
+
+resource flexibleServer 'Microsoft.DBforMySQL/flexibleServers@2021-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    backup: {
+      backupRetentionDays: 7
+      geoRedundantBackup: 'Disabled'
+    }
+    createMode: ''
+    dataEncryption: {
+      type: 'SystemManaged'
+    }
+    highAvailability: {
+      mode: 'Disabled'
+    }
+    network: {}
+  }
+  sku: {
+    name: 'Standard_B1s'
+    tier: 'Burstable'
+  }
+}
diff --git a/settings/remarks/microsoft.dbformysql/samples/servers/administrators/main.bicep b/settings/remarks/microsoft.dbformysql/samples/servers/administrators/main.bicep
new file mode 100644
index 00000000..d06f8361
--- /dev/null
+++ b/settings/remarks/microsoft.dbformysql/samples/servers/administrators/main.bicep
@@ -0,0 +1,44 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login for the MySQL server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the MySQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforMySQL/servers@2017-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    infrastructureEncryption: 'Disabled'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '5.7'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource administrator 'Microsoft.DBforMySQL/servers/administrators@2017-12-01' = {
+  parent: server
+  name: 'activeDirectory'
+  properties: {
+    administratorType: 'ActiveDirectory'
+    login: 'sqladmin'
+    sid: deployer().objectId
+    tenantId: deployer().tenantId
+  }
+}
diff --git a/settings/remarks/microsoft.dbformysql/samples/servers/configurations/main.bicep b/settings/remarks/microsoft.dbformysql/samples/servers/configurations/main.bicep
new file mode 100644
index 00000000..28c38190
--- /dev/null
+++ b/settings/remarks/microsoft.dbformysql/samples/servers/configurations/main.bicep
@@ -0,0 +1,41 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login for the MySQL server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the MySQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforMySQL/servers@2017-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    infrastructureEncryption: 'Disabled'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '5.7'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource configuration 'Microsoft.DBforMySQL/servers/configurations@2017-12-01' = {
+  parent: server
+  name: 'character_set_server'
+  properties: {
+    value: 'latin1'
+  }
+}
diff --git a/settings/remarks/microsoft.dbformysql/samples/servers/databases/main.bicep b/settings/remarks/microsoft.dbformysql/samples/servers/databases/main.bicep
new file mode 100644
index 00000000..4464b7d9
--- /dev/null
+++ b/settings/remarks/microsoft.dbformysql/samples/servers/databases/main.bicep
@@ -0,0 +1,41 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login for the MySQL server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the MySQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforMySQL/servers@2017-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    infrastructureEncryption: 'Disabled'
+    minimalTlsVersion: 'TLS1_1'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '5.7'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource database 'Microsoft.DBforMySQL/servers/databases@2017-12-01' = {
+  parent: server
+  name: resourceName
+  properties: {
+    charset: 'utf8'
+    collation: 'utf8_unicode_ci'
+  }
+}
diff --git a/settings/remarks/microsoft.dbformysql/samples/servers/firewallrules/main.bicep b/settings/remarks/microsoft.dbformysql/samples/servers/firewallrules/main.bicep
new file mode 100644
index 00000000..6e518061
--- /dev/null
+++ b/settings/remarks/microsoft.dbformysql/samples/servers/firewallrules/main.bicep
@@ -0,0 +1,42 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login for the MySQL server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the MySQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforMySQL/servers@2017-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    infrastructureEncryption: 'Disabled'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '5.7'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource firewallRule 'Microsoft.DBforMySQL/servers/firewallRules@2017-12-01' = {
+  parent: server
+  name: resourceName
+  properties: {
+    endIpAddress: '255.255.255.255'
+    startIpAddress: '0.0.0.0'
+  }
+}
diff --git a/settings/remarks/microsoft.dbformysql/samples/servers/main.bicep b/settings/remarks/microsoft.dbformysql/samples/servers/main.bicep
new file mode 100644
index 00000000..b2d69497
--- /dev/null
+++ b/settings/remarks/microsoft.dbformysql/samples/servers/main.bicep
@@ -0,0 +1,32 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login for the MySQL server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the MySQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforMySQL/servers@2017-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    infrastructureEncryption: 'Disabled'
+    minimalTlsVersion: 'TLS1_1'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '5.7'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
diff --git a/settings/remarks/microsoft.dbformysql/samples/servers/virtualnetworkrules/main.bicep b/settings/remarks/microsoft.dbformysql/samples/servers/virtualnetworkrules/main.bicep
new file mode 100644
index 00000000..8e5a7693
--- /dev/null
+++ b/settings/remarks/microsoft.dbformysql/samples/servers/virtualnetworkrules/main.bicep
@@ -0,0 +1,75 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login name for the MySQL server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the MySQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforMySQL/servers@2017-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    infrastructureEncryption: 'Disabled'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '5.7'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.7.29.0/29'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.7.29.0/29'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: [
+      {
+        service: 'Microsoft.Sql'
+      }
+    ]
+  }
+}
+
+resource virtualNetworkRule 'Microsoft.DBforMySQL/servers/virtualNetworkRules@2017-12-01' = {
+  parent: server
+  name: resourceName
+  properties: {
+    ignoreMissingVnetServiceEndpoint: false
+    virtualNetworkSubnetId: subnet.id
+  }
+}
diff --git a/settings/remarks/microsoft.dbforpostgresql/remarks.json b/settings/remarks/microsoft.dbforpostgresql/remarks.json
index aa6ce682..9b75b144 100644
--- a/settings/remarks/microsoft.dbforpostgresql/remarks.json
+++ b/settings/remarks/microsoft.dbforpostgresql/remarks.json
@@ -66,5 +66,72 @@
       "Path": "samples/servers/virtualnetworkrules/main.tf",
       "Description": "A basic example of deploying PostgreSQL Virtual Network Rule."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.DBforPostgreSQL/flexibleServers",
+      "Path": "samples/flexibleservers/main.bicep",
+      "Description": "A basic example of deploying PostgreSQL Flexible Server."
+    },
+    {
+      "ResourceType": "Microsoft.DBforPostgreSQL/flexibleServers/administrators",
+      "Path": "samples/flexibleservers/administrators/main.bicep",
+      "Description": "A basic example of deploying Active Directory administrator on a PostgreSQL Flexible server."
+    },
+    {
+      "ResourceType": "Microsoft.DBforPostgreSQL/flexibleServers/configurations",
+      "Path": "samples/flexibleservers/configurations/main.bicep",
+      "Description": "A basic example of deploying Sets a PostgreSQL Configuration value on a Azure PostgreSQL Flexible Server."
+    },
+    {
+      "ResourceType": "Microsoft.DBforPostgreSQL/flexibleServers/databases",
+      "Path": "samples/flexibleservers/databases/main.bicep",
+      "Description": "A basic example of deploying PostgreSQL Flexible Server Database."
+    },
+    {
+      "ResourceType": "Microsoft.DBforPostgreSQL/flexibleServers/firewallRules",
+      "Path": "samples/flexibleservers/firewallrules/main.bicep",
+      "Description": "A basic example of deploying PostgreSQL Flexible Server Firewall Rule."
+    },
+    {
+      "ResourceType": "Microsoft.DBforPostgreSQL/flexibleServers/virtualEndpoints",
+      "Path": "samples/flexibleservers/virtualendpoints/main.bicep",
+      "Description": "A basic example of deploying Virtual Endpoint on a PostgreSQL Flexible Server."
+    },
+    {
+      "ResourceType": "Microsoft.DBforPostgreSQL/serverGroupsv2",
+      "Path": "samples/servergroupsv2/main.bicep",
+      "Description": "A basic example of deploying Azure Cosmos DB for PostgreSQL Cluster."
+    },
+    {
+      "ResourceType": "Microsoft.DBforPostgreSQL/servers",
+      "Path": "samples/servers/main.bicep",
+      "Description": "A basic example of deploying PostgreSQL Server."
+    },
+    {
+      "ResourceType": "Microsoft.DBforPostgreSQL/servers/administrators",
+      "Path": "samples/servers/administrators/main.bicep",
+      "Description": "A basic example of deploying Database for PostgreSQL Servers Administrators."
+    },
+    {
+      "ResourceType": "Microsoft.DBforPostgreSQL/servers/configurations",
+      "Path": "samples/servers/configurations/main.bicep",
+      "Description": "A basic example of deploying Sets a PostgreSQL Configuration value on a PostgreSQL Server."
+    },
+    {
+      "ResourceType": "Microsoft.DBforPostgreSQL/servers/databases",
+      "Path": "samples/servers/databases/main.bicep",
+      "Description": "A basic example of deploying PostgreSQL Database within a PostgreSQL Server."
+    },
+    {
+      "ResourceType": "Microsoft.DBforPostgreSQL/servers/firewallRules",
+      "Path": "samples/servers/firewallrules/main.bicep",
+      "Description": "A basic example of deploying Firewall Rule for a PostgreSQL Server."
+    },
+    {
+      "ResourceType": "Microsoft.DBforPostgreSQL/servers/virtualNetworkRules",
+      "Path": "samples/servers/virtualnetworkrules/main.bicep",
+      "Description": "A basic example of deploying PostgreSQL Virtual Network Rule."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/administrators/main.bicep b/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/administrators/main.bicep
new file mode 100644
index 00000000..a53943c6
--- /dev/null
+++ b/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/administrators/main.bicep
@@ -0,0 +1,46 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login for the PostgreSQL flexible server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the PostgreSQL flexible server')
+param administratorLoginPassword string
+
+resource flexibleServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    authConfig: {
+      activeDirectoryAuth: 'Enabled'
+      passwordAuth: 'Enabled'
+      tenantId: deployer().tenantId
+    }
+    availabilityZone: '2'
+    backup: {
+      geoRedundantBackup: 'Disabled'
+    }
+    highAvailability: {
+      mode: 'Disabled'
+    }
+    network: {}
+    storage: {
+      storageSizeGB: 32
+    }
+    version: '12'
+  }
+  sku: {
+    name: 'Standard_D2s_v3'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource administrator 'Microsoft.DBforPostgreSQL/flexibleServers/administrators@2022-12-01' = {
+  parent: flexibleServer
+  name: 'data.azurerm_client_config.current.object_id'
+  properties: {
+    principalType: 'ServicePrincipal'
+    tenantId: deployer().tenantId
+  }
+}
diff --git a/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/configurations/main.bicep b/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/configurations/main.bicep
new file mode 100644
index 00000000..29b9710c
--- /dev/null
+++ b/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/configurations/main.bicep
@@ -0,0 +1,55 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+@secure()
+@description('The administrator password for the PostgreSQL flexible server')
+param postgresqlAdministratorPassword string
+
+resource flexibleServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-06-01-preview' = {
+  name: resourceName
+  location: location
+  identity: {
+    type: 'None'
+    userAssignedIdentities: null
+  }
+  properties: {
+    administratorLogin: 'adminTerraform'
+    administratorLoginPassword: null
+    availabilityZone: '2'
+    backup: {
+      geoRedundantBackup: 'Disabled'
+    }
+    highAvailability: {
+      mode: 'Disabled'
+    }
+    network: {}
+    storage: {
+      storageSizeGB: 32
+    }
+    version: '12'
+  }
+  sku: {
+    name: 'Standard_D2s_v3'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource pgbouncerDefaultPoolSize 'Microsoft.DBforPostgreSQL/flexibleServers/configurations@2022-12-01' = {
+  parent: flexibleServer
+  name: 'pgbouncer.default_pool_size'
+  properties: {
+    source: 'user-override'
+    value: '40'
+  }
+  dependsOn: [
+    pgbouncerEnabled
+  ]
+}
+
+resource pgbouncerEnabled 'Microsoft.DBforPostgreSQL/flexibleServers/configurations@2022-12-01' = {
+  parent: flexibleServer
+  name: 'pgbouncer.enabled'
+  properties: {
+    source: 'user-override'
+    value: 'true'
+  }
+}
diff --git a/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/databases/main.bicep b/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/databases/main.bicep
new file mode 100644
index 00000000..36781900
--- /dev/null
+++ b/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/databases/main.bicep
@@ -0,0 +1,39 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the PostgreSQL flexible server')
+param postgresqlAdministratorPassword string
+
+resource flexibleServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: 'adminTerraform'
+    administratorLoginPassword: null
+    availabilityZone: '2'
+    backup: {
+      geoRedundantBackup: 'Disabled'
+    }
+    highAvailability: {
+      mode: 'Disabled'
+    }
+    network: {}
+    storage: {
+      storageSizeGB: 32
+    }
+    version: '12'
+  }
+  sku: {
+    name: 'Standard_D2s_v3'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource database 'Microsoft.DBforPostgreSQL/flexibleServers/databases@2022-12-01' = {
+  parent: flexibleServer
+  name: resourceName
+  properties: {
+    charset: 'UTF8'
+    collation: 'en_US.UTF8'
+  }
+}
diff --git a/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/firewallrules/main.bicep b/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/firewallrules/main.bicep
new file mode 100644
index 00000000..0f1d9126
--- /dev/null
+++ b/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/firewallrules/main.bicep
@@ -0,0 +1,39 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the PostgreSQL flexible server')
+param postgresqlAdministratorPassword string
+
+resource flexibleServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: 'adminTerraform'
+    administratorLoginPassword: null
+    availabilityZone: '2'
+    backup: {
+      geoRedundantBackup: 'Disabled'
+    }
+    highAvailability: {
+      mode: 'Disabled'
+    }
+    network: {}
+    storage: {
+      storageSizeGB: 32
+    }
+    version: '12'
+  }
+  sku: {
+    name: 'Standard_D2s_v3'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource firewallRule 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2022-12-01' = {
+  parent: flexibleServer
+  name: resourceName
+  properties: {
+    endIpAddress: '122.122.0.0'
+    startIpAddress: '122.122.0.0'
+  }
+}
diff --git a/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/main.bicep b/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/main.bicep
new file mode 100644
index 00000000..bd677693
--- /dev/null
+++ b/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/main.bicep
@@ -0,0 +1,36 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+@description('The administrator login name for the PostgreSQL flexible server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the PostgreSQL flexible server')
+param administratorLoginPassword string
+
+resource flexibleServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-06-01-preview' = {
+  name: resourceName
+  location: location
+  identity: {
+    type: 'None'
+    userAssignedIdentities: null
+  }
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    availabilityZone: '2'
+    backup: {
+      geoRedundantBackup: 'Disabled'
+    }
+    highAvailability: {
+      mode: 'Disabled'
+    }
+    network: {}
+    storage: {
+      storageSizeGB: 32
+    }
+    version: '12'
+  }
+  sku: {
+    name: 'Standard_D2s_v3'
+    tier: 'GeneralPurpose'
+  }
+}
diff --git a/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/virtualendpoints/main.bicep b/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/virtualendpoints/main.bicep
new file mode 100644
index 00000000..f32b3bc8
--- /dev/null
+++ b/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/virtualendpoints/main.bicep
@@ -0,0 +1,70 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+@secure()
+@description('The administrator login password for the PostgreSQL flexible server')
+param administratorLoginPassword string
+
+resource flexibleServer 'Microsoft.DBforPostgreSQL/flexibleServers@2024-08-01' = {
+  name: '${resourceName}-primary'
+  location: location
+  properties: {
+    administratorLogin: 'psqladmin'
+    administratorLoginPassword: null
+    availabilityZone: '1'
+    backup: {
+      geoRedundantBackup: 'Disabled'
+    }
+    highAvailability: {
+      mode: 'Disabled'
+    }
+    network: {
+      publicNetworkAccess: 'Disabled'
+    }
+    storage: {
+      autoGrow: 'Disabled'
+      storageSizeGB: 32
+      tier: 'P30'
+    }
+    version: '16'
+  }
+  sku: {
+    name: 'Standard_D2ads_v5'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource flexibleserver1 'Microsoft.DBforPostgreSQL/flexibleServers@2024-08-01' = {
+  name: '${resourceName}-replica'
+  location: location
+  properties: {
+    availabilityZone: '1'
+    backup: {
+      geoRedundantBackup: 'Disabled'
+    }
+    createMode: 'Replica'
+    highAvailability: {
+      mode: 'Disabled'
+    }
+    network: {
+      publicNetworkAccess: 'Disabled'
+    }
+    sourceServerResourceId: flexibleServer.id
+    storage: {
+      autoGrow: 'Disabled'
+      storageSizeGB: 32
+      tier: 'P30'
+    }
+    version: '16'
+  }
+}
+
+resource virtualEndpoint 'Microsoft.DBforPostgreSQL/flexibleServers/virtualEndpoints@2024-08-01' = {
+  parent: flexibleServer
+  name: resourceName
+  properties: {
+    endpointType: 'ReadWrite'
+    members: [
+      flexibleserver1.name
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.dbforpostgresql/samples/servergroupsv2/main.bicep b/settings/remarks/microsoft.dbforpostgresql/samples/servergroupsv2/main.bicep
new file mode 100644
index 00000000..b4888c67
--- /dev/null
+++ b/settings/remarks/microsoft.dbforpostgresql/samples/servergroupsv2/main.bicep
@@ -0,0 +1,21 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator login password for the PostgreSQL server group')
+param administratorLoginPassword string
+
+resource serverGroupsv2 'Microsoft.DBforPostgreSQL/serverGroupsv2@2022-11-08' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLoginPassword: null
+    coordinatorEnablePublicIpAccess: true
+    coordinatorServerEdition: 'GeneralPurpose'
+    coordinatorStorageQuotaInMb: 131072
+    coordinatorVCores: 2
+    enableHa: false
+    nodeCount: 0
+    nodeEnablePublicIpAccess: false
+    nodeServerEdition: 'MemoryOptimized'
+  }
+}
diff --git a/settings/remarks/microsoft.dbforpostgresql/samples/servers/administrators/main.bicep b/settings/remarks/microsoft.dbforpostgresql/samples/servers/administrators/main.bicep
new file mode 100644
index 00000000..042fc32c
--- /dev/null
+++ b/settings/remarks/microsoft.dbforpostgresql/samples/servers/administrators/main.bicep
@@ -0,0 +1,46 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login name for the PostgreSQL server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the PostgreSQL server')
+param administratorLoginPassword string
+@description('The administrator login name for the PostgreSQL server admin')
+param adminLogin string
+
+resource server 'Microsoft.DBforPostgreSQL/servers@2017-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    infrastructureEncryption: 'Disabled'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '9.6'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource administrator 'Microsoft.DBforPostgreSQL/servers/administrators@2017-12-01' = {
+  parent: server
+  name: 'activeDirectory'
+  properties: {
+    administratorType: 'ActiveDirectory'
+    login: null
+    sid: deployer().objectId
+    tenantId: deployer().tenantId
+  }
+}
diff --git a/settings/remarks/microsoft.dbforpostgresql/samples/servers/configurations/main.bicep b/settings/remarks/microsoft.dbforpostgresql/samples/servers/configurations/main.bicep
new file mode 100644
index 00000000..e3a3be58
--- /dev/null
+++ b/settings/remarks/microsoft.dbforpostgresql/samples/servers/configurations/main.bicep
@@ -0,0 +1,41 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login for the PostgreSQL server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the PostgreSQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforPostgreSQL/servers@2017-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    infrastructureEncryption: 'Disabled'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '9.6'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource configuration 'Microsoft.DBforPostgreSQL/servers/configurations@2017-12-01' = {
+  parent: server
+  name: 'backslash_quote'
+  properties: {
+    value: 'on'
+  }
+}
diff --git a/settings/remarks/microsoft.dbforpostgresql/samples/servers/databases/main.bicep b/settings/remarks/microsoft.dbforpostgresql/samples/servers/databases/main.bicep
new file mode 100644
index 00000000..3b7730c5
--- /dev/null
+++ b/settings/remarks/microsoft.dbforpostgresql/samples/servers/databases/main.bicep
@@ -0,0 +1,42 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login for the PostgreSQL server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the PostgreSQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforPostgreSQL/servers@2017-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    infrastructureEncryption: 'Disabled'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '9.6'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource database 'Microsoft.DBforPostgreSQL/servers/databases@2017-12-01' = {
+  parent: server
+  name: resourceName
+  properties: {
+    charset: 'UTF8'
+    collation: 'English_United States.1252'
+  }
+}
diff --git a/settings/remarks/microsoft.dbforpostgresql/samples/servers/firewallrules/main.bicep b/settings/remarks/microsoft.dbforpostgresql/samples/servers/firewallrules/main.bicep
new file mode 100644
index 00000000..5d2022d7
--- /dev/null
+++ b/settings/remarks/microsoft.dbforpostgresql/samples/servers/firewallrules/main.bicep
@@ -0,0 +1,42 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login for the PostgreSQL server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the PostgreSQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforPostgreSQL/servers@2017-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    infrastructureEncryption: 'Disabled'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '9.6'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource firewallRule 'Microsoft.DBforPostgreSQL/servers/firewallRules@2017-12-01' = {
+  parent: server
+  name: resourceName
+  properties: {
+    endIpAddress: '255.255.255.255'
+    startIpAddress: '0.0.0.0'
+  }
+}
diff --git a/settings/remarks/microsoft.dbforpostgresql/samples/servers/main.bicep b/settings/remarks/microsoft.dbforpostgresql/samples/servers/main.bicep
new file mode 100644
index 00000000..39559318
--- /dev/null
+++ b/settings/remarks/microsoft.dbforpostgresql/samples/servers/main.bicep
@@ -0,0 +1,33 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login name for the PostgreSQL server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the PostgreSQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforPostgreSQL/servers@2017-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    infrastructureEncryption: 'Disabled'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '9.5'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
diff --git a/settings/remarks/microsoft.dbforpostgresql/samples/servers/virtualnetworkrules/main.bicep b/settings/remarks/microsoft.dbforpostgresql/samples/servers/virtualnetworkrules/main.bicep
new file mode 100644
index 00000000..471521bb
--- /dev/null
+++ b/settings/remarks/microsoft.dbforpostgresql/samples/servers/virtualnetworkrules/main.bicep
@@ -0,0 +1,75 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login for the PostgreSQL server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the PostgreSQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.DBforPostgreSQL/servers@2017-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    createMode: 'Default'
+    infrastructureEncryption: 'Disabled'
+    minimalTlsVersion: 'TLS1_2'
+    publicNetworkAccess: 'Enabled'
+    sslEnforcement: 'Enabled'
+    storageProfile: {
+      backupRetentionDays: 7
+      storageAutogrow: 'Enabled'
+      storageMB: 51200
+    }
+    version: '9.5'
+  }
+  sku: {
+    capacity: 2
+    family: 'Gen5'
+    name: 'GP_Gen5_2'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.7.29.0/29'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.7.29.0/29'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: [
+      {
+        service: 'Microsoft.Sql'
+      }
+    ]
+  }
+}
+
+resource virtualNetworkRule 'Microsoft.DBforPostgreSQL/servers/virtualNetworkRules@2017-12-01' = {
+  parent: server
+  name: resourceName
+  properties: {
+    ignoreMissingVnetServiceEndpoint: false
+    virtualNetworkSubnetId: subnet.id
+  }
+}
diff --git a/settings/remarks/microsoft.desktopvirtualization/remarks.json b/settings/remarks/microsoft.desktopvirtualization/remarks.json
index 47203009..97bacec0 100644
--- a/settings/remarks/microsoft.desktopvirtualization/remarks.json
+++ b/settings/remarks/microsoft.desktopvirtualization/remarks.json
@@ -21,5 +21,22 @@
       "Path": "samples/workspaces/main.tf",
       "Description": "A basic example of deploying Virtual Desktop Workspace."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.DesktopVirtualization/applicationGroups",
+      "Path": "samples/applicationgroups/main.bicep",
+      "Description": "A basic example of deploying Virtual Desktop Application Group."
+    },
+    {
+      "ResourceType": "Microsoft.DesktopVirtualization/applicationGroups/applications",
+      "Path": "samples/applicationgroups/applications/main.bicep",
+      "Description": "A basic example of deploying Virtual Desktop Application."
+    },
+    {
+      "ResourceType": "Microsoft.DesktopVirtualization/workspaces",
+      "Path": "samples/workspaces/main.bicep",
+      "Description": "A basic example of deploying Virtual Desktop Workspace."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.desktopvirtualization/samples/applicationgroups/applications/main.bicep b/settings/remarks/microsoft.desktopvirtualization/samples/applicationgroups/applications/main.bicep
new file mode 100644
index 00000000..190e9064
--- /dev/null
+++ b/settings/remarks/microsoft.desktopvirtualization/samples/applicationgroups/applications/main.bicep
@@ -0,0 +1,36 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource applicationGroup 'Microsoft.DesktopVirtualization/applicationGroups@2023-09-05' = {
+  name: resourceName
+  location: location
+  properties: {
+    applicationGroupType: 'RemoteApp'
+    hostPoolArmPath: hostPool.id
+  }
+}
+
+resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' = {
+  name: resourceName
+  location: location
+  properties: {
+    hostPoolType: 'Pooled'
+    loadBalancerType: 'BreadthFirst'
+    maxSessionLimit: 999999
+    preferredAppGroupType: 'Desktop'
+    publicNetworkAccess: 'Enabled'
+    startVMOnConnect: false
+    validationEnvironment: false
+  }
+}
+
+resource application 'Microsoft.DesktopVirtualization/applicationGroups/applications@2023-09-05' = {
+  parent: applicationGroup
+  name: resourceName
+  location: location
+  properties: {
+    commandLineSetting: 'DoNotAllow'
+    filePath: 'C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe'
+    showInPortal: false
+  }
+}
diff --git a/settings/remarks/microsoft.desktopvirtualization/samples/applicationgroups/main.bicep b/settings/remarks/microsoft.desktopvirtualization/samples/applicationgroups/main.bicep
new file mode 100644
index 00000000..75e4a4c3
--- /dev/null
+++ b/settings/remarks/microsoft.desktopvirtualization/samples/applicationgroups/main.bicep
@@ -0,0 +1,32 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource applicationGroup 'Microsoft.DesktopVirtualization/applicationGroups@2024-04-03' = {
+  name: '${resourceName}-ag'
+  location: location
+  properties: {
+    applicationGroupType: 'Desktop'
+    description: ''
+    friendlyName: ''
+    hostPoolArmPath: hostPool.id
+  }
+}
+
+resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2024-04-03' = {
+  name: '${resourceName}-hp'
+  location: location
+  properties: {
+    customRdpProperty: ''
+    description: ''
+    friendlyName: ''
+    hostPoolType: 'Pooled'
+    loadBalancerType: 'BreadthFirst'
+    maxSessionLimit: 999999
+    personalDesktopAssignmentType: ''
+    preferredAppGroupType: 'Desktop'
+    publicNetworkAccess: 'Enabled'
+    startVMOnConnect: false
+    validationEnvironment: false
+    vmTemplate: ''
+  }
+}
diff --git a/settings/remarks/microsoft.desktopvirtualization/samples/workspaces/main.bicep b/settings/remarks/microsoft.desktopvirtualization/samples/workspaces/main.bicep
new file mode 100644
index 00000000..41fcd7a5
--- /dev/null
+++ b/settings/remarks/microsoft.desktopvirtualization/samples/workspaces/main.bicep
@@ -0,0 +1,12 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource workspace 'Microsoft.DesktopVirtualization/workspaces@2024-04-03' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    friendlyName: ''
+    publicNetworkAccess: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.devcenter/remarks.json b/settings/remarks/microsoft.devcenter/remarks.json
index 06a0b051..ef0fadfb 100644
--- a/settings/remarks/microsoft.devcenter/remarks.json
+++ b/settings/remarks/microsoft.devcenter/remarks.json
@@ -46,5 +46,47 @@
       "Path": "samples/projects/environmenttypes/main.tf",
       "Description": "A basic example of deploying Dev Center Project Environment Type."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.DevCenter/devCenters",
+      "Path": "samples/devcenters/main.bicep",
+      "Description": "A basic example of deploying Dev Center."
+    },
+    {
+      "ResourceType": "Microsoft.DevCenter/devCenters/catalogs",
+      "Path": "samples/devcenters/catalogs/main.bicep",
+      "Description": "A basic example of deploying Dev Center Catalog."
+    },
+    {
+      "ResourceType": "Microsoft.DevCenter/devCenters/environmentTypes",
+      "Path": "samples/devcenters/environmenttypes/main.bicep",
+      "Description": "A basic example of deploying Dev Center Environment Type."
+    },
+    {
+      "ResourceType": "Microsoft.DevCenter/devcenters/attachednetworks",
+      "Path": "samples/devcenters/attachednetworks/main.bicep",
+      "Description": "A basic example of deploying Dev Center Attached Network."
+    },
+    {
+      "ResourceType": "Microsoft.DevCenter/devcenters/devboxdefinitions",
+      "Path": "samples/devcenters/devboxdefinitions/main.bicep",
+      "Description": "A basic example of deploying Dev Center Dev Box Definition."
+    },
+    {
+      "ResourceType": "Microsoft.DevCenter/networkConnections",
+      "Path": "samples/networkconnections/main.bicep",
+      "Description": "A basic example of deploying Dev Center Network Connection."
+    },
+    {
+      "ResourceType": "Microsoft.DevCenter/projects",
+      "Path": "samples/projects/main.bicep",
+      "Description": "A basic example of deploying Dev Center Project."
+    },
+    {
+      "ResourceType": "Microsoft.DevCenter/projects/environmentTypes",
+      "Path": "samples/projects/environmenttypes/main.bicep",
+      "Description": "A basic example of deploying Dev Center Project Environment Type."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.devcenter/samples/devcenters/attachednetworks/main.bicep b/settings/remarks/microsoft.devcenter/samples/devcenters/attachednetworks/main.bicep
new file mode 100644
index 00000000..7cb03984
--- /dev/null
+++ b/settings/remarks/microsoft.devcenter/samples/devcenters/attachednetworks/main.bicep
@@ -0,0 +1,48 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource devCenter 'Microsoft.DevCenter/devcenters@2023-04-01' = {
+  name: resourceName
+  location: location
+  identity: {
+    type: 'SystemAssigned'
+    userAssignedIdentities: null
+  }
+}
+
+resource networkConnection 'Microsoft.DevCenter/networkConnections@2023-04-01' = {
+  name: resourceName
+  location: 'westeurope'
+  properties: {
+    domainJoinType: 'AzureADJoin'
+    subnetId: subnet.id
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+  }
+}
+
+resource attachNetwork 'Microsoft.DevCenter/devcenters/attachednetworks@2023-04-01' = {
+  parent: devCenter
+  name: resourceName
+  properties: {
+    networkConnectionId: networkConnection.id
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+  }
+}
diff --git a/settings/remarks/microsoft.devcenter/samples/devcenters/catalogs/main.bicep b/settings/remarks/microsoft.devcenter/samples/devcenters/catalogs/main.bicep
new file mode 100644
index 00000000..a6a3809a
--- /dev/null
+++ b/settings/remarks/microsoft.devcenter/samples/devcenters/catalogs/main.bicep
@@ -0,0 +1,21 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource devCenter 'Microsoft.DevCenter/devCenters@2025-02-01' = {
+  name: '${substring(resourceName, 0, 22)}-dc'
+  location: location
+  properties: {}
+}
+
+resource catalog 'Microsoft.DevCenter/devCenters/catalogs@2025-02-01' = {
+  parent: devCenter
+  name: '${substring(resourceName, 0, 17)}-catalog'
+  properties: {
+    adoGit: {
+      branch: 'main'
+      path: '/template'
+      secretIdentifier: 'https://amlim-kv.vault.azure.net/secrets/ado/6279752c2bdd4a38a3e79d958cc36a75'
+      uri: 'https://amlim@dev.azure.com/amlim/testCatalog/_git/testCatalog'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.devcenter/samples/devcenters/devboxdefinitions/main.bicep b/settings/remarks/microsoft.devcenter/samples/devcenters/devboxdefinitions/main.bicep
new file mode 100644
index 00000000..2368eef0
--- /dev/null
+++ b/settings/remarks/microsoft.devcenter/samples/devcenters/devboxdefinitions/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource devCenter 'Microsoft.DevCenter/devcenters@2023-04-01' = {
+  name: resourceName
+  location: location
+  identity: {
+    type: 'SystemAssigned'
+    userAssignedIdentities: null
+  }
+}
+
+resource devBoxDefinition 'Microsoft.DevCenter/devcenters/devboxdefinitions@2024-10-01-preview' = {
+  parent: devCenter
+  name: resourceName
+  location: location
+  properties: {
+    hibernateSupport: 'Enabled'
+    imageReference: {
+      id: '${devCenter.id}/galleries/default/images/microsoftvisualstudio_visualstudioplustools_vs-2022-ent-general-win10-m365-gen2'
+    }
+    sku: {
+      name: 'general_i_8c32gb256ssd_v2'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.devcenter/samples/devcenters/environmenttypes/main.bicep b/settings/remarks/microsoft.devcenter/samples/devcenters/environmenttypes/main.bicep
new file mode 100644
index 00000000..48152382
--- /dev/null
+++ b/settings/remarks/microsoft.devcenter/samples/devcenters/environmenttypes/main.bicep
@@ -0,0 +1,13 @@
+param resourceName string
+param location string
+
+resource devCenter 'Microsoft.DevCenter/devCenters@2025-02-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
+
+resource environmentType 'Microsoft.DevCenter/devCenters/environmentTypes@2025-02-01' = {
+  parent: devCenter
+  name: resourceName
+}
diff --git a/settings/remarks/microsoft.devcenter/samples/devcenters/main.bicep b/settings/remarks/microsoft.devcenter/samples/devcenters/main.bicep
new file mode 100644
index 00000000..c091a718
--- /dev/null
+++ b/settings/remarks/microsoft.devcenter/samples/devcenters/main.bicep
@@ -0,0 +1,12 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource devCenter 'Microsoft.DevCenter/devCenters@2025-02-01' = {
+  name: resourceName
+  location: location
+}
+
+resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: '${resourceName}-uai'
+  location: location
+}
diff --git a/settings/remarks/microsoft.devcenter/samples/networkconnections/main.bicep b/settings/remarks/microsoft.devcenter/samples/networkconnections/main.bicep
new file mode 100644
index 00000000..b1655e53
--- /dev/null
+++ b/settings/remarks/microsoft.devcenter/samples/networkconnections/main.bicep
@@ -0,0 +1,31 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkConnection 'Microsoft.DevCenter/networkConnections@2023-04-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    domainJoinType: 'AzureADJoin'
+    subnetId: subnet.id
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+  }
+}
diff --git a/settings/remarks/microsoft.devcenter/samples/projects/environmenttypes/main.bicep b/settings/remarks/microsoft.devcenter/samples/projects/environmenttypes/main.bicep
new file mode 100644
index 00000000..85ced5c5
--- /dev/null
+++ b/settings/remarks/microsoft.devcenter/samples/projects/environmenttypes/main.bicep
@@ -0,0 +1,32 @@
+param resourceName string
+param location string
+
+resource devCenter 'Microsoft.DevCenter/devCenters@2025-02-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
+
+resource project 'Microsoft.DevCenter/projects@2025-02-01' = {
+  name: '${resourceName}-proj'
+  location: location
+  properties: {
+    description: ''
+    devCenterId: devCenter.id
+    maxDevBoxesPerUser: 0
+  }
+}
+
+resource environmentType 'Microsoft.DevCenter/devCenters/environmentTypes@2025-02-01' = {
+  parent: devCenter
+  name: '${resourceName}-envtype'
+}
+
+resource environmenttype1 'Microsoft.DevCenter/projects/environmentTypes@2025-02-01' = {
+  parent: project
+  name: 'environmentType.name'
+  properties: {
+    deploymentTargetId: '/subscriptions/subscription().subscriptionId'
+    status: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.devcenter/samples/projects/main.bicep b/settings/remarks/microsoft.devcenter/samples/projects/main.bicep
new file mode 100644
index 00000000..53ecbc92
--- /dev/null
+++ b/settings/remarks/microsoft.devcenter/samples/projects/main.bicep
@@ -0,0 +1,18 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource devCenter 'Microsoft.DevCenter/devCenters@2025-02-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
+
+resource project 'Microsoft.DevCenter/projects@2025-02-01' = {
+  name: '${resourceName}-proj'
+  location: location
+  properties: {
+    description: ''
+    devCenterId: devCenter.id
+    maxDevBoxesPerUser: 0
+  }
+}
diff --git a/settings/remarks/microsoft.devices/remarks.json b/settings/remarks/microsoft.devices/remarks.json
index a826894b..937fd621 100644
--- a/settings/remarks/microsoft.devices/remarks.json
+++ b/settings/remarks/microsoft.devices/remarks.json
@@ -29,5 +29,27 @@
       "Path": "samples/provisioningservices/certificates/main.tf",
       "Description": "A basic example of deploying IoT Device Provisioning Service Certificate."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Devices/IotHubs",
+      "Path": "samples/iothubs/main.bicep",
+      "Description": "A basic example of deploying IotHub."
+    },
+    {
+      "ResourceType": "Microsoft.Devices/IotHubs/certificates",
+      "Path": "samples/iothubs/certificates/main.bicep",
+      "Description": "A basic example of deploying IoTHub Certificate."
+    },
+    {
+      "ResourceType": "Microsoft.Devices/provisioningServices",
+      "Path": "samples/provisioningservices/main.bicep",
+      "Description": "A basic example of deploying IoT Device Provisioning Service."
+    },
+    {
+      "ResourceType": "Microsoft.Devices/provisioningServices/certificates",
+      "Path": "samples/provisioningservices/certificates/main.bicep",
+      "Description": "A basic example of deploying IoT Device Provisioning Service Certificate."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.devices/samples/iothubs/certificates/main.bicep b/settings/remarks/microsoft.devices/samples/iothubs/certificates/main.bicep
new file mode 100644
index 00000000..eaac0850
--- /dev/null
+++ b/settings/remarks/microsoft.devices/samples/iothubs/certificates/main.bicep
@@ -0,0 +1,39 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The Base64 encoded certificate content for the IoT Hub')
+param certificateContent string
+
+resource iothub 'Microsoft.Devices/IotHubs@2022-04-30-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    cloudToDevice: {}
+    enableFileUploadNotifications: false
+    messagingEndpoints: {}
+    routing: {
+      fallbackRoute: {
+        condition: 'true'
+        endpointNames: [
+          'events'
+        ]
+        isEnabled: true
+        source: 'DeviceMessages'
+      }
+    }
+    storageEndpoints: {}
+  }
+  sku: {
+    capacity: 1
+    name: 'B1'
+  }
+}
+
+resource certificate 'Microsoft.Devices/IotHubs/certificates@2022-04-30-preview' = {
+  parent: iothub
+  name: resourceName
+  properties: {
+    certificate: null
+    isVerified: false
+  }
+}
diff --git a/settings/remarks/microsoft.devices/samples/iothubs/main.bicep b/settings/remarks/microsoft.devices/samples/iothubs/main.bicep
new file mode 100644
index 00000000..036e8dd0
--- /dev/null
+++ b/settings/remarks/microsoft.devices/samples/iothubs/main.bicep
@@ -0,0 +1,27 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource iothub 'Microsoft.Devices/IotHubs@2022-04-30-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    cloudToDevice: {}
+    enableFileUploadNotifications: false
+    messagingEndpoints: {}
+    routing: {
+      fallbackRoute: {
+        condition: 'true'
+        endpointNames: [
+          'events'
+        ]
+        isEnabled: true
+        source: 'DeviceMessages'
+      }
+    }
+    storageEndpoints: {}
+  }
+  sku: {
+    capacity: 1
+    name: 'S1'
+  }
+}
diff --git a/settings/remarks/microsoft.devices/samples/provisioningservices/certificates/main.bicep b/settings/remarks/microsoft.devices/samples/provisioningservices/certificates/main.bicep
new file mode 100644
index 00000000..0132ce72
--- /dev/null
+++ b/settings/remarks/microsoft.devices/samples/provisioningservices/certificates/main.bicep
@@ -0,0 +1,25 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource provisioningService 'Microsoft.Devices/provisioningServices@2022-02-05' = {
+  name: resourceName
+  location: location
+  properties: {
+    allocationPolicy: 'Hashed'
+    enableDataResidency: false
+    iotHubs: []
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    capacity: 1
+    name: 'S1'
+  }
+}
+
+resource certificate 'Microsoft.Devices/provisioningServices/certificates@2022-02-05' = {
+  parent: provisioningService
+  name: resourceName
+  properties: {
+    certificate: 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlEYnpDQ0FsZWdBd0lCQWdJSkFJempSRDM2c0liYk1BMEdDU3FHU0liM0RRRUJDd1VBTUUweEN6QUpCZ05WDQpCQVlUQWxWVE1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNUkl3RUFZRFZRUUtEQWwwWlhKeVlXWnZjbTB4DQpGVEFUQmdOVkJBTU1ESFJsY25KaFptOXliUzVwYnpBZ0Z3MHhOekEwTWpFeU1EQTFNamRhR0E4eU1URTNNRE15DQpPREl3TURVeU4xb3dUVEVMTUFrR0ExVUVCaE1DVlZNeEV6QVJCZ05WQkFnTUNsTnZiV1V0VTNSaGRHVXhFakFRDQpCZ05WQkFvTUNYUmxjbkpoWm05eWJURVZNQk1HQTFVRUF3d01kR1Z5Y21GbWIzSnRMbWx2TUlJQklqQU5CZ2txDQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTNMOUw1c3pUNCtGTHlrVEZOeXlQankvazNCUVRZQWZSDQpRelAyZGhuc3VVS20zY2RQQzBOeVord0VYSVVHaG9ETzJZRzZFWUNoT2w4ZnNEcURPamxvU1VHS3FZdysrbmxwDQpISXVVZ0p4OEl4eEcyWGtBTENqRlU3RW1GK3c3a243NmQwZXpwRUlZeG5MUCtLRzJEVm9ybm9FdDFhTGh2MU1MDQptcGdFWlpQaERiTVNMaFNZV2VUVlJNYXlYTHdxdGZnbkR1bVFTQis4ZC8xSnVKcXJTSTRwRDEySm96VlRoemI2DQpoc2pmYjZSTVg0ZXBQbXJHbjBQYlRQRUVBNmF3bXN4QkNYQjBzMTNuTlF0L08waExNMmFnd3ZBeW96aWxRVitzDQo2MTZDa2drNkRKb1VrcVpoRHk3dlBZTUlSU3I5OGZCd3M2emtyVjZ0VExqbUQ4eEF2b2JlUFFJREFRQUJvMUF3DQpUakFkQmdOVkhRNEVGZ1FVWElxTzQyMXpNTW1iY1JSWDl3Y3RaRkNRdVBJd0h3WURWUjBqQkJnd0ZvQVVYSXFPDQo0MjF6TU1tYmNSUlg5d2N0WkZDUXVQSXdEQVlEVlIwVEJBVXdBd0VCL3pBTkJna3Foa2lHOXcwQkFRc0ZBQU9DDQpBUUVBcjgyTmVUM0JZSk9LTGxVTDZPbTVMalVGNjZld2NKakc5bHRkdnlRd1ZuZU1jcTd0NVVBUHhnQ2h6cU5SDQpWazRkYThQemtYcGpCSnlXZXpIdXBkSk5YM1hxZVVrMmtTeHFRNi9nbWhxdmZJM3k3ZGpyd29PNmp2TUVZMjZXDQpxdGtUTk9SV0RQM1RISkpWaW1DM3pWK0tNVTVVQlZyRXpoT1ZoSFNVNzA5bEJQNzVvMEJCbjN4R3NQcVNxOWs4DQpJb3RJRmZ5QWM2YStYUDMrWk1wdmg3d3FBVW1sN3ZXYTV3bGNYRXhDeDM5aDFiYWxmRFNMR05DNHN3V1BDcDlBDQpNblFSMHArdk1heTloTlAxRWgrOVFZVWFpMTRkNUtTM2NGVitLeEUxY0pSNUhEL2lMbHRubk9FYnBNc0IwZVZPDQpaV2tGdkU3WTVsVzBvVlNBZmluNVR3VEpNUT09DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t'
+  }
+}
diff --git a/settings/remarks/microsoft.devices/samples/provisioningservices/main.bicep b/settings/remarks/microsoft.devices/samples/provisioningservices/main.bicep
new file mode 100644
index 00000000..e38ef376
--- /dev/null
+++ b/settings/remarks/microsoft.devices/samples/provisioningservices/main.bicep
@@ -0,0 +1,17 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource provisioningService 'Microsoft.Devices/provisioningServices@2022-02-05' = {
+  name: resourceName
+  location: location
+  properties: {
+    allocationPolicy: 'Hashed'
+    enableDataResidency: false
+    iotHubs: []
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    capacity: 1
+    name: 'S1'
+  }
+}
diff --git a/settings/remarks/microsoft.deviceupdate/remarks.json b/settings/remarks/microsoft.deviceupdate/remarks.json
index 61abe75f..98fb5f9a 100644
--- a/settings/remarks/microsoft.deviceupdate/remarks.json
+++ b/settings/remarks/microsoft.deviceupdate/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/accounts/instances/main.tf",
       "Description": "A basic example of deploying IoT Hub Device Update Instance."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.DeviceUpdate/accounts",
+      "Path": "samples/accounts/main.bicep",
+      "Description": "A basic example of deploying IoT Hub Device Update Account."
+    },
+    {
+      "ResourceType": "Microsoft.DeviceUpdate/accounts/instances",
+      "Path": "samples/accounts/instances/main.bicep",
+      "Description": "A basic example of deploying IoT Hub Device Update Instance."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.deviceupdate/samples/accounts/instances/main.bicep b/settings/remarks/microsoft.deviceupdate/samples/accounts/instances/main.bicep
new file mode 100644
index 00000000..348c8fb1
--- /dev/null
+++ b/settings/remarks/microsoft.deviceupdate/samples/accounts/instances/main.bicep
@@ -0,0 +1,51 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource iothub 'Microsoft.Devices/IotHubs@2022-04-30-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    cloudToDevice: {}
+    enableFileUploadNotifications: false
+    messagingEndpoints: {}
+    routing: {
+      fallbackRoute: {
+        condition: 'true'
+        endpointNames: [
+          'events'
+        ]
+        isEnabled: true
+        source: 'DeviceMessages'
+      }
+    }
+    storageEndpoints: {}
+  }
+  sku: {
+    capacity: 1
+    name: 'S1'
+  }
+}
+
+resource account 'Microsoft.DeviceUpdate/accounts@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    sku: 'Standard'
+  }
+}
+
+resource instance 'Microsoft.DeviceUpdate/accounts/instances@2022-10-01' = {
+  parent: account
+  name: resourceName
+  location: location
+  properties: {
+    accountName: account.name
+    enableDiagnostics: false
+    iotHubs: [
+      {
+        resourceId: iothub.id
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.deviceupdate/samples/accounts/main.bicep b/settings/remarks/microsoft.deviceupdate/samples/accounts/main.bicep
new file mode 100644
index 00000000..1850c1aa
--- /dev/null
+++ b/settings/remarks/microsoft.deviceupdate/samples/accounts/main.bicep
@@ -0,0 +1,11 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource account 'Microsoft.DeviceUpdate/accounts@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    sku: 'Standard'
+  }
+}
diff --git a/settings/remarks/microsoft.devtestlab/remarks.json b/settings/remarks/microsoft.devtestlab/remarks.json
index 8d884d3c..9f59de37 100644
--- a/settings/remarks/microsoft.devtestlab/remarks.json
+++ b/settings/remarks/microsoft.devtestlab/remarks.json
@@ -31,5 +31,37 @@
       "Path": "samples/schedules/main.tf",
       "Description": "A basic example of deploying automated shutdown schedules for Azure Resource Manager VMs outside of Dev Test Labs."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.DevTestLab/labs",
+      "Path": "samples/labs/main.bicep",
+      "Description": "A basic example of deploying Dev Test Lab."
+    },
+    {
+      "ResourceType": "Microsoft.DevTestLab/labs/policySets/policies",
+      "Path": "samples/labs/policysets/policies/main.bicep",
+      "Description": "A basic example of deploying Policy within a Dev Test Policy Set."
+    },
+    {
+      "ResourceType": "Microsoft.DevTestLab/labs/schedules",
+      "Path": "samples/labs/schedules/main.bicep",
+      "Description": "A basic example of deploying automated startup and shutdown schedules for Azure Dev Test Lab."
+    },
+    {
+      "ResourceType": "Microsoft.DevTestLab/labs/virtualMachines",
+      "Path": "samples/labs/virtualmachines/main.bicep",
+      "Description": "A basic example of deploying Virtual Machine within a Dev Test Lab."
+    },
+    {
+      "ResourceType": "Microsoft.DevTestLab/labs/virtualNetworks",
+      "Path": "samples/labs/virtualnetworks/main.bicep",
+      "Description": "A basic example of deploying Virtual Network within a DevTest Lab."
+    },
+    {
+      "ResourceType": "Microsoft.DevTestLab/schedules",
+      "Path": "samples/schedules/main.bicep",
+      "Description": "A basic example of deploying automated shutdown schedules for Azure Resource Manager VMs outside of Dev Test Labs."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.devtestlab/samples/labs/main.bicep b/settings/remarks/microsoft.devtestlab/samples/labs/main.bicep
new file mode 100644
index 00000000..c9b0ad5d
--- /dev/null
+++ b/settings/remarks/microsoft.devtestlab/samples/labs/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource lab 'Microsoft.DevTestLab/labs@2018-09-15' = {
+  name: resourceName
+  location: location
+  properties: {
+    labStorageType: 'Premium'
+  }
+}
diff --git a/settings/remarks/microsoft.devtestlab/samples/labs/policysets/policies/main.bicep b/settings/remarks/microsoft.devtestlab/samples/labs/policysets/policies/main.bicep
new file mode 100644
index 00000000..94a1f5c2
--- /dev/null
+++ b/settings/remarks/microsoft.devtestlab/samples/labs/policysets/policies/main.bicep
@@ -0,0 +1,25 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource lab 'Microsoft.DevTestLab/labs@2018-09-15' = {
+  name: resourceName
+  location: location
+}
+
+// The policy set is a singleton named 'default' under the lab
+resource policySet 'Microsoft.DevTestLab/labs/policySets@2018-09-15' existing = {
+  parent: lab
+  name: 'default'
+}
+
+resource policy 'Microsoft.DevTestLab/labs/policySets/policies@2018-09-15' = {
+  parent: policySet
+  name: 'LabVmCount'
+  properties: {
+    description: ''
+    evaluatorType: 'MaxValuePolicy'
+    factData: ''
+    factName: 'LabVmCount'
+    threshold: '999'
+  }
+}
diff --git a/settings/remarks/microsoft.devtestlab/samples/labs/schedules/main.bicep b/settings/remarks/microsoft.devtestlab/samples/labs/schedules/main.bicep
new file mode 100644
index 00000000..c4733acb
--- /dev/null
+++ b/settings/remarks/microsoft.devtestlab/samples/labs/schedules/main.bicep
@@ -0,0 +1,32 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource lab 'Microsoft.DevTestLab/labs@2018-09-15' = {
+  name: resourceName
+  location: location
+  properties: {
+    labStorageType: 'Premium'
+  }
+}
+
+resource schedule 'Microsoft.DevTestLab/labs/schedules@2018-09-15' = {
+  parent: lab
+  name: 'LabVmsShutdown'
+  location: location
+  properties: {
+    dailyRecurrence: {
+      time: '0100'
+    }
+    notificationSettings: {
+      status: 'Disabled'
+      timeInMinutes: 0
+      webhookUrl: ''
+    }
+    status: 'Disabled'
+    taskType: 'LabVmsShutdownTask'
+    timeZoneId: 'India Standard Time'
+  }
+  tags: {
+    environment: 'Production'
+  }
+}
diff --git a/settings/remarks/microsoft.devtestlab/samples/labs/virtualmachines/main.bicep b/settings/remarks/microsoft.devtestlab/samples/labs/virtualmachines/main.bicep
new file mode 100644
index 00000000..ce588176
--- /dev/null
+++ b/settings/remarks/microsoft.devtestlab/samples/labs/virtualmachines/main.bicep
@@ -0,0 +1,56 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The password for the DevTest Lab virtual machine')
+param vmPassword string
+
+resource lab 'Microsoft.DevTestLab/labs@2018-09-15' = {
+  name: resourceName
+  location: location
+  properties: {
+    labStorageType: 'Premium'
+  }
+}
+
+resource virtualMachine 'Microsoft.DevTestLab/labs/virtualMachines@2018-09-15' = {
+  parent: lab
+  name: resourceName
+  location: location
+  properties: {
+    allowClaim: true
+    disallowPublicIpAddress: false
+    galleryImageReference: {
+      offer: 'WindowsServer'
+      osType: 'Windows'
+      publisher: 'MicrosoftWindowsServer'
+      sku: '2012-Datacenter'
+      version: 'latest'
+    }
+    isAuthenticationWithSshKey: false
+    labSubnetName: '\'${resourceName}Subnet\''
+    labVirtualNetworkId: virtualNetwork.id
+    networkInterface: {}
+    notes: ''
+    osType: 'Windows'
+    password: null
+    size: 'Standard_F2'
+    storageType: 'Standard'
+    userName: 'acct5stU5er'
+  }
+}
+
+resource virtualNetwork 'Microsoft.DevTestLab/labs/virtualNetworks@2018-09-15' = {
+  parent: lab
+  name: resourceName
+  properties: {
+    description: ''
+    subnetOverrides: [
+      {
+        labSubnetName: '\'${resourceName}Subnet\''
+        resourceId: resourceId('Microsoft.Network/virtualNetworks/subnets', resourceName, '${resourceName}Subnet')
+        useInVmCreationPermission: 'Allow'
+        usePublicIpAddressPermission: 'Allow'
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.devtestlab/samples/labs/virtualnetworks/main.bicep b/settings/remarks/microsoft.devtestlab/samples/labs/virtualnetworks/main.bicep
new file mode 100644
index 00000000..68435e1e
--- /dev/null
+++ b/settings/remarks/microsoft.devtestlab/samples/labs/virtualnetworks/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource lab 'Microsoft.DevTestLab/labs@2018-09-15' = {
+  name: resourceName
+  location: location
+  properties: {
+    labStorageType: 'Premium'
+  }
+}
+
+resource virtualNetwork 'Microsoft.DevTestLab/labs/virtualNetworks@2018-09-15' = {
+  parent: lab
+  name: resourceName
+  properties: {
+    description: ''
+    subnetOverrides: [
+      {
+        labSubnetName: '\'${resourceName}Subnet\''
+        resourceId: resourceId('Microsoft.Network/virtualNetworks/subnets', resourceName, '${resourceName}Subnet')
+        useInVmCreationPermission: 'Allow'
+        usePublicIpAddressPermission: 'Allow'
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.devtestlab/samples/schedules/main.bicep b/settings/remarks/microsoft.devtestlab/samples/schedules/main.bicep
new file mode 100644
index 00000000..6aa87538
--- /dev/null
+++ b/settings/remarks/microsoft.devtestlab/samples/schedules/main.bicep
@@ -0,0 +1,148 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the virtual machine')
+param adminPassword string
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'testconfiguration1'
+        properties: {
+          primary: true
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource schedule 'Microsoft.DevTestLab/schedules@2018-09-15' = {
+  name: resourceName
+  location: location
+  properties: {
+    dailyRecurrence: {
+      time: '0100'
+    }
+    notificationSettings: {
+      emailRecipient: ''
+      status: 'Disabled'
+      timeInMinutes: 30
+      webhookUrl: ''
+    }
+    status: 'Enabled'
+    targetResourceId: virtualMachine.id
+    taskType: 'ComputeVmShutdownTask'
+    timeZoneId: 'Pacific Standard Time'
+  }
+  tags: {
+    environment: 'Production'
+  }
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    additionalCapabilities: {}
+    applicationProfile: {
+      galleryApplications: []
+    }
+    diagnosticsProfile: {
+      bootDiagnostics: {
+        enabled: false
+        storageUri: ''
+      }
+    }
+    extensionsTimeBudget: 'PT1H30M'
+    hardwareProfile: {
+      vmSize: 'Standard_B2s'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: true
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminPassword: null
+      adminUsername: 'testadmin'
+      allowExtensionOperations: true
+      computerName: 'acctest0001'
+      linuxConfiguration: {
+        disablePasswordAuthentication: false
+        patchSettings: {
+          assessmentMode: 'ImageDefault'
+          patchMode: 'ImageDefault'
+        }
+        provisionVMAgent: true
+        ssh: {
+          publicKeys: []
+        }
+      }
+      secrets: []
+    }
+    priority: 'Regular'
+    storageProfile: {
+      dataDisks: []
+      imageReference: {
+        offer: 'UbuntuServer'
+        publisher: 'Canonical'
+        sku: '18.04-LTS'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'FromImage'
+        managedDisk: {
+          storageAccountType: 'Standard_LRS'
+        }
+        name: 'myosdisk-230630033106863551'
+        osType: 'Linux'
+        writeAcceleratorEnabled: false
+      }
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.digitaltwins/remarks.json b/settings/remarks/microsoft.digitaltwins/remarks.json
index 7cc6c6be..c544718c 100644
--- a/settings/remarks/microsoft.digitaltwins/remarks.json
+++ b/settings/remarks/microsoft.digitaltwins/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/digitaltwinsinstances/endpoints/main.tf",
       "Description": "A basic example of deploying Digital Twins Endpoint."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.DigitalTwins/digitalTwinsInstances",
+      "Path": "samples/digitaltwinsinstances/main.bicep",
+      "Description": "A basic example of deploying Digital Twins instance."
+    },
+    {
+      "ResourceType": "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints",
+      "Path": "samples/digitaltwinsinstances/endpoints/main.bicep",
+      "Description": "A basic example of deploying Digital Twins Endpoint."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.digitaltwins/samples/digitaltwinsinstances/endpoints/main.bicep b/settings/remarks/microsoft.digitaltwins/samples/digitaltwinsinstances/endpoints/main.bicep
new file mode 100644
index 00000000..7ed9bdf0
--- /dev/null
+++ b/settings/remarks/microsoft.digitaltwins/samples/digitaltwinsinstances/endpoints/main.bicep
@@ -0,0 +1,58 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource digitalTwinsInstance 'Microsoft.DigitalTwins/digitalTwinsInstances@2020-12-01' = {
+  name: resourceName
+  location: location
+}
+
+resource namespace 'Microsoft.ServiceBus/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 0
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2020-12-01' = {
+  parent: digitalTwinsInstance
+  name: resourceName
+  properties: {
+    authenticationType: 'KeyBased'
+    deadLetterSecret: ''
+    endpointType: 'ServiceBus'
+    primaryConnectionString: 'authorizationRule.listKeys().primaryConnectionString'
+    secondaryConnectionString: 'authorizationRule.listKeys().secondaryConnectionString'
+  }
+}
+
+resource topic 'Microsoft.ServiceBus/namespaces/topics@2021-06-01-preview' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    enableBatchedOperations: false
+    enableExpress: false
+    enablePartitioning: false
+    maxSizeInMegabytes: 5120
+    requiresDuplicateDetection: false
+    status: 'Active'
+    supportOrdering: false
+  }
+}
+
+resource authorizationRule 'Microsoft.ServiceBus/namespaces/topics/authorizationRules@2021-06-01-preview' = {
+  parent: topic
+  name: resourceName
+  properties: {
+    rights: [
+      'Send'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.digitaltwins/samples/digitaltwinsinstances/main.bicep b/settings/remarks/microsoft.digitaltwins/samples/digitaltwinsinstances/main.bicep
new file mode 100644
index 00000000..ec3d55c4
--- /dev/null
+++ b/settings/remarks/microsoft.digitaltwins/samples/digitaltwinsinstances/main.bicep
@@ -0,0 +1,7 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource digitalTwinsInstance 'Microsoft.DigitalTwins/digitalTwinsInstances@2020-12-01' = {
+  name: resourceName
+  location: location
+}
diff --git a/settings/remarks/microsoft.documentdb/remarks.json b/settings/remarks/microsoft.documentdb/remarks.json
index 197309a9..6b1cb0b2 100644
--- a/settings/remarks/microsoft.documentdb/remarks.json
+++ b/settings/remarks/microsoft.documentdb/remarks.json
@@ -101,5 +101,102 @@
       "Path": "samples/mongoclusters/users/main.tf",
       "Description": "A basic example of deploying Azure Cosmos DB for MongoDB (vCore) User."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts",
+      "Path": "samples/databaseaccounts/main.bicep",
+      "Description": "A basic example of deploying CosmosDB (formally DocumentDB) Account."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces",
+      "Path": "samples/databaseaccounts/cassandrakeyspaces/main.bicep",
+      "Description": "A basic example of deploying Cassandra KeySpace within a Cosmos DB Account."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/tables",
+      "Path": "samples/databaseaccounts/cassandrakeyspaces/tables/main.bicep",
+      "Description": "A basic example of deploying Cassandra Table within a Cosmos DB Cassandra Keyspace."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/gremlinDatabases",
+      "Path": "samples/databaseaccounts/gremlindatabases/main.bicep",
+      "Description": "A basic example of deploying Gremlin Database within a Cosmos DB Account."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/graphs",
+      "Path": "samples/databaseaccounts/gremlindatabases/graphs/main.bicep",
+      "Description": "A basic example of deploying Gremlin Graph within a Cosmos DB Account."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases",
+      "Path": "samples/databaseaccounts/mongodbdatabases/main.bicep",
+      "Description": "A basic example of deploying Mongo Database within a Cosmos DB Account."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions",
+      "Path": "samples/databaseaccounts/mongodbroledefinitions/main.bicep",
+      "Description": "A basic example of deploying Cosmos DB Mongo Role Definition."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions",
+      "Path": "samples/databaseaccounts/mongodbuserdefinitions/main.bicep",
+      "Description": "A basic example of deploying Cosmos DB Mongo User Definition."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/services",
+      "Path": "samples/databaseaccounts/services/main.bicep",
+      "Description": "A basic example of deploying SQL Dedicated Gateway within a Cosmos DB Account."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
+      "Path": "samples/databaseaccounts/sqldatabases/main.bicep",
+      "Description": "A basic example of deploying SQL Database within a Cosmos DB Account."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
+      "Path": "samples/databaseaccounts/sqldatabases/containers/main.bicep",
+      "Description": "A basic example of deploying SQL Container within a Cosmos DB Account."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/storedProcedures",
+      "Path": "samples/databaseaccounts/sqldatabases/containers/storedprocedures/main.bicep",
+      "Description": "A basic example of deploying SQL Stored Procedure within a Cosmos DB Account SQL Database."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/triggers",
+      "Path": "samples/databaseaccounts/sqldatabases/containers/triggers/main.bicep",
+      "Description": "A basic example of deploying SQL Trigger."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/userDefinedFunctions",
+      "Path": "samples/databaseaccounts/sqldatabases/containers/userdefinedfunctions/main.bicep",
+      "Description": "A basic example of deploying SQL User Defined Function."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments",
+      "Path": "samples/databaseaccounts/sqlroleassignments/main.bicep",
+      "Description": "A basic example of deploying Cosmos DB SQL Role Assignment."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions",
+      "Path": "samples/databaseaccounts/sqlroledefinitions/main.bicep",
+      "Description": "A basic example of deploying Cosmos DB SQL Role Definition."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/databaseAccounts/tables",
+      "Path": "samples/databaseaccounts/tables/main.bicep",
+      "Description": "A basic example of deploying Table within a Cosmos DB Account."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/mongoClusters/firewallRules",
+      "Path": "samples/mongoclusters/firewallrules/main.bicep",
+      "Description": "A basic example of deploying Azure Cosmos DB for MongoDB (vCore) Firewall Rule."
+    },
+    {
+      "ResourceType": "Microsoft.DocumentDB/mongoClusters/users",
+      "Path": "samples/mongoclusters/users/main.bicep",
+      "Description": "A basic example of deploying Azure Cosmos DB for MongoDB (vCore) User."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/cassandrakeyspaces/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/cassandrakeyspaces/main.bicep
new file mode 100644
index 00000000..6c9cc2f6
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/cassandrakeyspaces/main.bicep
@@ -0,0 +1,52 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    capabilities: [
+      {
+        name: 'EnableCassandra'
+      }
+    ]
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'Strong'
+      maxIntervalInSeconds: 5
+      maxStalenessPrefix: 100
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
+      }
+    ]
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource cassandraKeyspace 'Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces@2021-10-15' = {
+  parent: databaseAccount
+  name: resourceName
+  properties: {
+    options: {}
+    resource: {
+      id: 'acctest0001'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/cassandrakeyspaces/tables/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/cassandrakeyspaces/tables/main.bicep
new file mode 100644
index 00000000..01f22229
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/cassandrakeyspaces/tables/main.bicep
@@ -0,0 +1,90 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+var keyspaceName = '${toLower(resourceName)}ks'
+var tableName = '${toLower(resourceName)}tbl'
+var accountName = toLower(replace(resourceName, '-', ''))
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2024-08-15' = {
+  name: accountName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    backupPolicy: null
+    capabilities: [
+      {
+        name: 'EnableCassandra'
+      }
+    ]
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'Strong'
+      maxIntervalInSeconds: 5
+      maxStalenessPrefix: 100
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: true
+    enableAutomaticFailover: false
+    enableBurstCapacity: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    enablePartitionMerge: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'eastus'
+      }
+    ]
+    minimalTlsVersion: 'Tls12'
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource cassandraKeyspace 'Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces@2021-10-15' = {
+  parent: databaseAccount
+  name: keyspaceName
+  properties: {
+    options: {}
+    resource: {
+      id: keyspaceName
+    }
+  }
+}
+
+resource table 'Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/tables@2021-10-15' = {
+  parent: cassandraKeyspace
+  name: tableName
+  properties: {
+    options: {}
+    resource: {
+      analyticalStorageTtl: 1
+      id: tableName
+      schema: {
+        clusterKeys: []
+        columns: [
+          {
+            name: 'test1'
+            type: 'ascii'
+          }
+          {
+            name: 'test2'
+            type: 'int'
+          }
+        ]
+        partitionKeys: [
+          {
+            name: 'test1'
+          }
+        ]
+      }
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/gremlindatabases/graphs/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/gremlindatabases/graphs/main.bicep
new file mode 100644
index 00000000..497566c8
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/gremlindatabases/graphs/main.bicep
@@ -0,0 +1,71 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    capabilities: [
+      {
+        name: 'EnableGremlin'
+      }
+    ]
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'Strong'
+      maxIntervalInSeconds: 5
+      maxStalenessPrefix: 100
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
+      }
+    ]
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource gremlinDatabase 'Microsoft.DocumentDB/databaseAccounts/gremlinDatabases@2023-04-15' = {
+  parent: databaseAccount
+  name: resourceName
+  properties: {
+    options: {}
+    resource: {
+      id: 'acctest0001'
+    }
+  }
+}
+
+resource graph 'Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/graphs@2023-04-15' = {
+  parent: gremlinDatabase
+  name: resourceName
+  properties: {
+    options: {
+      throughput: 400
+    }
+    resource: {
+      id: 'acctest0001'
+      partitionKey: {
+        kind: 'Hash'
+        paths: [
+          '/test'
+        ]
+      }
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/gremlindatabases/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/gremlindatabases/main.bicep
new file mode 100644
index 00000000..a620ab10
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/gremlindatabases/main.bicep
@@ -0,0 +1,52 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    capabilities: [
+      {
+        name: 'EnableGremlin'
+      }
+    ]
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'Strong'
+      maxIntervalInSeconds: 5
+      maxStalenessPrefix: 100
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
+      }
+    ]
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource gremlinDatabase 'Microsoft.DocumentDB/databaseAccounts/gremlinDatabases@2023-04-15' = {
+  parent: databaseAccount
+  name: resourceName
+  properties: {
+    options: {}
+    resource: {
+      id: 'acctest0001'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/main.bicep
new file mode 100644
index 00000000..325a0359
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/main.bicep
@@ -0,0 +1,37 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    capabilities: []
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'BoundedStaleness'
+      maxIntervalInSeconds: 10
+      maxStalenessPrefix: 200
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
+      }
+    ]
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/mongodbdatabases/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/mongodbdatabases/main.bicep
new file mode 100644
index 00000000..55714880
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/mongodbdatabases/main.bicep
@@ -0,0 +1,52 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'MongoDB'
+  properties: {
+    capabilities: [
+      {
+        name: 'EnableMongo'
+      }
+    ]
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'Strong'
+      maxIntervalInSeconds: 5
+      maxStalenessPrefix: 100
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
+      }
+    ]
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource mongodbDatabase 'Microsoft.DocumentDB/databaseAccounts/mongodbDatabases@2021-10-15' = {
+  parent: databaseAccount
+  name: resourceName
+  properties: {
+    options: {}
+    resource: {
+      id: 'acctest0001'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/mongodbroledefinitions/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/mongodbroledefinitions/main.bicep
new file mode 100644
index 00000000..c6bc4736
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/mongodbroledefinitions/main.bicep
@@ -0,0 +1,76 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+var accountName = toLower(replace(resourceName, '-', ''))
+var dbName = '${toLower(resourceName)}db'
+var roleName = '${toLower(resourceName)}role'
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2024-08-15' = {
+  name: accountName
+  location: location
+  kind: 'MongoDB'
+  properties: {
+    backupPolicy: null
+    capabilities: [
+      {
+        name: 'EnableMongoRoleBasedAccessControl'
+      }
+      {
+        name: 'EnableMongo'
+      }
+    ]
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'Strong'
+      maxIntervalInSeconds: 5
+      maxStalenessPrefix: 100
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableBurstCapacity: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    enablePartitionMerge: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'eastus'
+      }
+    ]
+    minimalTlsVersion: 'Tls12'
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource mongodbDatabase 'Microsoft.DocumentDB/databaseAccounts/mongodbDatabases@2021-10-15' = {
+  parent: databaseAccount
+  name: dbName
+  properties: {
+    options: {}
+    resource: {
+      id: dbName
+    }
+  }
+}
+
+resource mongodbRoleDefinition 'Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions@2022-11-15' = {
+  parent: databaseAccount
+  name: '${dbName}.${roleName}'
+  properties: {
+    databaseName: dbName
+    roleName: roleName
+    type: 1
+  }
+  dependsOn: [
+    mongodbDatabase
+  ]
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/mongodbuserdefinitions/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/mongodbuserdefinitions/main.bicep
new file mode 100644
index 00000000..471dae66
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/mongodbuserdefinitions/main.bicep
@@ -0,0 +1,72 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+@secure()
+@description('The password for the MongoDB user')
+param mongodbUserPassword string
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2024-08-15' = {
+  name: '${resourceName}-acct'
+  location: location
+  kind: 'MongoDB'
+  properties: {
+    backupPolicy: null
+    capabilities: [
+      {
+        name: 'EnableMongoRoleBasedAccessControl'
+      }
+      {
+        name: 'EnableMongo'
+      }
+    ]
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'Strong'
+      maxIntervalInSeconds: 5
+      maxStalenessPrefix: 100
+    }
+    databaseAccountOfferType: 'Standard'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableBurstCapacity: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    enablePartitionMerge: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'westus'
+      }
+    ]
+    minimalTlsVersion: 'Tls12'
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource mongodbDatabas 'Microsoft.DocumentDB/databaseAccounts/mongodbDatabases@2021-10-15' = {
+  parent: databaseAccount
+  name: '${resourceName}-mongodb'
+  properties: {
+    options: {}
+    resource: {
+      id: 'acctest0001-mongodb'
+    }
+  }
+}
+
+resource mongodbUserDefinition 'Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions@2022-11-15' = {
+  parent: databaseAccount
+  name: '${mongodbDatabas.name}.myUserName'
+  properties: {
+    databaseName: mongodbDatabas.name
+    mechanisms: 'SCRAM-SHA-256'
+    password: null
+    userName: 'myUserName'
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/services/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/services/main.bicep
new file mode 100644
index 00000000..fe8b85c7
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/services/main.bicep
@@ -0,0 +1,47 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    capabilities: []
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'BoundedStaleness'
+      maxIntervalInSeconds: 5
+      maxStalenessPrefix: 100
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
+      }
+    ]
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource service 'Microsoft.DocumentDB/databaseAccounts/services@2022-05-15' = {
+  parent: databaseAccount
+  name: 'SqlDedicatedGateway'
+  properties: {
+    instanceCount: 1
+    instanceSize: 'Cosmos.D4s'
+    serviceType: 'SqlDedicatedGateway'
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqldatabases/containers/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqldatabases/containers/main.bicep
new file mode 100644
index 00000000..145232df
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqldatabases/containers/main.bicep
@@ -0,0 +1,67 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    capabilities: []
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'BoundedStaleness'
+      maxIntervalInSeconds: 10
+      maxStalenessPrefix: 200
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
+      }
+    ]
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource sqlDatabase 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2021-10-15' = {
+  parent: databaseAccount
+  name: resourceName
+  properties: {
+    options: {
+      throughput: 400
+    }
+    resource: {
+      id: 'acctest0001'
+    }
+  }
+}
+
+resource container 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2023-04-15' = {
+  parent: sqlDatabase
+  name: resourceName
+  properties: {
+    options: {}
+    resource: {
+      id: 'test-containerWest Europe'
+      partitionKey: {
+        kind: 'Hash'
+        paths: [
+          '/definition'
+        ]
+      }
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqldatabases/containers/storedprocedures/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqldatabases/containers/storedprocedures/main.bicep
new file mode 100644
index 00000000..e412697c
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqldatabases/containers/storedprocedures/main.bicep
@@ -0,0 +1,82 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    capabilities: []
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'Session'
+      maxIntervalInSeconds: 5
+      maxStalenessPrefix: 100
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
+      }
+    ]
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource sqlDatabase 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2021-10-15' = {
+  parent: databaseAccount
+  name: resourceName
+  properties: {
+    options: {}
+    resource: {
+      id: 'acctest0001'
+    }
+  }
+}
+
+resource container 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2023-04-15' = {
+  parent: sqlDatabase
+  name: resourceName
+  properties: {
+    options: {}
+    resource: {
+      id: 'acctest0001'
+      partitionKey: {
+        kind: 'Hash'
+        paths: [
+          '/definition/id'
+        ]
+      }
+    }
+  }
+}
+
+resource storedProcedure 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/storedProcedures@2021-10-15' = {
+  parent: container
+  name: resourceName
+  properties: {
+    options: {}
+    resource: {
+      body: '''  	function () {
+		var context = getContext();
+		var response = context.getResponse();
+		response.setBody(''Hello, World'');
+	}
+'''
+      id: 'acctest0001'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqldatabases/containers/triggers/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqldatabases/containers/triggers/main.bicep
new file mode 100644
index 00000000..e580ac3c
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqldatabases/containers/triggers/main.bicep
@@ -0,0 +1,79 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    capabilities: []
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'Session'
+      maxIntervalInSeconds: 5
+      maxStalenessPrefix: 100
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
+      }
+    ]
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource sqlDatabase 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2021-10-15' = {
+  parent: databaseAccount
+  name: resourceName
+  properties: {
+    options: {}
+    resource: {
+      id: 'acctest0001'
+    }
+  }
+}
+
+resource container 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2023-04-15' = {
+  parent: sqlDatabase
+  name: resourceName
+  properties: {
+    options: {}
+    resource: {
+      id: 'acctest0001'
+      partitionKey: {
+        kind: 'Hash'
+        paths: [
+          '/definition/id'
+        ]
+      }
+    }
+  }
+}
+
+resource trigger 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/triggers@2021-10-15' = {
+  parent: container
+  name: resourceName
+  properties: {
+    options: {}
+    resource: {
+      body: 'function trigger(){}'
+      id: 'acctest0001'
+      triggerOperation: 'All'
+      triggerType: 'Pre'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqldatabases/containers/userdefinedfunctions/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqldatabases/containers/userdefinedfunctions/main.bicep
new file mode 100644
index 00000000..4ee0c4fb
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqldatabases/containers/userdefinedfunctions/main.bicep
@@ -0,0 +1,82 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    capabilities: []
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'Session'
+      maxIntervalInSeconds: 5
+      maxStalenessPrefix: 100
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
+      }
+    ]
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource sqlDatabase 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2021-10-15' = {
+  parent: databaseAccount
+  name: resourceName
+  properties: {
+    options: {}
+    resource: {
+      id: 'acctest0001'
+    }
+  }
+}
+
+resource container 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2023-04-15' = {
+  parent: sqlDatabase
+  name: resourceName
+  properties: {
+    options: {}
+    resource: {
+      id: 'acctest0001'
+      partitionKey: {
+        kind: 'Hash'
+        paths: [
+          '/definition/id'
+        ]
+      }
+    }
+  }
+}
+
+resource userDefinedFunction 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/userDefinedFunctions@2021-10-15' = {
+  parent: container
+  name: resourceName
+  properties: {
+    options: {}
+    resource: {
+      body: '''  	function test() {
+		var context = getContext();
+		var response = context.getResponse();
+		response.setBody(''Hello, World'');
+	}
+'''
+      id: 'acctest0001'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqldatabases/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqldatabases/main.bicep
new file mode 100644
index 00000000..a5d2f53d
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqldatabases/main.bicep
@@ -0,0 +1,50 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    capabilities: []
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'BoundedStaleness'
+      maxIntervalInSeconds: 10
+      maxStalenessPrefix: 200
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
+      }
+    ]
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource sqlDatabase 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2021-10-15' = {
+  parent: databaseAccount
+  name: resourceName
+  properties: {
+    options: {
+      throughput: 400
+    }
+    resource: {
+      id: 'acctest0001'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqlroleassignments/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqlroleassignments/main.bicep
new file mode 100644
index 00000000..f2ac0313
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqlroleassignments/main.bicep
@@ -0,0 +1,82 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource sqlRoleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2021-10-15' existing = {
+  parent: databaseAccount
+  name: '00000000-0000-0000-0000-000000000001'
+}
+
+resource cluster 'Microsoft.Kusto/clusters@2023-05-02' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAutoStop: true
+    enableDiskEncryption: false
+    enableDoubleEncryption: false
+    enablePurge: false
+    enableStreamingIngest: false
+    engineType: 'V2'
+    publicIPType: 'IPv4'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    trustedExternalTenants: []
+  }
+  sku: {
+    capacity: 1
+    name: 'Dev(No SLA)_Standard_D11_v2'
+    tier: 'Basic'
+  }
+}
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    capabilities: []
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'Session'
+      maxIntervalInSeconds: 5
+      maxStalenessPrefix: 100
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
+      }
+    ]
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource database 'Microsoft.Kusto/clusters/databases@2023-05-02' = {
+  parent: cluster
+  name: resourceName
+  location: location
+  kind: 'ReadWrite'
+  properties: {}
+}
+
+resource sqlRoleAssignment 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2021-10-15' = {
+  parent: databaseAccount
+  name: 'ff419bf7-f8ca-ef51-00d2-3576700c341b'
+  properties: {
+    principalId: cluster.properties.identity.principalId
+    roleDefinitionId: sqlRoleDefinition.id
+    scope: databaseAccount.id
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqlroledefinitions/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqlroledefinitions/main.bicep
new file mode 100644
index 00000000..d27400e8
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/sqlroledefinitions/main.bicep
@@ -0,0 +1,56 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    capabilities: []
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'Strong'
+      maxIntervalInSeconds: 5
+      maxStalenessPrefix: 100
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
+      }
+    ]
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource sqlRoleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2021-10-15' = {
+  parent: databaseAccount
+  name: 'c3ce1661-d0b9-3476-0a7c-2654ce2f3055'
+  properties: {
+    assignableScopes: [
+      databaseAccount.id
+    ]
+    permissions: [
+      {
+        dataActions: [
+          'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read'
+        ]
+      }
+    ]
+    roleName: 'acctest0001'
+    type: 'CustomRole'
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/tables/main.bicep b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/tables/main.bicep
new file mode 100644
index 00000000..210b7112
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/tables/main.bicep
@@ -0,0 +1,52 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    capabilities: [
+      {
+        name: 'EnableTable'
+      }
+    ]
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'Strong'
+      maxIntervalInSeconds: 5
+      maxStalenessPrefix: 100
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
+      }
+    ]
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource table 'Microsoft.DocumentDB/databaseAccounts/tables@2021-10-15' = {
+  parent: databaseAccount
+  name: resourceName
+  properties: {
+    options: {}
+    resource: {
+      id: 'acctest0001'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/mongoclusters/firewallrules/main.bicep b/settings/remarks/microsoft.documentdb/samples/mongoclusters/firewallrules/main.bicep
new file mode 100644
index 00000000..69e3ef43
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/mongoclusters/firewallrules/main.bicep
@@ -0,0 +1,40 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus3'
+
+resource mongoCluster 'Microsoft.DocumentDB/mongoClusters@2025-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    authConfig: {
+      allowedModes: [
+        'MicrosoftEntraID'
+      ]
+    }
+    compute: {
+      tier: 'M40'
+    }
+    highAvailability: {
+      targetMode: 'Disabled'
+    }
+    previewFeatures: [
+      'ShardRebalancer'
+    ]
+    publicNetworkAccess: 'Enabled'
+    serverVersion: '5.0'
+    sharding: {
+      shardCount: 1
+    }
+    storage: {
+      sizeGb: 32
+    }
+  }
+}
+
+resource firewallRule 'Microsoft.DocumentDB/mongoClusters/firewallRules@2025-09-01' = {
+  parent: mongoCluster
+  name: resourceName
+  properties: {
+    endIpAddress: '0.0.0.0'
+    startIpAddress: '0.0.0.0'
+  }
+}
diff --git a/settings/remarks/microsoft.documentdb/samples/mongoclusters/users/main.bicep b/settings/remarks/microsoft.documentdb/samples/mongoclusters/users/main.bicep
new file mode 100644
index 00000000..b5f1dd2e
--- /dev/null
+++ b/settings/remarks/microsoft.documentdb/samples/mongoclusters/users/main.bicep
@@ -0,0 +1,53 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus3'
+
+resource mongoClusterSSDv2 'Microsoft.DocumentDB/mongoClusters@2025-09-01' = {
+  name: '${resourceName}-ssdv2'
+  location: location
+  properties: {
+    authConfig: {
+      allowedModes: [
+        'MicrosoftEntraID'
+      ]
+    }
+    compute: {
+      tier: 'M30'
+    }
+    highAvailability: {
+      targetMode: 'Disabled'
+    }
+    publicNetworkAccess: 'Disabled'
+    serverVersion: '6.0'
+    sharding: {
+      shardCount: 1
+    }
+    storage: {
+      sizeGb: 64
+      type: 'PremiumSSDv2'
+    }
+  }
+}
+
+resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: resourceName
+  location: location
+}
+
+resource mongouserEntraserviceprincipal 'Microsoft.DocumentDB/mongoClusters/users@2025-09-01' = {
+  parent: mongoClusterSSDv2
+  name: 'userAssignedIdentity.properties.principalId'
+  properties: {
+    identityProvider: {
+      properties: {
+        principalType: 'ServicePrincipal'
+      }
+      type: 'MicrosoftEntraID'
+    }
+    roles: [
+      {
+        db: 'admin'
+        role: 'root'
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.elasticsan/remarks.json b/settings/remarks/microsoft.elasticsan/remarks.json
index 52f30c2c..f4e4a92b 100644
--- a/settings/remarks/microsoft.elasticsan/remarks.json
+++ b/settings/remarks/microsoft.elasticsan/remarks.json
@@ -16,5 +16,22 @@
       "Path": "samples/elasticsans/volumegroups/volumes/main.tf",
       "Description": "A basic example of deploying Elastic SAN Volume resource."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.ElasticSan/elasticSans",
+      "Path": "samples/elasticsans/main.bicep",
+      "Description": "A basic example of deploying Azure Elastic SAN (Storage Area Network) resource."
+    },
+    {
+      "ResourceType": "Microsoft.ElasticSan/elasticSans/volumeGroups",
+      "Path": "samples/elasticsans/volumegroups/main.bicep",
+      "Description": "A basic example of deploying Elastic SAN Volume Group resource."
+    },
+    {
+      "ResourceType": "Microsoft.ElasticSan/elasticSans/volumeGroups/volumes",
+      "Path": "samples/elasticsans/volumegroups/volumes/main.bicep",
+      "Description": "A basic example of deploying Elastic SAN Volume resource."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.elasticsan/samples/elasticsans/main.bicep b/settings/remarks/microsoft.elasticsan/samples/elasticsans/main.bicep
new file mode 100644
index 00000000..9e0b659a
--- /dev/null
+++ b/settings/remarks/microsoft.elasticsan/samples/elasticsans/main.bicep
@@ -0,0 +1,15 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource elasticSan 'Microsoft.ElasticSan/elasticSans@2023-01-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    baseSizeTiB: 1
+    extendedCapacitySizeTiB: 0
+    sku: {
+      name: 'Premium_LRS'
+      tier: 'Premium'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.elasticsan/samples/elasticsans/volumegroups/main.bicep b/settings/remarks/microsoft.elasticsan/samples/elasticsans/volumegroups/main.bicep
new file mode 100644
index 00000000..c9205983
--- /dev/null
+++ b/settings/remarks/microsoft.elasticsan/samples/elasticsans/volumegroups/main.bicep
@@ -0,0 +1,27 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource elasticSan 'Microsoft.ElasticSan/elasticSans@2023-01-01' = {
+  name: '${resourceName}-es'
+  location: location
+  properties: {
+    baseSizeTiB: 1
+    extendedCapacitySizeTiB: 0
+    sku: {
+      name: 'Premium_LRS'
+      tier: 'Premium'
+    }
+  }
+}
+
+resource volumeGroup 'Microsoft.ElasticSan/elasticSans/volumeGroups@2023-01-01' = {
+  parent: elasticSan
+  name: '${resourceName}-vg'
+  properties: {
+    encryption: 'EncryptionAtRestWithPlatformKey'
+    networkAcls: {
+      virtualNetworkRules: []
+    }
+    protocolType: 'Iscsi'
+  }
+}
diff --git a/settings/remarks/microsoft.elasticsan/samples/elasticsans/volumegroups/volumes/main.bicep b/settings/remarks/microsoft.elasticsan/samples/elasticsans/volumegroups/volumes/main.bicep
new file mode 100644
index 00000000..ab0d9770
--- /dev/null
+++ b/settings/remarks/microsoft.elasticsan/samples/elasticsans/volumegroups/volumes/main.bicep
@@ -0,0 +1,35 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource elasticSan 'Microsoft.ElasticSan/elasticSans@2023-01-01' = {
+  name: '${resourceName}-es'
+  location: location
+  properties: {
+    baseSizeTiB: 1
+    extendedCapacitySizeTiB: 0
+    sku: {
+      name: 'Premium_LRS'
+      tier: 'Premium'
+    }
+  }
+}
+
+resource volumeGroup 'Microsoft.ElasticSan/elasticSans/volumeGroups@2023-01-01' = {
+  parent: elasticSan
+  name: '${resourceName}-vg'
+  properties: {
+    encryption: 'EncryptionAtRestWithPlatformKey'
+    networkAcls: {
+      virtualNetworkRules: []
+    }
+    protocolType: 'Iscsi'
+  }
+}
+
+resource volume 'Microsoft.ElasticSan/elasticSans/volumeGroups/volumes@2023-01-01' = {
+  parent: volumeGroup
+  name: '${resourceName}-v'
+  properties: {
+    sizeGiB: 1
+  }
+}
diff --git a/settings/remarks/microsoft.eventgrid/remarks.json b/settings/remarks/microsoft.eventgrid/remarks.json
index b1311136..cfab417f 100644
--- a/settings/remarks/microsoft.eventgrid/remarks.json
+++ b/settings/remarks/microsoft.eventgrid/remarks.json
@@ -36,5 +36,42 @@
       "Path": "samples/topics/main.tf",
       "Description": "A basic example of deploying EventGrid Topic."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.EventGrid/domains",
+      "Path": "samples/domains/main.bicep",
+      "Description": "A basic example of deploying EventGrid Domain."
+    },
+    {
+      "ResourceType": "Microsoft.EventGrid/domains/topics",
+      "Path": "samples/domains/topics/main.bicep",
+      "Description": "A basic example of deploying EventGrid Domain Topic."
+    },
+    {
+      "ResourceType": "Microsoft.EventGrid/eventSubscriptions",
+      "Path": "samples/eventsubscriptions/main.bicep",
+      "Description": "A basic example of deploying EventGrid Event Subscription."
+    },
+    {
+      "ResourceType": "Microsoft.EventGrid/namespaces",
+      "Path": "samples/namespaces/main.bicep",
+      "Description": "A basic example of deploying EventGrid Namespace."
+    },
+    {
+      "ResourceType": "Microsoft.EventGrid/systemTopics",
+      "Path": "samples/systemtopics/main.bicep",
+      "Description": "A basic example of deploying Event Grid System Topic."
+    },
+    {
+      "ResourceType": "Microsoft.EventGrid/systemTopics/eventSubscriptions",
+      "Path": "samples/systemtopics/eventsubscriptions/main.bicep",
+      "Description": "A basic example of deploying EventGrid System Topic Event Subscription."
+    },
+    {
+      "ResourceType": "Microsoft.EventGrid/topics",
+      "Path": "samples/topics/main.bicep",
+      "Description": "A basic example of deploying EventGrid Topic."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.eventgrid/samples/domains/main.bicep b/settings/remarks/microsoft.eventgrid/samples/domains/main.bicep
new file mode 100644
index 00000000..a9c9a9ec
--- /dev/null
+++ b/settings/remarks/microsoft.eventgrid/samples/domains/main.bicep
@@ -0,0 +1,15 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource domain 'Microsoft.EventGrid/domains@2021-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    autoCreateTopicWithFirstSubscription: true
+    autoDeleteTopicWithLastSubscription: true
+    disableLocalAuth: false
+    inputSchema: 'EventGridSchema'
+    inputSchemaMapping: null
+    publicNetworkAccess: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.eventgrid/samples/domains/topics/main.bicep b/settings/remarks/microsoft.eventgrid/samples/domains/topics/main.bicep
new file mode 100644
index 00000000..200dc074
--- /dev/null
+++ b/settings/remarks/microsoft.eventgrid/samples/domains/topics/main.bicep
@@ -0,0 +1,20 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource domain 'Microsoft.EventGrid/domains@2021-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    autoCreateTopicWithFirstSubscription: true
+    autoDeleteTopicWithLastSubscription: true
+    disableLocalAuth: false
+    inputSchema: 'EventGridSchema'
+    inputSchemaMapping: null
+    publicNetworkAccess: 'Enabled'
+  }
+}
+
+resource topic 'Microsoft.EventGrid/domains/topics@2021-12-01' = {
+  parent: domain
+  name: resourceName
+}
diff --git a/settings/remarks/microsoft.eventgrid/samples/eventsubscriptions/main.bicep b/settings/remarks/microsoft.eventgrid/samples/eventsubscriptions/main.bicep
new file mode 100644
index 00000000..cb0ed3cd
--- /dev/null
+++ b/settings/remarks/microsoft.eventgrid/samples/eventsubscriptions/main.bicep
@@ -0,0 +1,91 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource eventSubscription 'Microsoft.EventGrid/eventSubscriptions@2021-12-01' = {
+  scope: storageAccount
+  name: resourceName
+  properties: {
+    deadLetterDestination: null
+    destination: {
+      endpointType: 'EventHub'
+      properties: {
+        deliveryAttributeMappings: null
+        resourceId: eventhub.id
+      }
+    }
+    eventDeliverySchema: 'EventGridSchema'
+    filter: {
+      includedEventTypes: [
+        'Microsoft.Storage.BlobCreated'
+        'Microsoft.Storage.BlobRenamed'
+      ]
+    }
+    labels: []
+    retryPolicy: {
+      eventTimeToLiveInMinutes: 144
+      maxDeliveryAttempts: 10
+    }
+  }
+}
+
+resource namespace 'Microsoft.EventHub/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    isAutoInflateEnabled: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource eventhub 'Microsoft.EventHub/namespaces/eventhubs@2021-11-01' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    messageRetentionInDays: 1
+    partitionCount: 1
+    status: 'Active'
+  }
+}
diff --git a/settings/remarks/microsoft.eventgrid/samples/namespaces/main.bicep b/settings/remarks/microsoft.eventgrid/samples/namespaces/main.bicep
new file mode 100644
index 00000000..cac8743f
--- /dev/null
+++ b/settings/remarks/microsoft.eventgrid/samples/namespaces/main.bicep
@@ -0,0 +1,14 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource namespace 'Microsoft.EventGrid/namespaces@2023-12-15-preview' = {
+  name: '${resourceName}-ns'
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard'
+  }
+}
diff --git a/settings/remarks/microsoft.eventgrid/samples/systemtopics/eventsubscriptions/main.bicep b/settings/remarks/microsoft.eventgrid/samples/systemtopics/eventsubscriptions/main.bicep
new file mode 100644
index 00000000..41576cfc
--- /dev/null
+++ b/settings/remarks/microsoft.eventgrid/samples/systemtopics/eventsubscriptions/main.bicep
@@ -0,0 +1,132 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+var storageAccountName = '${resourceName}sa01'
+var queueName = '${resourceName}queue'
+var eventSubscription1Name = '${resourceName}-es1'
+var eventSubscription2Name = '${resourceName}-es2'
+var systemTopicName = '${resourceName}-st'
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' = {
+  name: storageAccountName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: false
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    dnsEndpointType: 'Standard'
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isLocalUserEnabled: true
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      bypass: 'AzureServices'
+      defaultAction: 'Allow'
+      ipRules: []
+      resourceAccessRules: []
+      virtualNetworkRules: []
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource systemTopic 'Microsoft.EventGrid/systemTopics@2022-06-15' = {
+  name: systemTopicName
+  location: 'global'
+  properties: {
+    source: resourceGroup().id
+    topicType: 'Microsoft.Resources.ResourceGroups'
+  }
+}
+
+resource eventSubscription 'Microsoft.EventGrid/systemTopics/eventSubscriptions@2022-06-15' = {
+  parent: systemTopic
+  name: eventSubscription1Name
+  properties: {
+    deadLetterDestination: null
+    destination: {
+      endpointType: 'StorageQueue'
+      properties: {
+        queueName: queueName
+        resourceId: storageAccount.id
+      }
+    }
+    eventDeliverySchema: 'EventGridSchema'
+    filter: {
+      advancedFilters: [
+        {
+          key: 'subject'
+          operatorType: 'StringBeginsWith'
+          values: ['foo']
+        }
+      ]
+    }
+    labels: []
+  }
+  dependsOn: [
+    queue
+  ]
+}
+
+resource eventsubscription1 'Microsoft.EventGrid/systemTopics/eventSubscriptions@2022-06-15' = {
+  parent: systemTopic
+  name: eventSubscription2Name
+  properties: {
+    deadLetterDestination: null
+    destination: {
+      endpointType: 'StorageQueue'
+      properties: {
+        queueName: queueName
+        resourceId: storageAccount.id
+      }
+    }
+    eventDeliverySchema: 'EventGridSchema'
+    filter: {
+      advancedFilters: [
+        {
+          key: 'subject'
+          operatorType: 'StringEndsWith'
+          values: ['bar']
+        }
+      ]
+    }
+    labels: []
+  }
+  dependsOn: [
+    queue
+  ]
+}
+
+// The queue service is a singleton named 'default' under the storage account
+resource queueService 'Microsoft.Storage/storageAccounts/queueServices@2023-05-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource queue 'Microsoft.Storage/storageAccounts/queueServices/queues@2023-05-01' = {
+  parent: queueService
+  name: queueName
+
+  dependsOn: [
+    storageAccount
+  ]
+}
diff --git a/settings/remarks/microsoft.eventgrid/samples/systemtopics/main.bicep b/settings/remarks/microsoft.eventgrid/samples/systemtopics/main.bicep
new file mode 100644
index 00000000..02267b1a
--- /dev/null
+++ b/settings/remarks/microsoft.eventgrid/samples/systemtopics/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+
+resource systemTopic 'Microsoft.EventGrid/systemTopics@2021-12-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    source: resourceGroup().id
+    topicType: 'Microsoft.Resources.ResourceGroups'
+  }
+}
diff --git a/settings/remarks/microsoft.eventgrid/samples/topics/main.bicep b/settings/remarks/microsoft.eventgrid/samples/topics/main.bicep
new file mode 100644
index 00000000..7d52cb0d
--- /dev/null
+++ b/settings/remarks/microsoft.eventgrid/samples/topics/main.bicep
@@ -0,0 +1,13 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource topic 'Microsoft.EventGrid/topics@2021-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    inputSchema: 'EventGridSchema'
+    inputSchemaMapping: null
+    publicNetworkAccess: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.eventhub/remarks.json b/settings/remarks/microsoft.eventhub/remarks.json
index 8a393964..be79f0b4 100644
--- a/settings/remarks/microsoft.eventhub/remarks.json
+++ b/settings/remarks/microsoft.eventhub/remarks.json
@@ -41,5 +41,47 @@
       "Path": "samples/namespaces/schemagroups/main.tf",
       "Description": "A basic example of deploying Schema Group for a EventHub Namespace."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.EventHub/clusters",
+      "Path": "samples/clusters/main.bicep",
+      "Description": "A basic example of deploying EventHub Cluster."
+    },
+    {
+      "ResourceType": "Microsoft.EventHub/namespaces",
+      "Path": "samples/namespaces/main.bicep",
+      "Description": "A basic example of deploying EventHub Namespace."
+    },
+    {
+      "ResourceType": "Microsoft.EventHub/namespaces/authorizationRules",
+      "Path": "samples/namespaces/authorizationrules/main.bicep",
+      "Description": "A basic example of deploying Authorization Rule for an Event Hub Namespace."
+    },
+    {
+      "ResourceType": "Microsoft.EventHub/namespaces/disasterRecoveryConfigs",
+      "Path": "samples/namespaces/disasterrecoveryconfigs/main.bicep",
+      "Description": "A basic example of deploying Disaster Recovery Config for an Event Hub Namespace."
+    },
+    {
+      "ResourceType": "Microsoft.EventHub/namespaces/eventhubs",
+      "Path": "samples/namespaces/eventhubs/main.bicep",
+      "Description": "A basic example of deploying Event Hubs as a nested resource within an Event Hubs namespace."
+    },
+    {
+      "ResourceType": "Microsoft.EventHub/namespaces/eventhubs/authorizationRules",
+      "Path": "samples/namespaces/eventhubs/authorizationrules/main.bicep",
+      "Description": "A basic example of deploying Event Hubs authorization Rule within an Event Hub."
+    },
+    {
+      "ResourceType": "Microsoft.EventHub/namespaces/eventhubs/consumerGroups",
+      "Path": "samples/namespaces/eventhubs/consumergroups/main.bicep",
+      "Description": "A basic example of deploying Event Hubs Consumer Group as a nested resource within an Event Hub."
+    },
+    {
+      "ResourceType": "Microsoft.EventHub/namespaces/schemaGroups",
+      "Path": "samples/namespaces/schemagroups/main.bicep",
+      "Description": "A basic example of deploying Schema Group for a EventHub Namespace."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.eventhub/samples/clusters/main.bicep b/settings/remarks/microsoft.eventhub/samples/clusters/main.bicep
new file mode 100644
index 00000000..0f1ada93
--- /dev/null
+++ b/settings/remarks/microsoft.eventhub/samples/clusters/main.bicep
@@ -0,0 +1,11 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource cluster 'Microsoft.EventHub/clusters@2021-11-01' = {
+  name: resourceName
+  location: location
+  sku: {
+    capacity: 1
+    name: 'Dedicated'
+  }
+}
diff --git a/settings/remarks/microsoft.eventhub/samples/namespaces/authorizationrules/main.bicep b/settings/remarks/microsoft.eventhub/samples/namespaces/authorizationrules/main.bicep
new file mode 100644
index 00000000..b2e9ba33
--- /dev/null
+++ b/settings/remarks/microsoft.eventhub/samples/namespaces/authorizationrules/main.bicep
@@ -0,0 +1,30 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.EventHub/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    isAutoInflateEnabled: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 1
+    name: 'Basic'
+    tier: 'Basic'
+  }
+}
+
+resource authorizationRule 'Microsoft.EventHub/namespaces/authorizationRules@2021-11-01' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    rights: [
+      'Listen'
+      'Send'
+      'Manage'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.eventhub/samples/namespaces/disasterrecoveryconfigs/main.bicep b/settings/remarks/microsoft.eventhub/samples/namespaces/disasterrecoveryconfigs/main.bicep
new file mode 100644
index 00000000..e6831c27
--- /dev/null
+++ b/settings/remarks/microsoft.eventhub/samples/namespaces/disasterrecoveryconfigs/main.bicep
@@ -0,0 +1,41 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.EventHub/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    isAutoInflateEnabled: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource namespace2 'Microsoft.EventHub/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  properties: {
+    disableLocalAuth: false
+    isAutoInflateEnabled: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource disasterRecoveryConfig 'Microsoft.EventHub/namespaces/disasterRecoveryConfigs@2021-11-01' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    partnerNamespace: namespace2.id
+  }
+}
diff --git a/settings/remarks/microsoft.eventhub/samples/namespaces/eventhubs/authorizationrules/main.bicep b/settings/remarks/microsoft.eventhub/samples/namespaces/eventhubs/authorizationrules/main.bicep
new file mode 100644
index 00000000..8101f1a7
--- /dev/null
+++ b/settings/remarks/microsoft.eventhub/samples/namespaces/eventhubs/authorizationrules/main.bicep
@@ -0,0 +1,38 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.EventHub/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    isAutoInflateEnabled: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 1
+    name: 'Basic'
+    tier: 'Basic'
+  }
+}
+
+resource eventhub 'Microsoft.EventHub/namespaces/eventhubs@2021-11-01' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    messageRetentionInDays: 1
+    partitionCount: 2
+    status: 'Active'
+  }
+}
+
+resource authorizationRule 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules@2021-11-01' = {
+  parent: eventhub
+  name: resourceName
+  properties: {
+    rights: [
+      'Send'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.eventhub/samples/namespaces/eventhubs/consumergroups/main.bicep b/settings/remarks/microsoft.eventhub/samples/namespaces/eventhubs/consumergroups/main.bicep
new file mode 100644
index 00000000..044a8065
--- /dev/null
+++ b/settings/remarks/microsoft.eventhub/samples/namespaces/eventhubs/consumergroups/main.bicep
@@ -0,0 +1,36 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.EventHub/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    isAutoInflateEnabled: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource eventhub 'Microsoft.EventHub/namespaces/eventhubs@2021-11-01' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    messageRetentionInDays: 1
+    partitionCount: 2
+    status: 'Active'
+  }
+}
+
+resource consumerGroup 'Microsoft.EventHub/namespaces/eventhubs/consumerGroups@2021-11-01' = {
+  parent: eventhub
+  name: resourceName
+  properties: {
+    userMetadata: ''
+  }
+}
diff --git a/settings/remarks/microsoft.eventhub/samples/namespaces/eventhubs/main.bicep b/settings/remarks/microsoft.eventhub/samples/namespaces/eventhubs/main.bicep
new file mode 100644
index 00000000..423bc654
--- /dev/null
+++ b/settings/remarks/microsoft.eventhub/samples/namespaces/eventhubs/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.EventHub/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    isAutoInflateEnabled: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource eventhub 'Microsoft.EventHub/namespaces/eventhubs@2021-11-01' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    messageRetentionInDays: 1
+    partitionCount: 2
+    status: 'Active'
+  }
+}
diff --git a/settings/remarks/microsoft.eventhub/samples/namespaces/main.bicep b/settings/remarks/microsoft.eventhub/samples/namespaces/main.bicep
new file mode 100644
index 00000000..e41aea1f
--- /dev/null
+++ b/settings/remarks/microsoft.eventhub/samples/namespaces/main.bicep
@@ -0,0 +1,18 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.EventHub/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    isAutoInflateEnabled: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
diff --git a/settings/remarks/microsoft.eventhub/samples/namespaces/schemagroups/main.bicep b/settings/remarks/microsoft.eventhub/samples/namespaces/schemagroups/main.bicep
new file mode 100644
index 00000000..b61787f7
--- /dev/null
+++ b/settings/remarks/microsoft.eventhub/samples/namespaces/schemagroups/main.bicep
@@ -0,0 +1,27 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.EventHub/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    isAutoInflateEnabled: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource schemaGroup 'Microsoft.EventHub/namespaces/schemaGroups@2021-11-01' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    schemaCompatibility: 'Forward'
+    schemaType: 'Avro'
+  }
+}
diff --git a/settings/remarks/microsoft.fluidrelay/remarks.json b/settings/remarks/microsoft.fluidrelay/remarks.json
index 2beb8ee5..bc944586 100644
--- a/settings/remarks/microsoft.fluidrelay/remarks.json
+++ b/settings/remarks/microsoft.fluidrelay/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/fluidrelayservers/main.tf",
       "Description": "A basic example of deploying Fluid Relay Server."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.FluidRelay/fluidRelayServers",
+      "Path": "samples/fluidrelayservers/main.bicep",
+      "Description": "A basic example of deploying Fluid Relay Server."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.fluidrelay/samples/fluidrelayservers/main.bicep b/settings/remarks/microsoft.fluidrelay/samples/fluidrelayservers/main.bicep
new file mode 100644
index 00000000..06166752
--- /dev/null
+++ b/settings/remarks/microsoft.fluidrelay/samples/fluidrelayservers/main.bicep
@@ -0,0 +1,11 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource fluidRelayServer 'Microsoft.FluidRelay/fluidRelayServers@2022-05-26' = {
+  name: resourceName
+  location: location
+  properties: {}
+  tags: {
+    foo: 'bar'
+  }
+}
diff --git a/settings/remarks/microsoft.guestconfiguration/remarks.json b/settings/remarks/microsoft.guestconfiguration/remarks.json
index d3008ae7..1e1c7872 100644
--- a/settings/remarks/microsoft.guestconfiguration/remarks.json
+++ b/settings/remarks/microsoft.guestconfiguration/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/guestconfigurationassignments/main.tf",
       "Description": "A basic example of deploying Applies a Guest Configuration Policy to a Virtual Machine."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.GuestConfiguration/guestConfigurationAssignments",
+      "Path": "samples/guestconfigurationassignments/main.bicep",
+      "Description": "A basic example of deploying Applies a Guest Configuration Policy to a Virtual Machine."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.guestconfiguration/samples/guestconfigurationassignments/main.bicep b/settings/remarks/microsoft.guestconfiguration/samples/guestconfigurationassignments/main.bicep
new file mode 100644
index 00000000..212e175b
--- /dev/null
+++ b/settings/remarks/microsoft.guestconfiguration/samples/guestconfigurationassignments/main.bicep
@@ -0,0 +1,146 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the virtual machine')
+param adminPassword string
+
+resource guestConfigurationAssignment 'Microsoft.GuestConfiguration/guestConfigurationAssignments@2020-06-25' = {
+  scope: virtualMachine
+  name: 'WhitelistedApplication'
+  location: location
+  properties: {
+    guestConfiguration: {
+      assignmentType: ''
+      configurationParameter: [
+        {
+          name: '[InstalledApplication]bwhitelistedapp;Name'
+          value: 'NotePad,sql'
+        }
+      ]
+      contentHash: ''
+      contentUri: ''
+      name: 'WhitelistedApplication'
+      version: '1.*'
+    }
+  }
+}
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'internal'
+        properties: {
+          primary: true
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    additionalCapabilities: {}
+    applicationProfile: {
+      galleryApplications: []
+    }
+    diagnosticsProfile: {
+      bootDiagnostics: {
+        enabled: false
+        storageUri: ''
+      }
+    }
+    extensionsTimeBudget: 'PT1H30M'
+    hardwareProfile: {
+      vmSize: 'Standard_F2'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: true
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminPassword: null
+      adminUsername: 'adminuser'
+      allowExtensionOperations: true
+      computerName: 'acctestvmdro23'
+      secrets: []
+      windowsConfiguration: {
+        enableAutomaticUpdates: true
+        patchSettings: {
+          assessmentMode: 'ImageDefault'
+          enableHotpatching: false
+          patchMode: 'AutomaticByOS'
+        }
+        provisionVMAgent: true
+        winRM: {
+          listeners: []
+        }
+      }
+    }
+    priority: 'Regular'
+    storageProfile: {
+      dataDisks: []
+      imageReference: {
+        offer: 'WindowsServer'
+        publisher: 'MicrosoftWindowsServer'
+        sku: '2016-Datacenter'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'FromImage'
+        managedDisk: {
+          storageAccountType: 'Standard_LRS'
+        }
+        osType: 'Windows'
+        writeAcceleratorEnabled: false
+      }
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'internal'
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.hdinsight/remarks.json b/settings/remarks/microsoft.hdinsight/remarks.json
index 10bb64ce..64c3a5b3 100644
--- a/settings/remarks/microsoft.hdinsight/remarks.json
+++ b/settings/remarks/microsoft.hdinsight/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/clusters/main.tf",
       "Description": "A basic example of deploying HDInsight Cluster."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.HDInsight/clusters",
+      "Path": "samples/clusters/main.bicep",
+      "Description": "A basic example of deploying HDInsight Cluster."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.hdinsight/samples/clusters/main.bicep b/settings/remarks/microsoft.hdinsight/samples/clusters/main.bicep
new file mode 100644
index 00000000..ce8260ec
--- /dev/null
+++ b/settings/remarks/microsoft.hdinsight/samples/clusters/main.bicep
@@ -0,0 +1,142 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The username for the HDInsight cluster virtual machines')
+param vmUsername string
+@secure()
+@description('The password for the HDInsight cluster virtual machines')
+param vmPassword string
+@secure()
+@description('The REST API credential password for the HDInsight cluster gateway')
+param restCredentialPassword string
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource cluster 'Microsoft.HDInsight/clusters@2018-06-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    clusterDefinition: {
+      componentVersion: {
+        Spark: '2.4'
+      }
+      configurations: {
+        gateway: {
+          'restAuthCredential.isEnabled': true
+          'restAuthCredential.password': restCredentialPassword
+          'restAuthCredential.username': 'acctestusrgw'
+        }
+      }
+      kind: 'Spark'
+    }
+    clusterVersion: '4.0.3000.1'
+    computeProfile: {
+      roles: [
+        {
+          hardwareProfile: {
+            vmSize: 'standard_a4_v2'
+          }
+          name: 'headnode'
+          osProfile: {
+            linuxOperatingSystemProfile: {
+              password: vmPassword
+              username: vmUsername
+            }
+          }
+          targetInstanceCount: 2
+        }
+        {
+          hardwareProfile: {
+            vmSize: 'standard_a4_v2'
+          }
+          name: 'workernode'
+          osProfile: {
+            linuxOperatingSystemProfile: {
+              password: vmPassword
+              username: vmUsername
+            }
+          }
+          targetInstanceCount: 3
+        }
+        {
+          hardwareProfile: {
+            vmSize: 'standard_a2_v2'
+          }
+          name: 'zookeepernode'
+          osProfile: {
+            linuxOperatingSystemProfile: {
+              password: vmPassword
+              username: vmUsername
+            }
+          }
+          targetInstanceCount: 3
+        }
+      ]
+    }
+    encryptionInTransitProperties: {
+      isEncryptionInTransitEnabled: false
+    }
+    minSupportedTlsVersion: '1.2'
+    osType: 'Linux'
+    storageProfile: {
+      storageaccounts: [
+        {
+          container: container.name
+          isDefault: true
+          key: storageAccount.listKeys().keys[0].value
+          name: '${storageAccount.name}.blob.core.windows.net'
+          resourceId: storageAccount.id
+        }
+      ]
+    }
+    tier: 'standard'
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+  parent: blobService
+  name: resourceName
+  properties: {
+    metadata: {
+      key: 'value'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.healthbot/remarks.json b/settings/remarks/microsoft.healthbot/remarks.json
index 9851261e..59a5b630 100644
--- a/settings/remarks/microsoft.healthbot/remarks.json
+++ b/settings/remarks/microsoft.healthbot/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/healthbots/main.tf",
       "Description": "A basic example of deploying Healthbot Service."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.HealthBot/healthBots",
+      "Path": "samples/healthbots/main.bicep",
+      "Description": "A basic example of deploying Healthbot Service."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.healthbot/samples/healthbots/main.bicep b/settings/remarks/microsoft.healthbot/samples/healthbots/main.bicep
new file mode 100644
index 00000000..6a54a915
--- /dev/null
+++ b/settings/remarks/microsoft.healthbot/samples/healthbots/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource healthBot 'Microsoft.HealthBot/healthBots@2022-08-08' = {
+  name: resourceName
+  location: location
+  sku: {
+    name: 'F0'
+  }
+}
diff --git a/settings/remarks/microsoft.healthcareapis/remarks.json b/settings/remarks/microsoft.healthcareapis/remarks.json
index 59256777..91cddfa3 100644
--- a/settings/remarks/microsoft.healthcareapis/remarks.json
+++ b/settings/remarks/microsoft.healthcareapis/remarks.json
@@ -31,5 +31,37 @@
       "Path": "samples/workspaces/iotconnectors/fhirdestinations/main.tf",
       "Description": "A basic example of deploying Healthcare Med Tech (Internet of Medical Things) Service Fhir Destination."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.HealthcareApis/services",
+      "Path": "samples/services/main.bicep",
+      "Description": "A basic example of deploying Healthcare Service."
+    },
+    {
+      "ResourceType": "Microsoft.HealthcareApis/workspaces",
+      "Path": "samples/workspaces/main.bicep",
+      "Description": "A basic example of deploying Healthcare Workspace."
+    },
+    {
+      "ResourceType": "Microsoft.HealthcareApis/workspaces/dicomServices",
+      "Path": "samples/workspaces/dicomservices/main.bicep",
+      "Description": "A basic example of deploying Healthcare DICOM (Digital Imaging and Communications in Medicine) Service."
+    },
+    {
+      "ResourceType": "Microsoft.HealthcareApis/workspaces/fhirServices",
+      "Path": "samples/workspaces/fhirservices/main.bicep",
+      "Description": "A basic example of deploying Healthcare FHIR (Fast Healthcare Interoperability Resources) Service."
+    },
+    {
+      "ResourceType": "Microsoft.HealthcareApis/workspaces/iotConnectors",
+      "Path": "samples/workspaces/iotconnectors/main.bicep",
+      "Description": "A basic example of deploying Healthcare MedTech (Internet of Medical Things) devices Service."
+    },
+    {
+      "ResourceType": "Microsoft.HealthcareApis/workspaces/iotConnectors/fhirDestinations",
+      "Path": "samples/workspaces/iotconnectors/fhirdestinations/main.bicep",
+      "Description": "A basic example of deploying Healthcare Med Tech (Internet of Medical Things) Service Fhir Destination."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.healthcareapis/samples/services/main.bicep b/settings/remarks/microsoft.healthcareapis/samples/services/main.bicep
new file mode 100644
index 00000000..47827fb8
--- /dev/null
+++ b/settings/remarks/microsoft.healthcareapis/samples/services/main.bicep
@@ -0,0 +1,21 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus2'
+
+resource service 'Microsoft.HealthcareApis/services@2022-12-01' = {
+  name: resourceName
+  location: location
+  kind: 'fhir'
+  properties: {
+    accessPolicies: [
+      {
+        objectId: deployer().objectId
+      }
+    ]
+    authenticationConfiguration: {}
+    corsConfiguration: {}
+    cosmosDbConfiguration: {
+      offerThroughput: 1000
+    }
+    publicNetworkAccess: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.healthcareapis/samples/workspaces/dicomservices/main.bicep b/settings/remarks/microsoft.healthcareapis/samples/workspaces/dicomservices/main.bicep
new file mode 100644
index 00000000..1be52aff
--- /dev/null
+++ b/settings/remarks/microsoft.healthcareapis/samples/workspaces/dicomservices/main.bicep
@@ -0,0 +1,16 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource workspace 'Microsoft.HealthcareApis/workspaces@2022-12-01' = {
+  name: resourceName
+  location: location
+}
+
+resource dicomService 'Microsoft.HealthcareApis/workspaces/dicomServices@2022-12-01' = {
+  parent: workspace
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.healthcareapis/samples/workspaces/fhirservices/main.bicep b/settings/remarks/microsoft.healthcareapis/samples/workspaces/fhirservices/main.bicep
new file mode 100644
index 00000000..3fb569c6
--- /dev/null
+++ b/settings/remarks/microsoft.healthcareapis/samples/workspaces/fhirservices/main.bicep
@@ -0,0 +1,49 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource workspace 'Microsoft.HealthcareApis/workspaces@2022-12-01' = {
+  name: resourceName
+  location: location
+}
+
+resource fhirService 'Microsoft.HealthcareApis/workspaces/fhirServices@2022-12-01' = {
+  parent: workspace
+  name: resourceName
+  location: location
+  kind: 'fhir-R4'
+  properties: {
+    acrConfiguration: {}
+    authenticationConfiguration: {
+      audience: 'https://acctestfhir.fhir.azurehealthcareapis.com'
+      authority: 'https://login.microsoftonline.com/deployer().tenantId'
+      smartProxyEnabled: false
+    }
+    corsConfiguration: {
+      allowCredentials: false
+      headers: []
+      methods: []
+      origins: []
+    }
+  }
+}
+
+resource fhirService2 'Microsoft.HealthcareApis/workspaces/fhirServices@2022-12-01' = {
+  parent: workspace
+  name: resourceName
+  location: location
+  kind: 'fhir-R4'
+  properties: {
+    acrConfiguration: {}
+    authenticationConfiguration: {
+      audience: fhirService.properties.authenticationConfiguration.audience
+      authority: fhirService.properties.authenticationConfiguration.authority
+      smartProxyEnabled: false
+    }
+    corsConfiguration: {
+      allowCredentials: false
+      headers: []
+      methods: []
+      origins: []
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.healthcareapis/samples/workspaces/iotconnectors/fhirdestinations/main.bicep b/settings/remarks/microsoft.healthcareapis/samples/workspaces/iotconnectors/fhirdestinations/main.bicep
new file mode 100644
index 00000000..f2bcb8fc
--- /dev/null
+++ b/settings/remarks/microsoft.healthcareapis/samples/workspaces/iotconnectors/fhirdestinations/main.bicep
@@ -0,0 +1,97 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.EventHub/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    isAutoInflateEnabled: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource workspace 'Microsoft.HealthcareApis/workspaces@2022-12-01' = {
+  name: resourceName
+  location: location
+}
+
+resource eventhub 'Microsoft.EventHub/namespaces/eventhubs@2021-11-01' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    messageRetentionInDays: 1
+    partitionCount: 2
+    status: 'Active'
+  }
+}
+
+resource fhirService 'Microsoft.HealthcareApis/workspaces/fhirServices@2022-12-01' = {
+  parent: workspace
+  name: resourceName
+  location: location
+  kind: 'fhir-R4'
+  properties: {
+    acrConfiguration: {}
+    authenticationConfiguration: {
+      audience: 'https://acctestfhir.fhir.azurehealthcareapis.com'
+      authority: 'https://login.microsoftonline.com/deployer().tenantId'
+      smartProxyEnabled: false
+    }
+    corsConfiguration: {
+      allowCredentials: false
+      headers: []
+      methods: []
+      origins: []
+    }
+  }
+}
+
+resource iotConnector 'Microsoft.HealthcareApis/workspaces/iotConnectors@2022-12-01' = {
+  parent: workspace
+  name: resourceName
+  location: location
+  properties: {
+    deviceMapping: {
+      content: {
+        template: []
+        templateType: 'CollectionContent'
+      }
+    }
+    ingestionEndpointConfiguration: {
+      consumerGroup: consumerGroup.id
+      eventHubName: eventhub.name
+      fullyQualifiedEventHubNamespace: '${namespace.name}.servicebus.windows.net'
+    }
+  }
+}
+
+resource consumerGroup 'Microsoft.EventHub/namespaces/eventhubs/consumerGroups@2021-11-01' = {
+  parent: eventhub
+  name: resourceName
+  properties: {
+    userMetadata: ''
+  }
+}
+
+resource fhirDestination 'Microsoft.HealthcareApis/workspaces/iotConnectors/fhirDestinations@2022-12-01' = {
+  parent: iotConnector
+  name: resourceName
+  location: location
+  properties: {
+    fhirMapping: {
+      content: {
+        template: []
+        templateType: 'CollectionFhirTemplate'
+      }
+    }
+    fhirServiceResourceId: fhirService.id
+    resourceIdentityResolutionType: 'Create'
+  }
+}
diff --git a/settings/remarks/microsoft.healthcareapis/samples/workspaces/iotconnectors/main.bicep b/settings/remarks/microsoft.healthcareapis/samples/workspaces/iotconnectors/main.bicep
new file mode 100644
index 00000000..eefb1927
--- /dev/null
+++ b/settings/remarks/microsoft.healthcareapis/samples/workspaces/iotconnectors/main.bicep
@@ -0,0 +1,60 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.EventHub/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    isAutoInflateEnabled: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource workspace 'Microsoft.HealthcareApis/workspaces@2022-12-01' = {
+  name: resourceName
+  location: location
+}
+
+resource eventhub 'Microsoft.EventHub/namespaces/eventhubs@2021-11-01' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    messageRetentionInDays: 1
+    partitionCount: 2
+    status: 'Active'
+  }
+}
+
+resource iotConnector 'Microsoft.HealthcareApis/workspaces/iotConnectors@2022-12-01' = {
+  parent: workspace
+  name: resourceName
+  location: location
+  properties: {
+    deviceMapping: {
+      content: {
+        template: []
+        templateType: 'CollectionContent'
+      }
+    }
+    ingestionEndpointConfiguration: {
+      consumerGroup: consumerGroup.id
+      eventHubName: eventhub.name
+      fullyQualifiedEventHubNamespace: '${namespace.name}.servicebus.windows.net'
+    }
+  }
+}
+
+resource consumerGroup 'Microsoft.EventHub/namespaces/eventhubs/consumerGroups@2021-11-01' = {
+  parent: eventhub
+  name: resourceName
+  properties: {
+    userMetadata: ''
+  }
+}
diff --git a/settings/remarks/microsoft.healthcareapis/samples/workspaces/main.bicep b/settings/remarks/microsoft.healthcareapis/samples/workspaces/main.bicep
new file mode 100644
index 00000000..3facef31
--- /dev/null
+++ b/settings/remarks/microsoft.healthcareapis/samples/workspaces/main.bicep
@@ -0,0 +1,7 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource workspace 'Microsoft.HealthcareApis/workspaces@2022-12-01' = {
+  name: resourceName
+  location: location
+}
diff --git a/settings/remarks/microsoft.hybridcompute/remarks.json b/settings/remarks/microsoft.hybridcompute/remarks.json
index 1f590505..f7e41d76 100644
--- a/settings/remarks/microsoft.hybridcompute/remarks.json
+++ b/settings/remarks/microsoft.hybridcompute/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/privatelinkscopes/main.tf",
       "Description": "A basic example of deploying Azure Arc Private Link Scope."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.HybridCompute/machines",
+      "Path": "samples/machines/main.bicep",
+      "Description": "A basic example of deploying Hybrid Compute Machine."
+    },
+    {
+      "ResourceType": "Microsoft.HybridCompute/privateLinkScopes",
+      "Path": "samples/privatelinkscopes/main.bicep",
+      "Description": "A basic example of deploying Azure Arc Private Link Scope."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.hybridcompute/samples/machines/main.bicep b/settings/remarks/microsoft.hybridcompute/samples/machines/main.bicep
new file mode 100644
index 00000000..3ddd517f
--- /dev/null
+++ b/settings/remarks/microsoft.hybridcompute/samples/machines/main.bicep
@@ -0,0 +1,8 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource machine 'Microsoft.HybridCompute/machines@2024-07-10' = {
+  name: '${resourceName}hcm'
+  location: location
+  kind: 'SCVMM'
+}
diff --git a/settings/remarks/microsoft.hybridcompute/samples/privatelinkscopes/main.bicep b/settings/remarks/microsoft.hybridcompute/samples/privatelinkscopes/main.bicep
new file mode 100644
index 00000000..cad6864a
--- /dev/null
+++ b/settings/remarks/microsoft.hybridcompute/samples/privatelinkscopes/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource privateLinkScope 'Microsoft.HybridCompute/privateLinkScopes@2022-11-10' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Disabled'
+  }
+}
diff --git a/settings/remarks/microsoft.impact/remarks.json b/settings/remarks/microsoft.impact/remarks.json
index ce3275f4..74e3d285 100644
--- a/settings/remarks/microsoft.impact/remarks.json
+++ b/settings/remarks/microsoft.impact/remarks.json
@@ -11,5 +11,12 @@
       "Path": "samples/workloadimpacts/main.tf",
       "Description": "A basic example of deploying Impact Workload Impacts."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Impact/connectors",
+      "Path": "samples/connectors/main.bicep",
+      "Description": "A basic example of deploying Impact Connectors."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.impact/samples/connectors/main.bicep b/settings/remarks/microsoft.impact/samples/connectors/main.bicep
new file mode 100644
index 00000000..39b2c82d
--- /dev/null
+++ b/settings/remarks/microsoft.impact/samples/connectors/main.bicep
@@ -0,0 +1,10 @@
+targetScope = 'subscription'
+
+param resourceName string = 'acctest0001'
+
+resource connector 'Microsoft.Impact/connectors@2024-05-01-preview' = {
+  name: resourceName
+  properties: {
+    connectorType: 'AzureMonitor'
+  }
+}
diff --git a/settings/remarks/microsoft.insights/remarks.json b/settings/remarks/microsoft.insights/remarks.json
index e98615f3..46cad46d 100644
--- a/settings/remarks/microsoft.insights/remarks.json
+++ b/settings/remarks/microsoft.insights/remarks.json
@@ -110,5 +110,87 @@
       "Path": "samples/workbooks/main.tf",
       "Description": "A basic example of deploying Azure Workbook."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Insights/actionGroups",
+      "Path": "samples/actiongroups/main.bicep",
+      "Description": "A basic example of deploying Action Group within Azure Monitor."
+    },
+    {
+      "ResourceType": "Microsoft.Insights/activityLogAlerts",
+      "Path": "samples/activitylogalerts/main.bicep",
+      "Description": "A basic example of deploying Activity Log Alert within Azure Monitor."
+    },
+    {
+      "ResourceType": "Microsoft.Insights/autoScaleSettings",
+      "Path": "samples/autoscalesettings/main.bicep",
+      "Description": "A basic example of deploying AutoScale Setting which can be applied to Virtual Machine Scale Sets, App Services and other scalable resources."
+    },
+    {
+      "ResourceType": "Microsoft.Insights/components",
+      "Path": "samples/components/main.bicep",
+      "Description": "A basic example of deploying Application Insights component."
+    },
+    {
+      "ResourceType": "Microsoft.Insights/components/analyticsItems",
+      "Path": "samples/components/analyticsitems/main.bicep",
+      "Description": "A basic example of deploying Application Insights Analytics Item component."
+    },
+    {
+      "ResourceType": "Microsoft.Insights/dataCollectionEndpoints",
+      "Path": "samples/datacollectionendpoints/main.bicep",
+      "Description": "A basic example of deploying Data Collection Endpoint."
+    },
+    {
+      "ResourceType": "Microsoft.Insights/dataCollectionRuleAssociations",
+      "Path": "samples/datacollectionruleassociations/main.bicep",
+      "Description": "A basic example of deploying Data Collection Rule Association."
+    },
+    {
+      "ResourceType": "Microsoft.Insights/dataCollectionRules",
+      "Path": "samples/datacollectionrules/main.bicep",
+      "Description": "A basic example of deploying Data Collection Rule."
+    },
+    {
+      "ResourceType": "Microsoft.Insights/diagnosticSettings",
+      "Path": "samples/diagnosticsettings/main.bicep",
+      "Description": "A basic example of deploying Insights Diagnostic Settings."
+    },
+    {
+      "ResourceType": "Microsoft.Insights/metricAlerts",
+      "Path": "samples/metricalerts/main.bicep",
+      "Description": "A basic example of deploying Metric Alert within Azure Monitor."
+    },
+    {
+      "ResourceType": "Microsoft.Insights/privateLinkScopes",
+      "Path": "samples/privatelinkscopes/main.bicep",
+      "Description": "A basic example of deploying Azure Monitor Private Link Scope."
+    },
+    {
+      "ResourceType": "Microsoft.Insights/privateLinkScopes/scopedResources",
+      "Path": "samples/privatelinkscopes/scopedresources/main.bicep",
+      "Description": "A basic example of deploying Azure Monitor Private Link Scoped Service."
+    },
+    {
+      "ResourceType": "Microsoft.Insights/scheduledQueryRules",
+      "Path": "samples/scheduledqueryrules/main.bicep",
+      "Description": "A basic example of deploying AlertingAction Scheduled Query Rules resource within Azure Monitor."
+    },
+    {
+      "ResourceType": "Microsoft.Insights/webTests",
+      "Path": "samples/webtests/main.bicep",
+      "Description": "A basic example of deploying Application Insights Standard WebTest."
+    },
+    {
+      "ResourceType": "Microsoft.Insights/workbookTemplates",
+      "Path": "samples/workbooktemplates/main.bicep",
+      "Description": "A basic example of deploying Application Insights Workbook Template."
+    },
+    {
+      "ResourceType": "Microsoft.Insights/workbooks",
+      "Path": "samples/workbooks/main.bicep",
+      "Description": "A basic example of deploying Azure Workbook."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.insights/samples/actiongroups/main.bicep b/settings/remarks/microsoft.insights/samples/actiongroups/main.bicep
new file mode 100644
index 00000000..a50473f2
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/actiongroups/main.bicep
@@ -0,0 +1,21 @@
+param resourceName string = 'acctest0001'
+
+resource actionGroup 'Microsoft.Insights/actionGroups@2023-01-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    armRoleReceivers: []
+    automationRunbookReceivers: []
+    azureAppPushReceivers: []
+    azureFunctionReceivers: []
+    emailReceivers: []
+    enabled: true
+    eventHubReceivers: []
+    groupShortName: 'acctestag'
+    itsmReceivers: []
+    logicAppReceivers: []
+    smsReceivers: []
+    voiceReceivers: []
+    webhookReceivers: []
+  }
+}
diff --git a/settings/remarks/microsoft.insights/samples/activitylogalerts/main.bicep b/settings/remarks/microsoft.insights/samples/activitylogalerts/main.bicep
new file mode 100644
index 00000000..fe95dfcf
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/activitylogalerts/main.bicep
@@ -0,0 +1,150 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource actionGroup 'Microsoft.Insights/actionGroups@2023-01-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    armRoleReceivers: []
+    automationRunbookReceivers: []
+    azureAppPushReceivers: []
+    azureFunctionReceivers: []
+    emailReceivers: []
+    enabled: true
+    eventHubReceivers: []
+    groupShortName: 'acctestag1'
+    itsmReceivers: []
+    logicAppReceivers: []
+    smsReceivers: []
+    voiceReceivers: []
+    webhookReceivers: []
+  }
+}
+
+resource actionGroup2 'Microsoft.Insights/actionGroups@2023-01-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    armRoleReceivers: []
+    automationRunbookReceivers: []
+    azureAppPushReceivers: []
+    azureFunctionReceivers: []
+    emailReceivers: []
+    enabled: true
+    eventHubReceivers: []
+    groupShortName: 'acctestag2'
+    itsmReceivers: []
+    logicAppReceivers: []
+    smsReceivers: []
+    voiceReceivers: []
+    webhookReceivers: []
+  }
+}
+
+resource activityLogAlert 'Microsoft.Insights/activityLogAlerts@2020-10-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    actions: {
+      actionGroups: [
+        {
+          actionGroupId: actionGroup.id
+          webhookProperties: {}
+        }
+        {
+          actionGroupId: actionGroup2.id
+          webhookProperties: {
+            from: 'terraform test'
+            to: 'microsoft azure'
+          }
+        }
+      ]
+    }
+    condition: {
+      allOf: [
+        {
+          equals: 'ResourceHealth'
+          field: 'category'
+        }
+        {
+          anyOf: [
+            {
+              equals: 'Unavailable'
+              field: 'properties.currentHealthStatus'
+            }
+            {
+              equals: 'Degraded'
+              field: 'properties.currentHealthStatus'
+            }
+          ]
+        }
+        {
+          anyOf: [
+            {
+              equals: 'Unknown'
+              field: 'properties.previousHealthStatus'
+            }
+            {
+              equals: 'Available'
+              field: 'properties.previousHealthStatus'
+            }
+          ]
+        }
+        {
+          anyOf: [
+            {
+              equals: 'PlatformInitiated'
+              field: 'properties.cause'
+            }
+            {
+              equals: 'UserInitiated'
+              field: 'properties.cause'
+            }
+          ]
+        }
+      ]
+    }
+    description: 'This is just a test acceptance.'
+    enabled: true
+    scopes: [
+      resourceGroup().id
+      storageAccount.id
+    ]
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
diff --git a/settings/remarks/microsoft.insights/samples/autoscalesettings/main.bicep b/settings/remarks/microsoft.insights/samples/autoscalesettings/main.bicep
new file mode 100644
index 00000000..a1ef6631
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/autoscalesettings/main.bicep
@@ -0,0 +1,184 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator username for the virtual machine scale set')
+param adminUsername string
+@secure()
+@description('The administrator password for the virtual machine scale set')
+param adminPassword string
+
+resource autoScaleSetting 'Microsoft.Insights/autoScaleSettings@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enabled: true
+    notifications: []
+    profiles: [
+      {
+        capacity: {
+          default: '1'
+          maximum: '10'
+          minimum: '1'
+        }
+        name: 'metricRules'
+        rules: [
+          {
+            metricTrigger: {
+              dimensions: []
+              dividePerInstance: true
+              metricName: 'Percentage CPU'
+              metricNamespace: ''
+              metricResourceUri: virtualMachineScaleSet.id
+              operator: 'GreaterThan'
+              statistic: 'Average'
+              threshold: 75
+              timeAggregation: 'Last'
+              timeGrain: 'PT1M'
+              timeWindow: 'PT5M'
+            }
+            scaleAction: {
+              cooldown: 'PT1M'
+              direction: 'Increase'
+              type: 'ChangeCount'
+              value: '1'
+            }
+          }
+        ]
+      }
+    ]
+    targetResourceUri: virtualMachineScaleSet.id
+  }
+}
+
+resource virtualMachineScaleSet 'Microsoft.Compute/virtualMachineScaleSets@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    additionalCapabilities: {}
+    doNotRunExtensionsOnOverprovisionedVMs: false
+    orchestrationMode: 'Uniform'
+    overprovision: true
+    scaleInPolicy: {
+      forceDeletion: false
+      rules: [
+        'Default'
+      ]
+    }
+    singlePlacementGroup: true
+    upgradePolicy: {
+      mode: 'Manual'
+    }
+    virtualMachineProfile: {
+      diagnosticsProfile: {
+        bootDiagnostics: {
+          enabled: false
+          storageUri: ''
+        }
+      }
+      extensionProfile: {
+        extensionsTimeBudget: 'PT1H30M'
+      }
+      networkProfile: {
+        networkInterfaceConfigurations: [
+          {
+            name: 'TestNetworkProfile-230630033559396108'
+            properties: {
+              dnsSettings: {
+                dnsServers: []
+              }
+              enableAcceleratedNetworking: false
+              enableIPForwarding: false
+              ipConfigurations: [
+                {
+                  name: 'TestIPConfiguration'
+                  properties: {
+                    applicationGatewayBackendAddressPools: []
+                    applicationSecurityGroups: []
+                    loadBalancerBackendAddressPools: []
+                    loadBalancerInboundNatPools: []
+                    primary: true
+                    privateIPAddressVersion: 'IPv4'
+                    subnet: {
+                      id: subnet.id
+                    }
+                  }
+                }
+              ]
+              primary: true
+            }
+          }
+        ]
+      }
+      osProfile: {
+        adminPassword: null
+        adminUsername: null
+        computerNamePrefix: 'testvm-230630033559396108'
+        linuxConfiguration: {
+          disablePasswordAuthentication: false
+          provisionVMAgent: true
+          ssh: {
+            publicKeys: [
+              {
+                keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCsTcryUl51Q2VSEHqDRNmceUFo55ZtcIwxl2QITbN1RREti5ml/VTytC0yeBOvnZA4x4CFpdw/lCDPk0yrH9Ei5vVkXmOrExdTlT3qI7YaAzj1tUVlBd4S6LX1F7y6VLActvdHuDDuXZXzCDd/97420jrDfWZqJMlUK/EmCE5ParCeHIRIvmBxcEnGfFIsw8xQZl0HphxWOtJil8qsUWSdMyCiJYYQpMoMliO99X40AUc4/AlsyPyT5ddbKk08YrZ+rKDVHF7o29rh4vi5MmHkVgVQHKiKybWlHq+b71gIAUQk9wrJxD+dqt4igrmDSpIjfjwnd+l5UIn5fJSO5DYV4YT/4hwK7OKmuo7OFHD0WyY5YnkYEMtFgzemnRBdE8ulcT60DQpVgRMXFWHvhyCWy0L6sgj1QWDZlLpvsIvNfHsyhKFMG1frLnMt/nP0+YCcfg+v1JYeCKjeoJxB8DWcRBsjzItY0CGmzP8UYZiYKl/2u+2TgFS5r7NWH11bxoUzjKdaa1NLw+ieA8GlBFfCbfWe6YVB9ggUte4VtYFMZGxOjS2bAiYtfgTKFJv+XqORAwExG6+G2eDxIDyo80/OA9IG7Xv/jwQr7D6KDjDuULFcN/iTxuttoKrHeYz1hf5ZQlBdllwJHYx6fK2g8kha6r2JIQKocvsAXiiONqSfw== hello@world.com'
+                path: '/home/myadmin/.ssh/authorized_keys'
+              }
+            ]
+          }
+        }
+        secrets: []
+      }
+      priority: 'Regular'
+      storageProfile: {
+        dataDisks: []
+        imageReference: {
+          offer: 'UbuntuServer'
+          publisher: 'Canonical'
+          sku: '16.04-LTS'
+          version: 'latest'
+        }
+        osDisk: {
+          caching: 'ReadWrite'
+          createOption: 'FromImage'
+          managedDisk: {
+            storageAccountType: 'StandardSSD_LRS'
+          }
+          osType: 'Linux'
+          writeAcceleratorEnabled: false
+        }
+      }
+    }
+  }
+  sku: {
+    capacity: 2
+    name: 'Standard_F2'
+    tier: 'Standard'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'internal'
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.insights/samples/components/analyticsitems/main.bicep b/settings/remarks/microsoft.insights/samples/components/analyticsitems/main.bicep
new file mode 100644
index 00000000..c22f4fd2
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/components/analyticsitems/main.bicep
@@ -0,0 +1,27 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource component 'Microsoft.Insights/components@2020-02-02' = {
+  name: resourceName
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    DisableIpMasking: false
+    DisableLocalAuth: false
+    ForceCustomerStorageForProfiler: false
+    RetentionInDays: 90
+    SamplingPercentage: 100
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+  }
+}
+
+resource analyticsItem 'microsoft.insights/components/analyticsItems@2015-05-01' = {
+  parent: component
+  name: 'item'
+  Content: 'requests #test'
+  Name: 'testquery'
+  Scope: 'shared'
+  Type: 'query'
+}
diff --git a/settings/remarks/microsoft.insights/samples/components/main.bicep b/settings/remarks/microsoft.insights/samples/components/main.bicep
new file mode 100644
index 00000000..e36d6913
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/components/main.bicep
@@ -0,0 +1,18 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource component 'Microsoft.Insights/components@2020-02-02' = {
+  name: resourceName
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    DisableIpMasking: false
+    DisableLocalAuth: false
+    ForceCustomerStorageForProfiler: false
+    RetentionInDays: 90
+    SamplingPercentage: 100
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.insights/samples/datacollectionendpoints/main.bicep b/settings/remarks/microsoft.insights/samples/datacollectionendpoints/main.bicep
new file mode 100644
index 00000000..3f0bf9f1
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/datacollectionendpoints/main.bicep
@@ -0,0 +1,13 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource dataCollectionEndpoint 'Microsoft.Insights/dataCollectionEndpoints@2022-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkAcls: {
+      publicNetworkAccess: 'Enabled'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.insights/samples/datacollectionruleassociations/main.bicep b/settings/remarks/microsoft.insights/samples/datacollectionruleassociations/main.bicep
new file mode 100644
index 00000000..72d5147a
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/datacollectionruleassociations/main.bicep
@@ -0,0 +1,156 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the virtual machine')
+param adminPassword string
+
+resource dataCollectionRule 'Microsoft.Insights/dataCollectionRules@2022-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    dataFlows: [
+      {
+        destinations: [
+          'test-destination-metrics'
+        ]
+        streams: [
+          'Microsoft-InsightsMetrics'
+        ]
+      }
+    ]
+    description: ''
+    destinations: {
+      azureMonitorMetrics: {
+        name: 'test-destination-metrics'
+      }
+    }
+  }
+}
+
+resource dataCollectionRuleAssociation 'Microsoft.Insights/dataCollectionRuleAssociations@2022-06-01' = {
+  scope: virtualMachine
+  name: resourceName
+  properties: {
+    dataCollectionRuleId: dataCollectionRule.id
+    description: ''
+  }
+}
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2022-07-01' = {
+  name: 'nic-230630033559397415'
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'internal'
+        properties: {
+          primary: true
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-03-01' = {
+  name: 'machine-230630033559397415'
+  location: location
+  properties: {
+    additionalCapabilities: {}
+    applicationProfile: {
+      galleryApplications: []
+    }
+    diagnosticsProfile: {
+      bootDiagnostics: {
+        enabled: false
+        storageUri: ''
+      }
+    }
+    extensionsTimeBudget: 'PT1H30M'
+    hardwareProfile: {
+      vmSize: 'Standard_B1ls'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: true
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminPassword: null
+      adminUsername: 'adminuser'
+      allowExtensionOperations: true
+      computerName: 'machine-230630033559397415'
+      linuxConfiguration: {
+        disablePasswordAuthentication: false
+        patchSettings: {
+          assessmentMode: 'ImageDefault'
+          patchMode: 'ImageDefault'
+        }
+        provisionVMAgent: true
+        ssh: {
+          publicKeys: []
+        }
+      }
+      secrets: []
+    }
+    priority: 'Regular'
+    storageProfile: {
+      dataDisks: []
+      imageReference: {
+        offer: 'UbuntuServer'
+        publisher: 'Canonical'
+        sku: '16.04-LTS'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'FromImage'
+        managedDisk: {
+          storageAccountType: 'Standard_LRS'
+        }
+        osType: 'Linux'
+        writeAcceleratorEnabled: false
+      }
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: 'network-230630033559397415'
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'subnet-230630033559397415'
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.insights/samples/datacollectionrules/main.bicep b/settings/remarks/microsoft.insights/samples/datacollectionrules/main.bicep
new file mode 100644
index 00000000..30fee3fa
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/datacollectionrules/main.bicep
@@ -0,0 +1,25 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource dataCollectionRule 'Microsoft.Insights/dataCollectionRules@2022-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    dataFlows: [
+      {
+        destinations: [
+          'test-destination-metrics'
+        ]
+        streams: [
+          'Microsoft-InsightsMetrics'
+        ]
+      }
+    ]
+    description: ''
+    destinations: {
+      azureMonitorMetrics: {
+        name: 'test-destination-metrics'
+      }
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.insights/samples/diagnosticsettings/main.bicep b/settings/remarks/microsoft.insights/samples/diagnosticsettings/main.bicep
new file mode 100644
index 00000000..0b673c3a
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/diagnosticsettings/main.bicep
@@ -0,0 +1,79 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
+  scope: vault
+  name: resourceName
+  properties: {
+    eventHubAuthorizationRuleId: authorizationRule.id
+    eventHubName: namespace.name
+    logs: [
+      {
+        categoryGroup: 'Audit'
+        enabled: true
+        retentionPolicy: {
+          days: 0
+          enabled: false
+        }
+      }
+    ]
+    metrics: [
+      {
+        category: 'AllMetrics'
+        enabled: true
+        retentionPolicy: {
+          days: 0
+          enabled: false
+        }
+      }
+    ]
+  }
+}
+
+resource namespace 'Microsoft.EventHub/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    isAutoInflateEnabled: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 1
+    name: 'Basic'
+    tier: 'Basic'
+  }
+}
+
+resource vault 'Microsoft.KeyVault/vaults@2021-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    accessPolicies: []
+    createMode: 'default'
+    enableRbacAuthorization: false
+    enableSoftDelete: true
+    enabledForDeployment: false
+    enabledForDiskEncryption: false
+    enabledForTemplateDeployment: false
+    publicNetworkAccess: 'Enabled'
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    tenantId: deployer().tenantId
+  }
+}
+
+resource authorizationRule 'Microsoft.EventHub/namespaces/authorizationRules@2021-11-01' = {
+  parent: namespace
+  name: 'example'
+  properties: {
+    rights: [
+      'Listen'
+      'Send'
+      'Manage'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.insights/samples/metricalerts/main.bicep b/settings/remarks/microsoft.insights/samples/metricalerts/main.bicep
new file mode 100644
index 00000000..f09c6e22
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/metricalerts/main.bicep
@@ -0,0 +1,79 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    actions: []
+    autoMitigate: true
+    criteria: {
+      allOf: [
+        {
+          criterionType: 'StaticThresholdCriterion'
+          dimensions: []
+          metricName: 'UsedCapacity'
+          metricNamespace: 'Microsoft.Storage/storageAccounts'
+          name: 'Metric1'
+          operator: 'GreaterThan'
+          skipMetricValidation: false
+          threshold: any('55.5')
+          timeAggregation: 'Average'
+        }
+      ]
+      'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
+    }
+    description: ''
+    enabled: true
+    evaluationFrequency: 'PT1M'
+    scopes: [
+      storageAccount.id
+    ]
+    severity: 3
+    targetResourceRegion: ''
+    targetResourceType: ''
+    windowSize: 'PT1H'
+  }
+  tags: {
+    CUSTOMER: 'CUSTOMERx'
+    Example: 'Example123'
+    terraform: 'Coolllll'
+    test: '123'
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
diff --git a/settings/remarks/microsoft.insights/samples/privatelinkscopes/main.bicep b/settings/remarks/microsoft.insights/samples/privatelinkscopes/main.bicep
new file mode 100644
index 00000000..59efc1be
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/privatelinkscopes/main.bicep
@@ -0,0 +1,6 @@
+param resourceName string = 'acctest0001'
+
+resource privateLinkScope 'Microsoft.Insights/privateLinkScopes@2019-10-17-preview' = {
+  name: resourceName
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.insights/samples/privatelinkscopes/scopedresources/main.bicep b/settings/remarks/microsoft.insights/samples/privatelinkscopes/scopedresources/main.bicep
new file mode 100644
index 00000000..05a33bb3
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/privatelinkscopes/scopedresources/main.bicep
@@ -0,0 +1,31 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource component 'Microsoft.Insights/components@2020-02-02' = {
+  name: resourceName
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    DisableIpMasking: false
+    DisableLocalAuth: false
+    ForceCustomerStorageForProfiler: false
+    RetentionInDays: 90
+    SamplingPercentage: 100
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+  }
+}
+
+resource privateLinkScope 'Microsoft.Insights/privateLinkScopes@2019-10-17-preview' = {
+  name: resourceName
+  properties: {}
+}
+
+resource scopedResource 'Microsoft.Insights/privateLinkScopes/scopedResources@2019-10-17-preview' = {
+  parent: privateLinkScope
+  name: resourceName
+  properties: {
+    linkedResourceId: component.id
+  }
+}
diff --git a/settings/remarks/microsoft.insights/samples/scheduledqueryrules/main.bicep b/settings/remarks/microsoft.insights/samples/scheduledqueryrules/main.bicep
new file mode 100644
index 00000000..fae18770
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/scheduledqueryrules/main.bicep
@@ -0,0 +1,50 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource component 'Microsoft.Insights/components@2020-02-02' = {
+  name: resourceName
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    DisableIpMasking: false
+    DisableLocalAuth: false
+    ForceCustomerStorageForProfiler: false
+    RetentionInDays: 90
+    SamplingPercentage: 100
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+  }
+}
+
+resource scheduledQueryRule 'Microsoft.Insights/scheduledQueryRules@2021-08-01' = {
+  name: resourceName
+  location: location
+  kind: 'LogAlert'
+  properties: {
+    autoMitigate: false
+    checkWorkspaceAlertsStorageConfigured: false
+    criteria: {
+      allOf: [
+        {
+          dimensions: null
+          operator: 'Equal'
+          query: ''' requests
+| summarize CountByCountry=count() by client_CountryOrRegion
+'''
+          threshold: 5
+          timeAggregation: 'Count'
+        }
+      ]
+    }
+    enabled: true
+    evaluationFrequency: 'PT5M'
+    scopes: [
+      component.id
+    ]
+    severity: 3
+    skipQueryValidation: false
+    targetResourceTypes: null
+    windowSize: 'PT5M'
+  }
+}
diff --git a/settings/remarks/microsoft.insights/samples/webtests/main.bicep b/settings/remarks/microsoft.insights/samples/webtests/main.bicep
new file mode 100644
index 00000000..072fc674
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/webtests/main.bicep
@@ -0,0 +1,62 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource component 'Microsoft.Insights/components@2020-02-02' = {
+  name: resourceName
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    DisableIpMasking: false
+    DisableLocalAuth: false
+    ForceCustomerStorageForProfiler: false
+    RetentionInDays: 90
+    SamplingPercentage: 100
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+  }
+}
+
+resource webTest 'Microsoft.Insights/webTests@2022-06-15' = {
+  name: resourceName
+  location: location
+  kind: 'standard'
+  properties: {
+    Description: ''
+    Enabled: false
+    Frequency: 300
+    Kind: 'standard'
+    Locations: [
+      {
+        Id: 'us-tx-sn1-azr'
+      }
+    ]
+    Name: 'acctest0001'
+    Request: {
+      FollowRedirects: false
+      Headers: [
+        {
+          key: 'x-header'
+          value: 'testheader'
+        }
+        {
+          key: 'x-header-2'
+          value: 'testheader2'
+        }
+      ]
+      HttpVerb: 'GET'
+      ParseDependentRequests: false
+      RequestUrl: 'http://microsoft.com'
+    }
+    RetryEnabled: false
+    SyntheticMonitorId: 'acctest0001'
+    Timeout: 30
+    ValidationRules: {
+      ExpectedHttpStatusCode: 200
+      SSLCheck: false
+    }
+  }
+  tags: {
+    'hidden-link:azapi_resource.component.id': 'Resource'
+  }
+}
diff --git a/settings/remarks/microsoft.insights/samples/workbooks/main.bicep b/settings/remarks/microsoft.insights/samples/workbooks/main.bicep
new file mode 100644
index 00000000..50f54680
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/workbooks/main.bicep
@@ -0,0 +1,13 @@
+param location string = 'westeurope'
+
+resource workbook 'Microsoft.Insights/workbooks@2022-04-01' = {
+  name: 'be1ad266-d329-4454-b693-8287e4d3b35d'
+  location: location
+  kind: 'shared'
+  properties: {
+    category: 'workbook'
+    displayName: 'acctest-amw-230630032616547405'
+    serializedData: '{"fallbackResourceIds":["Azure Monitor"],"isLocked":false,"items":[{"content":{"json":"Test2022"},"name":"text - 0","type":1}],"version":"Notebook/1.0"}'
+    sourceId: 'azure monitor'
+  }
+}
diff --git a/settings/remarks/microsoft.insights/samples/workbooktemplates/main.bicep b/settings/remarks/microsoft.insights/samples/workbooktemplates/main.bicep
new file mode 100644
index 00000000..5538419d
--- /dev/null
+++ b/settings/remarks/microsoft.insights/samples/workbooktemplates/main.bicep
@@ -0,0 +1,36 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource workbookTemplate 'Microsoft.Insights/workbookTemplates@2020-11-20' = {
+  name: resourceName
+  location: location
+  properties: {
+    galleries: [
+      {
+        category: 'workbook'
+        name: 'test'
+        order: 0
+        resourceType: 'Azure Monitor'
+        type: 'workbook'
+      }
+    ]
+    priority: 0
+    templateData: {
+      '$schema': 'https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json'
+      items: [
+        {
+          content: {
+            json: '''## New workbook
+---
+
+Welcome to your new workbook.'''
+          }
+          name: 'text - 2'
+          type: 1
+        }
+      ]
+      styleSettings: {}
+      version: 'Notebook/1.0'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.iotcentral/remarks.json b/settings/remarks/microsoft.iotcentral/remarks.json
index 5f5b47ac..649fb3d8 100644
--- a/settings/remarks/microsoft.iotcentral/remarks.json
+++ b/settings/remarks/microsoft.iotcentral/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/iotapps/main.tf",
       "Description": "A basic example of deploying IotCentral Application."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.IoTCentral/iotApps",
+      "Path": "samples/iotapps/main.bicep",
+      "Description": "A basic example of deploying IotCentral Application."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.iotcentral/samples/iotapps/main.bicep b/settings/remarks/microsoft.iotcentral/samples/iotapps/main.bicep
new file mode 100644
index 00000000..464310e5
--- /dev/null
+++ b/settings/remarks/microsoft.iotcentral/samples/iotapps/main.bicep
@@ -0,0 +1,16 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource iotApp 'Microsoft.IoTCentral/iotApps@2021-11-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    displayName: 'acctest0001'
+    publicNetworkAccess: 'Enabled'
+    subdomain: 'subdomain-2306300333537'
+    template: 'iotc-pnp-preview@1.0.0'
+  }
+  sku: {
+    name: 'ST1'
+  }
+}
diff --git a/settings/remarks/microsoft.keyvault/remarks.json b/settings/remarks/microsoft.keyvault/remarks.json
index 282129e0..5d5a2f7b 100644
--- a/settings/remarks/microsoft.keyvault/remarks.json
+++ b/settings/remarks/microsoft.keyvault/remarks.json
@@ -36,5 +36,32 @@
       "Path": "samples/vaults/secrets/main.tf",
       "Description": "A basic example of deploying Key Vault Secrets."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.KeyVault/managedHSMs",
+      "Path": "samples/managedhsms/main.bicep",
+      "Description": "A basic example of deploying Key Vault Managed Hardware Security Module."
+    },
+    {
+      "ResourceType": "Microsoft.KeyVault/vaults",
+      "Path": "samples/vaults/main.bicep",
+      "Description": "A basic example of deploying Key Vault."
+    },
+    {
+      "ResourceType": "Microsoft.KeyVault/vaults/accessPolicies",
+      "Path": "samples/vaults/accesspolicies/main.bicep",
+      "Description": "A basic example of deploying Key Vault Access Policies."
+    },
+    {
+      "ResourceType": "Microsoft.KeyVault/vaults/keys",
+      "Path": "samples/vaults/keys/main.bicep",
+      "Description": "A basic example of deploying Key Vault Keys."
+    },
+    {
+      "ResourceType": "Microsoft.KeyVault/vaults/secrets",
+      "Path": "samples/vaults/secrets/main.bicep",
+      "Description": "A basic example of deploying Key Vault Secrets."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.keyvault/samples/managedhsms/main.bicep b/settings/remarks/microsoft.keyvault/samples/managedhsms/main.bicep
new file mode 100644
index 00000000..bed18d28
--- /dev/null
+++ b/settings/remarks/microsoft.keyvault/samples/managedhsms/main.bicep
@@ -0,0 +1,21 @@
+param location string = 'westeurope'
+
+resource managedHSM 'Microsoft.KeyVault/managedHSMs@2021-10-01' = {
+  name: 'kvHsm230630033342437496'
+  location: location
+  properties: {
+    createMode: 'default'
+    enablePurgeProtection: false
+    enableSoftDelete: true
+    initialAdminObjectIds: [
+      deployer().objectId
+    ]
+    publicNetworkAccess: 'Enabled'
+    softDeleteRetentionInDays: 90
+    tenantId: deployer().tenantId
+  }
+  sku: {
+    family: 'B'
+    name: 'Standard_B1'
+  }
+}
diff --git a/settings/remarks/microsoft.keyvault/samples/vaults/accesspolicies/main.bicep b/settings/remarks/microsoft.keyvault/samples/vaults/accesspolicies/main.bicep
new file mode 100644
index 00000000..439d976c
--- /dev/null
+++ b/settings/remarks/microsoft.keyvault/samples/vaults/accesspolicies/main.bicep
@@ -0,0 +1,41 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource vault 'Microsoft.KeyVault/vaults@2023-02-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    accessPolicies: []
+    enableSoftDelete: true
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    tenantId: deployer().tenantId
+  }
+}
+
+resource putAccesspolicy 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = {
+  parent: vault
+  name: 'add'
+  properties: {
+    accessPolicies: [
+      {
+        objectId: deployer().objectId
+        permissions: {
+          certificates: [
+            'ManageContacts'
+          ]
+          keys: [
+            'Create'
+          ]
+          secrets: [
+            'Set'
+          ]
+          storage: []
+        }
+        tenantId: deployer().tenantId
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.keyvault/samples/vaults/keys/main.bicep b/settings/remarks/microsoft.keyvault/samples/vaults/keys/main.bicep
new file mode 100644
index 00000000..01dbf532
--- /dev/null
+++ b/settings/remarks/microsoft.keyvault/samples/vaults/keys/main.bicep
@@ -0,0 +1,74 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource vault 'Microsoft.KeyVault/vaults@2023-02-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    accessPolicies: []
+    enablePurgeProtection: true
+    enableSoftDelete: true
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    tenantId: deployer().tenantId
+  }
+}
+
+resource putAccesspolicy 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = {
+  parent: vault
+  name: 'add'
+  properties: {
+    accessPolicies: [
+      {
+        objectId: deployer().objectId
+        permissions: {
+          certificates: [
+            'ManageContacts'
+          ]
+          keys: [
+            'Get'
+            'Create'
+            'Delete'
+            'List'
+            'Restore'
+            'Recover'
+            'UnwrapKey'
+            'WrapKey'
+            'Purge'
+            'Encrypt'
+            'Decrypt'
+            'Sign'
+            'Verify'
+          ]
+          secrets: [
+            'Get'
+          ]
+          storage: []
+        }
+        tenantId: deployer().tenantId
+      }
+    ]
+  }
+}
+
+resource putKey 'Microsoft.KeyVault/vaults/keys@2023-02-01' = {
+  parent: vault
+  name: resourceName
+  properties: {
+    keyOps: [
+      'encrypt'
+      'decrypt'
+      'sign'
+      'verify'
+      'wrapKey'
+      'unwrapKey'
+    ]
+    keySize: 2048
+    kty: 'RSA'
+  }
+  dependsOn: [
+    putAccesspolicy
+  ]
+}
diff --git a/settings/remarks/microsoft.keyvault/samples/vaults/main.bicep b/settings/remarks/microsoft.keyvault/samples/vaults/main.bicep
new file mode 100644
index 00000000..dbd1ed80
--- /dev/null
+++ b/settings/remarks/microsoft.keyvault/samples/vaults/main.bicep
@@ -0,0 +1,40 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource vault 'Microsoft.KeyVault/vaults@2021-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    accessPolicies: [
+      {
+        objectId: deployer().objectId
+        permissions: {
+          certificates: [
+            'ManageContacts'
+          ]
+          keys: [
+            'Create'
+          ]
+          secrets: [
+            'Set'
+          ]
+          storage: []
+        }
+        tenantId: deployer().tenantId
+      }
+    ]
+    createMode: 'default'
+    enableRbacAuthorization: false
+    enableSoftDelete: true
+    enabledForDeployment: false
+    enabledForDiskEncryption: false
+    enabledForTemplateDeployment: false
+    publicNetworkAccess: 'Enabled'
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    softDeleteRetentionInDays: 7
+    tenantId: deployer().tenantId
+  }
+}
diff --git a/settings/remarks/microsoft.keyvault/samples/vaults/secrets/main.bicep b/settings/remarks/microsoft.keyvault/samples/vaults/secrets/main.bicep
new file mode 100644
index 00000000..a761e6f5
--- /dev/null
+++ b/settings/remarks/microsoft.keyvault/samples/vaults/secrets/main.bicep
@@ -0,0 +1,24 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource vault 'Microsoft.KeyVault/vaults@2023-02-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    accessPolicies: []
+    enableSoftDelete: true
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    tenantId: deployer().tenantId
+  }
+}
+
+resource putSecret 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
+  parent: vault
+  name: resourceName
+  properties: {
+    value: 'szechuan'
+  }
+}
diff --git a/settings/remarks/microsoft.kubernetes/remarks.json b/settings/remarks/microsoft.kubernetes/remarks.json
index adee9dff..b1b54ba8 100644
--- a/settings/remarks/microsoft.kubernetes/remarks.json
+++ b/settings/remarks/microsoft.kubernetes/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/connectedclusters/main.tf",
       "Description": "A basic example of deploying Arc Kubernetes Cluster."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Kubernetes/connectedClusters",
+      "Path": "samples/connectedclusters/main.bicep",
+      "Description": "A basic example of deploying Arc Kubernetes Cluster."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.kubernetes/samples/connectedclusters/main.bicep b/settings/remarks/microsoft.kubernetes/samples/connectedclusters/main.bicep
new file mode 100644
index 00000000..c92ee190
--- /dev/null
+++ b/settings/remarks/microsoft.kubernetes/samples/connectedclusters/main.bicep
@@ -0,0 +1,14 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource connectedCluster 'Microsoft.Kubernetes/connectedClusters@2024-01-01' = {
+  name: '${resourceName}-cc'
+  location: location
+  kind: 'ProvisionedCluster'
+  properties: {
+    agentPublicKeyCertificate: ''
+    arcAgentProfile: {
+      agentAutoUpgrade: 'Enabled'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.kubernetesconfiguration/remarks.json b/settings/remarks/microsoft.kubernetesconfiguration/remarks.json
index 2d0dbd74..89630074 100644
--- a/settings/remarks/microsoft.kubernetesconfiguration/remarks.json
+++ b/settings/remarks/microsoft.kubernetesconfiguration/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/fluxconfigurations/main.tf",
       "Description": "A basic example of deploying Kubernetes Flux Configuration."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.KubernetesConfiguration/extensions",
+      "Path": "samples/extensions/main.bicep",
+      "Description": "A basic example of deploying Kubernetes Cluster Extension."
+    },
+    {
+      "ResourceType": "Microsoft.KubernetesConfiguration/fluxConfigurations",
+      "Path": "samples/fluxconfigurations/main.bicep",
+      "Description": "A basic example of deploying Kubernetes Flux Configuration."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.kubernetesconfiguration/samples/extensions/main.bicep b/settings/remarks/microsoft.kubernetesconfiguration/samples/extensions/main.bicep
new file mode 100644
index 00000000..f3c96a80
--- /dev/null
+++ b/settings/remarks/microsoft.kubernetesconfiguration/samples/extensions/main.bicep
@@ -0,0 +1,27 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource extension 'Microsoft.KubernetesConfiguration/extensions@2022-11-01' = {
+  scope: managedCluster
+  name: resourceName
+  properties: {
+    autoUpgradeMinorVersion: true
+    extensionType: 'microsoft.flux'
+  }
+}
+
+resource managedCluster 'Microsoft.ContainerService/managedClusters@2023-04-02-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    agentPoolProfiles: [
+      {
+        count: 1
+        mode: 'System'
+        name: 'default'
+        vmSize: 'Standard_DS2_v2'
+      }
+    ]
+    dnsPrefix: 'acctest0001'
+  }
+}
diff --git a/settings/remarks/microsoft.kubernetesconfiguration/samples/fluxconfigurations/main.bicep b/settings/remarks/microsoft.kubernetesconfiguration/samples/fluxconfigurations/main.bicep
new file mode 100644
index 00000000..342721d7
--- /dev/null
+++ b/settings/remarks/microsoft.kubernetesconfiguration/samples/fluxconfigurations/main.bicep
@@ -0,0 +1,70 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource extension 'Microsoft.KubernetesConfiguration/extensions@2022-11-01' = {
+  scope: managedCluster
+  name: resourceName
+  properties: {
+    autoUpgradeMinorVersion: true
+    extensionType: 'microsoft.flux'
+  }
+}
+
+resource fluxConfiguration 'Microsoft.KubernetesConfiguration/fluxConfigurations@2022-03-01' = {
+  scope: managedCluster
+  name: resourceName
+  properties: {
+    gitRepository: {
+      repositoryRef: {
+        branch: 'branch'
+      }
+      syncIntervalInSeconds: 120
+      timeoutInSeconds: 120
+      url: 'https://github.com/Azure/arc-k8s-demo'
+    }
+    kustomizations: {
+      applications: {
+        dependsOn: [
+          'shared'
+        ]
+        force: false
+        path: 'cluster-config/applications'
+        prune: false
+        retryIntervalInSeconds: 60
+        syncIntervalInSeconds: 60
+        timeoutInSeconds: 600
+      }
+      shared: {
+        force: false
+        path: 'cluster-config/shared'
+        prune: false
+        retryIntervalInSeconds: 60
+        syncIntervalInSeconds: 60
+        timeoutInSeconds: 600
+      }
+    }
+    namespace: 'flux-system'
+    scope: 'cluster'
+    sourceKind: 'GitRepository'
+    suspend: false
+  }
+  dependsOn: [
+    extension
+  ]
+}
+
+resource managedCluster 'Microsoft.ContainerService/managedClusters@2023-04-02-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    agentPoolProfiles: [
+      {
+        count: 1
+        mode: 'System'
+        name: 'default'
+        vmSize: 'Standard_DS2_v2'
+      }
+    ]
+    dnsPrefix: 'acctest0001'
+  }
+}
diff --git a/settings/remarks/microsoft.kusto/remarks.json b/settings/remarks/microsoft.kusto/remarks.json
index 13380998..9a7774ad 100644
--- a/settings/remarks/microsoft.kusto/remarks.json
+++ b/settings/remarks/microsoft.kusto/remarks.json
@@ -46,5 +46,37 @@
       "Path": "samples/clusters/principalassignments/main.tf",
       "Description": "A basic example of deploying Kusto Cluster Principal Assignment."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Kusto/clusters",
+      "Path": "samples/clusters/main.bicep",
+      "Description": "A basic example of deploying Kusto (also known as Azure Data Explorer) Cluster."
+    },
+    {
+      "ResourceType": "Microsoft.Kusto/clusters/databases",
+      "Path": "samples/clusters/databases/main.bicep",
+      "Description": "A basic example of deploying Kusto / Data Explorer Database."
+    },
+    {
+      "ResourceType": "Microsoft.Kusto/clusters/databases/principalAssignments",
+      "Path": "samples/clusters/databases/principalassignments/main.bicep",
+      "Description": "A basic example of deploying Kusto / Data Explorer Database Principal Assignment."
+    },
+    {
+      "ResourceType": "Microsoft.Kusto/clusters/databases/scripts",
+      "Path": "samples/clusters/databases/scripts/main.bicep",
+      "Description": "A basic example of deploying Kusto Script."
+    },
+    {
+      "ResourceType": "Microsoft.Kusto/clusters/managedPrivateEndpoints",
+      "Path": "samples/clusters/managedprivateendpoints/main.bicep",
+      "Description": "A basic example of deploying Managed Private Endpoint for a Kusto Cluster."
+    },
+    {
+      "ResourceType": "Microsoft.Kusto/clusters/principalAssignments",
+      "Path": "samples/clusters/principalassignments/main.bicep",
+      "Description": "A basic example of deploying Kusto Cluster Principal Assignment."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.kusto/samples/clusters/databases/main.bicep b/settings/remarks/microsoft.kusto/samples/clusters/databases/main.bicep
new file mode 100644
index 00000000..e7f447c8
--- /dev/null
+++ b/settings/remarks/microsoft.kusto/samples/clusters/databases/main.bicep
@@ -0,0 +1,32 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource cluster 'Microsoft.Kusto/clusters@2023-05-02' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAutoStop: true
+    enableDiskEncryption: false
+    enableDoubleEncryption: false
+    enablePurge: false
+    enableStreamingIngest: false
+    engineType: 'V2'
+    publicIPType: 'IPv4'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    trustedExternalTenants: []
+  }
+  sku: {
+    capacity: 1
+    name: 'Dev(No SLA)_Standard_D11_v2'
+    tier: 'Basic'
+  }
+}
+
+resource database 'Microsoft.Kusto/clusters/databases@2023-05-02' = {
+  parent: cluster
+  name: resourceName
+  location: location
+  kind: 'ReadWrite'
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.kusto/samples/clusters/databases/principalassignments/main.bicep b/settings/remarks/microsoft.kusto/samples/clusters/databases/principalassignments/main.bicep
new file mode 100644
index 00000000..fd2d641b
--- /dev/null
+++ b/settings/remarks/microsoft.kusto/samples/clusters/databases/principalassignments/main.bicep
@@ -0,0 +1,43 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource cluster 'Microsoft.Kusto/clusters@2023-05-02' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAutoStop: true
+    enableDiskEncryption: false
+    enableDoubleEncryption: false
+    enablePurge: false
+    enableStreamingIngest: false
+    engineType: 'V2'
+    publicIPType: 'IPv4'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    trustedExternalTenants: []
+  }
+  sku: {
+    capacity: 1
+    name: 'Dev(No SLA)_Standard_D11_v2'
+    tier: 'Basic'
+  }
+}
+
+resource database 'Microsoft.Kusto/clusters/databases@2023-05-02' = {
+  parent: cluster
+  name: resourceName
+  location: location
+  kind: 'ReadWrite'
+  properties: {}
+}
+
+resource principalAssignment 'Microsoft.Kusto/clusters/databases/principalAssignments@2023-05-02' = {
+  parent: database
+  name: resourceName
+  properties: {
+    principalId: deployer().objectId
+    principalType: 'App'
+    role: 'Viewer'
+    tenantId: deployer().tenantId
+  }
+}
diff --git a/settings/remarks/microsoft.kusto/samples/clusters/databases/scripts/main.bicep b/settings/remarks/microsoft.kusto/samples/clusters/databases/scripts/main.bicep
new file mode 100644
index 00000000..de6d36b8
--- /dev/null
+++ b/settings/remarks/microsoft.kusto/samples/clusters/databases/scripts/main.bicep
@@ -0,0 +1,51 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource cluster 'Microsoft.Kusto/clusters@2023-05-02' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAutoStop: true
+    enableDiskEncryption: false
+    enableDoubleEncryption: false
+    enablePurge: false
+    enableStreamingIngest: false
+    engineType: 'V2'
+    publicIPType: 'IPv4'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    trustedExternalTenants: []
+  }
+  sku: {
+    capacity: 1
+    name: 'Dev(No SLA)_Standard_D11_v2'
+    tier: 'Basic'
+  }
+}
+
+resource database 'Microsoft.Kusto/clusters/databases@2023-05-02' = {
+  parent: cluster
+  name: resourceName
+  location: location
+  kind: 'ReadWrite'
+  properties: {}
+}
+
+resource script 'Microsoft.Kusto/clusters/databases/scripts@2023-05-02' = {
+  parent: database
+  name: 'create-table-script'
+  properties: {
+    continueOnErrors: false
+    forceUpdateTag: '9e2e7874-aa37-7041-81b7-06397f03a37d'
+    scriptContent: '''.create table TestTable(Id:string, Name:string, _ts:long, _timestamp:datetime)
+.create table TestTable ingestion json mapping "TestMapping"
+''[''
+''    {"column":"Id","path":"$.id"},''
+''    {"column":"Name","path":"$.name"},''
+''    {"column":"_ts","path":"$._ts"},''
+''    {"column":"_timestamp","path":"$._ts", "transform":"DateTimeFromUnixSeconds"}''
+'']''
+.alter table TestTable policy ingestionbatching "{''MaximumBatchingTimeSpan'': ''0:0:10'', ''MaximumNumberOfItems'': 10000}"
+'''
+  }
+}
diff --git a/settings/remarks/microsoft.kusto/samples/clusters/main.bicep b/settings/remarks/microsoft.kusto/samples/clusters/main.bicep
new file mode 100644
index 00000000..1a464e0e
--- /dev/null
+++ b/settings/remarks/microsoft.kusto/samples/clusters/main.bicep
@@ -0,0 +1,24 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource cluster 'Microsoft.Kusto/clusters@2023-05-02' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAutoStop: true
+    enableDiskEncryption: false
+    enableDoubleEncryption: false
+    enablePurge: false
+    enableStreamingIngest: false
+    engineType: 'V2'
+    publicIPType: 'IPv4'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    trustedExternalTenants: []
+  }
+  sku: {
+    capacity: 1
+    name: 'Dev(No SLA)_Standard_D11_v2'
+    tier: 'Basic'
+  }
+}
diff --git a/settings/remarks/microsoft.kusto/samples/clusters/managedprivateendpoints/main.bicep b/settings/remarks/microsoft.kusto/samples/clusters/managedprivateendpoints/main.bicep
new file mode 100644
index 00000000..d595fe4c
--- /dev/null
+++ b/settings/remarks/microsoft.kusto/samples/clusters/managedprivateendpoints/main.bicep
@@ -0,0 +1,69 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource cluster 'Microsoft.Kusto/clusters@2023-05-02' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAutoStop: true
+    enableDiskEncryption: false
+    enableDoubleEncryption: false
+    enablePurge: false
+    enableStreamingIngest: false
+    engineType: 'V2'
+    publicIPType: 'IPv4'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    trustedExternalTenants: []
+  }
+  sku: {
+    capacity: 1
+    name: 'Dev(No SLA)_Standard_D11_v2'
+    tier: 'Basic'
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource managedPrivateEndpoint 'Microsoft.Kusto/clusters/managedPrivateEndpoints@2023-05-02' = {
+  parent: cluster
+  name: resourceName
+  properties: {
+    groupId: 'blob'
+    privateLinkResourceId: storageAccount.id
+  }
+}
diff --git a/settings/remarks/microsoft.kusto/samples/clusters/principalassignments/main.bicep b/settings/remarks/microsoft.kusto/samples/clusters/principalassignments/main.bicep
new file mode 100644
index 00000000..bfe0741d
--- /dev/null
+++ b/settings/remarks/microsoft.kusto/samples/clusters/principalassignments/main.bicep
@@ -0,0 +1,35 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource cluster 'Microsoft.Kusto/clusters@2023-05-02' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAutoStop: true
+    enableDiskEncryption: false
+    enableDoubleEncryption: false
+    enablePurge: false
+    enableStreamingIngest: false
+    engineType: 'V2'
+    publicIPType: 'IPv4'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    trustedExternalTenants: []
+  }
+  sku: {
+    capacity: 1
+    name: 'Dev(No SLA)_Standard_D11_v2'
+    tier: 'Basic'
+  }
+}
+
+resource principalAssignment 'Microsoft.Kusto/clusters/principalAssignments@2023-05-02' = {
+  parent: cluster
+  name: resourceName
+  properties: {
+    principalId: deployer().objectId
+    principalType: 'App'
+    role: 'AllDatabasesViewer'
+    tenantId: deployer().tenantId
+  }
+}
diff --git a/settings/remarks/microsoft.labservices/remarks.json b/settings/remarks/microsoft.labservices/remarks.json
index e9b59a2a..979ccf67 100644
--- a/settings/remarks/microsoft.labservices/remarks.json
+++ b/settings/remarks/microsoft.labservices/remarks.json
@@ -21,5 +21,27 @@
       "Path": "samples/labs/users/main.tf",
       "Description": "A basic example of deploying Lab Services Labs Users."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.LabServices/labPlans",
+      "Path": "samples/labplans/main.bicep",
+      "Description": "A basic example of deploying Lab Services Lab Plans."
+    },
+    {
+      "ResourceType": "Microsoft.LabServices/labs",
+      "Path": "samples/labs/main.bicep",
+      "Description": "A basic example of deploying Lab Services Labs."
+    },
+    {
+      "ResourceType": "Microsoft.LabServices/labs/schedules",
+      "Path": "samples/labs/schedules/main.bicep",
+      "Description": "A basic example of deploying Lab Services Labs Schedules."
+    },
+    {
+      "ResourceType": "Microsoft.LabServices/labs/users",
+      "Path": "samples/labs/users/main.bicep",
+      "Description": "A basic example of deploying Lab Services Labs Users."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.labservices/samples/labplans/main.bicep b/settings/remarks/microsoft.labservices/samples/labplans/main.bicep
new file mode 100644
index 00000000..8b9e5b62
--- /dev/null
+++ b/settings/remarks/microsoft.labservices/samples/labplans/main.bicep
@@ -0,0 +1,12 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource labPlan 'Microsoft.LabServices/labPlans@2022-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    allowedRegions: [
+      'westeurope'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.labservices/samples/labs/main.bicep b/settings/remarks/microsoft.labservices/samples/labs/main.bicep
new file mode 100644
index 00000000..16a69b18
--- /dev/null
+++ b/settings/remarks/microsoft.labservices/samples/labs/main.bicep
@@ -0,0 +1,49 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the lab virtual machine')
+param adminPassword string
+
+resource lab 'Microsoft.LabServices/labs@2022-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    autoShutdownProfile: {
+      shutdownOnDisconnect: 'Disabled'
+      shutdownOnIdle: 'None'
+      shutdownWhenNotConnected: 'Disabled'
+    }
+    connectionProfile: {
+      clientRdpAccess: 'None'
+      clientSshAccess: 'None'
+      webRdpAccess: 'None'
+      webSshAccess: 'None'
+    }
+    securityProfile: {
+      openAccess: 'Disabled'
+    }
+    title: 'Test Title'
+    virtualMachineProfile: {
+      additionalCapabilities: {
+        installGpuDrivers: 'Disabled'
+      }
+      adminUser: {
+        password: null
+        username: 'testadmin'
+      }
+      createOption: 'Image'
+      imageReference: {
+        offer: '0001-com-ubuntu-server-focal'
+        publisher: 'canonical'
+        sku: '20_04-lts'
+        version: 'latest'
+      }
+      sku: {
+        capacity: 1
+        name: 'Classic_Fsv2_2_4GB_128_S_SSD'
+      }
+      usageQuota: 'PT0S'
+      useSharedPassword: 'Disabled'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.labservices/samples/labs/schedules/main.bicep b/settings/remarks/microsoft.labservices/samples/labs/schedules/main.bicep
new file mode 100644
index 00000000..2794d8e2
--- /dev/null
+++ b/settings/remarks/microsoft.labservices/samples/labs/schedules/main.bicep
@@ -0,0 +1,58 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the lab virtual machine')
+param adminPassword string
+
+resource lab 'Microsoft.LabServices/labs@2022-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    autoShutdownProfile: {
+      shutdownOnDisconnect: 'Disabled'
+      shutdownOnIdle: 'None'
+      shutdownWhenNotConnected: 'Disabled'
+    }
+    connectionProfile: {
+      clientRdpAccess: 'None'
+      clientSshAccess: 'None'
+      webRdpAccess: 'None'
+      webSshAccess: 'None'
+    }
+    securityProfile: {
+      openAccess: 'Disabled'
+    }
+    title: 'Test Title'
+    virtualMachineProfile: {
+      additionalCapabilities: {
+        installGpuDrivers: 'Disabled'
+      }
+      adminUser: {
+        password: null
+        username: 'testadmin'
+      }
+      createOption: 'Image'
+      imageReference: {
+        offer: '0001-com-ubuntu-server-focal'
+        publisher: 'canonical'
+        sku: '20_04-lts'
+        version: 'latest'
+      }
+      sku: {
+        capacity: 1
+        name: 'Classic_Fsv2_2_4GB_128_S_SSD'
+      }
+      usageQuota: 'PT0S'
+      useSharedPassword: 'Disabled'
+    }
+  }
+}
+
+resource schedule 'Microsoft.LabServices/labs/schedules@2022-08-01' = {
+  parent: lab
+  name: resourceName
+  properties: {
+    stopAt: '2023-06-30T04:33:55Z'
+    timeZoneId: 'America/Los_Angeles'
+  }
+}
diff --git a/settings/remarks/microsoft.labservices/samples/labs/users/main.bicep b/settings/remarks/microsoft.labservices/samples/labs/users/main.bicep
new file mode 100644
index 00000000..9453127f
--- /dev/null
+++ b/settings/remarks/microsoft.labservices/samples/labs/users/main.bicep
@@ -0,0 +1,58 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the lab virtual machine')
+param adminPassword string
+
+resource lab 'Microsoft.LabServices/labs@2022-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    autoShutdownProfile: {
+      shutdownOnDisconnect: 'Disabled'
+      shutdownOnIdle: 'None'
+      shutdownWhenNotConnected: 'Disabled'
+    }
+    connectionProfile: {
+      clientRdpAccess: 'None'
+      clientSshAccess: 'None'
+      webRdpAccess: 'None'
+      webSshAccess: 'None'
+    }
+    securityProfile: {
+      openAccess: 'Disabled'
+    }
+    title: 'Test Title'
+    virtualMachineProfile: {
+      additionalCapabilities: {
+        installGpuDrivers: 'Disabled'
+      }
+      adminUser: {
+        password: null
+        username: 'testadmin'
+      }
+      createOption: 'Image'
+      imageReference: {
+        offer: '0001-com-ubuntu-server-focal'
+        publisher: 'canonical'
+        sku: '20_04-lts'
+        version: 'latest'
+      }
+      sku: {
+        capacity: 1
+        name: 'Classic_Fsv2_2_4GB_128_S_SSD'
+      }
+      usageQuota: 'PT0S'
+      useSharedPassword: 'Disabled'
+    }
+  }
+}
+
+resource user 'Microsoft.LabServices/labs/users@2022-08-01' = {
+  parent: lab
+  name: resourceName
+  properties: {
+    additionalUsageQuota: 'PT0S'
+    email: 'terraform-acctest@hashicorp.com'
+  }
+}
diff --git a/settings/remarks/microsoft.loadtestservice/remarks.json b/settings/remarks/microsoft.loadtestservice/remarks.json
index d26d8ad9..a1bd1429 100644
--- a/settings/remarks/microsoft.loadtestservice/remarks.json
+++ b/settings/remarks/microsoft.loadtestservice/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/loadtests/main.tf",
       "Description": "A basic example of deploying Load Test."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.LoadTestService/loadTests",
+      "Path": "samples/loadtests/main.bicep",
+      "Description": "A basic example of deploying Load Test."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.loadtestservice/samples/loadtests/main.bicep b/settings/remarks/microsoft.loadtestservice/samples/loadtests/main.bicep
new file mode 100644
index 00000000..8e9482ee
--- /dev/null
+++ b/settings/remarks/microsoft.loadtestservice/samples/loadtests/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource loadTest 'Microsoft.LoadTestService/loadTests@2022-12-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: 'This is new load test'
+  }
+}
diff --git a/settings/remarks/microsoft.logic/remarks.json b/settings/remarks/microsoft.logic/remarks.json
index 7bc5213f..55e6d724 100644
--- a/settings/remarks/microsoft.logic/remarks.json
+++ b/settings/remarks/microsoft.logic/remarks.json
@@ -46,5 +46,52 @@
       "Path": "samples/workflows/main.tf",
       "Description": "A basic example of deploying Logic App Workflow."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Logic/integrationAccounts",
+      "Path": "samples/integrationaccounts/main.bicep",
+      "Description": "A basic example of deploying Logic App Integration Account."
+    },
+    {
+      "ResourceType": "Microsoft.Logic/integrationAccounts/agreements",
+      "Path": "samples/integrationaccounts/agreements/main.bicep",
+      "Description": "A basic example of deploying Logic App Integration Account Agreement."
+    },
+    {
+      "ResourceType": "Microsoft.Logic/integrationAccounts/assemblies",
+      "Path": "samples/integrationaccounts/assemblies/main.bicep",
+      "Description": "A basic example of deploying Logic App Integration Account Assembly."
+    },
+    {
+      "ResourceType": "Microsoft.Logic/integrationAccounts/batchConfigurations",
+      "Path": "samples/integrationaccounts/batchconfigurations/main.bicep",
+      "Description": "A basic example of deploying Logic App Integration Account Batch Configuration."
+    },
+    {
+      "ResourceType": "Microsoft.Logic/integrationAccounts/maps",
+      "Path": "samples/integrationaccounts/maps/main.bicep",
+      "Description": "A basic example of deploying Logic App Integration Account Map."
+    },
+    {
+      "ResourceType": "Microsoft.Logic/integrationAccounts/partners",
+      "Path": "samples/integrationaccounts/partners/main.bicep",
+      "Description": "A basic example of deploying Logic App Integration Account Partner."
+    },
+    {
+      "ResourceType": "Microsoft.Logic/integrationAccounts/schemas",
+      "Path": "samples/integrationaccounts/schemas/main.bicep",
+      "Description": "A basic example of deploying Logic App Integration Account Schema."
+    },
+    {
+      "ResourceType": "Microsoft.Logic/integrationAccounts/sessions",
+      "Path": "samples/integrationaccounts/sessions/main.bicep",
+      "Description": "A basic example of deploying Logic App Integration Account Session."
+    },
+    {
+      "ResourceType": "Microsoft.Logic/workflows",
+      "Path": "samples/workflows/main.bicep",
+      "Description": "A basic example of deploying Logic App Workflow."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.logic/samples/integrationaccounts/agreements/main.bicep b/settings/remarks/microsoft.logic/samples/integrationaccounts/agreements/main.bicep
new file mode 100644
index 00000000..21d7e4b9
--- /dev/null
+++ b/settings/remarks/microsoft.logic/samples/integrationaccounts/agreements/main.bicep
@@ -0,0 +1,199 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource integrationAccount 'Microsoft.Logic/integrationAccounts@2019-05-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource agreement 'Microsoft.Logic/integrationAccounts/agreements@2019-05-01' = {
+  parent: integrationAccount
+  name: resourceName
+  properties: {
+    agreementType: 'AS2'
+    content: {
+      aS2: {
+        receiveAgreement: {
+          protocolSettings: {
+            acknowledgementConnectionSettings: {
+              ignoreCertificateNameMismatch: false
+              keepHttpConnectionAlive: false
+              supportHttpStatusCodeContinue: false
+              unfoldHttpHeaders: false
+            }
+            envelopeSettings: {
+              autogenerateFileName: false
+              fileNameTemplate: '%FILE().ReceivedFileName%'
+              messageContentType: 'text/plain'
+              suspendMessageOnFileNameGenerationError: true
+              transmitFileNameInMimeHeader: false
+            }
+            errorSettings: {
+              resendIfMDNNotReceived: false
+              suspendDuplicateMessage: false
+            }
+            mdnSettings: {
+              dispositionNotificationTo: 'http://localhost'
+              micHashingAlgorithm: 'SHA1'
+              needMDN: false
+              sendInboundMDNToMessageBox: true
+              sendMDNAsynchronously: false
+              signMDN: false
+              signOutboundMDNIfOptional: false
+            }
+            messageConnectionSettings: {
+              ignoreCertificateNameMismatch: false
+              keepHttpConnectionAlive: true
+              supportHttpStatusCodeContinue: true
+              unfoldHttpHeaders: true
+            }
+            securitySettings: {
+              enableNRRForInboundDecodedMessages: false
+              enableNRRForInboundEncodedMessages: false
+              enableNRRForInboundMDN: false
+              enableNRRForOutboundDecodedMessages: false
+              enableNRRForOutboundEncodedMessages: false
+              enableNRRForOutboundMDN: false
+              overrideGroupSigningCertificate: false
+            }
+            validationSettings: {
+              checkCertificateRevocationListOnReceive: false
+              checkCertificateRevocationListOnSend: false
+              checkDuplicateMessage: false
+              compressMessage: false
+              encryptMessage: false
+              encryptionAlgorithm: 'DES3'
+              interchangeDuplicatesValidityDays: 5
+              overrideMessageProperties: false
+              signMessage: false
+              signingAlgorithm: 'Default'
+            }
+          }
+          receiverBusinessIdentity: {
+            qualifier: 'AS2Identity'
+            value: 'FabrikamNY'
+          }
+          senderBusinessIdentity: {
+            qualifier: 'AS2Identity'
+            value: 'FabrikamDC'
+          }
+        }
+        sendAgreement: {
+          protocolSettings: {
+            acknowledgementConnectionSettings: {
+              ignoreCertificateNameMismatch: false
+              keepHttpConnectionAlive: false
+              supportHttpStatusCodeContinue: false
+              unfoldHttpHeaders: false
+            }
+            envelopeSettings: {
+              autogenerateFileName: false
+              fileNameTemplate: '%FILE().ReceivedFileName%'
+              messageContentType: 'text/plain'
+              suspendMessageOnFileNameGenerationError: true
+              transmitFileNameInMimeHeader: false
+            }
+            errorSettings: {
+              resendIfMDNNotReceived: false
+              suspendDuplicateMessage: false
+            }
+            mdnSettings: {
+              dispositionNotificationTo: 'http://localhost'
+              micHashingAlgorithm: 'SHA1'
+              needMDN: false
+              sendInboundMDNToMessageBox: true
+              sendMDNAsynchronously: false
+              signMDN: false
+              signOutboundMDNIfOptional: false
+            }
+            messageConnectionSettings: {
+              ignoreCertificateNameMismatch: false
+              keepHttpConnectionAlive: true
+              supportHttpStatusCodeContinue: true
+              unfoldHttpHeaders: true
+            }
+            securitySettings: {
+              enableNRRForInboundDecodedMessages: false
+              enableNRRForInboundEncodedMessages: false
+              enableNRRForInboundMDN: false
+              enableNRRForOutboundDecodedMessages: false
+              enableNRRForOutboundEncodedMessages: false
+              enableNRRForOutboundMDN: false
+              overrideGroupSigningCertificate: false
+            }
+            validationSettings: {
+              checkCertificateRevocationListOnReceive: false
+              checkCertificateRevocationListOnSend: false
+              checkDuplicateMessage: false
+              compressMessage: false
+              encryptMessage: false
+              encryptionAlgorithm: 'DES3'
+              interchangeDuplicatesValidityDays: 5
+              overrideMessageProperties: false
+              signMessage: false
+              signingAlgorithm: 'Default'
+            }
+          }
+          receiverBusinessIdentity: {
+            qualifier: 'AS2Identity'
+            value: 'FabrikamDC'
+          }
+          senderBusinessIdentity: {
+            qualifier: 'AS2Identity'
+            value: 'FabrikamNY'
+          }
+        }
+      }
+    }
+    guestIdentity: {
+      qualifier: 'AS2Identity'
+      value: 'FabrikamDC'
+    }
+    guestPartner: partner2.name
+    hostIdentity: {
+      qualifier: 'AS2Identity'
+      value: 'FabrikamNY'
+    }
+    hostPartner: partner.name
+  }
+}
+
+resource partner 'Microsoft.Logic/integrationAccounts/partners@2019-05-01' = {
+  parent: integrationAccount
+  name: resourceName
+  properties: {
+    content: {
+      b2b: {
+        businessIdentities: [
+          {
+            qualifier: 'AS2Identity'
+            value: 'FabrikamNY'
+          }
+        ]
+      }
+    }
+    partnerType: 'B2B'
+  }
+}
+
+resource partner2 'Microsoft.Logic/integrationAccounts/partners@2019-05-01' = {
+  parent: integrationAccount
+  name: '${resourceName}another'
+  properties: {
+    content: {
+      b2b: {
+        businessIdentities: [
+          {
+            qualifier: 'AS2Identity'
+            value: 'FabrikamNY'
+          }
+        ]
+      }
+    }
+    partnerType: 'B2B'
+  }
+}
diff --git a/settings/remarks/microsoft.logic/samples/integrationaccounts/assemblies/main.bicep b/settings/remarks/microsoft.logic/samples/integrationaccounts/assemblies/main.bicep
new file mode 100644
index 00000000..f52d2ca9
--- /dev/null
+++ b/settings/remarks/microsoft.logic/samples/integrationaccounts/assemblies/main.bicep
@@ -0,0 +1,67 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource integrationAccount 'Microsoft.Logic/integrationAccounts@2019-05-01' = {
+  name: '${resourceName}-ia'
+  location: location
+  properties: {}
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' = {
+  name: replace(substring(toLower('${resourceName}sa'), 0, 24), '-', '')
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: false
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    dnsEndpointType: 'Standard'
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isLocalUserEnabled: true
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      bypass: 'AzureServices'
+      defaultAction: 'Allow'
+      ipRules: []
+      resourceAccessRules: []
+      virtualNetworkRules: []
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource assembly 'Microsoft.Logic/integrationAccounts/assemblies@2019-05-01' = {
+  parent: integrationAccount
+  name: '${resourceName}-assembly'
+  properties: {
+    assemblyName: 'TestAssembly2'
+    assemblyVersion: '2.2.2.2'
+    content: 'dGVzdA=='
+    contentType: 'application/octet-stream'
+    metadata: {
+      foo: 'bar2'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.logic/samples/integrationaccounts/batchconfigurations/main.bicep b/settings/remarks/microsoft.logic/samples/integrationaccounts/batchconfigurations/main.bicep
new file mode 100644
index 00000000..ffb5d1cd
--- /dev/null
+++ b/settings/remarks/microsoft.logic/samples/integrationaccounts/batchconfigurations/main.bicep
@@ -0,0 +1,22 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource integrationAccount 'Microsoft.Logic/integrationAccounts@2019-05-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource batchConfiguration 'Microsoft.Logic/integrationAccounts/batchConfigurations@2019-05-01' = {
+  parent: integrationAccount
+  name: resourceName
+  properties: {
+    batchGroupName: 'TestBatchGroup'
+    releaseCriteria: {
+      messageCount: 80
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.logic/samples/integrationaccounts/main.bicep b/settings/remarks/microsoft.logic/samples/integrationaccounts/main.bicep
new file mode 100644
index 00000000..8f755960
--- /dev/null
+++ b/settings/remarks/microsoft.logic/samples/integrationaccounts/main.bicep
@@ -0,0 +1,11 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource integrationAccount 'Microsoft.Logic/integrationAccounts@2019-05-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Basic'
+  }
+}
diff --git a/settings/remarks/microsoft.logic/samples/integrationaccounts/maps/main.bicep b/settings/remarks/microsoft.logic/samples/integrationaccounts/maps/main.bicep
new file mode 100644
index 00000000..5cf9e450
--- /dev/null
+++ b/settings/remarks/microsoft.logic/samples/integrationaccounts/maps/main.bicep
@@ -0,0 +1,91 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource integrationAccount 'Microsoft.Logic/integrationAccounts@2019-05-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Basic'
+  }
+}
+
+resource map 'Microsoft.Logic/integrationAccounts/maps@2019-05-01' = {
+  parent: integrationAccount
+  name: resourceName
+  properties: {
+    content: '''<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+                xmlns:msxsl="urn:schemas-microsoft-com:xslt"
+                xmlns:var="http://schemas.microsoft.com/BizTalk/2003/var"
+                exclude-result-prefixes="msxsl var s0 userCSharp"
+                version="1.0"
+                xmlns:ns0="http://BizTalk_Server_Project4.StringFunctoidsDestinationSchema"
+                xmlns:s0="http://BizTalk_Server_Project4.StringFunctoidsSourceSchema"
+                xmlns:userCSharp="http://schemas.microsoft.com/BizTalk/2003/userCSharp">
+<xsl:import href="http://btsfunctoids.blob.core.windows.net/functoids/functoids.xslt" />
+<xsl:output omit-xml-declaration="yes"
+            method="xml"
+            version="1.0" />
+<xsl:template match="/">
+<xsl:apply-templates select="/s0:Root" />
+</xsl:template>
+<xsl:template match="/s0:Root">
+<xsl:variable name="var:v1"
+              select="userCSharp:StringFind(string(StringFindSource/text()) , &quot;SearchString&quot;)" />
+<xsl:variable name="var:v2"
+              select="userCSharp:StringLeft(string(StringLeftSource/text()) , &quot;2&quot;)" />
+<xsl:variable name="var:v3"
+              select="userCSharp:StringRight(string(StringRightSource/text()) , &quot;2&quot;)" />
+<xsl:variable name="var:v4"
+              select="userCSharp:StringUpperCase(string(UppercaseSource/text()))" />
+<xsl:variable name="var:v5"
+              select="userCSharp:StringLowerCase(string(LowercaseSource/text()))" />
+<xsl:variable name="var:v6"
+              select="userCSharp:StringSize(string(SizeSource/text()))" />
+<xsl:variable name="var:v7"
+              select="userCSharp:StringSubstring(string(StringExtractSource/text()) , &quot;0&quot; , &quot;2&quot;)" />
+<xsl:variable name="var:v8"
+              select="userCSharp:StringConcat(string(StringConcatSource/text()))" />
+<xsl:variable name="var:v9"
+              select="userCSharp:StringTrimLeft(string(StringLeftTrimSource/text()))" />
+<xsl:variable name="var:v10"
+              select="userCSharp:StringTrimRight(string(StringRightTrimSource/text()))" />
+<ns0:Root>
+<StringFindDestination>
+<xsl:value-of select="$var:v1" />
+</StringFindDestination>
+<StringLeftDestination>
+<xsl:value-of select="$var:v2" />
+</StringLeftDestination>
+<StringRightDestination>
+<xsl:value-of select="$var:v3" />
+</StringRightDestination>
+<UppercaseDestination>
+<xsl:value-of select="$var:v4" />
+</UppercaseDestination>
+<LowercaseDestination>
+<xsl:value-of select="$var:v5" />
+</LowercaseDestination>
+<SizeDestination>
+<xsl:value-of select="$var:v6" />
+</SizeDestination>
+<StringExtractDestination>
+<xsl:value-of select="$var:v7" />
+</StringExtractDestination>
+<StringConcatDestination>
+<xsl:value-of select="$var:v8" />
+</StringConcatDestination>
+<StringLeftTrimDestination>
+<xsl:value-of select="$var:v9" />
+</StringLeftTrimDestination>
+<StringRightTrimDestination>
+<xsl:value-of select="$var:v10" />
+</StringRightTrimDestination>
+</ns0:Root>
+</xsl:template>
+</xsl:stylesheet>
+'''
+    contentType: 'application/xml'
+    mapType: 'Xslt'
+  }
+}
diff --git a/settings/remarks/microsoft.logic/samples/integrationaccounts/partners/main.bicep b/settings/remarks/microsoft.logic/samples/integrationaccounts/partners/main.bicep
new file mode 100644
index 00000000..b61925a7
--- /dev/null
+++ b/settings/remarks/microsoft.logic/samples/integrationaccounts/partners/main.bicep
@@ -0,0 +1,29 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource integrationAccount 'Microsoft.Logic/integrationAccounts@2019-05-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource partner 'Microsoft.Logic/integrationAccounts/partners@2019-05-01' = {
+  parent: integrationAccount
+  name: resourceName
+  properties: {
+    content: {
+      b2b: {
+        businessIdentities: [
+          {
+            qualifier: 'AS2Identity'
+            value: 'FabrikamNY'
+          }
+        ]
+      }
+    }
+    partnerType: 'B2B'
+  }
+}
diff --git a/settings/remarks/microsoft.logic/samples/integrationaccounts/schemas/main.bicep b/settings/remarks/microsoft.logic/samples/integrationaccounts/schemas/main.bicep
new file mode 100644
index 00000000..fa4c7780
--- /dev/null
+++ b/settings/remarks/microsoft.logic/samples/integrationaccounts/schemas/main.bicep
@@ -0,0 +1,243 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource integrationAccount 'Microsoft.Logic/integrationAccounts@2019-05-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Basic'
+  }
+}
+
+resource schema 'Microsoft.Logic/integrationAccounts/schemas@2019-05-01' = {
+  parent: integrationAccount
+  name: resourceName
+  properties: {
+    content: '''<xs:schema xmlns:b="http://schemas.microsoft.com/BizTalk/2003"
+           xmlns="http://Inbound_EDI.OrderFile"
+           targetNamespace="http://Inbound_EDI.OrderFile"
+           xmlns:xs="http://www.w3.org/2001/XMLSchema">
+<xs:annotation>
+<xs:appinfo>
+<b:schemaInfo default_pad_char=" "
+              count_positions_by_byte="false"
+              parser_optimization="speed"
+              lookahead_depth="3"
+              suppress_empty_nodes="false"
+              generate_empty_nodes="true"
+              allow_early_termination="false"
+              early_terminate_optional_fields="false"
+              allow_message_breakup_of_infix_root="false"
+              compile_parse_tables="false"
+              standard="Flat File"
+              root_reference="OrderFile" />
+<schemaEditorExtension:schemaInfo namespaceAlias="b"
+                                  extensionClass="Microsoft.BizTalk.FlatFileExtension.FlatFileExtension"
+                                  standardName="Flat File"
+                                  xmlns:schemaEditorExtension="http://schemas.microsoft.com/BizTalk/2003/SchemaEditorExtensions" />
+</xs:appinfo>
+</xs:annotation>
+<xs:element name="OrderFile">
+<xs:annotation>
+<xs:appinfo>
+<b:recordInfo structure="delimited"
+              preserve_delimiter_for_empty_data="true"
+              suppress_trailing_delimiters="false"
+              sequence_number="1" />
+</xs:appinfo>
+</xs:annotation>
+<xs:complexType>
+<xs:sequence>
+<xs:annotation>
+<xs:appinfo>
+<b:groupInfo sequence_number="0" />
+</xs:appinfo>
+</xs:annotation>
+<xs:element name="Order">
+<xs:annotation>
+<xs:appinfo>
+<b:recordInfo sequence_number="1"
+              structure="delimited"
+              preserve_delimiter_for_empty_data="true"
+              suppress_trailing_delimiters="false"
+              child_delimiter_type="hex"
+              child_delimiter="0x0D 0x0A"
+              child_order="infix" />
+</xs:appinfo>
+</xs:annotation>
+<xs:complexType>
+<xs:sequence>
+<xs:annotation>
+<xs:appinfo>
+<b:groupInfo sequence_number="0" />
+</xs:appinfo>
+</xs:annotation>
+<xs:element name="Header">
+<xs:annotation>
+<xs:appinfo>
+<b:recordInfo sequence_number="1"
+              structure="delimited"
+              preserve_delimiter_for_empty_data="true"
+              suppress_trailing_delimiters="false"
+              child_delimiter_type="char"
+              child_delimiter="|"
+              child_order="infix"
+              tag_name="HDR|" />
+</xs:appinfo>
+</xs:annotation>
+<xs:complexType>
+<xs:sequence>
+<xs:annotation>
+<xs:appinfo>
+<b:groupInfo sequence_number="0" />
+</xs:appinfo>
+</xs:annotation>
+<xs:element name="PODate"
+            type="xs:string">
+<xs:annotation>
+<xs:appinfo>
+<b:fieldInfo sequence_number="1"
+             justification="left" />
+</xs:appinfo>
+</xs:annotation>
+</xs:element>
+<xs:element name="PONumber"
+            type="xs:string">
+<xs:annotation>
+<xs:appinfo>
+<b:fieldInfo justification="left"
+             sequence_number="2" />
+</xs:appinfo>
+</xs:annotation>
+</xs:element>
+<xs:element name="CustomerID"
+            type="xs:string">
+<xs:annotation>
+<xs:appinfo>
+<b:fieldInfo sequence_number="3"
+             justification="left" />
+</xs:appinfo>
+</xs:annotation>
+</xs:element>
+<xs:element name="CustomerContactName"
+            type="xs:string">
+<xs:annotation>
+<xs:appinfo>
+<b:fieldInfo sequence_number="5"
+             justification="left" />
+</xs:appinfo>
+</xs:annotation>
+</xs:element>
+<xs:element name="CustomerContactPhone"
+            type="xs:string">
+<xs:annotation>
+<xs:appinfo>
+<b:fieldInfo sequence_number="5"
+             justification="left" />
+</xs:appinfo>
+</xs:annotation>
+</xs:element>
+</xs:sequence>
+</xs:complexType>
+</xs:element>
+<xs:element minOccurs="1"
+            maxOccurs="unbounded"
+            name="LineItems">
+<xs:annotation>
+<xs:appinfo>
+<b:recordInfo sequence_number="2"
+              structure="delimited"
+              preserve_delimiter_for_empty_data="true"
+              suppress_trailing_delimiters="false"
+              child_delimiter_type="char"
+              child_delimiter="|"
+              child_order="infix"
+              tag_name="DTL|" />
+</xs:appinfo>
+</xs:annotation>
+<xs:complexType>
+<xs:sequence>
+<xs:annotation>
+<xs:appinfo>
+<b:groupInfo sequence_number="0" />
+</xs:appinfo>
+</xs:annotation>
+<xs:element name="PONumber"
+            type="xs:string">
+<xs:annotation>
+<xs:appinfo>
+<b:fieldInfo sequence_number="1"
+             justification="left" />
+</xs:appinfo>
+</xs:annotation>
+</xs:element>
+<xs:element name="ItemOrdered"
+            type="xs:string">
+<xs:annotation>
+<xs:appinfo>
+<b:fieldInfo sequence_number="2"
+             justification="left" />
+</xs:appinfo>
+</xs:annotation>
+</xs:element>
+<xs:element name="Quantity"
+            type="xs:string">
+<xs:annotation>
+<xs:appinfo>
+<b:fieldInfo sequence_number="3"
+             justification="left" />
+</xs:appinfo>
+</xs:annotation>
+</xs:element>
+<xs:element name="UOM"
+            type="xs:string">
+<xs:annotation>
+<xs:appinfo>
+<b:fieldInfo sequence_number="4"
+             justification="left" />
+</xs:appinfo>
+</xs:annotation>
+</xs:element>
+<xs:element name="Price"
+            type="xs:string">
+<xs:annotation>
+<xs:appinfo>
+<b:fieldInfo sequence_number="5"
+             justification="left" />
+</xs:appinfo>
+</xs:annotation>
+</xs:element>
+<xs:element name="ExtendedPrice"
+            type="xs:string">
+<xs:annotation>
+<xs:appinfo>
+<b:fieldInfo sequence_number="6"
+             justification="left" />
+</xs:appinfo>
+</xs:annotation>
+</xs:element>
+<xs:element name="Description"
+            type="xs:string">
+<xs:annotation>
+<xs:appinfo>
+<b:fieldInfo sequence_number="7"
+             justification="left" />
+</xs:appinfo>
+</xs:annotation>
+</xs:element>
+</xs:sequence>
+</xs:complexType>
+</xs:element>
+</xs:sequence>
+</xs:complexType>
+</xs:element>
+</xs:sequence>
+</xs:complexType>
+</xs:element>
+</xs:schema>
+'''
+    contentType: 'application/xml'
+    schemaType: 'Xml'
+  }
+}
diff --git a/settings/remarks/microsoft.logic/samples/integrationaccounts/sessions/main.bicep b/settings/remarks/microsoft.logic/samples/integrationaccounts/sessions/main.bicep
new file mode 100644
index 00000000..1b05b99d
--- /dev/null
+++ b/settings/remarks/microsoft.logic/samples/integrationaccounts/sessions/main.bicep
@@ -0,0 +1,22 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource integrationAccount 'Microsoft.Logic/integrationAccounts@2019-05-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Basic'
+  }
+}
+
+resource session 'Microsoft.Logic/integrationAccounts/sessions@2019-05-01' = {
+  parent: integrationAccount
+  name: resourceName
+  properties: {
+    content: '''	{
+       "controlNumber": "1234"
+    }
+'''
+  }
+}
diff --git a/settings/remarks/microsoft.logic/samples/workflows/main.bicep b/settings/remarks/microsoft.logic/samples/workflows/main.bicep
new file mode 100644
index 00000000..837fca77
--- /dev/null
+++ b/settings/remarks/microsoft.logic/samples/workflows/main.bicep
@@ -0,0 +1,18 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource workflow 'Microsoft.Logic/workflows@2019-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    definition: {
+      '$schema': 'https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#'
+      actions: {}
+      contentVersion: '1.0.0.0'
+      parameters: null
+      triggers: {}
+    }
+    parameters: {}
+    state: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.machinelearningservices/remarks.json b/settings/remarks/microsoft.machinelearningservices/remarks.json
index 28dd7fe4..7a97ddf7 100644
--- a/settings/remarks/microsoft.machinelearningservices/remarks.json
+++ b/settings/remarks/microsoft.machinelearningservices/remarks.json
@@ -26,5 +26,22 @@
       "Path": "samples/workspaces/outboundrules/main.tf",
       "Description": "A basic example of deploying Azure Machine Learning Workspace FQDN Network Outbound Rule."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.MachineLearningServices/workspaces",
+      "Path": "samples/workspaces/main.bicep",
+      "Description": "A basic example of deploying Azure Machine Learning Workspace."
+    },
+    {
+      "ResourceType": "Microsoft.MachineLearningServices/workspaces/computes",
+      "Path": "samples/workspaces/computes/main.bicep",
+      "Description": "A basic example of deploying Machine Learning Compute."
+    },
+    {
+      "ResourceType": "Microsoft.MachineLearningServices/workspaces/dataStores",
+      "Path": "samples/workspaces/datastores/main.bicep",
+      "Description": "A basic example of deploying Machine Learning DataStore."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.machinelearningservices/samples/workspaces/computes/main.bicep b/settings/remarks/microsoft.machinelearningservices/samples/workspaces/computes/main.bicep
new file mode 100644
index 00000000..fa34ddd9
--- /dev/null
+++ b/settings/remarks/microsoft.machinelearningservices/samples/workspaces/computes/main.bicep
@@ -0,0 +1,79 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource component 'Microsoft.Insights/components@2020-02-02' = {
+  name: resourceName
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    DisableIpMasking: false
+    DisableLocalAuth: false
+    ForceCustomerStorageForProfiler: false
+    RetentionInDays: 90
+    SamplingPercentage: 100
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource vault 'Microsoft.KeyVault/vaults@2021-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    accessPolicies: []
+    createMode: 'default'
+    enablePurgeProtection: true
+    enableRbacAuthorization: false
+    enableSoftDelete: true
+    enabledForDeployment: false
+    enabledForDiskEncryption: false
+    enabledForTemplateDeployment: false
+    publicNetworkAccess: 'Enabled'
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    tenantId: deployer().tenantId
+  }
+}
+
+resource workspace 'Microsoft.MachineLearningServices/workspaces@2022-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    applicationInsights: component.id
+    keyVault: vault.id
+    publicNetworkAccess: 'Enabled'
+    storageAccount: storageAccount.id
+    v1LegacyMode: false
+  }
+  sku: {
+    name: 'Basic'
+    tier: 'Basic'
+  }
+}
+
+resource compute 'Microsoft.MachineLearningServices/workspaces/computes@2022-05-01' = {
+  parent: workspace
+  name: resourceName
+  location: location
+  properties: {
+    computeLocation: 'westeurope'
+    computeType: 'ComputeInstance'
+    description: ''
+    disableLocalAuth: true
+    properties: {
+      vmSize: 'STANDARD_D2_V2'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.machinelearningservices/samples/workspaces/datastores/main.bicep b/settings/remarks/microsoft.machinelearningservices/samples/workspaces/datastores/main.bicep
new file mode 100644
index 00000000..8cc4565a
--- /dev/null
+++ b/settings/remarks/microsoft.machinelearningservices/samples/workspaces/datastores/main.bicep
@@ -0,0 +1,136 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource component 'Microsoft.Insights/components@2020-02-02' = {
+  name: '${resourceName}-ai'
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    DisableIpMasking: false
+    DisableLocalAuth: false
+    ForceCustomerStorageForProfiler: false
+    RetentionInDays: 90
+    SamplingPercentage: 100
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' = {
+  name: '${toLower(substring(resourceName, 0, 16))}acc'
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: false
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    dnsEndpointType: 'Standard'
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isLocalUserEnabled: true
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      bypass: 'AzureServices'
+      defaultAction: 'Allow'
+      ipRules: []
+      resourceAccessRules: []
+      virtualNetworkRules: []
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource vault 'Microsoft.KeyVault/vaults@2023-02-01' = {
+  name: '${resourceName}vault'
+  location: location
+  properties: {
+    accessPolicies: []
+    createMode: 'default'
+    enablePurgeProtection: true
+    enableRbacAuthorization: false
+    enableSoftDelete: true
+    enabledForDeployment: false
+    enabledForDiskEncryption: false
+    enabledForTemplateDeployment: false
+    publicNetworkAccess: 'Enabled'
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    tenantId: deployer().tenantId
+  }
+}
+
+resource workspace 'Microsoft.MachineLearningServices/workspaces@2024-04-01' = {
+  name: '${resourceName}-mlw'
+  location: location
+  kind: 'Default'
+  properties: {
+    applicationInsights: component.id
+    keyVault: vault.id
+    publicNetworkAccess: 'Enabled'
+    storageAccount: storageAccount.id
+    v1LegacyMode: false
+  }
+  sku: {
+    name: 'Basic'
+    tier: 'Basic'
+  }
+}
+
+resource dataStore 'Microsoft.MachineLearningServices/workspaces/dataStores@2024-04-01' = {
+  parent: workspace
+  name: replace('${resourceName}_ds', '-', '_')
+  properties: {
+    accountName: storageAccount.name
+    containerName: container.name
+    credentials: {
+      credentialsType: 'AccountKey'
+      secrets: {
+        key: base64(storageAccount.listKeys().keys[0].value)
+        secretsType: 'AccountKey'
+      }
+    }
+    datastoreType: 'AzureBlob'
+    description: ''
+    endpoint: 'core.windows.net'
+    serviceDataAccessAuthIdentity: 'None'
+    tags: null
+  }
+  dependsOn: [
+    container
+  ]
+}
+
+// The blob service is a singleton named 'default' under the storage account
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2023-05-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-05-01' = {
+  parent: blobService
+  name: 'datacontainer'
+  properties: {
+    publicAccess: 'None'
+  }
+}
diff --git a/settings/remarks/microsoft.machinelearningservices/samples/workspaces/main.bicep b/settings/remarks/microsoft.machinelearningservices/samples/workspaces/main.bicep
new file mode 100644
index 00000000..2dc36480
--- /dev/null
+++ b/settings/remarks/microsoft.machinelearningservices/samples/workspaces/main.bicep
@@ -0,0 +1,108 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource component 'Microsoft.Insights/components@2020-02-02' = {
+  name: resourceName
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    DisableIpMasking: false
+    DisableLocalAuth: false
+    ForceCustomerStorageForProfiler: false
+    RetentionInDays: 90
+    SamplingPercentage: 100
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource vault 'Microsoft.KeyVault/vaults@2021-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    accessPolicies: [
+      {
+        objectId: '45a2d1ea-488a-44b0-bb2e-3cd8e485ebef'
+        permissions: {
+          certificates: [
+            'all'
+          ]
+          keys: [
+            'all'
+          ]
+          secrets: [
+            'all'
+          ]
+          storage: []
+        }
+        tenantId: deployer().tenantId
+      }
+    ]
+    createMode: 'default'
+    enablePurgeProtection: true
+    enableRbacAuthorization: false
+    enableSoftDelete: true
+    enabledForDeployment: false
+    enabledForDiskEncryption: false
+    enabledForTemplateDeployment: false
+    publicNetworkAccess: 'Enabled'
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    tenantId: deployer().tenantId
+  }
+}
+
+resource workspace 'Microsoft.MachineLearningServices/workspaces@2022-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    applicationInsights: component.id
+    keyVault: vault.id
+    publicNetworkAccess: 'Disabled'
+    storageAccount: storageAccount.id
+    v1LegacyMode: false
+  }
+  sku: {
+    name: 'Basic'
+    tier: 'Basic'
+  }
+}
diff --git a/settings/remarks/microsoft.maintenance/remarks.json b/settings/remarks/microsoft.maintenance/remarks.json
index 5fe1cc24..32998a12 100644
--- a/settings/remarks/microsoft.maintenance/remarks.json
+++ b/settings/remarks/microsoft.maintenance/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/maintenanceconfigurations/main.tf",
       "Description": "A basic example of deploying Maintenance Configuration."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Maintenance/configurationAssignments",
+      "Path": "samples/configurationassignments/main.bicep",
+      "Description": "A basic example of deploying Maintenance Assignment."
+    },
+    {
+      "ResourceType": "Microsoft.Maintenance/maintenanceConfigurations",
+      "Path": "samples/maintenanceconfigurations/main.bicep",
+      "Description": "A basic example of deploying Maintenance Configuration."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.maintenance/samples/configurationassignments/main.bicep b/settings/remarks/microsoft.maintenance/samples/configurationassignments/main.bicep
new file mode 100644
index 00000000..c0374d0f
--- /dev/null
+++ b/settings/remarks/microsoft.maintenance/samples/configurationassignments/main.bicep
@@ -0,0 +1,145 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the virtual machine')
+param adminPassword string
+
+resource configurationAssignment 'Microsoft.Maintenance/configurationAssignments@2022-07-01-preview' = {
+  scope: virtualMachine
+  name: resourceName
+  location: 'westeurope'
+  properties: {
+    maintenanceConfigurationId: maintenanceConfiguration.id
+    resourceId: virtualMachine.id
+  }
+}
+
+resource maintenanceConfiguration 'Microsoft.Maintenance/maintenanceConfigurations@2022-07-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    extensionProperties: {}
+    maintenanceScope: 'SQLDB'
+    namespace: 'Microsoft.Maintenance'
+    visibility: 'Custom'
+  }
+}
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'testconfiguration1'
+        properties: {
+          primary: true
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    additionalCapabilities: {}
+    applicationProfile: {
+      galleryApplications: []
+    }
+    diagnosticsProfile: {
+      bootDiagnostics: {
+        enabled: false
+        storageUri: ''
+      }
+    }
+    extensionsTimeBudget: 'PT1H30M'
+    hardwareProfile: {
+      vmSize: 'Standard_F2'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: true
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminPassword: null
+      adminUsername: 'adminuser'
+      allowExtensionOperations: true
+      computerName: 'acctest0001'
+      linuxConfiguration: {
+        disablePasswordAuthentication: false
+        patchSettings: {
+          assessmentMode: 'ImageDefault'
+          patchMode: 'ImageDefault'
+        }
+        provisionVMAgent: true
+        ssh: {
+          publicKeys: []
+        }
+      }
+      secrets: []
+    }
+    priority: 'Regular'
+    storageProfile: {
+      dataDisks: []
+      imageReference: {
+        offer: 'UbuntuServer'
+        publisher: 'Canonical'
+        sku: '16.04-LTS'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'FromImage'
+        managedDisk: {
+          storageAccountType: 'Standard_LRS'
+        }
+        osType: 'Linux'
+        writeAcceleratorEnabled: false
+      }
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'internal'
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.maintenance/samples/maintenanceconfigurations/main.bicep b/settings/remarks/microsoft.maintenance/samples/maintenanceconfigurations/main.bicep
new file mode 100644
index 00000000..78ee5514
--- /dev/null
+++ b/settings/remarks/microsoft.maintenance/samples/maintenanceconfigurations/main.bicep
@@ -0,0 +1,13 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource maintenanceConfiguration 'Microsoft.Maintenance/maintenanceConfigurations@2022-07-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    extensionProperties: {}
+    maintenanceScope: 'SQLDB'
+    namespace: 'Microsoft.Maintenance'
+    visibility: 'Custom'
+  }
+}
diff --git a/settings/remarks/microsoft.managedidentity/remarks.json b/settings/remarks/microsoft.managedidentity/remarks.json
index 65e31980..74d0d072 100644
--- a/settings/remarks/microsoft.managedidentity/remarks.json
+++ b/settings/remarks/microsoft.managedidentity/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/userassignedidentities/federatedidentitycredentials/main.tf",
       "Description": "A basic example of deploying Federated Identity Credential."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.ManagedIdentity/userAssignedIdentities",
+      "Path": "samples/userassignedidentities/main.bicep",
+      "Description": "A basic example of deploying User Assigned Identity."
+    },
+    {
+      "ResourceType": "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials",
+      "Path": "samples/userassignedidentities/federatedidentitycredentials/main.bicep",
+      "Description": "A basic example of deploying Federated Identity Credential."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.managedidentity/samples/userassignedidentities/federatedidentitycredentials/main.bicep b/settings/remarks/microsoft.managedidentity/samples/userassignedidentities/federatedidentitycredentials/main.bicep
new file mode 100644
index 00000000..d0743e9a
--- /dev/null
+++ b/settings/remarks/microsoft.managedidentity/samples/userassignedidentities/federatedidentitycredentials/main.bicep
@@ -0,0 +1,20 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: resourceName
+  location: location
+}
+
+resource federatedIdentityCredential 'Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials@2022-01-31-preview' = {
+  parent: userAssignedIdentity
+  name: resourceName
+  location: location
+  properties: {
+    audiences: [
+      'foo'
+    ]
+    issuer: 'https://foo'
+    subject: 'foo'
+  }
+}
diff --git a/settings/remarks/microsoft.managedidentity/samples/userassignedidentities/main.bicep b/settings/remarks/microsoft.managedidentity/samples/userassignedidentities/main.bicep
new file mode 100644
index 00000000..68c0ec1c
--- /dev/null
+++ b/settings/remarks/microsoft.managedidentity/samples/userassignedidentities/main.bicep
@@ -0,0 +1,7 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: resourceName
+  location: location
+}
diff --git a/settings/remarks/microsoft.maps/remarks.json b/settings/remarks/microsoft.maps/remarks.json
index 9b0bcae0..3f70d517 100644
--- a/settings/remarks/microsoft.maps/remarks.json
+++ b/settings/remarks/microsoft.maps/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/accounts/creators/main.tf",
       "Description": "A basic example of deploying Azure Maps Creator."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Maps/accounts",
+      "Path": "samples/accounts/main.bicep",
+      "Description": "A basic example of deploying Azure Maps Account."
+    },
+    {
+      "ResourceType": "Microsoft.Maps/accounts/creators",
+      "Path": "samples/accounts/creators/main.bicep",
+      "Description": "A basic example of deploying Azure Maps Creator."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.maps/samples/accounts/creators/main.bicep b/settings/remarks/microsoft.maps/samples/accounts/creators/main.bicep
new file mode 100644
index 00000000..9f4e2ea5
--- /dev/null
+++ b/settings/remarks/microsoft.maps/samples/accounts/creators/main.bicep
@@ -0,0 +1,19 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource account 'Microsoft.Maps/accounts@2021-02-01' = {
+  name: resourceName
+  location: 'global'
+  sku: {
+    name: 'G2'
+  }
+}
+
+resource creator 'Microsoft.Maps/accounts/creators@2021-02-01' = {
+  parent: account
+  name: resourceName
+  location: location
+  properties: {
+    storageUnits: 1
+  }
+}
diff --git a/settings/remarks/microsoft.maps/samples/accounts/main.bicep b/settings/remarks/microsoft.maps/samples/accounts/main.bicep
new file mode 100644
index 00000000..8aa8bc3f
--- /dev/null
+++ b/settings/remarks/microsoft.maps/samples/accounts/main.bicep
@@ -0,0 +1,9 @@
+param resourceName string = 'acctest0001'
+
+resource account 'Microsoft.Maps/accounts@2021-02-01' = {
+  name: resourceName
+  location: 'global'
+  sku: {
+    name: 'G2'
+  }
+}
diff --git a/settings/remarks/microsoft.media/remarks.json b/settings/remarks/microsoft.media/remarks.json
index d4c79f18..1f29b893 100644
--- a/settings/remarks/microsoft.media/remarks.json
+++ b/settings/remarks/microsoft.media/remarks.json
@@ -51,5 +51,57 @@
       "Path": "samples/mediaservices/transforms/main.tf",
       "Description": "A basic example of deploying Media Services Transforms."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Media/mediaServices",
+      "Path": "samples/mediaservices/main.bicep",
+      "Description": "A basic example of deploying Media Services."
+    },
+    {
+      "ResourceType": "Microsoft.Media/mediaServices/accountFilters",
+      "Path": "samples/mediaservices/accountfilters/main.bicep",
+      "Description": "A basic example of deploying Media Services Account Filters."
+    },
+    {
+      "ResourceType": "Microsoft.Media/mediaServices/assets",
+      "Path": "samples/mediaservices/assets/main.bicep",
+      "Description": "A basic example of deploying Media Services Assets."
+    },
+    {
+      "ResourceType": "Microsoft.Media/mediaServices/assets/assetFilters",
+      "Path": "samples/mediaservices/assets/assetfilters/main.bicep",
+      "Description": "A basic example of deploying Media Services Asset Filters."
+    },
+    {
+      "ResourceType": "Microsoft.Media/mediaServices/contentKeyPolicies",
+      "Path": "samples/mediaservices/contentkeypolicies/main.bicep",
+      "Description": "A basic example of deploying Media Services Content Key Policies."
+    },
+    {
+      "ResourceType": "Microsoft.Media/mediaServices/liveEvents",
+      "Path": "samples/mediaservices/liveevents/main.bicep",
+      "Description": "A basic example of deploying Media Services Live Events."
+    },
+    {
+      "ResourceType": "Microsoft.Media/mediaServices/streamingEndpoints",
+      "Path": "samples/mediaservices/streamingendpoints/main.bicep",
+      "Description": "A basic example of deploying Media Services Streaming Endpoints."
+    },
+    {
+      "ResourceType": "Microsoft.Media/mediaServices/streamingLocators",
+      "Path": "samples/mediaservices/streaminglocators/main.bicep",
+      "Description": "A basic example of deploying Media Services Streaming Locators."
+    },
+    {
+      "ResourceType": "Microsoft.Media/mediaServices/streamingPolicies",
+      "Path": "samples/mediaservices/streamingpolicies/main.bicep",
+      "Description": "A basic example of deploying Media Services Streaming Policies."
+    },
+    {
+      "ResourceType": "Microsoft.Media/mediaServices/transforms",
+      "Path": "samples/mediaservices/transforms/main.bicep",
+      "Description": "A basic example of deploying Media Services Transforms."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.media/samples/mediaservices/accountfilters/main.bicep b/settings/remarks/microsoft.media/samples/mediaservices/accountfilters/main.bicep
new file mode 100644
index 00000000..7bfbd1a0
--- /dev/null
+++ b/settings/remarks/microsoft.media/samples/mediaservices/accountfilters/main.bicep
@@ -0,0 +1,60 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource mediaService 'Microsoft.Media/mediaServices@2021-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    storageAccounts: [
+      {
+        id: storageAccount.id
+        type: 'Primary'
+      }
+    ]
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_GRS'
+  }
+}
+
+resource accountFilter 'Microsoft.Media/mediaServices/accountFilters@2022-08-01' = {
+  parent: mediaService
+  name: 'Filter-1'
+  properties: {
+    tracks: []
+  }
+}
diff --git a/settings/remarks/microsoft.media/samples/mediaservices/assets/assetfilters/main.bicep b/settings/remarks/microsoft.media/samples/mediaservices/assets/assetfilters/main.bicep
new file mode 100644
index 00000000..370f9233
--- /dev/null
+++ b/settings/remarks/microsoft.media/samples/mediaservices/assets/assetfilters/main.bicep
@@ -0,0 +1,70 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource mediaService 'Microsoft.Media/mediaServices@2021-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    storageAccounts: [
+      {
+        id: storageAccount.id
+        type: 'Primary'
+      }
+    ]
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_GRS'
+  }
+}
+
+resource asset 'Microsoft.Media/mediaServices/assets@2022-08-01' = {
+  parent: mediaService
+  name: resourceName
+  properties: {
+    description: ''
+  }
+}
+
+resource assetFilter 'Microsoft.Media/mediaServices/assets/assetFilters@2022-08-01' = {
+  parent: asset
+  name: resourceName
+  properties: {
+    firstQuality: {
+      bitrate: 0
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.media/samples/mediaservices/assets/main.bicep b/settings/remarks/microsoft.media/samples/mediaservices/assets/main.bicep
new file mode 100644
index 00000000..d3113e8f
--- /dev/null
+++ b/settings/remarks/microsoft.media/samples/mediaservices/assets/main.bicep
@@ -0,0 +1,60 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource mediaService 'Microsoft.Media/mediaServices@2021-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    storageAccounts: [
+      {
+        id: storageAccount.id
+        type: 'Primary'
+      }
+    ]
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_GRS'
+  }
+}
+
+resource asset 'Microsoft.Media/mediaServices/assets@2022-08-01' = {
+  parent: mediaService
+  name: resourceName
+  properties: {
+    description: ''
+  }
+}
diff --git a/settings/remarks/microsoft.media/samples/mediaservices/contentkeypolicies/main.bicep b/settings/remarks/microsoft.media/samples/mediaservices/contentkeypolicies/main.bicep
new file mode 100644
index 00000000..ff8c4df1
--- /dev/null
+++ b/settings/remarks/microsoft.media/samples/mediaservices/contentkeypolicies/main.bicep
@@ -0,0 +1,79 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource mediaService 'Microsoft.Media/mediaServices@2021-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    storageAccounts: [
+      {
+        id: storageAccount.id
+        type: 'Primary'
+      }
+    ]
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_GRS'
+  }
+}
+
+resource contentKeyPolicy 'Microsoft.Media/mediaServices/contentKeyPolicies@2022-08-01' = {
+  parent: mediaService
+  name: resourceName
+  properties: {
+    description: 'My Policy Description'
+    options: [
+      {
+        configuration: {
+          '@odata.type': '#Microsoft.Media.ContentKeyPolicyClearKeyConfiguration'
+        }
+        name: 'ClearKeyOption'
+        restriction: {
+          '@odata.type': '#Microsoft.Media.ContentKeyPolicyTokenRestriction'
+          audience: 'urn:audience'
+          issuer: 'urn:issuer'
+          primaryVerificationKey: {
+            '@odata.type': '#Microsoft.Media.ContentKeyPolicySymmetricTokenKey'
+            keyValue: 'AAAAAAAAAAAAAAAAAAAAAA=='
+          }
+          requiredClaims: []
+          restrictionTokenType: 'Swt'
+        }
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.media/samples/mediaservices/liveevents/main.bicep b/settings/remarks/microsoft.media/samples/mediaservices/liveevents/main.bicep
new file mode 100644
index 00000000..d7b6c81c
--- /dev/null
+++ b/settings/remarks/microsoft.media/samples/mediaservices/liveevents/main.bicep
@@ -0,0 +1,48 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource mediaService 'Microsoft.Media/mediaServices@2021-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    storageAccounts: [
+      {
+        id: storageAccount.id
+        type: 'Primary'
+      }
+    ]
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Standard_GRS'
+  }
+}
+
+resource liveEvent 'Microsoft.Media/mediaServices/liveEvents@2022-08-01' = {
+  parent: mediaService
+  name: resourceName
+  location: location
+  properties: {
+    input: {
+      accessControl: {
+        ip: {
+          allow: [
+            {
+              address: '0.0.0.0'
+              name: 'AllowAll'
+              subnetPrefixLength: 0
+            }
+          ]
+        }
+      }
+      keyFrameIntervalDuration: 'PT6S'
+      streamingProtocol: 'RTMP'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.media/samples/mediaservices/main.bicep b/settings/remarks/microsoft.media/samples/mediaservices/main.bicep
new file mode 100644
index 00000000..a042e3e7
--- /dev/null
+++ b/settings/remarks/microsoft.media/samples/mediaservices/main.bicep
@@ -0,0 +1,52 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource mediaService 'Microsoft.Media/mediaServices@2021-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    storageAccounts: [
+      {
+        id: storageAccount.id
+        type: 'Primary'
+      }
+    ]
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_GRS'
+  }
+}
diff --git a/settings/remarks/microsoft.media/samples/mediaservices/streamingendpoints/main.bicep b/settings/remarks/microsoft.media/samples/mediaservices/streamingendpoints/main.bicep
new file mode 100644
index 00000000..bb91f091
--- /dev/null
+++ b/settings/remarks/microsoft.media/samples/mediaservices/streamingendpoints/main.bicep
@@ -0,0 +1,64 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource mediaService 'Microsoft.Media/mediaServices@2021-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    storageAccounts: [
+      {
+        id: storageAccount.id
+        type: 'Primary'
+      }
+    ]
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_GRS'
+  }
+}
+
+resource streamingEndpoint 'Microsoft.Media/mediaServices/streamingEndpoints@2022-08-01' = {
+  parent: mediaService
+  name: resourceName
+  location: location
+  properties: {
+    scaleUnits: 1
+  }
+  tags: {
+    env: 'test'
+  }
+}
diff --git a/settings/remarks/microsoft.media/samples/mediaservices/streaminglocators/main.bicep b/settings/remarks/microsoft.media/samples/mediaservices/streaminglocators/main.bicep
new file mode 100644
index 00000000..1c928f50
--- /dev/null
+++ b/settings/remarks/microsoft.media/samples/mediaservices/streaminglocators/main.bicep
@@ -0,0 +1,69 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource mediaService 'Microsoft.Media/mediaServices@2021-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    storageAccounts: [
+      {
+        id: storageAccount.id
+        type: 'Primary'
+      }
+    ]
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_GRS'
+  }
+}
+
+resource asset 'Microsoft.Media/mediaServices/assets@2022-08-01' = {
+  parent: mediaService
+  name: resourceName
+  properties: {
+    description: ''
+  }
+}
+
+resource streamingLocator 'Microsoft.Media/mediaServices/streamingLocators@2022-08-01' = {
+  parent: mediaService
+  name: resourceName
+  properties: {
+    assetName: asset.name
+    streamingPolicyName: 'Predefined_ClearStreamingOnly'
+  }
+}
diff --git a/settings/remarks/microsoft.media/samples/mediaservices/streamingpolicies/main.bicep b/settings/remarks/microsoft.media/samples/mediaservices/streamingpolicies/main.bicep
new file mode 100644
index 00000000..523fcedf
--- /dev/null
+++ b/settings/remarks/microsoft.media/samples/mediaservices/streamingpolicies/main.bicep
@@ -0,0 +1,67 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource mediaService 'Microsoft.Media/mediaServices@2021-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    storageAccounts: [
+      {
+        id: storageAccount.id
+        type: 'Primary'
+      }
+    ]
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_GRS'
+  }
+}
+
+resource streamingPolicy 'Microsoft.Media/mediaServices/streamingPolicies@2022-08-01' = {
+  parent: mediaService
+  name: resourceName
+  properties: {
+    noEncryption: {
+      enabledProtocols: {
+        dash: true
+        download: true
+        hls: true
+        smoothStreaming: true
+      }
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.media/samples/mediaservices/transforms/main.bicep b/settings/remarks/microsoft.media/samples/mediaservices/transforms/main.bicep
new file mode 100644
index 00000000..98dd85b2
--- /dev/null
+++ b/settings/remarks/microsoft.media/samples/mediaservices/transforms/main.bicep
@@ -0,0 +1,70 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource mediaService 'Microsoft.Media/mediaServices@2021-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    storageAccounts: [
+      {
+        id: storageAccount.id
+        type: 'Primary'
+      }
+    ]
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_GRS'
+  }
+}
+
+resource transform 'Microsoft.Media/mediaServices/transforms@2022-07-01' = {
+  parent: mediaService
+  name: resourceName
+  properties: {
+    description: ''
+    outputs: [
+      {
+        onError: 'ContinueJob'
+        preset: {
+          '@odata.type': '#Microsoft.Media.BuiltInStandardEncoderPreset'
+          presetName: 'AACGoodQualityAudio'
+        }
+        relativePriority: 'Normal'
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.migrate/remarks.json b/settings/remarks/microsoft.migrate/remarks.json
index 71b489f8..6080834b 100644
--- a/settings/remarks/microsoft.migrate/remarks.json
+++ b/settings/remarks/microsoft.migrate/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/migrateprojects/solutions/main.tf",
       "Description": "A basic example of deploying Migrate Project Solutions."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Migrate/migrateProjects",
+      "Path": "samples/migrateprojects/main.bicep",
+      "Description": "A basic example of deploying Migrate Projects."
+    },
+    {
+      "ResourceType": "Microsoft.Migrate/migrateProjects/solutions",
+      "Path": "samples/migrateprojects/solutions/main.bicep",
+      "Description": "A basic example of deploying Migrate Project Solutions."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.migrate/samples/migrateprojects/main.bicep b/settings/remarks/microsoft.migrate/samples/migrateprojects/main.bicep
new file mode 100644
index 00000000..abc2b611
--- /dev/null
+++ b/settings/remarks/microsoft.migrate/samples/migrateprojects/main.bicep
@@ -0,0 +1,47 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource project 'Microsoft.Migrate/migrateProjects@2020-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    utilityStorageAccountId: storageAccount.id
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
diff --git a/settings/remarks/microsoft.migrate/samples/migrateprojects/solutions/main.bicep b/settings/remarks/microsoft.migrate/samples/migrateprojects/solutions/main.bicep
new file mode 100644
index 00000000..0e8f74a8
--- /dev/null
+++ b/settings/remarks/microsoft.migrate/samples/migrateprojects/solutions/main.bicep
@@ -0,0 +1,58 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource project 'Microsoft.Migrate/migrateProjects@2020-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    utilityStorageAccountId: storageAccount.id
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource solution 'Microsoft.Migrate/migrateProjects/solutions@2018-09-01-preview' = {
+  parent: project
+  name: resourceName
+  properties: {
+    summary: {
+      instanceType: 'Servers'
+      migratedCount: 0
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.mixedreality/remarks.json b/settings/remarks/microsoft.mixedreality/remarks.json
index 1d6968bf..eefd53f8 100644
--- a/settings/remarks/microsoft.mixedreality/remarks.json
+++ b/settings/remarks/microsoft.mixedreality/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/spatialanchorsaccounts/main.tf",
       "Description": "A basic example of deploying Azure Spatial Anchors Account."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.MixedReality/spatialAnchorsAccounts",
+      "Path": "samples/spatialanchorsaccounts/main.bicep",
+      "Description": "A basic example of deploying Azure Spatial Anchors Account."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.mixedreality/samples/spatialanchorsaccounts/main.bicep b/settings/remarks/microsoft.mixedreality/samples/spatialanchorsaccounts/main.bicep
new file mode 100644
index 00000000..195aee0e
--- /dev/null
+++ b/settings/remarks/microsoft.mixedreality/samples/spatialanchorsaccounts/main.bicep
@@ -0,0 +1,7 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spatialAnchorsAccount 'Microsoft.MixedReality/spatialAnchorsAccounts@2021-01-01' = {
+  name: resourceName
+  location: location
+}
diff --git a/settings/remarks/microsoft.mobilenetwork/remarks.json b/settings/remarks/microsoft.mobilenetwork/remarks.json
index fb673791..e4399058 100644
--- a/settings/remarks/microsoft.mobilenetwork/remarks.json
+++ b/settings/remarks/microsoft.mobilenetwork/remarks.json
@@ -46,5 +46,52 @@
       "Path": "samples/simgroups/main.tf",
       "Description": "A basic example of deploying Mobile Network Sim Group."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.MobileNetwork/mobileNetworks",
+      "Path": "samples/mobilenetworks/main.bicep",
+      "Description": "A basic example of deploying Azure Mobile Network."
+    },
+    {
+      "ResourceType": "Microsoft.MobileNetwork/mobileNetworks/dataNetworks",
+      "Path": "samples/mobilenetworks/datanetworks/main.bicep",
+      "Description": "A basic example of deploying Mobile Network Data Network."
+    },
+    {
+      "ResourceType": "Microsoft.MobileNetwork/mobileNetworks/services",
+      "Path": "samples/mobilenetworks/services/main.bicep",
+      "Description": "A basic example of deploying Mobile Network Service."
+    },
+    {
+      "ResourceType": "Microsoft.MobileNetwork/mobileNetworks/simPolicies",
+      "Path": "samples/mobilenetworks/simpolicies/main.bicep",
+      "Description": "A basic example of deploying Mobile Network Sim Policy."
+    },
+    {
+      "ResourceType": "Microsoft.MobileNetwork/mobileNetworks/sites",
+      "Path": "samples/mobilenetworks/sites/main.bicep",
+      "Description": "A basic example of deploying Mobile Network Site."
+    },
+    {
+      "ResourceType": "Microsoft.MobileNetwork/mobileNetworks/slices",
+      "Path": "samples/mobilenetworks/slices/main.bicep",
+      "Description": "A basic example of deploying Mobile Network Slice."
+    },
+    {
+      "ResourceType": "Microsoft.MobileNetwork/packetCoreControlPlanes",
+      "Path": "samples/packetcorecontrolplanes/main.bicep",
+      "Description": "A basic example of deploying Mobile Network Packet Core Control Plane."
+    },
+    {
+      "ResourceType": "Microsoft.MobileNetwork/packetCoreControlPlanes/packetCoreDataPlanes",
+      "Path": "samples/packetcorecontrolplanes/packetcoredataplanes/main.bicep",
+      "Description": "A basic example of deploying Mobile Network Packet Core Data Plane."
+    },
+    {
+      "ResourceType": "Microsoft.MobileNetwork/simGroups",
+      "Path": "samples/simgroups/main.bicep",
+      "Description": "A basic example of deploying Mobile Network Sim Group."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/datanetworks/main.bicep b/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/datanetworks/main.bicep
new file mode 100644
index 00000000..ec6d2ae5
--- /dev/null
+++ b/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/datanetworks/main.bicep
@@ -0,0 +1,20 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource mobileNetwork 'Microsoft.MobileNetwork/mobileNetworks@2022-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicLandMobileNetworkIdentifier: {
+      mcc: '001'
+      mnc: '01'
+    }
+  }
+}
+
+resource dataNetwork 'Microsoft.MobileNetwork/mobileNetworks/dataNetworks@2022-11-01' = {
+  parent: mobileNetwork
+  name: resourceName
+  location: location
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/main.bicep b/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/main.bicep
new file mode 100644
index 00000000..b02701ae
--- /dev/null
+++ b/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/main.bicep
@@ -0,0 +1,13 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource mobileNetwork 'Microsoft.MobileNetwork/mobileNetworks@2022-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicLandMobileNetworkIdentifier: {
+      mcc: '001'
+      mnc: '01'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/services/main.bicep b/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/services/main.bicep
new file mode 100644
index 00000000..15eeb4fe
--- /dev/null
+++ b/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/services/main.bicep
@@ -0,0 +1,42 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource mobileNetwork 'Microsoft.MobileNetwork/mobileNetworks@2022-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicLandMobileNetworkIdentifier: {
+      mcc: '001'
+      mnc: '01'
+    }
+  }
+}
+
+resource service 'Microsoft.MobileNetwork/mobileNetworks/services@2022-11-01' = {
+  parent: mobileNetwork
+  name: resourceName
+  location: location
+  properties: {
+    pccRules: [
+      {
+        ruleName: 'default-rule'
+        rulePrecedence: 1
+        serviceDataFlowTemplates: [
+          {
+            direction: 'Uplink'
+            ports: []
+            protocol: [
+              'ip'
+            ]
+            remoteIpList: [
+              '10.3.4.0/24'
+            ]
+            templateName: 'IP-to-server'
+          }
+        ]
+        trafficControl: 'Enabled'
+      }
+    ]
+    servicePrecedence: 0
+  }
+}
diff --git a/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/simpolicies/main.bicep b/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/simpolicies/main.bicep
new file mode 100644
index 00000000..f2a66712
--- /dev/null
+++ b/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/simpolicies/main.bicep
@@ -0,0 +1,112 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource mobileNetwork 'Microsoft.MobileNetwork/mobileNetworks@2022-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicLandMobileNetworkIdentifier: {
+      mcc: '001'
+      mnc: '01'
+    }
+  }
+}
+
+resource dataNetwork 'Microsoft.MobileNetwork/mobileNetworks/dataNetworks@2022-11-01' = {
+  parent: mobileNetwork
+  name: resourceName
+  location: location
+  properties: {}
+}
+
+resource service 'Microsoft.MobileNetwork/mobileNetworks/services@2022-11-01' = {
+  parent: mobileNetwork
+  name: resourceName
+  location: location
+  properties: {
+    pccRules: [
+      {
+        ruleName: 'default-rule'
+        rulePrecedence: 1
+        serviceDataFlowTemplates: [
+          {
+            direction: 'Uplink'
+            ports: []
+            protocol: [
+              'ip'
+            ]
+            remoteIpList: [
+              '10.3.4.0/24'
+            ]
+            templateName: 'IP-to-server'
+          }
+        ]
+        trafficControl: 'Enabled'
+      }
+    ]
+    servicePrecedence: 0
+  }
+}
+
+resource simPolicy 'Microsoft.MobileNetwork/mobileNetworks/simPolicies@2022-11-01' = {
+  parent: mobileNetwork
+  name: resourceName
+  location: location
+  properties: {
+    defaultSlice: {
+      id: slice.id
+    }
+    registrationTimer: 3240
+    sliceConfigurations: [
+      {
+        dataNetworkConfigurations: [
+          {
+            '5qi': 9
+            additionalAllowedSessionTypes: null
+            allocationAndRetentionPriorityLevel: 9
+            allowedServices: [
+              {
+                id: service.id
+              }
+            ]
+            dataNetwork: {
+              id: dataNetwork.id
+            }
+            defaultSessionType: 'IPv4'
+            maximumNumberOfBufferedPackets: 10
+            preemptionCapability: 'NotPreempt'
+            preemptionVulnerability: 'Preemptable'
+            sessionAmbr: {
+              downlink: '1 Gbps'
+              uplink: '500 Mbps'
+            }
+          }
+        ]
+        defaultDataNetwork: {
+          id: dataNetwork.id
+        }
+        slice: {
+          id: slice.id
+        }
+      }
+    ]
+    ueAmbr: {
+      downlink: '1 Gbps'
+      uplink: '500 Mbps'
+    }
+  }
+  tags: {
+    key: 'value'
+  }
+}
+
+resource slice 'Microsoft.MobileNetwork/mobileNetworks/slices@2022-11-01' = {
+  parent: mobileNetwork
+  name: resourceName
+  location: location
+  properties: {
+    snssai: {
+      sst: 1
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/sites/main.bicep b/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/sites/main.bicep
new file mode 100644
index 00000000..41648948
--- /dev/null
+++ b/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/sites/main.bicep
@@ -0,0 +1,20 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource mobileNetwork 'Microsoft.MobileNetwork/mobileNetworks@2022-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicLandMobileNetworkIdentifier: {
+      mcc: '001'
+      mnc: '01'
+    }
+  }
+}
+
+resource site 'Microsoft.MobileNetwork/mobileNetworks/sites@2022-11-01' = {
+  parent: mobileNetwork
+  name: resourceName
+  location: location
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/slices/main.bicep b/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/slices/main.bicep
new file mode 100644
index 00000000..dd8ad036
--- /dev/null
+++ b/settings/remarks/microsoft.mobilenetwork/samples/mobilenetworks/slices/main.bicep
@@ -0,0 +1,24 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource mobileNetwork 'Microsoft.MobileNetwork/mobileNetworks@2022-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicLandMobileNetworkIdentifier: {
+      mcc: '001'
+      mnc: '01'
+    }
+  }
+}
+
+resource slice 'Microsoft.MobileNetwork/mobileNetworks/slices@2022-11-01' = {
+  parent: mobileNetwork
+  name: resourceName
+  location: location
+  properties: {
+    snssai: {
+      sst: 1
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.mobilenetwork/samples/packetcorecontrolplanes/main.bicep b/settings/remarks/microsoft.mobilenetwork/samples/packetcorecontrolplanes/main.bicep
new file mode 100644
index 00000000..8a727b34
--- /dev/null
+++ b/settings/remarks/microsoft.mobilenetwork/samples/packetcorecontrolplanes/main.bicep
@@ -0,0 +1,53 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource dataBoxEdgeDevice 'Microsoft.DataBoxEdge/dataBoxEdgeDevices@2022-03-01' = {
+  name: resourceName
+  location: location
+  sku: {
+    name: 'EdgeP_Base'
+    tier: 'Standard'
+  }
+}
+
+resource mobileNetwork 'Microsoft.MobileNetwork/mobileNetworks@2022-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicLandMobileNetworkIdentifier: {
+      mcc: '001'
+      mnc: '01'
+    }
+  }
+}
+
+resource packetCoreControlPlane 'Microsoft.MobileNetwork/packetCoreControlPlanes@2022-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    controlPlaneAccessInterface: {}
+    localDiagnosticsAccess: {
+      authenticationType: 'AAD'
+    }
+    platform: {
+      azureStackEdgeDevice: {
+        id: dataBoxEdgeDevice.id
+      }
+      type: 'AKS-HCI'
+    }
+    sites: [
+      {
+        id: site.id
+      }
+    ]
+    sku: 'G0'
+    ueMtu: 1440
+  }
+}
+
+resource site 'Microsoft.MobileNetwork/mobileNetworks/sites@2022-11-01' = {
+  parent: mobileNetwork
+  name: resourceName
+  location: location
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.mobilenetwork/samples/packetcorecontrolplanes/packetcoredataplanes/main.bicep b/settings/remarks/microsoft.mobilenetwork/samples/packetcorecontrolplanes/packetcoredataplanes/main.bicep
new file mode 100644
index 00000000..8d46b641
--- /dev/null
+++ b/settings/remarks/microsoft.mobilenetwork/samples/packetcorecontrolplanes/packetcoredataplanes/main.bicep
@@ -0,0 +1,62 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource dataBoxEdgeDevice 'Microsoft.DataBoxEdge/dataBoxEdgeDevices@2022-03-01' = {
+  name: resourceName
+  location: location
+  sku: {
+    name: 'EdgeP_Base'
+    tier: 'Standard'
+  }
+}
+
+resource mobileNetwork 'Microsoft.MobileNetwork/mobileNetworks@2022-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicLandMobileNetworkIdentifier: {
+      mcc: '001'
+      mnc: '01'
+    }
+  }
+}
+
+resource packetCoreControlPlane 'Microsoft.MobileNetwork/packetCoreControlPlanes@2022-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    controlPlaneAccessInterface: {}
+    localDiagnosticsAccess: {
+      authenticationType: 'AAD'
+    }
+    platform: {
+      azureStackEdgeDevice: {
+        id: dataBoxEdgeDevice.id
+      }
+      type: 'AKS-HCI'
+    }
+    sites: [
+      {
+        id: site.id
+      }
+    ]
+    sku: 'G0'
+    ueMtu: 1440
+  }
+}
+
+resource packetCoreDataPlane 'Microsoft.MobileNetwork/packetCoreControlPlanes/packetCoreDataPlanes@2022-11-01' = {
+  parent: packetCoreControlPlane
+  name: resourceName
+  location: location
+  properties: {
+    userPlaneAccessInterface: {}
+  }
+}
+
+resource site 'Microsoft.MobileNetwork/mobileNetworks/sites@2022-11-01' = {
+  parent: mobileNetwork
+  name: resourceName
+  location: location
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.mobilenetwork/samples/simgroups/main.bicep b/settings/remarks/microsoft.mobilenetwork/samples/simgroups/main.bicep
new file mode 100644
index 00000000..2e9533b7
--- /dev/null
+++ b/settings/remarks/microsoft.mobilenetwork/samples/simgroups/main.bicep
@@ -0,0 +1,23 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource mobileNetwork 'Microsoft.MobileNetwork/mobileNetworks@2022-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicLandMobileNetworkIdentifier: {
+      mcc: '001'
+      mnc: '01'
+    }
+  }
+}
+
+resource simGroup 'Microsoft.MobileNetwork/simGroups@2022-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    mobileNetwork: {
+      id: mobileNetwork.id
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.monitor/remarks.json b/settings/remarks/microsoft.monitor/remarks.json
index 8c07349b..2c044e12 100644
--- a/settings/remarks/microsoft.monitor/remarks.json
+++ b/settings/remarks/microsoft.monitor/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/accounts/privateendpointconnections/main.tf",
       "Description": "A basic example of deploying Monitor Accounts Private Endpoint Connections."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Monitor/accounts",
+      "Path": "samples/accounts/main.bicep",
+      "Description": "A basic example of deploying Azure Monitor Workspace."
+    },
+    {
+      "ResourceType": "Microsoft.Monitor/accounts/privateEndpointConnections",
+      "Path": "samples/accounts/privateendpointconnections/main.bicep",
+      "Description": "A basic example of deploying Monitor Accounts Private Endpoint Connections."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.monitor/samples/accounts/main.bicep b/settings/remarks/microsoft.monitor/samples/accounts/main.bicep
new file mode 100644
index 00000000..feaac301
--- /dev/null
+++ b/settings/remarks/microsoft.monitor/samples/accounts/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource account 'Microsoft.Monitor/accounts@2023-04-03' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.monitor/samples/accounts/privateendpointconnections/main.bicep b/settings/remarks/microsoft.monitor/samples/accounts/privateendpointconnections/main.bicep
new file mode 100644
index 00000000..0c9d0885
--- /dev/null
+++ b/settings/remarks/microsoft.monitor/samples/accounts/privateendpointconnections/main.bicep
@@ -0,0 +1,64 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource account 'Microsoft.Monitor/accounts@2023-04-03' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Disabled'
+  }
+}
+
+resource grafana 'Microsoft.Dashboard/grafana@2023-09-01' = {
+  name: resourceName
+  location: location
+  identity: {
+    type: 'None'
+    userAssignedIdentities: null
+  }
+  properties: {
+    apiKey: 'Disabled'
+    autoGeneratedDomainNameLabelScope: 'TenantReuse'
+    deterministicOutboundIP: 'Disabled'
+    grafanaIntegrations: {
+      azureMonitorWorkspaceIntegrations: [
+        {
+          azureMonitorWorkspaceResourceId: account.id
+        }
+      ]
+    }
+    publicNetworkAccess: 'Disabled'
+    zoneRedundancy: 'Disabled'
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource grafanaManagedPrivateEndpointConnectionApproval 'Microsoft.Monitor/accounts/privateEndpointConnections@2023-04-03' = {
+  parent: account
+  name: 'account.properties.privateEndpointConnections[0].name'
+  properties: {
+    privateLinkServiceConnectionState: {
+      actionsRequired: 'None'
+      description: 'Approved via Terraform'
+      status: 'Approved'
+    }
+  }
+  dependsOn: [
+    managedPrivateEndpoint
+  ]
+}
+
+resource managedPrivateEndpoint 'Microsoft.Dashboard/grafana/managedPrivateEndpoints@2023-09-01' = {
+  parent: grafana
+  name: resourceName
+  location: location
+  properties: {
+    groupIds: [
+      'prometheusMetrics'
+    ]
+    privateLinkResourceId: account.id
+    privateLinkResourceRegion: 'eastus'
+  }
+}
diff --git a/settings/remarks/microsoft.netapp/remarks.json b/settings/remarks/microsoft.netapp/remarks.json
index 6ed34907..23f56689 100644
--- a/settings/remarks/microsoft.netapp/remarks.json
+++ b/settings/remarks/microsoft.netapp/remarks.json
@@ -41,5 +41,47 @@
       "Path": "samples/netappaccounts/snapshotpolicies/main.tf",
       "Description": "A basic example of deploying NetApp Snapshot Policy."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.NetApp/netAppAccounts",
+      "Path": "samples/netappaccounts/main.bicep",
+      "Description": "A basic example of deploying NetApp Account."
+    },
+    {
+      "ResourceType": "Microsoft.NetApp/netAppAccounts/backupPolicies",
+      "Path": "samples/netappaccounts/backuppolicies/main.bicep",
+      "Description": "A basic example of deploying NetApp Backup Policy."
+    },
+    {
+      "ResourceType": "Microsoft.NetApp/netAppAccounts/backupVaults",
+      "Path": "samples/netappaccounts/backupvaults/main.bicep",
+      "Description": "A basic example of deploying NetApp Backup Vault."
+    },
+    {
+      "ResourceType": "Microsoft.NetApp/netAppAccounts/capacityPools",
+      "Path": "samples/netappaccounts/capacitypools/main.bicep",
+      "Description": "A basic example of deploying Pool within a NetApp Account."
+    },
+    {
+      "ResourceType": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes",
+      "Path": "samples/netappaccounts/capacitypools/volumes/main.bicep",
+      "Description": "A basic example of deploying NetApp Volume."
+    },
+    {
+      "ResourceType": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots",
+      "Path": "samples/netappaccounts/capacitypools/volumes/snapshots/main.bicep",
+      "Description": "A basic example of deploying NetApp Snapshot."
+    },
+    {
+      "ResourceType": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/volumeQuotaRules",
+      "Path": "samples/netappaccounts/capacitypools/volumes/volumequotarules/main.bicep",
+      "Description": "A basic example of deploying Volume Quota Rule."
+    },
+    {
+      "ResourceType": "Microsoft.NetApp/netAppAccounts/snapshotPolicies",
+      "Path": "samples/netappaccounts/snapshotpolicies/main.bicep",
+      "Description": "A basic example of deploying NetApp Snapshot Policy."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.netapp/samples/netappaccounts/backuppolicies/main.bicep b/settings/remarks/microsoft.netapp/samples/netappaccounts/backuppolicies/main.bicep
new file mode 100644
index 00000000..0a338a03
--- /dev/null
+++ b/settings/remarks/microsoft.netapp/samples/netappaccounts/backuppolicies/main.bicep
@@ -0,0 +1,20 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2025-01-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
+
+resource backupPolicy 'Microsoft.NetApp/netAppAccounts/backupPolicies@2025-01-01' = {
+  parent: netAppAccount
+  name: '${resourceName}-policy'
+  location: location
+  properties: {
+    dailyBackupsToKeep: 2
+    enabled: true
+    monthlyBackupsToKeep: 1
+    weeklyBackupsToKeep: 1
+  }
+}
diff --git a/settings/remarks/microsoft.netapp/samples/netappaccounts/backupvaults/main.bicep b/settings/remarks/microsoft.netapp/samples/netappaccounts/backupvaults/main.bicep
new file mode 100644
index 00000000..edd441bd
--- /dev/null
+++ b/settings/remarks/microsoft.netapp/samples/netappaccounts/backupvaults/main.bicep
@@ -0,0 +1,14 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2025-01-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
+
+resource backupVault 'Microsoft.NetApp/netAppAccounts/backupVaults@2025-01-01' = {
+  parent: netAppAccount
+  name: '${resourceName}-backupvault'
+  location: location
+}
diff --git a/settings/remarks/microsoft.netapp/samples/netappaccounts/capacitypools/main.bicep b/settings/remarks/microsoft.netapp/samples/netappaccounts/capacitypools/main.bicep
new file mode 100644
index 00000000..39beab5f
--- /dev/null
+++ b/settings/remarks/microsoft.netapp/samples/netappaccounts/capacitypools/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+param location string = 'centralus'
+
+resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2022-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    activeDirectories: []
+  }
+  tags: {
+    SkipASMAzSecPack: 'true'
+  }
+}
+
+resource capacityPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2022-05-01' = {
+  parent: netAppAccount
+  name: resourceName
+  location: location
+  properties: {
+    serviceLevel: 'Standard'
+    size: 4398046511104
+  }
+  tags: {
+    SkipASMAzSecPack: 'true'
+  }
+}
diff --git a/settings/remarks/microsoft.netapp/samples/netappaccounts/capacitypools/volumes/main.bicep b/settings/remarks/microsoft.netapp/samples/netappaccounts/capacitypools/volumes/main.bicep
new file mode 100644
index 00000000..18cd550e
--- /dev/null
+++ b/settings/remarks/microsoft.netapp/samples/netappaccounts/capacitypools/volumes/main.bicep
@@ -0,0 +1,116 @@
+param resourceName string = 'acctest0001'
+param location string = 'centralus'
+
+resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2022-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    activeDirectories: []
+  }
+  tags: {
+    SkipASMAzSecPack: 'true'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.6.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+  tags: {
+    SkipASMAzSecPack: 'true'
+  }
+}
+
+resource capacityPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2022-05-01' = {
+  parent: netAppAccount
+  name: resourceName
+  location: location
+  properties: {
+    serviceLevel: 'Standard'
+    size: 4398046511104
+  }
+  tags: {
+    SkipASMAzSecPack: 'true'
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'GatewaySubnet'
+  properties: {
+    addressPrefix: '10.6.1.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
+
+resource subnet2 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.6.2.0/24'
+    delegations: [
+      {
+        name: 'testdelegation'
+        properties: {
+          serviceName: 'Microsoft.Netapp/volumes'
+        }
+      }
+    ]
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
+
+resource volume 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2022-05-01' = {
+  parent: capacityPool
+  name: resourceName
+  location: location
+  properties: {
+    avsDataStore: 'Enabled'
+    creationToken: 'my-unique-file-path-230630034120103726'
+    dataProtection: {}
+    exportPolicy: {
+      rules: [
+        {
+          allowedClients: '0.0.0.0/0'
+          cifs: false
+          hasRootAccess: true
+          nfsv3: true
+          nfsv41: false
+          ruleIndex: 1
+          unixReadOnly: false
+          unixReadWrite: true
+        }
+      ]
+    }
+    networkFeatures: 'Basic'
+    protocolTypes: [
+      'NFSv3'
+    ]
+    serviceLevel: 'Standard'
+    snapshotDirectoryVisible: true
+    subnetId: subnet2.id
+    usageThreshold: 107374182400
+    volumeType: ''
+  }
+  tags: {
+    SkipASMAzSecPack: 'true'
+  }
+  zones: []
+}
diff --git a/settings/remarks/microsoft.netapp/samples/netappaccounts/capacitypools/volumes/snapshots/main.bicep b/settings/remarks/microsoft.netapp/samples/netappaccounts/capacitypools/volumes/snapshots/main.bicep
new file mode 100644
index 00000000..e44656a4
--- /dev/null
+++ b/settings/remarks/microsoft.netapp/samples/netappaccounts/capacitypools/volumes/snapshots/main.bicep
@@ -0,0 +1,88 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2022-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    activeDirectories: []
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource capacityPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2022-05-01' = {
+  parent: netAppAccount
+  name: resourceName
+  location: location
+  properties: {
+    serviceLevel: 'Premium'
+    size: 4398046511104
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: [
+      {
+        name: 'netapp'
+        properties: {
+          serviceName: 'Microsoft.Netapp/volumes'
+        }
+      }
+    ]
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
+
+resource volume 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2022-05-01' = {
+  parent: capacityPool
+  name: resourceName
+  location: location
+  properties: {
+    avsDataStore: 'Disabled'
+    creationToken: 'my-unique-file-path-230630033642692134'
+    dataProtection: {}
+    exportPolicy: {
+      rules: []
+    }
+    networkFeatures: 'Basic'
+    protocolTypes: [
+      'NFSv3'
+    ]
+    securityStyle: 'Unix'
+    serviceLevel: 'Premium'
+    snapshotDirectoryVisible: false
+    snapshotId: ''
+    subnetId: subnet.id
+    usageThreshold: 107374182400
+    volumeType: ''
+  }
+  zones: []
+}
+
+resource snapshot 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots@2022-05-01' = {
+  parent: volume
+  name: resourceName
+  location: location
+}
diff --git a/settings/remarks/microsoft.netapp/samples/netappaccounts/capacitypools/volumes/volumequotarules/main.bicep b/settings/remarks/microsoft.netapp/samples/netappaccounts/capacitypools/volumes/volumequotarules/main.bicep
new file mode 100644
index 00000000..7c333bc5
--- /dev/null
+++ b/settings/remarks/microsoft.netapp/samples/netappaccounts/capacitypools/volumes/volumequotarules/main.bicep
@@ -0,0 +1,98 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2025-01-01' = {
+  name: '${resourceName}-acct'
+  location: location
+  properties: {}
+}
+
+resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2024-05-01' = {
+  name: '${resourceName}-nsg'
+  location: location
+  properties: {
+    securityRules: []
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
+  name: '${resourceName}-vnet'
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.88.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource capacityPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2025-01-01' = {
+  parent: netAppAccount
+  name: '${resourceName}-pool'
+  location: location
+  properties: {
+    coolAccess: false
+    encryptionType: 'Single'
+    qosType: 'Auto'
+    serviceLevel: 'Standard'
+    size: 4398046511104
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
+  parent: virtualNetwork
+  name: '${resourceName}-subnet'
+  properties: {
+    addressPrefix: '10.88.2.0/24'
+    defaultOutboundAccess: true
+    delegations: [
+      {
+        name: 'netapp-delegation'
+        properties: {
+          serviceName: 'Microsoft.NetApp/volumes'
+        }
+      }
+    ]
+    networkSecurityGroup: {
+      id: networkSecurityGroup.id
+    }
+    privateEndpointNetworkPolicies: 'Disabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
+
+resource volume 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2025-01-01' = {
+  parent: capacityPool
+  name: '${resourceName}-vol'
+  location: location
+  properties: {
+    creationToken: 'acctest0001-path'
+    dataProtection: {}
+    exportPolicy: {
+      rules: []
+    }
+    protocolTypes: [
+      'NFSv3'
+    ]
+    serviceLevel: 'Standard'
+    subnetId: subnet.id
+    usageThreshold: 107374182400
+  }
+}
+
+resource volumeQuotaRule 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes/volumeQuotaRules@2025-01-01' = {
+  parent: volume
+  name: '${resourceName}-quota'
+  location: location
+  properties: {
+    quotaSizeInKiBs: 2048
+    quotaType: 'DefaultGroupQuota'
+  }
+}
diff --git a/settings/remarks/microsoft.netapp/samples/netappaccounts/main.bicep b/settings/remarks/microsoft.netapp/samples/netappaccounts/main.bicep
new file mode 100644
index 00000000..850f5955
--- /dev/null
+++ b/settings/remarks/microsoft.netapp/samples/netappaccounts/main.bicep
@@ -0,0 +1,13 @@
+param resourceName string = 'acctest0001'
+param location string = 'centralus'
+
+resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2022-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    activeDirectories: []
+  }
+  tags: {
+    SkipASMAzSecPack: 'true'
+  }
+}
diff --git a/settings/remarks/microsoft.netapp/samples/netappaccounts/snapshotpolicies/main.bicep b/settings/remarks/microsoft.netapp/samples/netappaccounts/snapshotpolicies/main.bicep
new file mode 100644
index 00000000..dcdd13a9
--- /dev/null
+++ b/settings/remarks/microsoft.netapp/samples/netappaccounts/snapshotpolicies/main.bicep
@@ -0,0 +1,40 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus2'
+
+resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2022-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    activeDirectories: []
+  }
+}
+
+resource snapshotPolicy 'Microsoft.NetApp/netAppAccounts/snapshotPolicies@2022-05-01' = {
+  parent: netAppAccount
+  name: resourceName
+  location: location
+  properties: {
+    dailySchedule: {
+      hour: 22
+      minute: 15
+      snapshotsToKeep: 1
+    }
+    enabled: true
+    hourlySchedule: {
+      minute: 15
+      snapshotsToKeep: 1
+    }
+    monthlySchedule: {
+      daysOfMonth: '30,15,1'
+      hour: 5
+      minute: 0
+      snapshotsToKeep: 1
+    }
+    weeklySchedule: {
+      day: 'Monday,Friday'
+      hour: 23
+      minute: 0
+      snapshotsToKeep: 1
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.network/remarks.json b/settings/remarks/microsoft.network/remarks.json
index 2822eb84..d880b30b 100644
--- a/settings/remarks/microsoft.network/remarks.json
+++ b/settings/remarks/microsoft.network/remarks.json
@@ -528,5 +528,492 @@
       "Path": "samples/vpnsites/main.tf",
       "Description": "A basic example of deploying VPN Site."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies",
+      "Path": "samples/applicationgatewaywebapplicationfirewallpolicies/main.bicep",
+      "Description": "A basic example of deploying Azure Web Application Firewall Policy instance."
+    },
+    {
+      "ResourceType": "Microsoft.Network/ExpressRoutePorts",
+      "Path": "samples/expressrouteports/main.bicep",
+      "Description": "A basic example of deploying Express Route Port."
+    },
+    {
+      "ResourceType": "Microsoft.Network/FrontDoorWebApplicationFirewallPolicies",
+      "Path": "samples/frontdoorwebapplicationfirewallpolicies/main.bicep",
+      "Description": "A basic example of deploying Front Door Firewall Policy instance."
+    },
+    {
+      "ResourceType": "Microsoft.Network/applicationGateways",
+      "Path": "samples/applicationgateways/main.bicep",
+      "Description": "A basic example of deploying Application Gateway."
+    },
+    {
+      "ResourceType": "Microsoft.Network/applicationSecurityGroups",
+      "Path": "samples/applicationsecuritygroups/main.bicep",
+      "Description": "A basic example of deploying Application Security Group."
+    },
+    {
+      "ResourceType": "Microsoft.Network/azureFirewalls",
+      "Path": "samples/azurefirewalls/main.bicep",
+      "Description": "A basic example of deploying Azure Firewall."
+    },
+    {
+      "ResourceType": "Microsoft.Network/bastionHosts",
+      "Path": "samples/bastionhosts/main.bicep",
+      "Description": "A basic example of deploying Bastion Host."
+    },
+    {
+      "ResourceType": "Microsoft.Network/ddosProtectionPlans",
+      "Path": "samples/ddosprotectionplans/main.bicep",
+      "Description": "A basic example of deploying Azure Network DDoS Protection Plan."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsForwardingRulesets",
+      "Path": "samples/dnsforwardingrulesets/main.bicep",
+      "Description": "A basic example of deploying Private DNS Resolver Dns Forwarding Ruleset."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsForwardingRulesets/forwardingRules",
+      "Path": "samples/dnsforwardingrulesets/forwardingrules/main.bicep",
+      "Description": "A basic example of deploying Private DNS Resolver Forwarding Rule."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks",
+      "Path": "samples/dnsforwardingrulesets/virtualnetworklinks/main.bicep",
+      "Description": "A basic example of deploying Private DNS Resolver Virtual Network Link."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsResolvers",
+      "Path": "samples/dnsresolvers/main.bicep",
+      "Description": "A basic example of deploying Private DNS Resolver."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsResolvers/inboundEndpoints",
+      "Path": "samples/dnsresolvers/inboundendpoints/main.bicep",
+      "Description": "A basic example of deploying Private DNS Resolver Inbound Endpoint."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsResolvers/outboundEndpoints",
+      "Path": "samples/dnsresolvers/outboundendpoints/main.bicep",
+      "Description": "A basic example of deploying Private DNS Resolver Outbound Endpoint."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsZones",
+      "Path": "samples/dnszones/main.bicep",
+      "Description": "A basic example of deploying DNS Zone."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsZones/A",
+      "Path": "samples/dnszones/a/main.bicep",
+      "Description": "A basic example of deploying DNS A Record."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsZones/AAAA",
+      "Path": "samples/dnszones/aaaa/main.bicep",
+      "Description": "A basic example of deploying DNS AAAA Record."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsZones/CAA",
+      "Path": "samples/dnszones/caa/main.bicep",
+      "Description": "A basic example of deploying DNS CAA Record."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsZones/CNAME",
+      "Path": "samples/dnszones/cname/main.bicep",
+      "Description": "A basic example of deploying DNS CNAME Record."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsZones/MX",
+      "Path": "samples/dnszones/mx/main.bicep",
+      "Description": "A basic example of deploying DNS MX Record."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsZones/NS",
+      "Path": "samples/dnszones/ns/main.bicep",
+      "Description": "A basic example of deploying DNS NS Record."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsZones/PTR",
+      "Path": "samples/dnszones/ptr/main.bicep",
+      "Description": "A basic example of deploying DNS PTR Record."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsZones/SRV",
+      "Path": "samples/dnszones/srv/main.bicep",
+      "Description": "A basic example of deploying DNS SRV Record."
+    },
+    {
+      "ResourceType": "Microsoft.Network/dnsZones/TXT",
+      "Path": "samples/dnszones/txt/main.bicep",
+      "Description": "A basic example of deploying DNS TXT Record."
+    },
+    {
+      "ResourceType": "Microsoft.Network/expressRouteCircuits",
+      "Path": "samples/expressroutecircuits/main.bicep",
+      "Description": "A basic example of deploying ExpressRoute circuit."
+    },
+    {
+      "ResourceType": "Microsoft.Network/expressRouteCircuits/authorizations",
+      "Path": "samples/expressroutecircuits/authorizations/main.bicep",
+      "Description": "A basic example of deploying ExpressRoute Circuit Authorization."
+    },
+    {
+      "ResourceType": "Microsoft.Network/expressRouteCircuits/peerings",
+      "Path": "samples/expressroutecircuits/peerings/main.bicep",
+      "Description": "A basic example of deploying ExpressRoute Circuit Peering."
+    },
+    {
+      "ResourceType": "Microsoft.Network/expressRouteCircuits/peerings/connections",
+      "Path": "samples/expressroutecircuits/peerings/connections/main.bicep",
+      "Description": "A basic example of deploying Express Route Circuit Connection."
+    },
+    {
+      "ResourceType": "Microsoft.Network/expressRouteGateways",
+      "Path": "samples/expressroutegateways/main.bicep",
+      "Description": "A basic example of deploying ExpressRoute gateway."
+    },
+    {
+      "ResourceType": "Microsoft.Network/expressRouteGateways/expressRouteConnections",
+      "Path": "samples/expressroutegateways/expressrouteconnections/main.bicep",
+      "Description": "A basic example of deploying Express Route Connection."
+    },
+    {
+      "ResourceType": "Microsoft.Network/expressRoutePorts/authorizations",
+      "Path": "samples/expressrouteports/authorizations/main.bicep",
+      "Description": "A basic example of deploying ExpressRoute Port Authorization."
+    },
+    {
+      "ResourceType": "Microsoft.Network/firewallPolicies",
+      "Path": "samples/firewallpolicies/main.bicep",
+      "Description": "A basic example of deploying Firewall Policy."
+    },
+    {
+      "ResourceType": "Microsoft.Network/firewallPolicies/ruleCollectionGroups",
+      "Path": "samples/firewallpolicies/rulecollectiongroups/main.bicep",
+      "Description": "A basic example of deploying Firewall Policy Rule Collection Group."
+    },
+    {
+      "ResourceType": "Microsoft.Network/ipGroups",
+      "Path": "samples/ipgroups/main.bicep",
+      "Description": "A basic example of deploying IP group which contains a list of CIDRs and/or IP addresses."
+    },
+    {
+      "ResourceType": "Microsoft.Network/loadBalancers",
+      "Path": "samples/loadbalancers/main.bicep",
+      "Description": "A basic example of deploying Load Balancer Resource."
+    },
+    {
+      "ResourceType": "Microsoft.Network/loadBalancers/backendAddressPools",
+      "Path": "samples/loadbalancers/backendaddresspools/main.bicep",
+      "Description": "A basic example of deploying Load Balancer Backend Address Pool."
+    },
+    {
+      "ResourceType": "Microsoft.Network/localNetworkGateways",
+      "Path": "samples/localnetworkgateways/main.bicep",
+      "Description": "A basic example of deploying local network gateway connection over which specific connections can be configured."
+    },
+    {
+      "ResourceType": "Microsoft.Network/natGateways",
+      "Path": "samples/natgateways/main.bicep",
+      "Description": "A basic example of deploying Azure NAT Gateway."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkInterfaces",
+      "Path": "samples/networkinterfaces/main.bicep",
+      "Description": "A basic example of deploying Network Interface."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkManagers",
+      "Path": "samples/networkmanagers/main.bicep",
+      "Description": "A basic example of deploying Network Manager."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkManagers/connectivityConfigurations",
+      "Path": "samples/networkmanagers/connectivityconfigurations/main.bicep",
+      "Description": "A basic example of deploying Network Manager Connectivity Configuration."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkManagers/ipamPools",
+      "Path": "samples/networkmanagers/ipampools/main.bicep",
+      "Description": "A basic example of deploying Network Managers IPAM Pools."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkManagers/ipamPools/staticCidr",
+      "Path": "samples/networkmanagers/ipampools/staticcidr/main.bicep",
+      "Description": "A basic example of deploying Network Managers IPAM Pools Static CIDR."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkManagers/networkGroups",
+      "Path": "samples/networkmanagers/networkgroups/main.bicep",
+      "Description": "A basic example of deploying Network Manager Network Group."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkManagers/networkGroups/staticMembers",
+      "Path": "samples/networkmanagers/networkgroups/staticmembers/main.bicep",
+      "Description": "A basic example of deploying Network Manager Static Member."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkManagers/scopeConnections",
+      "Path": "samples/networkmanagers/scopeconnections/main.bicep",
+      "Description": "A basic example of deploying Network Manager Scope Connection."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkManagers/securityAdminConfigurations",
+      "Path": "samples/networkmanagers/securityadminconfigurations/main.bicep",
+      "Description": "A basic example of deploying Network Manager Security Admin Configuration."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections",
+      "Path": "samples/networkmanagers/securityadminconfigurations/rulecollections/main.bicep",
+      "Description": "A basic example of deploying Network Manager Admin Rule Collection."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
+      "Path": "samples/networkmanagers/securityadminconfigurations/rulecollections/rules/main.bicep",
+      "Description": "A basic example of deploying Network Manager Admin Rule."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkManagers/verifierWorkspace",
+      "Path": "samples/networkmanagers/verifierworkspace/main.bicep",
+      "Description": "A basic example of deploying Network Managers Verifier Workspace."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkManagers/verifierWorkspace/reachabilityAnalysisIntent",
+      "Path": "samples/networkmanagers/verifierworkspace/reachabilityanalysisintent/main.bicep",
+      "Description": "A basic example of deploying Network Managers Verifier Workspace Reachability Analysis Intent."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkManagers/verifierWorkspace/reachabilityAnalysisIntent/reachabilityAnalysisRun",
+      "Path": "samples/networkmanagers/verifierworkspace/reachabilityanalysisintent/reachabilityanalysisrun/main.bicep",
+      "Description": "A basic example of deploying Network Managers Verifier Workspace Reachability Analysis Run."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkProfiles",
+      "Path": "samples/networkprofiles/main.bicep",
+      "Description": "A basic example of deploying Network Profile."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkSecurityGroups",
+      "Path": "samples/networksecuritygroups/main.bicep",
+      "Description": "A basic example of deploying network security group that contains a list of network security rules. Network security groups enable inbound or outbound traffic to be enabled or denied."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkSecurityGroups/securityRules",
+      "Path": "samples/networksecuritygroups/securityrules/main.bicep",
+      "Description": "A basic example of deploying Network Security Rule."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkWatchers/flowLogs",
+      "Path": "samples/networkwatchers/flowlogs/main.bicep",
+      "Description": "A basic example of deploying Network Watcher Flow Log."
+    },
+    {
+      "ResourceType": "Microsoft.Network/networkWatchers/packetCaptures",
+      "Path": "samples/networkwatchers/packetcaptures/main.bicep",
+      "Description": "A basic example of deploying Configures Packet Capturing against a Virtual Machine using a Network Watcher."
+    },
+    {
+      "ResourceType": "Microsoft.Network/p2svpnGateways",
+      "Path": "samples/p2svpngateways/main.bicep",
+      "Description": "A basic example of deploying Point-to-Site VPN Gateway."
+    },
+    {
+      "ResourceType": "Microsoft.Network/privateDnsZones",
+      "Path": "samples/privatednszones/main.bicep",
+      "Description": "A basic example of deploying Private DNS Zone."
+    },
+    {
+      "ResourceType": "Microsoft.Network/privateDnsZones/A",
+      "Path": "samples/privatednszones/a/main.bicep",
+      "Description": "A basic example of deploying Private DNS A Record."
+    },
+    {
+      "ResourceType": "Microsoft.Network/privateDnsZones/AAAA",
+      "Path": "samples/privatednszones/aaaa/main.bicep",
+      "Description": "A basic example of deploying Private DNS AAAA Record."
+    },
+    {
+      "ResourceType": "Microsoft.Network/privateDnsZones/CNAME",
+      "Path": "samples/privatednszones/cname/main.bicep",
+      "Description": "A basic example of deploying Private DNS CNAME Record."
+    },
+    {
+      "ResourceType": "Microsoft.Network/privateDnsZones/MX",
+      "Path": "samples/privatednszones/mx/main.bicep",
+      "Description": "A basic example of deploying Private DNS Zones MX."
+    },
+    {
+      "ResourceType": "Microsoft.Network/privateDnsZones/PTR",
+      "Path": "samples/privatednszones/ptr/main.bicep",
+      "Description": "A basic example of deploying Private DNS PTR Record."
+    },
+    {
+      "ResourceType": "Microsoft.Network/privateDnsZones/SRV",
+      "Path": "samples/privatednszones/srv/main.bicep",
+      "Description": "A basic example of deploying Private DNS SRV Record."
+    },
+    {
+      "ResourceType": "Microsoft.Network/privateDnsZones/TXT",
+      "Path": "samples/privatednszones/txt/main.bicep",
+      "Description": "A basic example of deploying Private DNS TXT Record."
+    },
+    {
+      "ResourceType": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
+      "Path": "samples/privatednszones/virtualnetworklinks/main.bicep",
+      "Description": "A basic example of deploying Private DNS Zone Virtual Network Link."
+    },
+    {
+      "ResourceType": "Microsoft.Network/privateEndpoints",
+      "Path": "samples/privateendpoints/main.bicep",
+      "Description": "A basic example of deploying Private Endpoint."
+    },
+    {
+      "ResourceType": "Microsoft.Network/privateLinkServices",
+      "Path": "samples/privatelinkservices/main.bicep",
+      "Description": "A basic example of deploying Private Link Service."
+    },
+    {
+      "ResourceType": "Microsoft.Network/publicIPAddresses",
+      "Path": "samples/publicipaddresses/main.bicep",
+      "Description": "A basic example of deploying Public IP Address."
+    },
+    {
+      "ResourceType": "Microsoft.Network/publicIPPrefixes",
+      "Path": "samples/publicipprefixes/main.bicep",
+      "Description": "A basic example of deploying Public IP Prefix."
+    },
+    {
+      "ResourceType": "Microsoft.Network/routeFilters",
+      "Path": "samples/routefilters/main.bicep",
+      "Description": "A basic example of deploying Route Filter."
+    },
+    {
+      "ResourceType": "Microsoft.Network/routeTables",
+      "Path": "samples/routetables/main.bicep",
+      "Description": "A basic example of deploying Route Table."
+    },
+    {
+      "ResourceType": "Microsoft.Network/routeTables/routes",
+      "Path": "samples/routetables/routes/main.bicep",
+      "Description": "A basic example of deploying Route within a Route Table."
+    },
+    {
+      "ResourceType": "Microsoft.Network/securityPartnerProviders",
+      "Path": "samples/securitypartnerproviders/main.bicep",
+      "Description": "A basic example of deploying Security Partner Provider which could be associated to virtual hub."
+    },
+    {
+      "ResourceType": "Microsoft.Network/serviceEndpointPolicies",
+      "Path": "samples/serviceendpointpolicies/main.bicep",
+      "Description": "A basic example of deploying Subnet Service Endpoint Storage Policy."
+    },
+    {
+      "ResourceType": "Microsoft.Network/trafficManagerProfiles",
+      "Path": "samples/trafficmanagerprofiles/main.bicep",
+      "Description": "A basic example of deploying Traffic Manager Profile."
+    },
+    {
+      "ResourceType": "Microsoft.Network/trafficManagerProfiles/AzureEndpoints",
+      "Path": "samples/trafficmanagerprofiles/azureendpoints/main.bicep",
+      "Description": "A basic example of deploying Azure Endpoint within a Traffic Manager Profile."
+    },
+    {
+      "ResourceType": "Microsoft.Network/trafficManagerProfiles/ExternalEndpoints",
+      "Path": "samples/trafficmanagerprofiles/externalendpoints/main.bicep",
+      "Description": "A basic example of deploying External Endpoint within a Traffic Manager Profile."
+    },
+    {
+      "ResourceType": "Microsoft.Network/trafficManagerProfiles/NestedEndpoints",
+      "Path": "samples/trafficmanagerprofiles/nestedendpoints/main.bicep",
+      "Description": "A basic example of deploying Nested Endpoint within a Traffic Manager Profile."
+    },
+    {
+      "ResourceType": "Microsoft.Network/virtualHubs",
+      "Path": "samples/virtualhubs/main.bicep",
+      "Description": "A basic example of deploying Virtual Hub within a Virtual WAN."
+    },
+    {
+      "ResourceType": "Microsoft.Network/virtualHubs/hubVirtualNetworkConnections",
+      "Path": "samples/virtualhubs/hubvirtualnetworkconnections/main.bicep",
+      "Description": "A basic example of deploying Connection for a Virtual Hub."
+    },
+    {
+      "ResourceType": "Microsoft.Network/virtualHubs/ipConfigurations",
+      "Path": "samples/virtualhubs/ipconfigurations/main.bicep",
+      "Description": "A basic example of deploying Virtual Hub IP. This resource is also known as a Route Server."
+    },
+    {
+      "ResourceType": "Microsoft.Network/virtualNetworkGateways",
+      "Path": "samples/virtualnetworkgateways/main.bicep",
+      "Description": "A basic example of deploying virtual network gateway to establish secure, cross-premises connectivity."
+    },
+    {
+      "ResourceType": "Microsoft.Network/virtualNetworkGateways/natRules",
+      "Path": "samples/virtualnetworkgateways/natrules/main.bicep",
+      "Description": "A basic example of deploying Virtual Network Gateway Nat Rule."
+    },
+    {
+      "ResourceType": "Microsoft.Network/virtualNetworks",
+      "Path": "samples/virtualnetworks/main.bicep",
+      "Description": "A basic example of deploying virtual network including any configured subnets."
+    },
+    {
+      "ResourceType": "Microsoft.Network/virtualNetworks",
+      "Path": "samples/virtualnetworks/withipampool/main.bicep",
+      "Description": "A withipampool example of deploying virtual network including any configured subnets."
+    },
+    {
+      "ResourceType": "Microsoft.Network/virtualNetworks/subnets",
+      "Path": "samples/virtualnetworks/subnets/main.bicep",
+      "Description": "A basic example of deploying subnet which represent network segments within the IP space defined by the virtual network."
+    },
+    {
+      "ResourceType": "Microsoft.Network/virtualNetworks/subnets",
+      "Path": "samples/virtualnetworks/subnets/withipampool/main.bicep",
+      "Description": "A withipampool example of deploying subnet which represent network segments within the IP space defined by the virtual network."
+    },
+    {
+      "ResourceType": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
+      "Path": "samples/virtualnetworks/virtualnetworkpeerings/main.bicep",
+      "Description": "A basic example of deploying virtual network peering which allows resources to access other."
+    },
+    {
+      "ResourceType": "Microsoft.Network/virtualWans",
+      "Path": "samples/virtualwans/main.bicep",
+      "Description": "A basic example of deploying Virtual WAN."
+    },
+    {
+      "ResourceType": "Microsoft.Network/vpnGateways",
+      "Path": "samples/vpngateways/main.bicep",
+      "Description": "A basic example of deploying VPN Gateway within a Virtual Hub."
+    },
+    {
+      "ResourceType": "Microsoft.Network/vpnGateways/natRules",
+      "Path": "samples/vpngateways/natrules/main.bicep",
+      "Description": "A basic example of deploying VPN Gateway NAT Rule."
+    },
+    {
+      "ResourceType": "Microsoft.Network/vpnGateways/vpnConnections",
+      "Path": "samples/vpngateways/vpnconnections/main.bicep",
+      "Description": "A basic example of deploying VPN Gateway Connection."
+    },
+    {
+      "ResourceType": "Microsoft.Network/vpnServerConfigurations",
+      "Path": "samples/vpnserverconfigurations/main.bicep",
+      "Description": "A basic example of deploying VPN Server Configuration."
+    },
+    {
+      "ResourceType": "Microsoft.Network/vpnServerConfigurations/configurationPolicyGroups",
+      "Path": "samples/vpnserverconfigurations/configurationpolicygroups/main.bicep",
+      "Description": "A basic example of deploying VPN Server Configuration Policy Group."
+    },
+    {
+      "ResourceType": "Microsoft.Network/vpnSites",
+      "Path": "samples/vpnsites/main.bicep",
+      "Description": "A basic example of deploying VPN Site."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.network/samples/applicationgateways/main.bicep b/settings/remarks/microsoft.network/samples/applicationgateways/main.bicep
new file mode 100644
index 00000000..b3e58842
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/applicationgateways/main.bicep
@@ -0,0 +1,179 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource applicationGateway 'Microsoft.Network/applicationGateways@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    authenticationCertificates: []
+    backendAddressPools: [
+      {
+        name: '\'${virtualNetwork.name}-beap\''
+        properties: {
+          backendAddresses: []
+        }
+      }
+    ]
+    backendHttpSettingsCollection: [
+      {
+        name: '\'${virtualNetwork.name}-be-htst\''
+        properties: {
+          authenticationCertificates: []
+          cookieBasedAffinity: 'Disabled'
+          path: ''
+          pickHostNameFromBackendAddress: false
+          port: 80
+          protocol: 'Http'
+          requestTimeout: 1
+          trustedRootCertificates: []
+        }
+      }
+    ]
+    customErrorConfigurations: []
+    enableHttp2: false
+    frontendIPConfigurations: [
+      {
+        name: '\'${virtualNetwork.name}-feip\''
+        properties: {
+          privateIPAllocationMethod: 'Dynamic'
+          publicIPAddress: {
+            id: publicIPAddress.id
+          }
+        }
+      }
+    ]
+    frontendPorts: [
+      {
+        name: '\'${virtualNetwork.name}-feport\''
+        properties: {
+          port: 80
+        }
+      }
+    ]
+    gatewayIPConfigurations: [
+      {
+        name: 'my-gateway-ip-configuration'
+        properties: {
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+    httpListeners: [
+      {
+        name: '\'${virtualNetwork.name}-httplstn\''
+        properties: {
+          customErrorConfigurations: []
+          frontendIPConfiguration: {
+            id: resourceId(
+              'Microsoft.Network/applicationGateways/frontendIPConfigurations',
+              resourceName,
+              '${virtualNetwork.name}-feip'
+            )
+          }
+          frontendPort: {
+            id: resourceId(
+              'Microsoft.Network/applicationGateways/frontendPorts',
+              resourceName,
+              '${virtualNetwork.name}-feport'
+            )
+          }
+          protocol: 'Http'
+          requireServerNameIndication: false
+        }
+      }
+    ]
+    privateLinkConfigurations: []
+    probes: []
+    redirectConfigurations: []
+    requestRoutingRules: [
+      {
+        name: '${virtualNetwork.name}-rqrt'
+        properties: {
+          backendAddressPool: {
+            id: resourceId(
+              'Microsoft.Network/applicationGateways/backendAddressPools',
+              resourceName,
+              '${virtualNetwork.name}-beap'
+            )
+          }
+          backendHttpSettings: {
+            id: resourceId(
+              'Microsoft.Network/applicationGateways/backendHttpSettingsCollection',
+              resourceName,
+              '${virtualNetwork.name}-be-htst'
+            )
+          }
+          httpListener: {
+            id: resourceId(
+              'Microsoft.Network/applicationGateways/httpListeners',
+              resourceName,
+              '${virtualNetwork.name}-httplstn'
+            )
+          }
+          priority: 10
+          ruleType: 'Basic'
+        }
+      }
+    ]
+    rewriteRuleSets: []
+    sku: {
+      capacity: 2
+      name: 'Standard_v2'
+      tier: 'Standard_v2'
+    }
+    sslCertificates: []
+    sslPolicy: {}
+    sslProfiles: []
+    trustedClientCertificates: []
+    trustedRootCertificates: []
+    urlPathMaps: []
+  }
+}
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 4
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'subnet-230630033653837171'
+  properties: {
+    addressPrefix: '10.0.0.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Disabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/applicationgatewaywebapplicationfirewallpolicies/main.bicep b/settings/remarks/microsoft.network/samples/applicationgatewaywebapplicationfirewallpolicies/main.bicep
new file mode 100644
index 00000000..7ed3be50
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/applicationgatewaywebapplicationfirewallpolicies/main.bicep
@@ -0,0 +1,27 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource applicationgatewaywebapplicationfirewallpolicy 'Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    customRules: []
+    managedRules: {
+      exclusions: []
+      managedRuleSets: [
+        {
+          ruleGroupOverrides: []
+          ruleSetType: 'OWASP'
+          ruleSetVersion: '3.1'
+        }
+      ]
+    }
+    policySettings: {
+      fileUploadLimitInMb: 100
+      maxRequestBodySizeInKb: 128
+      mode: 'Detection'
+      requestBodyCheck: true
+      state: 'Enabled'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/applicationsecuritygroups/main.bicep b/settings/remarks/microsoft.network/samples/applicationsecuritygroups/main.bicep
new file mode 100644
index 00000000..06c73f8b
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/applicationsecuritygroups/main.bicep
@@ -0,0 +1,7 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource applicationSecurityGroup 'Microsoft.Network/applicationSecurityGroups@2022-09-01' = {
+  name: resourceName
+  location: location
+}
diff --git a/settings/remarks/microsoft.network/samples/azurefirewalls/main.bicep b/settings/remarks/microsoft.network/samples/azurefirewalls/main.bicep
new file mode 100644
index 00000000..8fecc621
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/azurefirewalls/main.bicep
@@ -0,0 +1,74 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource azureFirewall 'Microsoft.Network/azureFirewalls@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    additionalProperties: {}
+    ipConfigurations: [
+      {
+        name: 'configuration'
+        properties: {
+          publicIPAddress: {
+            id: publicIPAddress.id
+          }
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+    sku: {
+      name: 'AZFW_VNet'
+      tier: 'Standard'
+    }
+    threatIntelMode: 'Deny'
+  }
+}
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 4
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'AzureFirewallSubnet'
+  properties: {
+    addressPrefix: '10.0.1.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/bastionhosts/main.bicep b/settings/remarks/microsoft.network/samples/bastionhosts/main.bicep
new file mode 100644
index 00000000..df88de04
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/bastionhosts/main.bicep
@@ -0,0 +1,77 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource bastionHost 'Microsoft.Network/bastionHosts@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableCopyPaste: false
+    enableFileCopy: false
+    enableIpConnect: false
+    enableShareableLink: false
+    enableTunneling: false
+    ipConfigurations: [
+      {
+        name: 'ip-configuration'
+        properties: {
+          publicIPAddress: {
+            id: publicIPAddress.id
+          }
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+    scaleUnits: 2
+  }
+  sku: {
+    name: 'Basic'
+  }
+}
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 4
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '192.168.1.0/24'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'AzureBastionSubnet'
+  properties: {
+    addressPrefix: '192.168.1.224/27'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/ddosprotectionplans/main.bicep b/settings/remarks/microsoft.network/samples/ddosprotectionplans/main.bicep
new file mode 100644
index 00000000..bc42ef13
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/ddosprotectionplans/main.bicep
@@ -0,0 +1,7 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource ddosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2022-07-01' = {
+  name: resourceName
+  location: location
+}
diff --git a/settings/remarks/microsoft.network/samples/dnsforwardingrulesets/forwardingrules/main.bicep b/settings/remarks/microsoft.network/samples/dnsforwardingrulesets/forwardingrules/main.bicep
new file mode 100644
index 00000000..73629779
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnsforwardingrulesets/forwardingrules/main.bicep
@@ -0,0 +1,87 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource dnsForwardingRuleset 'Microsoft.Network/dnsForwardingRulesets@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    dnsResolverOutboundEndpoints: [
+      {
+        id: outboundEndpoint.id
+      }
+    ]
+  }
+}
+
+resource dnsResolver 'Microsoft.Network/dnsResolvers@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    virtualNetwork: {
+      id: virtualNetwork.id
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource forwardingRule 'Microsoft.Network/dnsForwardingRulesets/forwardingRules@2022-07-01' = {
+  parent: dnsForwardingRuleset
+  name: resourceName
+  properties: {
+    domainName: 'onprem.local.'
+    forwardingRuleState: 'Enabled'
+    metadata: null
+    targetDnsServers: [
+      {
+        ipAddress: '10.10.0.1'
+        port: 53
+      }
+    ]
+  }
+}
+
+resource outboundEndpoint 'Microsoft.Network/dnsResolvers/outboundEndpoints@2022-07-01' = {
+  parent: dnsResolver
+  name: resourceName
+  location: location
+  properties: {
+    subnet: {
+      id: subnet.id
+    }
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'outbounddns'
+  properties: {
+    addressPrefix: '10.0.0.64/28'
+    delegations: [
+      {
+        name: 'Microsoft.Network.dnsResolvers'
+        properties: {
+          serviceName: 'Microsoft.Network/dnsResolvers'
+        }
+      }
+    ]
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/dnsforwardingrulesets/main.bicep b/settings/remarks/microsoft.network/samples/dnsforwardingrulesets/main.bicep
new file mode 100644
index 00000000..ffcab7f1
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnsforwardingrulesets/main.bicep
@@ -0,0 +1,71 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource dnsForwardingRuleset 'Microsoft.Network/dnsForwardingRulesets@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    dnsResolverOutboundEndpoints: [
+      {
+        id: outboundEndpoint.id
+      }
+    ]
+  }
+}
+
+resource dnsResolver 'Microsoft.Network/dnsResolvers@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    virtualNetwork: {
+      id: virtualNetwork.id
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource outboundEndpoint 'Microsoft.Network/dnsResolvers/outboundEndpoints@2022-07-01' = {
+  parent: dnsResolver
+  name: resourceName
+  location: location
+  properties: {
+    subnet: {
+      id: subnet.id
+    }
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'outbounddns'
+  properties: {
+    addressPrefix: '10.0.0.64/28'
+    delegations: [
+      {
+        name: 'Microsoft.Network.dnsResolvers'
+        properties: {
+          serviceName: 'Microsoft.Network/dnsResolvers'
+        }
+      }
+    ]
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/dnsforwardingrulesets/virtualnetworklinks/main.bicep b/settings/remarks/microsoft.network/samples/dnsforwardingrulesets/virtualnetworklinks/main.bicep
new file mode 100644
index 00000000..77846a11
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnsforwardingrulesets/virtualnetworklinks/main.bicep
@@ -0,0 +1,82 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource dnsForwardingRuleset 'Microsoft.Network/dnsForwardingRulesets@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    dnsResolverOutboundEndpoints: [
+      {
+        id: outboundEndpoint.id
+      }
+    ]
+  }
+}
+
+resource dnsResolver 'Microsoft.Network/dnsResolvers@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    virtualNetwork: {
+      id: virtualNetwork.id
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource outboundEndpoint 'Microsoft.Network/dnsResolvers/outboundEndpoints@2022-07-01' = {
+  parent: dnsResolver
+  name: resourceName
+  location: location
+  properties: {
+    subnet: {
+      id: subnet.id
+    }
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'outbounddns'
+  properties: {
+    addressPrefix: '10.0.0.64/28'
+    delegations: [
+      {
+        name: 'Microsoft.Network.dnsResolvers'
+        properties: {
+          serviceName: 'Microsoft.Network/dnsResolvers'
+        }
+      }
+    ]
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
+
+resource virtualNetworkLink 'Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks@2022-07-01' = {
+  parent: dnsForwardingRuleset
+  name: resourceName
+  properties: {
+    metadata: null
+    virtualNetwork: {
+      id: virtualNetwork.id
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/dnsresolvers/inboundendpoints/main.bicep b/settings/remarks/microsoft.network/samples/dnsresolvers/inboundendpoints/main.bicep
new file mode 100644
index 00000000..09f716be
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnsresolvers/inboundendpoints/main.bicep
@@ -0,0 +1,64 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource dnsResolver 'Microsoft.Network/dnsResolvers@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    virtualNetwork: {
+      id: virtualNetwork.id
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource inboundEndpoint 'Microsoft.Network/dnsResolvers/inboundEndpoints@2022-07-01' = {
+  parent: dnsResolver
+  name: resourceName
+  location: location
+  properties: {
+    ipConfigurations: [
+      {
+        privateIpAllocationMethod: 'Dynamic'
+        subnet: {
+          id: subnet.id
+        }
+      }
+    ]
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'inbounddns'
+  properties: {
+    addressPrefix: '10.0.0.0/28'
+    delegations: [
+      {
+        name: 'Microsoft.Network.dnsResolvers'
+        properties: {
+          serviceName: 'Microsoft.Network/dnsResolvers'
+        }
+      }
+    ]
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/dnsresolvers/main.bicep b/settings/remarks/microsoft.network/samples/dnsresolvers/main.bicep
new file mode 100644
index 00000000..3b5fa7ee
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnsresolvers/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource dnsResolver 'Microsoft.Network/dnsResolvers@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    virtualNetwork: {
+      id: virtualNetwork.id
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/dnsresolvers/outboundendpoints/main.bicep b/settings/remarks/microsoft.network/samples/dnsresolvers/outboundendpoints/main.bicep
new file mode 100644
index 00000000..296a2511
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnsresolvers/outboundendpoints/main.bicep
@@ -0,0 +1,59 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource dnsResolver 'Microsoft.Network/dnsResolvers@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    virtualNetwork: {
+      id: virtualNetwork.id
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource outboundEndpoint 'Microsoft.Network/dnsResolvers/outboundEndpoints@2022-07-01' = {
+  parent: dnsResolver
+  name: resourceName
+  location: location
+  properties: {
+    subnet: {
+      id: subnet.id
+    }
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'outbounddns'
+  properties: {
+    addressPrefix: '10.0.0.64/28'
+    delegations: [
+      {
+        name: 'Microsoft.Network.dnsResolvers'
+        properties: {
+          serviceName: 'Microsoft.Network/dnsResolvers'
+        }
+      }
+    ]
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/dnszones/a/main.bicep b/settings/remarks/microsoft.network/samples/dnszones/a/main.bicep
new file mode 100644
index 00000000..5e37ee0f
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnszones/a/main.bicep
@@ -0,0 +1,24 @@
+param resourceName string = 'acctest0001'
+
+resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource a 'Microsoft.Network/dnsZones/A@2018-05-01' = {
+  parent: dnsZone
+  name: resourceName
+  properties: {
+    ARecords: [
+      {
+        ipv4Address: '1.2.4.5'
+      }
+      {
+        ipv4Address: '1.2.3.4'
+      }
+    ]
+    TTL: 300
+    metadata: {}
+    targetResource: {}
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/dnszones/aaaa/main.bicep b/settings/remarks/microsoft.network/samples/dnszones/aaaa/main.bicep
new file mode 100644
index 00000000..7ef00918
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnszones/aaaa/main.bicep
@@ -0,0 +1,24 @@
+param resourceName string = 'acctest0001'
+
+resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource aaaa 'Microsoft.Network/dnsZones/AAAA@2018-05-01' = {
+  parent: dnsZone
+  name: resourceName
+  properties: {
+    AAAARecords: [
+      {
+        ipv6Address: '2607:f8b0:4009:1803::1005'
+      }
+      {
+        ipv6Address: '2607:f8b0:4009:1803::1006'
+      }
+    ]
+    TTL: 300
+    metadata: {}
+    targetResource: {}
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/dnszones/caa/main.bicep b/settings/remarks/microsoft.network/samples/dnszones/caa/main.bicep
new file mode 100644
index 00000000..7e7dee80
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnszones/caa/main.bicep
@@ -0,0 +1,37 @@
+param resourceName string = 'acctest0001'
+
+resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource caa 'Microsoft.Network/dnsZones/CAA@2018-05-01' = {
+  parent: dnsZone
+  name: resourceName
+  properties: {
+    TTL: 300
+    caaRecords: [
+      {
+        flags: 1
+        tag: 'issuewild'
+        value: ';'
+      }
+      {
+        flags: 0
+        tag: 'iodef'
+        value: 'mailto:terraform@nonexist.tld'
+      }
+      {
+        flags: 0
+        tag: 'issue'
+        value: 'example.com'
+      }
+      {
+        flags: 0
+        tag: 'issue'
+        value: 'example.net'
+      }
+    ]
+    metadata: {}
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/dnszones/cname/main.bicep b/settings/remarks/microsoft.network/samples/dnszones/cname/main.bicep
new file mode 100644
index 00000000..9b298cce
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnszones/cname/main.bicep
@@ -0,0 +1,19 @@
+param resourceName string = 'acctest0001'
+
+resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource cname 'Microsoft.Network/dnsZones/CNAME@2018-05-01' = {
+  parent: dnsZone
+  name: resourceName
+  properties: {
+    CNAMERecord: {
+      cname: 'acctest0001.webpubsub.azure.com'
+    }
+    TTL: 3600
+    metadata: {}
+    targetResource: {}
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/dnszones/main.bicep b/settings/remarks/microsoft.network/samples/dnszones/main.bicep
new file mode 100644
index 00000000..c679cccb
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnszones/main.bicep
@@ -0,0 +1,6 @@
+param resourceName string = 'acctest0001'
+
+resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
diff --git a/settings/remarks/microsoft.network/samples/dnszones/mx/main.bicep b/settings/remarks/microsoft.network/samples/dnszones/mx/main.bicep
new file mode 100644
index 00000000..9fa632a5
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnszones/mx/main.bicep
@@ -0,0 +1,25 @@
+param resourceName string = 'acctest0001'
+
+resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource mx 'Microsoft.Network/dnsZones/MX@2018-05-01' = {
+  parent: dnsZone
+  name: resourceName
+  properties: {
+    MXRecords: [
+      {
+        exchange: 'mail2.contoso.com'
+        preference: 20
+      }
+      {
+        exchange: 'mail1.contoso.com'
+        preference: 10
+      }
+    ]
+    TTL: 300
+    metadata: {}
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/dnszones/ns/main.bicep b/settings/remarks/microsoft.network/samples/dnszones/ns/main.bicep
new file mode 100644
index 00000000..7ae8039a
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnszones/ns/main.bicep
@@ -0,0 +1,23 @@
+param resourceName string = 'acctest0001'
+
+resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource n 'Microsoft.Network/dnsZones/NS@2018-05-01' = {
+  parent: dnsZone
+  name: resourceName
+  properties: {
+    NSRecords: [
+      {
+        nsdname: 'ns1.contoso.com'
+      }
+      {
+        nsdname: 'ns2.contoso.com'
+      }
+    ]
+    TTL: 300
+    metadata: {}
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/dnszones/ptr/main.bicep b/settings/remarks/microsoft.network/samples/dnszones/ptr/main.bicep
new file mode 100644
index 00000000..fe68c394
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnszones/ptr/main.bicep
@@ -0,0 +1,23 @@
+param resourceName string = 'acctest0001'
+
+resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource ptr 'Microsoft.Network/dnsZones/PTR@2018-05-01' = {
+  parent: dnsZone
+  name: resourceName
+  properties: {
+    PTRRecords: [
+      {
+        ptrdname: 'hashicorp.com'
+      }
+      {
+        ptrdname: 'microsoft.com'
+      }
+    ]
+    TTL: 300
+    metadata: {}
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/dnszones/srv/main.bicep b/settings/remarks/microsoft.network/samples/dnszones/srv/main.bicep
new file mode 100644
index 00000000..474da0d2
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnszones/srv/main.bicep
@@ -0,0 +1,29 @@
+param resourceName string = 'acctest0001'
+
+resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource srv 'Microsoft.Network/dnsZones/SRV@2018-05-01' = {
+  parent: dnsZone
+  name: resourceName
+  properties: {
+    SRVRecords: [
+      {
+        port: 8080
+        priority: 2
+        target: 'target2.contoso.com'
+        weight: 25
+      }
+      {
+        port: 8080
+        priority: 1
+        target: 'target1.contoso.com'
+        weight: 5
+      }
+    ]
+    TTL: 300
+    metadata: {}
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/dnszones/txt/main.bicep b/settings/remarks/microsoft.network/samples/dnszones/txt/main.bicep
new file mode 100644
index 00000000..9a5392d9
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/dnszones/txt/main.bicep
@@ -0,0 +1,29 @@
+param resourceName string = 'acctest0001'
+
+resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource txt 'Microsoft.Network/dnsZones/TXT@2018-05-01' = {
+  parent: dnsZone
+  name: resourceName
+  properties: {
+    TTL: 300
+    TXTRecords: [
+      {
+        value: [
+          'Quick brown fox'
+        ]
+      }
+      {
+        value: [
+          'A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text.....'
+          '.A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text....'
+          '..A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......'
+        ]
+      }
+    ]
+    metadata: {}
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/expressroutecircuits/authorizations/main.bicep b/settings/remarks/microsoft.network/samples/expressroutecircuits/authorizations/main.bicep
new file mode 100644
index 00000000..26e91aaf
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/expressroutecircuits/authorizations/main.bicep
@@ -0,0 +1,30 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource expressRouteCircuit 'Microsoft.Network/expressRouteCircuits@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    authorizationKey: ''
+    serviceProviderProperties: {
+      bandwidthInMbps: 50
+      peeringLocation: 'Silicon Valley'
+      serviceProviderName: 'Equinix'
+    }
+  }
+  sku: {
+    family: 'MeteredData'
+    name: 'Standard_MeteredData'
+    tier: 'Standard'
+  }
+  tags: {
+    Environment: 'production'
+    Purpose: 'AcceptanceTests'
+  }
+}
+
+resource authorization 'Microsoft.Network/expressRouteCircuits/authorizations@2022-07-01' = {
+  parent: expressRouteCircuit
+  name: resourceName
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.network/samples/expressroutecircuits/main.bicep b/settings/remarks/microsoft.network/samples/expressroutecircuits/main.bicep
new file mode 100644
index 00000000..a23d01ca
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/expressroutecircuits/main.bicep
@@ -0,0 +1,29 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource expressrouteport 'Microsoft.Network/ExpressRoutePorts@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    bandwidthInGbps: 10
+    encapsulation: 'Dot1Q'
+    peeringLocation: 'CDC-Canberra'
+  }
+}
+
+resource expressRouteCircuit 'Microsoft.Network/expressRouteCircuits@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    authorizationKey: ''
+    bandwidthInGbps: 5
+    expressRoutePort: {
+      id: expressrouteport.id
+    }
+  }
+  sku: {
+    family: 'MeteredData'
+    name: 'Premium_MeteredData'
+    tier: 'Premium'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/expressroutecircuits/peerings/connections/main.bicep b/settings/remarks/microsoft.network/samples/expressroutecircuits/peerings/connections/main.bicep
new file mode 100644
index 00000000..7d22f90e
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/expressroutecircuits/peerings/connections/main.bicep
@@ -0,0 +1,105 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The shared key for the Express Route circuit peering connections')
+param expressRouteConnectionSharedKey string
+
+resource expressrouteport 'Microsoft.Network/ExpressRoutePorts@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    bandwidthInGbps: 10
+    encapsulation: 'Dot1Q'
+    peeringLocation: 'Airtel-Chennai2-CLS'
+  }
+}
+
+resource expressrouteport2 'Microsoft.Network/ExpressRoutePorts@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    bandwidthInGbps: 10
+    encapsulation: 'Dot1Q'
+    peeringLocation: 'CDC-Canberra'
+  }
+}
+
+resource expressRouteCircuit 'Microsoft.Network/expressRouteCircuits@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    authorizationKey: ''
+    bandwidthInGbps: 5
+    expressRoutePort: {
+      id: expressrouteport.id
+    }
+  }
+  sku: {
+    family: 'MeteredData'
+    name: 'Standard_MeteredData'
+    tier: 'Standard'
+  }
+}
+
+resource expressRouteCircuit2 'Microsoft.Network/expressRouteCircuits@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    authorizationKey: ''
+    bandwidthInGbps: 5
+    expressRoutePort: {
+      id: expressrouteport2.id
+    }
+  }
+  sku: {
+    family: 'MeteredData'
+    name: 'Standard_MeteredData'
+    tier: 'Standard'
+  }
+}
+
+resource peering 'Microsoft.Network/expressRouteCircuits/peerings@2022-07-01' = {
+  parent: expressRouteCircuit
+  name: 'AzurePrivatePeering'
+  properties: {
+    azureASN: 12076
+    gatewayManagerEtag: ''
+    peerASN: 100
+    peeringType: 'AzurePrivatePeering'
+    primaryPeerAddressPrefix: '192.168.1.0/30'
+    secondaryPeerAddressPrefix: '192.168.1.0/30'
+    sharedKey: null
+    state: 'Enabled'
+    vlanId: 100
+  }
+}
+
+resource peering2 'Microsoft.Network/expressRouteCircuits/peerings@2022-07-01' = {
+  parent: expressRouteCircuit2
+  name: 'AzurePrivatePeering'
+  properties: {
+    azureASN: 12076
+    gatewayManagerEtag: ''
+    peerASN: 100
+    peeringType: 'AzurePrivatePeering'
+    primaryPeerAddressPrefix: '192.168.1.0/30'
+    secondaryPeerAddressPrefix: '192.168.1.0/30'
+    sharedKey: null
+    state: 'Enabled'
+    vlanId: 100
+  }
+}
+
+resource connection 'Microsoft.Network/expressRouteCircuits/peerings/connections@2022-07-01' = {
+  parent: peering
+  name: resourceName
+  properties: {
+    addressPrefix: '192.169.8.0/29'
+    expressRouteCircuitPeering: {
+      id: peering.id
+    }
+    peerExpressRouteCircuitPeering: {
+      id: peering2.id
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/expressroutecircuits/peerings/main.bicep b/settings/remarks/microsoft.network/samples/expressroutecircuits/peerings/main.bicep
new file mode 100644
index 00000000..a5a2ac9e
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/expressroutecircuits/peerings/main.bicep
@@ -0,0 +1,48 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The shared key for the Express Route circuit peering')
+param expressRouteSharedKey string
+
+resource expressrouteport 'Microsoft.Network/ExpressRoutePorts@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    bandwidthInGbps: 10
+    encapsulation: 'Dot1Q'
+    peeringLocation: 'CDC-Canberra'
+  }
+}
+
+resource expressRouteCircuit 'Microsoft.Network/expressRouteCircuits@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    authorizationKey: ''
+    bandwidthInGbps: 5
+    expressRoutePort: {
+      id: expressrouteport.id
+    }
+  }
+  sku: {
+    family: 'MeteredData'
+    name: 'Premium_MeteredData'
+    tier: 'Premium'
+  }
+}
+
+resource peering 'Microsoft.Network/expressRouteCircuits/peerings@2022-07-01' = {
+  parent: expressRouteCircuit
+  name: 'AzurePrivatePeering'
+  properties: {
+    azureASN: 12076
+    gatewayManagerEtag: ''
+    peerASN: 100
+    peeringType: 'AzurePrivatePeering'
+    primaryPeerAddressPrefix: '192.168.1.0/30'
+    secondaryPeerAddressPrefix: '192.168.2.0/30'
+    sharedKey: null
+    state: 'Enabled'
+    vlanId: 100
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/expressroutegateways/expressrouteconnections/main.bicep b/settings/remarks/microsoft.network/samples/expressroutegateways/expressrouteconnections/main.bicep
new file mode 100644
index 00000000..28ecfe4b
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/expressroutegateways/expressrouteconnections/main.bicep
@@ -0,0 +1,104 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The shared key for the ExpressRoute connection')
+param sharedKey string
+
+resource expressrouteport 'Microsoft.Network/ExpressRoutePorts@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    bandwidthInGbps: 10
+    encapsulation: 'Dot1Q'
+    peeringLocation: 'CDC-Canberra'
+  }
+}
+
+resource expressRouteCircuit 'Microsoft.Network/expressRouteCircuits@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    authorizationKey: ''
+    bandwidthInGbps: 5
+    expressRoutePort: {
+      id: expressrouteport.id
+    }
+  }
+  sku: {
+    family: 'MeteredData'
+    name: 'Premium_MeteredData'
+    tier: 'Premium'
+  }
+}
+
+resource expressRouteGateway 'Microsoft.Network/expressRouteGateways@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    allowNonVirtualWanTraffic: false
+    autoScaleConfiguration: {
+      bounds: {
+        min: 1
+      }
+    }
+    virtualHub: {
+      id: virtualHub.id
+    }
+  }
+}
+
+resource virtualHub 'Microsoft.Network/virtualHubs@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressPrefix: '10.0.1.0/24'
+    hubRoutingPreference: 'ExpressRoute'
+    virtualRouterAutoScaleConfiguration: {
+      minCapacity: 2
+    }
+    virtualWan: {
+      id: virtualWan.id
+    }
+  }
+}
+
+resource virtualWan 'Microsoft.Network/virtualWans@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    allowBranchToBranchTraffic: true
+    disableVpnEncryption: false
+    office365LocalBreakoutCategory: 'None'
+    type: 'Standard'
+  }
+}
+
+resource expressRouteConnection 'Microsoft.Network/expressRouteGateways/expressRouteConnections@2022-07-01' = {
+  parent: expressRouteGateway
+  name: resourceName
+  properties: {
+    enableInternetSecurity: false
+    expressRouteCircuitPeering: {
+      id: peering.id
+    }
+    expressRouteGatewayBypass: false
+    routingConfiguration: {}
+    routingWeight: 0
+  }
+}
+
+resource peering 'Microsoft.Network/expressRouteCircuits/peerings@2022-07-01' = {
+  parent: expressRouteCircuit
+  name: 'AzurePrivatePeering'
+  properties: {
+    azureASN: 12076
+    gatewayManagerEtag: ''
+    peerASN: 100
+    peeringType: 'AzurePrivatePeering'
+    primaryPeerAddressPrefix: '192.168.1.0/30'
+    secondaryPeerAddressPrefix: '192.168.2.0/30'
+    sharedKey: null
+    state: 'Enabled'
+    vlanId: 100
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/expressroutegateways/main.bicep b/settings/remarks/microsoft.network/samples/expressroutegateways/main.bicep
new file mode 100644
index 00000000..4cafea75
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/expressroutegateways/main.bicep
@@ -0,0 +1,44 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource expressRouteGateway 'Microsoft.Network/expressRouteGateways@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    allowNonVirtualWanTraffic: false
+    autoScaleConfiguration: {
+      bounds: {
+        min: 1
+      }
+    }
+    virtualHub: {
+      id: virtualHub.id
+    }
+  }
+}
+
+resource virtualHub 'Microsoft.Network/virtualHubs@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressPrefix: '10.0.1.0/24'
+    hubRoutingPreference: 'ExpressRoute'
+    virtualRouterAutoScaleConfiguration: {
+      minCapacity: 2
+    }
+    virtualWan: {
+      id: virtualWan.id
+    }
+  }
+}
+
+resource virtualWan 'Microsoft.Network/virtualWans@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    allowBranchToBranchTraffic: true
+    disableVpnEncryption: false
+    office365LocalBreakoutCategory: 'None'
+    type: 'Standard'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/expressrouteports/authorizations/main.bicep b/settings/remarks/microsoft.network/samples/expressrouteports/authorizations/main.bicep
new file mode 100644
index 00000000..478a50c6
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/expressrouteports/authorizations/main.bicep
@@ -0,0 +1,22 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource expressrouteport 'Microsoft.Network/ExpressRoutePorts@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    bandwidthInGbps: 10
+    billingType: 'MeteredData'
+    encapsulation: 'Dot1Q'
+    peeringLocation: 'Airtel-Chennai2-CLS'
+  }
+  tags: {
+    ENV: 'Test'
+  }
+}
+
+resource authorization 'Microsoft.Network/expressRoutePorts/authorizations@2022-07-01' = {
+  parent: expressrouteport
+  name: resourceName
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.network/samples/expressrouteports/main.bicep b/settings/remarks/microsoft.network/samples/expressrouteports/main.bicep
new file mode 100644
index 00000000..9d7e723e
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/expressrouteports/main.bicep
@@ -0,0 +1,16 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource expressrouteport 'Microsoft.Network/ExpressRoutePorts@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    bandwidthInGbps: 10
+    billingType: 'MeteredData'
+    encapsulation: 'Dot1Q'
+    peeringLocation: 'Airtel-Chennai2-CLS'
+  }
+  tags: {
+    ENV: 'Test'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/firewallpolicies/main.bicep b/settings/remarks/microsoft.network/samples/firewallpolicies/main.bicep
new file mode 100644
index 00000000..1bccefe4
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/firewallpolicies/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource firewallPolicy 'Microsoft.Network/firewallPolicies@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    threatIntelMode: 'Alert'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/firewallpolicies/rulecollectiongroups/main.bicep b/settings/remarks/microsoft.network/samples/firewallpolicies/rulecollectiongroups/main.bicep
new file mode 100644
index 00000000..98a2a5c8
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/firewallpolicies/rulecollectiongroups/main.bicep
@@ -0,0 +1,19 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource firewallPolicy 'Microsoft.Network/firewallPolicies@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    threatIntelMode: 'Alert'
+  }
+}
+
+resource ruleCollectionGroup 'Microsoft.Network/firewallPolicies/ruleCollectionGroups@2022-07-01' = {
+  parent: firewallPolicy
+  name: resourceName
+  properties: {
+    priority: 500
+    ruleCollections: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/frontdoorwebapplicationfirewallpolicies/main.bicep b/settings/remarks/microsoft.network/samples/frontdoorwebapplicationfirewallpolicies/main.bicep
new file mode 100644
index 00000000..dc42f543
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/frontdoorwebapplicationfirewallpolicies/main.bicep
@@ -0,0 +1,68 @@
+param resourceName string = 'acctest0001'
+
+resource frontdoorwebapplicationfirewallpolicy 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies@2020-11-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    customRules: {
+      rules: [
+        {
+          action: 'Block'
+          enabledState: 'Enabled'
+          matchConditions: [
+            {
+              matchValue: [
+                '192.168.1.0/24'
+                '10.0.0.0/24'
+              ]
+              matchVariable: 'RemoteAddr'
+              negateCondition: false
+              operator: 'IPMatch'
+            }
+          ]
+          name: 'Rule1'
+          priority: 1
+          rateLimitDurationInMinutes: 1
+          rateLimitThreshold: 10
+          ruleType: 'MatchRule'
+        }
+      ]
+    }
+    managedRules: {
+      managedRuleSets: [
+        {
+          ruleGroupOverrides: [
+            {
+              ruleGroupName: 'PHP'
+              rules: [
+                {
+                  action: 'Block'
+                  enabledState: 'Disabled'
+                  ruleId: '933111'
+                }
+              ]
+            }
+          ]
+          ruleSetAction: 'Block'
+          ruleSetType: 'DefaultRuleSet'
+          ruleSetVersion: 'preview-0.1'
+        }
+        {
+          ruleSetAction: 'Block'
+          ruleSetType: 'BotProtection'
+          ruleSetVersion: 'preview-0.1'
+        }
+      ]
+    }
+    policySettings: {
+      customBlockResponseBody: 'PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=='
+      customBlockResponseStatusCode: 403
+      enabledState: 'Enabled'
+      mode: 'Prevention'
+      redirectUrl: 'https://www.fabrikam.com'
+    }
+  }
+  sku: {
+    name: 'Premium_AzureFrontDoor'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/ipgroups/main.bicep b/settings/remarks/microsoft.network/samples/ipgroups/main.bicep
new file mode 100644
index 00000000..6c99633a
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/ipgroups/main.bicep
@@ -0,0 +1,13 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource ipGroup 'Microsoft.Network/ipGroups@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    ipAddresses: []
+  }
+  tags: {
+    env: 'prod'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/loadbalancers/backendaddresspools/main.bicep b/settings/remarks/microsoft.network/samples/loadbalancers/backendaddresspools/main.bicep
new file mode 100644
index 00000000..fee10c46
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/loadbalancers/backendaddresspools/main.bicep
@@ -0,0 +1,46 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource loadBalancer 'Microsoft.Network/loadBalancers@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    frontendIPConfigurations: [
+      {
+        name: 'internal'
+        properties: {
+          publicIPAddress: {
+            id: publicIPAddress.id
+          }
+        }
+      }
+    ]
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 4
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
+
+resource backendAddressPool 'Microsoft.Network/loadBalancers/backendAddressPools@2022-07-01' = {
+  parent: loadBalancer
+  name: resourceName
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.network/samples/loadbalancers/main.bicep b/settings/remarks/microsoft.network/samples/loadbalancers/main.bicep
new file mode 100644
index 00000000..7801264f
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/loadbalancers/main.bicep
@@ -0,0 +1,40 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource loadBalancer 'Microsoft.Network/loadBalancers@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    frontendIPConfigurations: [
+      {
+        name: 'acctest0001'
+        properties: {
+          publicIPAddress: {
+            id: publicIPAddress.id
+          }
+        }
+      }
+    ]
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 4
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/localnetworkgateways/main.bicep b/settings/remarks/microsoft.network/samples/localnetworkgateways/main.bicep
new file mode 100644
index 00000000..2fa2ca78
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/localnetworkgateways/main.bicep
@@ -0,0 +1,15 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource localNetworkGateway 'Microsoft.Network/localNetworkGateways@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    gatewayIpAddress: '168.62.225.23'
+    localNetworkAddressSpace: {
+      addressPrefixes: [
+        '10.1.1.0/24'
+      ]
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/natgateways/main.bicep b/settings/remarks/microsoft.network/samples/natgateways/main.bicep
new file mode 100644
index 00000000..f4e9e9ed
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/natgateways/main.bicep
@@ -0,0 +1,13 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource natGateway 'Microsoft.Network/natGateways@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    idleTimeoutInMinutes: 10
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkinterfaces/main.bicep b/settings/remarks/microsoft.network/samples/networkinterfaces/main.bicep
new file mode 100644
index 00000000..0411f1b8
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkinterfaces/main.bicep
@@ -0,0 +1,53 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'testconfiguration1'
+        properties: {
+          primary: true
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkmanagers/connectivityconfigurations/main.bicep b/settings/remarks/microsoft.network/samples/networkmanagers/connectivityconfigurations/main.bicep
new file mode 100644
index 00000000..0a397dfa
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkmanagers/connectivityconfigurations/main.bicep
@@ -0,0 +1,67 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkManager 'Microsoft.Network/networkManagers@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkManagerScopeAccesses: [
+      'SecurityAdmin'
+      'Connectivity'
+    ]
+    networkManagerScopes: {
+      managementGroups: []
+      subscriptions: [
+        subscription().id
+      ]
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    flowTimeoutInMinutes: 10
+    subnets: []
+  }
+}
+
+resource connectivityConfiguration 'Microsoft.Network/networkManagers/connectivityConfigurations@2022-09-01' = {
+  parent: networkManager
+  name: resourceName
+  properties: {
+    appliesToGroups: [
+      {
+        groupConnectivity: 'None'
+        isGlobal: 'False'
+        networkGroupId: networkGroup.id
+        useHubGateway: 'False'
+      }
+    ]
+    connectivityTopology: 'HubAndSpoke'
+    deleteExistingPeering: 'False'
+    hubs: [
+      {
+        resourceId: virtualNetwork.id
+        resourceType: virtualNetwork.properties.type
+      }
+    ]
+    isGlobal: 'False'
+  }
+}
+
+resource networkGroup 'Microsoft.Network/networkManagers/networkGroups@2022-09-01' = {
+  parent: networkManager
+  name: resourceName
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.network/samples/networkmanagers/ipampools/main.bicep b/settings/remarks/microsoft.network/samples/networkmanagers/ipampools/main.bicep
new file mode 100644
index 00000000..587710f5
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkmanagers/ipampools/main.bicep
@@ -0,0 +1,33 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkManager 'Microsoft.Network/networkManagers@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkManagerScopeAccesses: [
+      'SecurityAdmin'
+    ]
+    networkManagerScopes: {
+      managementGroups: []
+      subscriptions: [
+        '/subscriptions/subscription().subscriptionId'
+      ]
+    }
+  }
+}
+
+resource ipamPool 'Microsoft.Network/networkManagers/ipamPools@2024-01-01-preview' = {
+  parent: networkManager
+  name: resourceName
+  location: location
+  properties: {
+    addressPrefixes: [
+      '10.0.0.0/24'
+    ]
+    description: 'Test description.'
+    displayName: 'testDisplayName'
+    parentPoolName: ''
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkmanagers/ipampools/staticcidr/main.bicep b/settings/remarks/microsoft.network/samples/networkmanagers/ipampools/staticcidr/main.bicep
new file mode 100644
index 00000000..22d1ace2
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkmanagers/ipampools/staticcidr/main.bicep
@@ -0,0 +1,45 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkManager 'Microsoft.Network/networkManagers@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkManagerScopeAccesses: [
+      'SecurityAdmin'
+    ]
+    networkManagerScopes: {
+      managementGroups: []
+      subscriptions: [
+        '/subscriptions/subscription().subscriptionId'
+      ]
+    }
+  }
+}
+
+resource ipamPool 'Microsoft.Network/networkManagers/ipamPools@2024-01-01-preview' = {
+  parent: networkManager
+  name: resourceName
+  location: location
+  properties: {
+    addressPrefixes: [
+      '10.0.0.0/24'
+    ]
+    description: 'Test description.'
+    displayName: 'testDisplayName'
+    parentPoolName: ''
+  }
+}
+
+resource staticCidr 'Microsoft.Network/networkManagers/ipamPools/staticCidrs@2024-01-01-preview' = {
+  parent: ipamPool
+  name: resourceName
+  properties: {
+    addressPrefixes: [
+      '10.0.0.0/25'
+    ]
+    description: 'test description'
+    numberOfIPAddressesToAllocate: ''
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkmanagers/main.bicep b/settings/remarks/microsoft.network/samples/networkmanagers/main.bicep
new file mode 100644
index 00000000..86adb528
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkmanagers/main.bicep
@@ -0,0 +1,19 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkManager 'Microsoft.Network/networkManagers@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkManagerScopeAccesses: [
+      'SecurityAdmin'
+    ]
+    networkManagerScopes: {
+      managementGroups: []
+      subscriptions: [
+        subscription().id
+      ]
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkmanagers/networkgroups/main.bicep b/settings/remarks/microsoft.network/samples/networkmanagers/networkgroups/main.bicep
new file mode 100644
index 00000000..da16b09b
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkmanagers/networkgroups/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkManager 'Microsoft.Network/networkManagers@2024-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkManagerScopeAccesses: [
+      'Routing'
+    ]
+    networkManagerScopes: {
+      managementGroups: []
+      subscriptions: [
+        subscription().id
+      ]
+    }
+  }
+}
+
+resource networkGroup 'Microsoft.Network/networkManagers/networkGroups@2024-10-01' = {
+  parent: networkManager
+  name: resourceName
+  properties: {
+    description: 'example network group'
+    memberType: 'VirtualNetwork'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkmanagers/networkgroups/staticmembers/main.bicep b/settings/remarks/microsoft.network/samples/networkmanagers/networkgroups/staticmembers/main.bicep
new file mode 100644
index 00000000..7ae3f2df
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkmanagers/networkgroups/staticmembers/main.bicep
@@ -0,0 +1,76 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkManager 'Microsoft.Network/networkManagers@2024-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkManagerScopeAccesses: [
+      'Routing'
+    ]
+    networkManagerScopes: {
+      managementGroups: []
+      subscriptions: [
+        subscription().id
+      ]
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/22'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource networkGroup 'Microsoft.Network/networkManagers/networkGroups@2024-10-01' = {
+  parent: networkManager
+  name: resourceName
+  properties: {}
+}
+
+resource networkGroupForSubnet 'Microsoft.Network/networkManagers/networkGroups@2024-10-01' = {
+  parent: networkManager
+  name: '${resourceName}-subnet'
+  properties: {
+    description: 'example network group'
+    memberType: 'Subnet'
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-10-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefixes: [
+      '10.0.0.0/24'
+    ]
+  }
+}
+
+resource staticMember 'Microsoft.Network/networkManagers/networkGroups/staticMembers@2024-10-01' = {
+  parent: networkGroup
+  name: resourceName
+  properties: {
+    resourceId: virtualNetwork.id
+  }
+}
+
+resource staticMemberForSubnet 'Microsoft.Network/networkManagers/networkGroups/staticMembers@2024-10-01' = {
+  parent: networkGroupForSubnet
+  name: '${resourceName}-subnet'
+  properties: {
+    resourceId: subnet.id
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkmanagers/scopeconnections/main.bicep b/settings/remarks/microsoft.network/samples/networkmanagers/scopeconnections/main.bicep
new file mode 100644
index 00000000..a0170ea0
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkmanagers/scopeconnections/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkManager 'Microsoft.Network/networkManagers@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkManagerScopeAccesses: [
+      'SecurityAdmin'
+    ]
+    networkManagerScopes: {
+      managementGroups: []
+      subscriptions: [
+        subscription().id
+      ]
+    }
+  }
+}
+
+resource scopeConnection 'Microsoft.Network/networkManagers/scopeConnections@2022-09-01' = {
+  parent: networkManager
+  name: resourceName
+  properties: {
+    resourceId: subscription().id
+    tenantId: tenant().tenantId
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkmanagers/securityadminconfigurations/main.bicep b/settings/remarks/microsoft.network/samples/networkmanagers/securityadminconfigurations/main.bicep
new file mode 100644
index 00000000..f8699de4
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkmanagers/securityadminconfigurations/main.bicep
@@ -0,0 +1,27 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkManager 'Microsoft.Network/networkManagers@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkManagerScopeAccesses: [
+      'SecurityAdmin'
+    ]
+    networkManagerScopes: {
+      managementGroups: []
+      subscriptions: [
+        subscription().id
+      ]
+    }
+  }
+}
+
+resource securityAdminConfiguration 'Microsoft.Network/networkManagers/securityAdminConfigurations@2022-09-01' = {
+  parent: networkManager
+  name: resourceName
+  properties: {
+    applyOnNetworkIntentPolicyBasedServices: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkmanagers/securityadminconfigurations/rulecollections/main.bicep b/settings/remarks/microsoft.network/samples/networkmanagers/securityadminconfigurations/rulecollections/main.bicep
new file mode 100644
index 00000000..b519e9f1
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkmanagers/securityadminconfigurations/rulecollections/main.bicep
@@ -0,0 +1,45 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkManager 'Microsoft.Network/networkManagers@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkManagerScopeAccesses: [
+      'SecurityAdmin'
+    ]
+    networkManagerScopes: {
+      managementGroups: []
+      subscriptions: [
+        subscription().id
+      ]
+    }
+  }
+}
+
+resource networkGroup 'Microsoft.Network/networkManagers/networkGroups@2022-09-01' = {
+  parent: networkManager
+  name: resourceName
+  properties: {}
+}
+
+resource securityAdminConfiguration 'Microsoft.Network/networkManagers/securityAdminConfigurations@2022-09-01' = {
+  parent: networkManager
+  name: resourceName
+  properties: {
+    applyOnNetworkIntentPolicyBasedServices: []
+  }
+}
+
+resource ruleCollection 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections@2022-09-01' = {
+  parent: securityAdminConfiguration
+  name: resourceName
+  properties: {
+    appliesToGroups: [
+      {
+        networkGroupId: networkGroup.id
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkmanagers/securityadminconfigurations/rulecollections/rules/main.bicep b/settings/remarks/microsoft.network/samples/networkmanagers/securityadminconfigurations/rulecollections/rules/main.bicep
new file mode 100644
index 00000000..d0a631b8
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkmanagers/securityadminconfigurations/rulecollections/rules/main.bicep
@@ -0,0 +1,61 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkManager 'Microsoft.Network/networkManagers@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkManagerScopeAccesses: [
+      'SecurityAdmin'
+    ]
+    networkManagerScopes: {
+      managementGroups: []
+      subscriptions: [
+        subscription().id
+      ]
+    }
+  }
+}
+
+resource networkGroup 'Microsoft.Network/networkManagers/networkGroups@2022-09-01' = {
+  parent: networkManager
+  name: resourceName
+  properties: {}
+}
+
+resource securityAdminConfiguration 'Microsoft.Network/networkManagers/securityAdminConfigurations@2022-09-01' = {
+  parent: networkManager
+  name: resourceName
+  properties: {
+    applyOnNetworkIntentPolicyBasedServices: []
+  }
+}
+
+resource ruleCollection 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections@2022-09-01' = {
+  parent: securityAdminConfiguration
+  name: resourceName
+  properties: {
+    appliesToGroups: [
+      {
+        networkGroupId: networkGroup.id
+      }
+    ]
+  }
+}
+
+resource rule 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2022-09-01' = {
+  parent: ruleCollection
+  name: resourceName
+  kind: 'Custom'
+  properties: {
+    access: 'Deny'
+    destinationPortRanges: []
+    destinations: []
+    direction: 'Outbound'
+    priority: 1
+    protocol: 'Tcp'
+    sourcePortRanges: []
+    sources: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkmanagers/verifierworkspace/main.bicep b/settings/remarks/microsoft.network/samples/networkmanagers/verifierworkspace/main.bicep
new file mode 100644
index 00000000..4c463ad7
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkmanagers/verifierworkspace/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkManager 'Microsoft.Network/networkManagers@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkManagerScopeAccesses: [
+      'SecurityAdmin'
+    ]
+    networkManagerScopes: {
+      managementGroups: []
+      subscriptions: [
+        '/subscriptions/subscription().subscriptionId'
+      ]
+    }
+  }
+}
+
+resource verifierWorkspace 'Microsoft.Network/networkManagers/verifierWorkspaces@2024-01-01-preview' = {
+  parent: networkManager
+  name: resourceName
+  location: location
+  properties: {
+    description: 'A sample workspace'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkmanagers/verifierworkspace/reachabilityanalysisintent/main.bicep b/settings/remarks/microsoft.network/samples/networkmanagers/verifierworkspace/reachabilityanalysisintent/main.bicep
new file mode 100644
index 00000000..4f07bad5
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkmanagers/verifierworkspace/reachabilityanalysisintent/main.bicep
@@ -0,0 +1,162 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The admin username for the virtual machine')
+param adminUsername string
+@secure()
+@description('The admin password for the virtual machine')
+param adminPassword string
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'testconfiguration1'
+        properties: {
+          primary: true
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource networkManager 'Microsoft.Network/networkManagers@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkManagerScopeAccesses: [
+      'SecurityAdmin'
+    ]
+    networkManagerScopes: {
+      managementGroups: []
+      subscriptions: [
+        '/subscriptions/subscription().subscriptionId'
+      ]
+    }
+  }
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    hardwareProfile: {
+      vmSize: 'Standard_F2'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: false
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminPassword: null
+      adminUsername: null
+      computerName: 'hostname230630032848831819'
+      linuxConfiguration: {
+        disablePasswordAuthentication: false
+      }
+    }
+    storageProfile: {
+      imageReference: {
+        offer: 'UbuntuServer'
+        publisher: 'Canonical'
+        sku: '16.04-LTS'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'FromImage'
+        name: 'myosdisk1'
+        writeAcceleratorEnabled: false
+      }
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
+
+resource verifierWorkspace 'Microsoft.Network/networkManagers/verifierWorkspaces@2024-01-01-preview' = {
+  parent: networkManager
+  name: resourceName
+  location: location
+  properties: {
+    description: 'A sample workspace'
+  }
+}
+
+resource reachabilityAnalysisIntent 'Microsoft.Network/networkManagers/verifierWorkspaces/reachabilityAnalysisIntents@2024-01-01-preview' = {
+  parent: verifierWorkspace
+  name: resourceName
+  properties: {
+    description: 'A sample reachability analysis intent'
+    destinationResourceId: virtualMachine.id
+    ipTraffic: {
+      destinationIps: [
+        '10.4.0.1'
+      ]
+      destinationPorts: [
+        '0'
+      ]
+      protocols: [
+        'Any'
+      ]
+      sourceIps: [
+        '10.4.0.0'
+      ]
+      sourcePorts: [
+        '0'
+      ]
+    }
+    sourceResourceId: virtualMachine.id
+  }
+}
+
+resource reachabilityAnalysisRun 'Microsoft.Network/networkManagers/verifierWorkspaces/reachabilityAnalysisRuns@2024-01-01-preview' = {
+  parent: verifierWorkspace
+  name: resourceName
+  properties: {
+    description: 'A sample reachability analysis run'
+    intentId: reachabilityAnalysisIntent.id
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkmanagers/verifierworkspace/reachabilityanalysisintent/reachabilityanalysisrun/main.bicep b/settings/remarks/microsoft.network/samples/networkmanagers/verifierworkspace/reachabilityanalysisintent/reachabilityanalysisrun/main.bicep
new file mode 100644
index 00000000..f2927748
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkmanagers/verifierworkspace/reachabilityanalysisintent/reachabilityanalysisrun/main.bicep
@@ -0,0 +1,151 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the virtual machine')
+param vmAdminPassword string
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'testconfiguration1'
+        properties: {
+          primary: true
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource networkManager 'Microsoft.Network/networkManagers@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkManagerScopeAccesses: [
+      'SecurityAdmin'
+    ]
+    networkManagerScopes: {
+      managementGroups: []
+      subscriptions: [
+        '/subscriptions/subscription().subscriptionId'
+      ]
+    }
+  }
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    hardwareProfile: {
+      vmSize: 'Standard_F2'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: false
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminPassword: null
+      adminUsername: 'testadmin'
+      computerName: 'hostname230630032848831819'
+      linuxConfiguration: {
+        disablePasswordAuthentication: false
+      }
+    }
+    storageProfile: {
+      imageReference: {
+        offer: 'UbuntuServer'
+        publisher: 'Canonical'
+        sku: '16.04-LTS'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'FromImage'
+        name: 'myosdisk1'
+        writeAcceleratorEnabled: false
+      }
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
+
+resource verifierWorkspace 'Microsoft.Network/networkManagers/verifierWorkspaces@2024-01-01-preview' = {
+  parent: networkManager
+  name: resourceName
+  location: location
+  properties: {
+    description: 'A sample workspace'
+  }
+}
+
+resource reachabilityAnalysisIntent 'Microsoft.Network/networkManagers/verifierWorkspaces/reachabilityAnalysisIntents@2024-01-01-preview' = {
+  parent: verifierWorkspace
+  name: resourceName
+  properties: {
+    description: 'A sample reachability analysis intent'
+    destinationResourceId: virtualMachine.id
+    ipTraffic: {
+      destinationIps: [
+        '10.4.0.1'
+      ]
+      destinationPorts: [
+        '0'
+      ]
+      protocols: [
+        'Any'
+      ]
+      sourceIps: [
+        '10.4.0.0'
+      ]
+      sourcePorts: [
+        '0'
+      ]
+    }
+    sourceResourceId: virtualMachine.id
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkprofiles/main.bicep b/settings/remarks/microsoft.network/samples/networkprofiles/main.bicep
new file mode 100644
index 00000000..d379f646
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkprofiles/main.bicep
@@ -0,0 +1,62 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkProfile 'Microsoft.Network/networkProfiles@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    containerNetworkInterfaceConfigurations: [
+      {
+        name: 'acctesteth-230630033653886950'
+        properties: {
+          ipConfigurations: [
+            {
+              name: 'acctestipconfig-230630033653886950'
+              properties: {
+                subnet: {
+                  id: subnet.id
+                }
+              }
+            }
+          ]
+        }
+      }
+    ]
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.1.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.1.0.0/24'
+    delegations: [
+      {
+        name: 'acctestdelegation-230630033653886950'
+        properties: {
+          serviceName: 'Microsoft.ContainerInstance/containerGroups'
+        }
+      }
+    ]
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networksecuritygroups/main.bicep b/settings/remarks/microsoft.network/samples/networksecuritygroups/main.bicep
new file mode 100644
index 00000000..d3af0a1a
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networksecuritygroups/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    securityRules: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networksecuritygroups/securityrules/main.bicep b/settings/remarks/microsoft.network/samples/networksecuritygroups/securityrules/main.bicep
new file mode 100644
index 00000000..320ba3a8
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networksecuritygroups/securityrules/main.bicep
@@ -0,0 +1,31 @@
+param location string = 'westeurope'
+
+resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2022-07-01' = {
+  name: 'mi-security-group1-230630034008554952'
+  location: location
+  properties: {
+    securityRules: []
+  }
+}
+
+resource securityRule 'Microsoft.Network/networkSecurityGroups/securityRules@2022-09-01' = {
+  parent: networkSecurityGroup
+  name: 'allow_management_inbound'
+  properties: {
+    access: 'Allow'
+    destinationAddressPrefix: '*'
+    destinationPortRange: ''
+    destinationPortRanges: [
+      '9000'
+      '1438'
+      '1440'
+      '9003'
+      '1452'
+    ]
+    direction: 'Inbound'
+    priority: 106
+    protocol: 'Tcp'
+    sourceAddressPrefix: '*'
+    sourcePortRange: '*'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkwatchers/flowlogs/main.bicep b/settings/remarks/microsoft.network/samples/networkwatchers/flowlogs/main.bicep
new file mode 100644
index 00000000..cdd8bc20
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkwatchers/flowlogs/main.bicep
@@ -0,0 +1,84 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus2'
+
+resource networkWatchers 'Microsoft.Network/networkWatchers@2023-11-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource flowLog 'Microsoft.Network/networkWatchers/flowLogs@2023-11-01' = {
+  parent: networkWatchers
+  name: resourceName
+  location: location
+  properties: {
+    enabled: true
+    flowAnalyticsConfiguration: {
+      networkWatcherFlowAnalyticsConfiguration: {
+        enabled: false
+      }
+    }
+    format: {
+      type: 'JSON'
+      version: 2
+    }
+    retentionPolicy: {
+      days: 7
+      enabled: true
+    }
+    storageId: storageAccount.id
+    targetResourceId: virtualNetwork.id
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/networkwatchers/packetcaptures/main.bicep b/settings/remarks/microsoft.network/samples/networkwatchers/packetcaptures/main.bicep
new file mode 100644
index 00000000..44ec5cb2
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/networkwatchers/packetcaptures/main.bicep
@@ -0,0 +1,136 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+@secure()
+@description('The administrator password for the virtual machine')
+param adminPassword string
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2024-05-01' = {
+  name: '${resourceName}-nic'
+  location: location
+  properties: {
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'ipconfig1'
+        properties: {
+          primary: true
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource networkWatcher 'Microsoft.Network/networkWatchers@2024-05-01' = {
+  name: '${resourceName}-nw'
+  location: location
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2024-03-01' = {
+  name: '${resourceName}-vm'
+  location: location
+  properties: {
+    hardwareProfile: {
+      vmSize: 'Standard_B1s'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: true
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminPassword: null
+      adminUsername: 'testadmin'
+      computerName: 'acctest0001-vm'
+      linuxConfiguration: {
+        disablePasswordAuthentication: false
+      }
+    }
+    storageProfile: {
+      imageReference: {
+        offer: '0001-com-ubuntu-server-jammy'
+        publisher: 'Canonical'
+        sku: '22_04-lts'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadWrite'
+        createOption: 'FromImage'
+        managedDisk: {
+          storageAccountType: 'Standard_LRS'
+        }
+        name: 'acctest0001-osdisk'
+        writeAcceleratorEnabled: false
+      }
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
+  name: '${resourceName}-vnet'
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    privateEndpointVNetPolicies: 'Disabled'
+  }
+}
+
+resource extension 'Microsoft.Compute/virtualMachines/extensions@2024-03-01' = {
+  parent: virtualMachine
+  name: 'network-watcher'
+  location: location
+  properties: {
+    autoUpgradeMinorVersion: true
+    enableAutomaticUpgrade: false
+    publisher: 'Microsoft.Azure.NetworkWatcher'
+    suppressFailures: false
+    type: 'NetworkWatcherAgentLinux'
+    typeHandlerVersion: '1.4'
+  }
+}
+
+resource packetCapture 'Microsoft.Network/networkWatchers/packetCaptures@2024-05-01' = {
+  parent: networkWatcher
+  name: '${resourceName}-pc'
+  properties: {
+    bytesToCapturePerPacket: 0
+    storageLocation: {
+      filePath: '/var/captures/packet.cap'
+    }
+    target: virtualMachine.id
+    targetType: 'AzureVM'
+    timeLimitInSeconds: 18000
+    totalBytesPerSession: 1073741824
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
+  parent: virtualNetwork
+  name: 'internal'
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    defaultOutboundAccess: true
+    delegations: []
+    privateEndpointNetworkPolicies: 'Disabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/p2svpngateways/main.bicep b/settings/remarks/microsoft.network/samples/p2svpngateways/main.bicep
new file mode 100644
index 00000000..e984562a
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/p2svpngateways/main.bicep
@@ -0,0 +1,98 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource p2svpnGateway 'Microsoft.Network/p2svpnGateways@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    isRoutingPreferenceInternet: false
+    p2SConnectionConfigurations: [
+      {
+        name: 'first'
+        properties: {
+          enableInternetSecurity: false
+          vpnClientAddressPool: {
+            addressPrefixes: [
+              '172.100.0.0/14'
+            ]
+          }
+        }
+      }
+    ]
+    virtualHub: {
+      id: virtualHub.id
+    }
+    vpnGatewayScaleUnit: 1
+    vpnServerConfiguration: {
+      id: vpnServerConfiguration.id
+    }
+  }
+}
+
+resource virtualHub 'Microsoft.Network/virtualHubs@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressPrefix: '10.0.1.0/24'
+    hubRoutingPreference: 'ExpressRoute'
+    virtualRouterAutoScaleConfiguration: {
+      minCapacity: 2
+    }
+    virtualWan: {
+      id: virtualWan.id
+    }
+  }
+}
+
+resource virtualWan 'Microsoft.Network/virtualWans@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    allowBranchToBranchTraffic: true
+    disableVpnEncryption: false
+    office365LocalBreakoutCategory: 'None'
+    type: 'Standard'
+  }
+}
+
+resource vpnServerConfiguration 'Microsoft.Network/vpnServerConfigurations@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    vpnAuthenticationTypes: [
+      'Certificate'
+    ]
+    vpnClientIpsecPolicies: []
+    vpnClientRevokedCertificates: []
+    vpnClientRootCertificates: [
+      {
+        name: 'DigiCert-Federated-ID-Root-CA'
+        publicCertData: '''MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
+Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
+BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
+Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
+QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
+zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
+GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
+GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
+Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
+DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
+HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
+jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
+9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
+QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
+uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
+WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
+M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
+'''
+      }
+    ]
+    vpnProtocols: [
+      'OpenVPN'
+      'IkeV2'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/privatednszones/a/main.bicep b/settings/remarks/microsoft.network/samples/privatednszones/a/main.bicep
new file mode 100644
index 00000000..7bb08d43
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/privatednszones/a/main.bicep
@@ -0,0 +1,23 @@
+param resourceName string = 'acctest0001'
+
+resource privateDnsZone 'Microsoft.Network/privateDnsZones@2018-09-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource a 'Microsoft.Network/privateDnsZones/A@2018-09-01' = {
+  parent: privateDnsZone
+  name: resourceName
+  properties: {
+    aRecords: [
+      {
+        ipv4Address: '1.2.4.5'
+      }
+      {
+        ipv4Address: '1.2.3.4'
+      }
+    ]
+    metadata: {}
+    ttl: 300
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/privatednszones/aaaa/main.bicep b/settings/remarks/microsoft.network/samples/privatednszones/aaaa/main.bicep
new file mode 100644
index 00000000..99fc0e37
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/privatednszones/aaaa/main.bicep
@@ -0,0 +1,23 @@
+param resourceName string = 'acctest0001'
+
+resource privateDnsZone 'Microsoft.Network/privateDnsZones@2018-09-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource aaaa 'Microsoft.Network/privateDnsZones/AAAA@2018-09-01' = {
+  parent: privateDnsZone
+  name: resourceName
+  properties: {
+    aaaaRecords: [
+      {
+        ipv6Address: 'fd5d:70bc:930e:d008:0000:0000:0000:7334'
+      }
+      {
+        ipv6Address: 'fd5d:70bc:930e:d008::7335'
+      }
+    ]
+    metadata: {}
+    ttl: 300
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/privatednszones/cname/main.bicep b/settings/remarks/microsoft.network/samples/privatednszones/cname/main.bicep
new file mode 100644
index 00000000..65cbb0f0
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/privatednszones/cname/main.bicep
@@ -0,0 +1,18 @@
+param resourceName string = 'acctest0001'
+
+resource privateDnsZone 'Microsoft.Network/privateDnsZones@2018-09-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource cname 'Microsoft.Network/privateDnsZones/CNAME@2018-09-01' = {
+  parent: privateDnsZone
+  name: resourceName
+  properties: {
+    cnameRecord: {
+      cname: 'contoso.com'
+    }
+    metadata: {}
+    ttl: 300
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/privatednszones/main.bicep b/settings/remarks/microsoft.network/samples/privatednszones/main.bicep
new file mode 100644
index 00000000..99dce4b2
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/privatednszones/main.bicep
@@ -0,0 +1,6 @@
+param resourceName string = 'acctest0001'
+
+resource privateDnsZone 'Microsoft.Network/privateDnsZones@2018-09-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
diff --git a/settings/remarks/microsoft.network/samples/privatednszones/mx/main.bicep b/settings/remarks/microsoft.network/samples/privatednszones/mx/main.bicep
new file mode 100644
index 00000000..b05473d2
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/privatednszones/mx/main.bicep
@@ -0,0 +1,25 @@
+param resourceName string = 'acctest0001'
+
+resource privateDnsZone 'Microsoft.Network/privateDnsZones@2018-09-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource mx 'Microsoft.Network/privateDnsZones/MX@2018-09-01' = {
+  parent: privateDnsZone
+  name: resourceName
+  properties: {
+    metadata: {}
+    mxRecords: [
+      {
+        exchange: 'mx1.contoso.com'
+        preference: 10
+      }
+      {
+        exchange: 'mx2.contoso.com'
+        preference: 10
+      }
+    ]
+    ttl: 300
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/privatednszones/ptr/main.bicep b/settings/remarks/microsoft.network/samples/privatednszones/ptr/main.bicep
new file mode 100644
index 00000000..8ecd0b9d
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/privatednszones/ptr/main.bicep
@@ -0,0 +1,23 @@
+param resourceName string = 'acctest0001'
+
+resource privateDnsZone 'Microsoft.Network/privateDnsZones@2018-09-01' = {
+  name: '230630033756174960.0.10.in-addr.arpa'
+  location: 'global'
+}
+
+resource ptr 'Microsoft.Network/privateDnsZones/PTR@2018-09-01' = {
+  parent: privateDnsZone
+  name: resourceName
+  properties: {
+    metadata: {}
+    ptrRecords: [
+      {
+        ptrdname: 'test2.contoso.com'
+      }
+      {
+        ptrdname: 'test.contoso.com'
+      }
+    ]
+    ttl: 300
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/privatednszones/srv/main.bicep b/settings/remarks/microsoft.network/samples/privatednszones/srv/main.bicep
new file mode 100644
index 00000000..87ccaa37
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/privatednszones/srv/main.bicep
@@ -0,0 +1,29 @@
+param resourceName string = 'acctest0001'
+
+resource privateDnsZone 'Microsoft.Network/privateDnsZones@2018-09-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource srv 'Microsoft.Network/privateDnsZones/SRV@2018-09-01' = {
+  parent: privateDnsZone
+  name: resourceName
+  properties: {
+    metadata: {}
+    srvRecords: [
+      {
+        port: 8080
+        priority: 10
+        target: 'target2.contoso.com'
+        weight: 10
+      }
+      {
+        port: 8080
+        priority: 1
+        target: 'target1.contoso.com'
+        weight: 5
+      }
+    ]
+    ttl: 300
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/privatednszones/txt/main.bicep b/settings/remarks/microsoft.network/samples/privatednszones/txt/main.bicep
new file mode 100644
index 00000000..7aa2e867
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/privatednszones/txt/main.bicep
@@ -0,0 +1,29 @@
+param resourceName string = 'acctest0001'
+
+resource privateDnsZone 'Microsoft.Network/privateDnsZones@2018-09-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource txt 'Microsoft.Network/privateDnsZones/TXT@2018-09-01' = {
+  parent: privateDnsZone
+  name: resourceName
+  properties: {
+    metadata: {}
+    ttl: 300
+    txtRecords: [
+      {
+        value: [
+          'Quick brown fox'
+        ]
+      }
+      {
+        value: [
+          'A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text.....'
+          '.A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text....'
+          '..A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......A long text......'
+        ]
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/privatednszones/virtualnetworklinks/main.bicep b/settings/remarks/microsoft.network/samples/privatednszones/virtualnetworklinks/main.bicep
new file mode 100644
index 00000000..7ab26db9
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/privatednszones/virtualnetworklinks/main.bicep
@@ -0,0 +1,42 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource privateDnsZone 'Microsoft.Network/privateDnsZones@2018-09-01' = {
+  name: '${resourceName}.com'
+  location: 'global'
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: [
+      {
+        name: 'subnet1'
+        properties: {
+          addressPrefix: '10.0.1.0/24'
+        }
+      }
+    ]
+  }
+}
+
+resource virtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2018-09-01' = {
+  parent: privateDnsZone
+  name: resourceName
+  location: 'global'
+  properties: {
+    registrationEnabled: false
+    virtualNetwork: {
+      id: virtualNetwork.id
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/privateendpoints/main.bicep b/settings/remarks/microsoft.network/samples/privateendpoints/main.bicep
new file mode 100644
index 00000000..5b34231c
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/privateendpoints/main.bicep
@@ -0,0 +1,121 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource loadBalancer 'Microsoft.Network/loadBalancers@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    frontendIPConfigurations: [
+      {
+        name: 'acctest0001'
+        properties: {
+          publicIPAddress: {
+            id: publicIPAddress.id
+          }
+        }
+      }
+    ]
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
+
+resource privateEndpoint 'Microsoft.Network/privateEndpoints@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    privateLinkServiceConnections: [
+      {
+        name: privateLinkService.name
+        properties: {
+          privateLinkServiceId: privateLinkService.id
+        }
+      }
+    ]
+    subnet: {
+      id: subnet.id
+    }
+  }
+}
+
+resource privateLinkService 'Microsoft.Network/privateLinkServices@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    autoApproval: {
+      subscriptions: []
+    }
+    enableProxyProtocol: false
+    fqdns: []
+    ipConfigurations: [
+      {
+        name: 'primaryIpConfiguration-230630033653892379'
+        properties: {
+          primary: true
+          privateIPAddress: ''
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+    loadBalancerFrontendIpConfigurations: [
+      {
+        id: loadBalancer.properties.frontendIPConfigurations[0].id
+      }
+    ]
+    visibility: {
+      subscriptions: []
+    }
+  }
+}
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 4
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.5.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.5.4.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Disabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/privatelinkservices/main.bicep b/settings/remarks/microsoft.network/samples/privatelinkservices/main.bicep
new file mode 100644
index 00000000..c7599831
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/privatelinkservices/main.bicep
@@ -0,0 +1,103 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource loadBalancer 'Microsoft.Network/loadBalancers@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    frontendIPConfigurations: [
+      {
+        name: 'acctest0001'
+        properties: {
+          publicIPAddress: {
+            id: publicIPAddress.id
+          }
+        }
+      }
+    ]
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
+
+resource privateLinkService 'Microsoft.Network/privateLinkServices@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    autoApproval: {
+      subscriptions: []
+    }
+    enableProxyProtocol: false
+    fqdns: []
+    ipConfigurations: [
+      {
+        name: 'primaryIpConfiguration-230630033653892379'
+        properties: {
+          primary: true
+          privateIPAddress: ''
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+    loadBalancerFrontendIpConfigurations: [
+      {
+        id: loadBalancer.properties.frontendIPConfigurations[0].id
+      }
+    ]
+    visibility: {
+      subscriptions: []
+    }
+  }
+}
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 4
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.5.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.5.4.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Disabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/publicipaddresses/main.bicep b/settings/remarks/microsoft.network/samples/publicipaddresses/main.bicep
new file mode 100644
index 00000000..29e4848b
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/publicipaddresses/main.bicep
@@ -0,0 +1,19 @@
+param resourceName string = 'acctest0001'
+param location string = 'centralus'
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 4
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/publicipprefixes/main.bicep b/settings/remarks/microsoft.network/samples/publicipprefixes/main.bicep
new file mode 100644
index 00000000..0dd39432
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/publicipprefixes/main.bicep
@@ -0,0 +1,17 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource publicIPPrefix 'Microsoft.Network/publicIPPrefixes@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    prefixLength: 30
+    publicIPAddressVersion: 'IPv4'
+  }
+  sku: {
+    name: 'Standard'
+  }
+  zones: [
+    '1'
+  ]
+}
diff --git a/settings/remarks/microsoft.network/samples/routefilters/main.bicep b/settings/remarks/microsoft.network/samples/routefilters/main.bicep
new file mode 100644
index 00000000..7fa79b76
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/routefilters/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource routeFilter 'Microsoft.Network/routeFilters@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    rules: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/routetables/main.bicep b/settings/remarks/microsoft.network/samples/routetables/main.bicep
new file mode 100644
index 00000000..c17b7426
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/routetables/main.bicep
@@ -0,0 +1,20 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource routeTable 'Microsoft.Network/routeTables@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableBgpRoutePropagation: false
+    routes: [
+      {
+        name: 'first'
+        properties: {
+          addressPrefix: '10.100.0.0/14'
+          nextHopIpAddress: '10.10.1.1'
+          nextHopType: 'VirtualAppliance'
+        }
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/routetables/routes/main.bicep b/settings/remarks/microsoft.network/samples/routetables/routes/main.bicep
new file mode 100644
index 00000000..fbbc0620
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/routetables/routes/main.bicep
@@ -0,0 +1,19 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource routeTable 'Microsoft.Network/routeTables@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableBgpRoutePropagation: false
+  }
+}
+
+resource route 'Microsoft.Network/routeTables/routes@2022-09-01' = {
+  parent: routeTable
+  name: resourceName
+  properties: {
+    addressPrefix: '10.1.0.0/16'
+    nextHopType: 'VnetLocal'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/securitypartnerproviders/main.bicep b/settings/remarks/microsoft.network/samples/securitypartnerproviders/main.bicep
new file mode 100644
index 00000000..067ac732
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/securitypartnerproviders/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource securityPartnerProvider 'Microsoft.Network/securityPartnerProviders@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    securityProviderName: 'ZScaler'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/serviceendpointpolicies/main.bicep b/settings/remarks/microsoft.network/samples/serviceendpointpolicies/main.bicep
new file mode 100644
index 00000000..82823612
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/serviceendpointpolicies/main.bicep
@@ -0,0 +1,8 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource serviceEndpointPolicy 'Microsoft.Network/serviceEndpointPolicies@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.network/samples/trafficmanagerprofiles/azureendpoints/main.bicep b/settings/remarks/microsoft.network/samples/trafficmanagerprofiles/azureendpoints/main.bicep
new file mode 100644
index 00000000..70fa6158
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/trafficmanagerprofiles/azureendpoints/main.bicep
@@ -0,0 +1,55 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    dnsSettings: {
+      domainNameLabel: 'acctestpublicip-230630034107607730'
+    }
+    idleTimeoutInMinutes: 4
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+  }
+  sku: {
+    name: 'Basic'
+    tier: 'Regional'
+  }
+}
+
+resource trafficManagerProfile 'Microsoft.Network/trafficManagerProfiles@2018-08-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    dnsConfig: {
+      relativeName: 'acctest-tmp-230630034107607730'
+      ttl: 30
+    }
+    monitorConfig: {
+      expectedStatusCodeRanges: []
+      intervalInSeconds: 30
+      path: '/'
+      port: 443
+      protocol: 'HTTPS'
+      timeoutInSeconds: 10
+      toleratedNumberOfFailures: 3
+    }
+    trafficRoutingMethod: 'Weighted'
+  }
+}
+
+resource azureendpoint 'Microsoft.Network/trafficManagerProfiles/AzureEndpoints@2018-08-01' = {
+  parent: trafficManagerProfile
+  name: resourceName
+  properties: {
+    customHeaders: []
+    endpointStatus: 'Enabled'
+    subnets: []
+    targetResourceId: publicIPAddress.id
+    weight: 3
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/trafficmanagerprofiles/externalendpoints/main.bicep b/settings/remarks/microsoft.network/samples/trafficmanagerprofiles/externalendpoints/main.bicep
new file mode 100644
index 00000000..c36d8655
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/trafficmanagerprofiles/externalendpoints/main.bicep
@@ -0,0 +1,34 @@
+param resourceName string = 'acctest0001'
+
+resource trafficManagerProfile 'Microsoft.Network/trafficManagerProfiles@2018-08-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    dnsConfig: {
+      relativeName: 'acctest-tmp-230630034107608613'
+      ttl: 30
+    }
+    monitorConfig: {
+      expectedStatusCodeRanges: []
+      intervalInSeconds: 30
+      path: '/'
+      port: 443
+      protocol: 'HTTPS'
+      timeoutInSeconds: 10
+      toleratedNumberOfFailures: 3
+    }
+    trafficRoutingMethod: 'Weighted'
+  }
+}
+
+resource externalendpoint 'Microsoft.Network/trafficManagerProfiles/ExternalEndpoints@2018-08-01' = {
+  parent: trafficManagerProfile
+  name: resourceName
+  properties: {
+    customHeaders: []
+    endpointStatus: 'Enabled'
+    subnets: []
+    target: 'www.example.com'
+    weight: 3
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/trafficmanagerprofiles/main.bicep b/settings/remarks/microsoft.network/samples/trafficmanagerprofiles/main.bicep
new file mode 100644
index 00000000..949706d6
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/trafficmanagerprofiles/main.bicep
@@ -0,0 +1,22 @@
+param resourceName string = 'acctest0001'
+
+resource trafficManagerProfile 'Microsoft.Network/trafficManagerProfiles@2018-08-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    dnsConfig: {
+      relativeName: 'acctest-tmp-230630034107605443'
+      ttl: 30
+    }
+    monitorConfig: {
+      expectedStatusCodeRanges: []
+      intervalInSeconds: 30
+      path: '/'
+      port: 443
+      protocol: 'HTTPS'
+      timeoutInSeconds: 10
+      toleratedNumberOfFailures: 3
+    }
+    trafficRoutingMethod: 'Weighted'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/trafficmanagerprofiles/nestedendpoints/main.bicep b/settings/remarks/microsoft.network/samples/trafficmanagerprofiles/nestedendpoints/main.bicep
new file mode 100644
index 00000000..d212ad08
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/trafficmanagerprofiles/nestedendpoints/main.bicep
@@ -0,0 +1,56 @@
+param resourceName string = 'acctest0001'
+
+resource trafficManagerProfile 'Microsoft.Network/trafficManagerProfiles@2018-08-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    dnsConfig: {
+      relativeName: 'acctest-tmp-230630034107605443'
+      ttl: 30
+    }
+    monitorConfig: {
+      expectedStatusCodeRanges: []
+      intervalInSeconds: 30
+      path: '/'
+      port: 443
+      protocol: 'HTTPS'
+      timeoutInSeconds: 10
+      toleratedNumberOfFailures: 3
+    }
+    trafficRoutingMethod: 'Weighted'
+  }
+}
+
+resource trafficManagerProfile2 'Microsoft.Network/trafficManagerProfiles@2018-08-01' = {
+  name: resourceName
+  location: 'global'
+  properties: {
+    dnsConfig: {
+      relativeName: 'acctesttmpchild230630034107605443'
+      ttl: 30
+    }
+    monitorConfig: {
+      expectedStatusCodeRanges: []
+      intervalInSeconds: 30
+      path: '/'
+      port: 443
+      protocol: 'HTTPS'
+      timeoutInSeconds: 10
+      toleratedNumberOfFailures: 3
+    }
+    trafficRoutingMethod: 'Priority'
+  }
+}
+
+resource nestedendpoint 'Microsoft.Network/trafficManagerProfiles/NestedEndpoints@2018-08-01' = {
+  parent: trafficManagerProfile
+  name: resourceName
+  properties: {
+    customHeaders: []
+    endpointStatus: 'Enabled'
+    minChildEndpoints: 5
+    subnets: []
+    targetResourceId: trafficManagerProfile2.id
+    weight: 3
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/virtualhubs/hubvirtualnetworkconnections/main.bicep b/settings/remarks/microsoft.network/samples/virtualhubs/hubvirtualnetworkconnections/main.bicep
new file mode 100644
index 00000000..7a49570d
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/virtualhubs/hubvirtualnetworkconnections/main.bicep
@@ -0,0 +1,55 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource virtualHub 'Microsoft.Network/virtualHubs@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    hubRoutingPreference: 'ExpressRoute'
+    virtualRouterAutoScaleConfiguration: {
+      minCapacity: 2
+    }
+    virtualWan: {
+      id: virtualWan.id
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.5.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource virtualWan 'Microsoft.Network/virtualWans@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    allowBranchToBranchTraffic: true
+    disableVpnEncryption: false
+    office365LocalBreakoutCategory: 'None'
+    type: 'Standard'
+  }
+}
+
+resource hubVirtualNetworkConnection 'Microsoft.Network/virtualHubs/hubVirtualNetworkConnections@2022-07-01' = {
+  parent: virtualHub
+  name: resourceName
+  properties: {
+    enableInternetSecurity: false
+    remoteVirtualNetwork: {
+      id: virtualNetwork.id
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/virtualhubs/ipconfigurations/main.bicep b/settings/remarks/microsoft.network/samples/virtualhubs/ipconfigurations/main.bicep
new file mode 100644
index 00000000..253cb161
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/virtualhubs/ipconfigurations/main.bicep
@@ -0,0 +1,75 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 4
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
+
+resource virtualHub 'Microsoft.Network/virtualHubs@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    hubRoutingPreference: 'ExpressRoute'
+    sku: 'Standard'
+    virtualRouterAutoScaleConfiguration: {
+      minCapacity: 2
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.5.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource ipConfiguration 'Microsoft.Network/virtualHubs/ipConfigurations@2022-07-01' = {
+  parent: virtualHub
+  name: resourceName
+  properties: {
+    privateIPAddress: '10.5.1.18'
+    privateIPAllocationMethod: 'Static'
+    publicIPAddress: {
+      id: publicIPAddress.id
+    }
+    subnet: {
+      id: subnet.id
+    }
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'RouteServerSubnet'
+  properties: {
+    addressPrefix: '10.5.1.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/virtualhubs/main.bicep b/settings/remarks/microsoft.network/samples/virtualhubs/main.bicep
new file mode 100644
index 00000000..db3e41d4
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/virtualhubs/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource virtualHub 'Microsoft.Network/virtualHubs@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressPrefix: '10.0.0.0/24'
+    hubRoutingPreference: 'ExpressRoute'
+    virtualRouterAutoScaleConfiguration: {
+      minCapacity: 2
+    }
+    virtualWan: {
+      id: virtualWan.id
+    }
+  }
+}
+
+resource virtualWan 'Microsoft.Network/virtualWans@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    allowBranchToBranchTraffic: true
+    disableVpnEncryption: false
+    office365LocalBreakoutCategory: 'None'
+    type: 'Standard'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/virtualnetworkgateways/main.bicep b/settings/remarks/microsoft.network/samples/virtualnetworkgateways/main.bicep
new file mode 100644
index 00000000..0700cc08
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/virtualnetworkgateways/main.bicep
@@ -0,0 +1,81 @@
+param resourceName string = 'acctest0001'
+param location string = 'centralus'
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 4
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.6.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+  tags: {
+    SkipASMAzSecPack: 'true'
+  }
+}
+
+resource virtualNetworkGateway 'Microsoft.Network/virtualNetworkGateways@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    activeActive: false
+    enableBgp: false
+    enablePrivateIpAddress: false
+    gatewayType: 'ExpressRoute'
+    ipConfigurations: [
+      {
+        name: 'vnetGatewayConfig'
+        properties: {
+          privateIPAllocationMethod: 'Dynamic'
+          publicIPAddress: {
+            id: publicIPAddress.id
+          }
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+    sku: {
+      name: 'Standard'
+      tier: 'Standard'
+    }
+    vpnType: 'RouteBased'
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'GatewaySubnet'
+  properties: {
+    addressPrefix: '10.6.1.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/virtualnetworkgateways/natrules/main.bicep b/settings/remarks/microsoft.network/samples/virtualnetworkgateways/natrules/main.bicep
new file mode 100644
index 00000000..04af3a1b
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/virtualnetworkgateways/natrules/main.bicep
@@ -0,0 +1,97 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 4
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Dynamic'
+  }
+  sku: {
+    name: 'Basic'
+    tier: 'Regional'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource virtualNetworkGateway 'Microsoft.Network/virtualNetworkGateways@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    activeActive: false
+    enableBgp: false
+    enablePrivateIpAddress: false
+    gatewayType: 'Vpn'
+    ipConfigurations: [
+      {
+        name: 'vnetGatewayConfig'
+        properties: {
+          privateIPAllocationMethod: 'Dynamic'
+          publicIPAddress: {
+            id: publicIPAddress.id
+          }
+          subnet: {
+            id: subnet.id
+          }
+        }
+      }
+    ]
+    sku: {
+      name: 'Basic'
+      tier: 'Basic'
+    }
+    vpnType: 'RouteBased'
+  }
+}
+
+resource natRule 'Microsoft.Network/virtualNetworkGateways/natRules@2022-07-01' = {
+  parent: virtualNetworkGateway
+  name: resourceName
+  properties: {
+    externalMappings: [
+      {
+        addressSpace: '10.1.0.0/26'
+      }
+    ]
+    internalMappings: [
+      {
+        addressSpace: '10.3.0.0/26'
+      }
+    ]
+    mode: 'EgressSnat'
+    type: 'Static'
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: 'GatewaySubnet'
+  properties: {
+    addressPrefix: '10.0.1.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/virtualnetworks/main.bicep b/settings/remarks/microsoft.network/samples/virtualnetworks/main.bicep
new file mode 100644
index 00000000..18df0706
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/virtualnetworks/main.bicep
@@ -0,0 +1,18 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/virtualnetworks/subnets/main.bicep b/settings/remarks/microsoft.network/samples/virtualnetworks/subnets/main.bicep
new file mode 100644
index 00000000..0e4b671a
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/virtualnetworks/subnets/main.bicep
@@ -0,0 +1,22 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/virtualnetworks/subnets/withipampool/main.bicep b/settings/remarks/microsoft.network/samples/virtualnetworks/subnets/withipampool/main.bicep
new file mode 100644
index 00000000..2b635d67
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/virtualnetworks/subnets/withipampool/main.bicep
@@ -0,0 +1,63 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkManager 'Microsoft.Network/networkManagers@2024-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkManagerScopeAccesses: []
+    networkManagerScopes: {
+      managementGroups: []
+      subscriptions: [
+        '/subscriptions/subscription().subscriptionId'
+      ]
+    }
+  }
+}
+
+resource vnetWithipam 'Microsoft.Network/virtualNetworks@2024-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      ipamPoolPrefixAllocations: [
+        {
+          numberOfIpAddresses: '100'
+          pool: {
+            id: ipamPool.id
+          }
+        }
+      ]
+    }
+  }
+}
+
+resource ipamPool 'Microsoft.Network/networkManagers/ipamPools@2024-05-01' = {
+  parent: networkManager
+  name: resourceName
+  location: location
+  properties: {
+    addressPrefixes: [
+      '10.0.0.0/24'
+    ]
+    description: 'Test description.'
+    displayName: 'testDisplayName'
+    parentPoolName: ''
+  }
+}
+
+resource subnetWithipam 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
+  parent: vnetWithipam
+  name: resourceName
+  properties: {
+    ipamPoolPrefixAllocations: [
+      {
+        numberOfIpAddresses: '100'
+        pool: {
+          id: ipamPool.id
+        }
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/virtualnetworks/virtualnetworkpeerings/main.bicep b/settings/remarks/microsoft.network/samples/virtualnetworks/virtualnetworkpeerings/main.bicep
new file mode 100644
index 00000000..47562156
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/virtualnetworks/virtualnetworkpeerings/main.bicep
@@ -0,0 +1,62 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.1.0/24'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource workspace 'Microsoft.Databricks/workspaces@2023-02-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    managedResourceGroupId: resourceId('Microsoft.Resources/resourceGroups', 'databricks-rg-${resourceName}')
+    parameters: {
+      prepareEncryption: {
+        value: false
+      }
+      requireInfrastructureEncryption: {
+        value: false
+      }
+    }
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    name: 'standard'
+  }
+}
+
+resource virtualNetworkPeering 'Microsoft.Databricks/workspaces/virtualNetworkPeerings@2023-02-01' = {
+  parent: workspace
+  name: resourceName
+  properties: {
+    allowForwardedTraffic: false
+    allowGatewayTransit: false
+    allowVirtualNetworkAccess: true
+    databricksAddressSpace: {
+      addressPrefixes: [
+        '10.139.0.0/16'
+      ]
+    }
+    remoteAddressSpace: {
+      addressPrefixes: [
+        '10.0.1.0/24'
+      ]
+    }
+    remoteVirtualNetwork: {
+      id: virtualNetwork.id
+    }
+    useRemoteGateways: false
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/virtualnetworks/withipampool/main.bicep b/settings/remarks/microsoft.network/samples/virtualnetworks/withipampool/main.bicep
new file mode 100644
index 00000000..e4b6953c
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/virtualnetworks/withipampool/main.bicep
@@ -0,0 +1,48 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource networkManager 'Microsoft.Network/networkManagers@2024-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    description: ''
+    networkManagerScopeAccesses: []
+    networkManagerScopes: {
+      managementGroups: []
+      subscriptions: [
+        '/subscriptions/subscription().subscriptionId'
+      ]
+    }
+  }
+}
+
+resource vnetWithipam 'Microsoft.Network/virtualNetworks@2024-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      ipamPoolPrefixAllocations: [
+        {
+          numberOfIpAddresses: '100'
+          pool: {
+            id: ipamPool.id
+          }
+        }
+      ]
+    }
+  }
+}
+
+resource ipamPool 'Microsoft.Network/networkManagers/ipamPools@2024-05-01' = {
+  parent: networkManager
+  name: resourceName
+  location: location
+  properties: {
+    addressPrefixes: [
+      '10.0.0.0/24'
+    ]
+    description: 'Test description.'
+    displayName: 'testDisplayName'
+    parentPoolName: ''
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/virtualwans/main.bicep b/settings/remarks/microsoft.network/samples/virtualwans/main.bicep
new file mode 100644
index 00000000..8552f4bf
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/virtualwans/main.bicep
@@ -0,0 +1,13 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource virtualWan 'Microsoft.Network/virtualWans@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    allowBranchToBranchTraffic: true
+    disableVpnEncryption: false
+    office365LocalBreakoutCategory: 'None'
+    type: 'Standard'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/vpngateways/main.bicep b/settings/remarks/microsoft.network/samples/vpngateways/main.bicep
new file mode 100644
index 00000000..dc050d57
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/vpngateways/main.bicep
@@ -0,0 +1,41 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource virtualHub 'Microsoft.Network/virtualHubs@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressPrefix: '10.0.0.0/24'
+    hubRoutingPreference: 'ExpressRoute'
+    virtualRouterAutoScaleConfiguration: {
+      minCapacity: 2
+    }
+    virtualWan: {
+      id: virtualWan.id
+    }
+  }
+}
+
+resource virtualWan 'Microsoft.Network/virtualWans@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    allowBranchToBranchTraffic: true
+    disableVpnEncryption: false
+    office365LocalBreakoutCategory: 'None'
+    type: 'Standard'
+  }
+}
+
+resource vpnGateway 'Microsoft.Network/vpnGateways@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableBgpRouteTranslationForNat: false
+    isRoutingPreferenceInternet: false
+    virtualHub: {
+      id: virtualHub.id
+    }
+    vpnGatewayScaleUnit: 1
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/vpngateways/natrules/main.bicep b/settings/remarks/microsoft.network/samples/vpngateways/natrules/main.bicep
new file mode 100644
index 00000000..64be60e1
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/vpngateways/natrules/main.bicep
@@ -0,0 +1,60 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource virtualHub 'Microsoft.Network/virtualHubs@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressPrefix: '10.0.0.0/24'
+    hubRoutingPreference: 'ExpressRoute'
+    virtualRouterAutoScaleConfiguration: {
+      minCapacity: 2
+    }
+    virtualWan: {
+      id: virtualWan.id
+    }
+  }
+}
+
+resource virtualWan 'Microsoft.Network/virtualWans@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    allowBranchToBranchTraffic: true
+    disableVpnEncryption: false
+    office365LocalBreakoutCategory: 'None'
+    type: 'Standard'
+  }
+}
+
+resource vpnGateway 'Microsoft.Network/vpnGateways@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableBgpRouteTranslationForNat: false
+    isRoutingPreferenceInternet: false
+    virtualHub: {
+      id: virtualHub.id
+    }
+    vpnGatewayScaleUnit: 1
+  }
+}
+
+resource natRule 'Microsoft.Network/vpnGateways/natRules@2022-07-01' = {
+  parent: vpnGateway
+  name: resourceName
+  properties: {
+    externalMappings: [
+      {
+        addressSpace: '192.168.21.0/26'
+      }
+    ]
+    internalMappings: [
+      {
+        addressSpace: '10.4.0.0/26'
+      }
+    ]
+    mode: 'EgressSnat'
+    type: 'Static'
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/vpngateways/vpnconnections/main.bicep b/settings/remarks/microsoft.network/samples/vpngateways/vpnconnections/main.bicep
new file mode 100644
index 00000000..df767738
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/vpngateways/vpnconnections/main.bicep
@@ -0,0 +1,127 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource virtualHub 'Microsoft.Network/virtualHubs@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressPrefix: '10.0.0.0/24'
+    hubRoutingPreference: 'ExpressRoute'
+    virtualRouterAutoScaleConfiguration: {
+      minCapacity: 2
+    }
+    virtualWan: {
+      id: virtualWan.id
+    }
+  }
+}
+
+resource virtualWan 'Microsoft.Network/virtualWans@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    allowBranchToBranchTraffic: true
+    disableVpnEncryption: false
+    office365LocalBreakoutCategory: 'None'
+    type: 'Standard'
+  }
+}
+
+resource vpnGateway 'Microsoft.Network/vpnGateways@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enableBgpRouteTranslationForNat: false
+    isRoutingPreferenceInternet: false
+    virtualHub: {
+      id: virtualHub.id
+    }
+    vpnGatewayScaleUnit: 1
+  }
+}
+
+resource vpnSite 'Microsoft.Network/vpnSites@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.1.0/24'
+      ]
+    }
+    virtualWan: {
+      id: virtualWan.id
+    }
+    vpnSiteLinks: [
+      {
+        name: 'link1'
+        properties: {
+          fqdn: ''
+          ipAddress: '10.0.1.1'
+          linkProperties: {
+            linkProviderName: ''
+            linkSpeedInMbps: 0
+          }
+        }
+      }
+      {
+        name: 'link2'
+        properties: {
+          fqdn: ''
+          ipAddress: '10.0.1.2'
+          linkProperties: {
+            linkProviderName: ''
+            linkSpeedInMbps: 0
+          }
+        }
+      }
+    ]
+  }
+}
+
+resource vpnConnection 'Microsoft.Network/vpnGateways/vpnConnections@2022-07-01' = {
+  parent: vpnGateway
+  name: resourceName
+  properties: {
+    enableInternetSecurity: false
+    remoteVpnSite: {
+      id: vpnSite.id
+    }
+    vpnLinkConnections: [
+      {
+        name: 'link1'
+        properties: {
+          connectionBandwidth: 10
+          enableBgp: false
+          enableRateLimiting: false
+          routingWeight: 0
+          useLocalAzureIpAddress: false
+          usePolicyBasedTrafficSelectors: false
+          vpnConnectionProtocolType: 'IKEv2'
+          vpnGatewayCustomBgpAddresses: []
+          vpnLinkConnectionMode: 'Default'
+          vpnSiteLink: {
+            id: resourceId('Microsoft.Network/vpnSites/vpnSiteLinks', vpnSite.name, 'link1')
+          }
+        }
+      }
+      {
+        name: 'link2'
+        properties: {
+          connectionBandwidth: 10
+          enableBgp: false
+          enableRateLimiting: false
+          routingWeight: 0
+          useLocalAzureIpAddress: false
+          usePolicyBasedTrafficSelectors: false
+          vpnConnectionProtocolType: 'IKEv2'
+          vpnGatewayCustomBgpAddresses: []
+          vpnLinkConnectionMode: 'Default'
+          vpnSiteLink: {
+            id: resourceId('Microsoft.Network/vpnSites/vpnSiteLinks', vpnSite.name, 'link2')
+          }
+        }
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/vpnserverconfigurations/configurationpolicygroups/main.bicep b/settings/remarks/microsoft.network/samples/vpnserverconfigurations/configurationpolicygroups/main.bicep
new file mode 100644
index 00000000..0d5158ba
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/vpnserverconfigurations/configurationpolicygroups/main.bicep
@@ -0,0 +1,49 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The RADIUS server secret for VPN authentication')
+param radiusServerSecret string
+
+resource vpnServerConfiguration 'Microsoft.Network/vpnServerConfigurations@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    radiusClientRootCertificates: []
+    radiusServerAddress: ''
+    radiusServerRootCertificates: []
+    radiusServerSecret: ''
+    radiusServers: [
+      {
+        radiusServerAddress: '10.105.1.1'
+        radiusServerScore: 15
+        radiusServerSecret: null
+      }
+    ]
+    vpnAuthenticationTypes: [
+      'Radius'
+    ]
+    vpnClientIpsecPolicies: []
+    vpnClientRevokedCertificates: []
+    vpnClientRootCertificates: []
+    vpnProtocols: [
+      'OpenVPN'
+      'IkeV2'
+    ]
+  }
+}
+
+resource configurationPolicyGroup 'Microsoft.Network/vpnServerConfigurations/configurationPolicyGroups@2022-07-01' = {
+  parent: vpnServerConfiguration
+  name: resourceName
+  properties: {
+    isDefault: false
+    policyMembers: [
+      {
+        attributeType: 'RadiusAzureGroupId'
+        attributeValue: '6ad1bd08'
+        name: 'policy1'
+      }
+    ]
+    priority: 0
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/vpnserverconfigurations/main.bicep b/settings/remarks/microsoft.network/samples/vpnserverconfigurations/main.bicep
new file mode 100644
index 00000000..74eefeea
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/vpnserverconfigurations/main.bicep
@@ -0,0 +1,33 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The RADIUS server secret for VPN server configuration')
+param radiusServerSecret string
+
+resource vpnServerConfiguration 'Microsoft.Network/vpnServerConfigurations@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    radiusClientRootCertificates: []
+    radiusServerAddress: ''
+    radiusServerRootCertificates: []
+    radiusServerSecret: null
+    radiusServers: [
+      {
+        radiusServerAddress: '10.105.1.1'
+        radiusServerScore: 15
+        radiusServerSecret: null
+      }
+    ]
+    vpnAuthenticationTypes: [
+      'Radius'
+    ]
+    vpnClientIpsecPolicies: []
+    vpnClientRevokedCertificates: []
+    vpnClientRootCertificates: []
+    vpnProtocols: [
+      'OpenVPN'
+      'IkeV2'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.network/samples/vpnsites/main.bicep b/settings/remarks/microsoft.network/samples/vpnsites/main.bicep
new file mode 100644
index 00000000..088159a6
--- /dev/null
+++ b/settings/remarks/microsoft.network/samples/vpnsites/main.bicep
@@ -0,0 +1,52 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource virtualWan 'Microsoft.Network/virtualWans@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    allowBranchToBranchTraffic: true
+    disableVpnEncryption: false
+    office365LocalBreakoutCategory: 'None'
+    type: 'Standard'
+  }
+}
+
+resource vpnSite 'Microsoft.Network/vpnSites@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.1.0/24'
+      ]
+    }
+    virtualWan: {
+      id: virtualWan.id
+    }
+    vpnSiteLinks: [
+      {
+        name: 'link1'
+        properties: {
+          fqdn: ''
+          ipAddress: '10.0.1.1'
+          linkProperties: {
+            linkProviderName: ''
+            linkSpeedInMbps: 0
+          }
+        }
+      }
+      {
+        name: 'link2'
+        properties: {
+          fqdn: ''
+          ipAddress: '10.0.1.2'
+          linkProperties: {
+            linkProviderName: ''
+            linkSpeedInMbps: 0
+          }
+        }
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.networkfunction/remarks.json b/settings/remarks/microsoft.networkfunction/remarks.json
index 5750408a..b92b635a 100644
--- a/settings/remarks/microsoft.networkfunction/remarks.json
+++ b/settings/remarks/microsoft.networkfunction/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/azuretrafficcollectors/main.tf",
       "Description": "A basic example of deploying Network Function Azure Traffic Collector."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.NetworkFunction/azureTrafficCollectors",
+      "Path": "samples/azuretrafficcollectors/main.bicep",
+      "Description": "A basic example of deploying Network Function Azure Traffic Collector."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.networkfunction/samples/azuretrafficcollectors/main.bicep b/settings/remarks/microsoft.networkfunction/samples/azuretrafficcollectors/main.bicep
new file mode 100644
index 00000000..58a64dd3
--- /dev/null
+++ b/settings/remarks/microsoft.networkfunction/samples/azuretrafficcollectors/main.bicep
@@ -0,0 +1,8 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource azureTrafficCollector 'Microsoft.NetworkFunction/azureTrafficCollectors@2022-11-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.notificationhubs/remarks.json b/settings/remarks/microsoft.notificationhubs/remarks.json
index 22624b9d..341d3b25 100644
--- a/settings/remarks/microsoft.notificationhubs/remarks.json
+++ b/settings/remarks/microsoft.notificationhubs/remarks.json
@@ -16,5 +16,22 @@
       "Path": "samples/namespaces/notificationhubs/authorizationrules/main.tf",
       "Description": "A basic example of deploying Authorization Rule associated with a Notification Hub within a Notification Hub Namespace."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.NotificationHubs/namespaces",
+      "Path": "samples/namespaces/main.bicep",
+      "Description": "A basic example of deploying Notification Hub Namespace."
+    },
+    {
+      "ResourceType": "Microsoft.NotificationHubs/namespaces/notificationHubs",
+      "Path": "samples/namespaces/notificationhubs/main.bicep",
+      "Description": "A basic example of deploying Notification Hub within a Notification Hub Namespace."
+    },
+    {
+      "ResourceType": "Microsoft.NotificationHubs/namespaces/notificationHubs/authorizationRules",
+      "Path": "samples/namespaces/notificationhubs/authorizationrules/main.bicep",
+      "Description": "A basic example of deploying Authorization Rule associated with a Notification Hub within a Notification Hub Namespace."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.notificationhubs/samples/namespaces/main.bicep b/settings/remarks/microsoft.notificationhubs/samples/namespaces/main.bicep
new file mode 100644
index 00000000..0f5e42f9
--- /dev/null
+++ b/settings/remarks/microsoft.notificationhubs/samples/namespaces/main.bicep
@@ -0,0 +1,15 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.NotificationHubs/namespaces@2017-04-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enabled: true
+    namespaceType: 'NotificationHub'
+    region: 'westeurope'
+  }
+  sku: {
+    name: 'Free'
+  }
+}
diff --git a/settings/remarks/microsoft.notificationhubs/samples/namespaces/notificationhubs/authorizationrules/main.bicep b/settings/remarks/microsoft.notificationhubs/samples/namespaces/notificationhubs/authorizationrules/main.bicep
new file mode 100644
index 00000000..a0ecd04f
--- /dev/null
+++ b/settings/remarks/microsoft.notificationhubs/samples/namespaces/notificationhubs/authorizationrules/main.bicep
@@ -0,0 +1,32 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.NotificationHubs/namespaces@2017-04-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enabled: true
+    namespaceType: 'NotificationHub'
+    region: 'westeurope'
+  }
+  sku: {
+    name: 'Free'
+  }
+}
+
+resource notificationHub 'Microsoft.NotificationHubs/namespaces/notificationHubs@2017-04-01' = {
+  parent: namespace
+  name: resourceName
+  location: location
+  properties: {}
+}
+
+resource authorizationRule 'Microsoft.NotificationHubs/namespaces/notificationHubs/authorizationRules@2017-04-01' = {
+  parent: notificationHub
+  name: resourceName
+  properties: {
+    rights: [
+      'Listen'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.notificationhubs/samples/namespaces/notificationhubs/main.bicep b/settings/remarks/microsoft.notificationhubs/samples/namespaces/notificationhubs/main.bicep
new file mode 100644
index 00000000..a64a6b66
--- /dev/null
+++ b/settings/remarks/microsoft.notificationhubs/samples/namespaces/notificationhubs/main.bicep
@@ -0,0 +1,22 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.NotificationHubs/namespaces@2017-04-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    enabled: true
+    namespaceType: 'NotificationHub'
+    region: 'westeurope'
+  }
+  sku: {
+    name: 'Free'
+  }
+}
+
+resource notificationHub 'Microsoft.NotificationHubs/namespaces/notificationHubs@2017-04-01' = {
+  parent: namespace
+  name: resourceName
+  location: location
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.operationalinsights/remarks.json b/settings/remarks/microsoft.operationalinsights/remarks.json
index a8007cf1..d2b8af11 100644
--- a/settings/remarks/microsoft.operationalinsights/remarks.json
+++ b/settings/remarks/microsoft.operationalinsights/remarks.json
@@ -74,5 +74,72 @@
       "Path": "samples/workspaces/tables/datacollectionlogs/main.tf",
       "Description": "A datacollectionlogs example of deploying Operational Insights Workspaces Tables."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.OperationalInsights/clusters",
+      "Path": "samples/clusters/main.bicep",
+      "Description": "A basic example of deploying Log Analytics Cluster."
+    },
+    {
+      "ResourceType": "Microsoft.OperationalInsights/queryPacks",
+      "Path": "samples/querypacks/main.bicep",
+      "Description": "A basic example of deploying Log Analytics Query Pack."
+    },
+    {
+      "ResourceType": "Microsoft.OperationalInsights/queryPacks/queries",
+      "Path": "samples/querypacks/queries/main.bicep",
+      "Description": "A basic example of deploying Log Analytics Query Pack Query."
+    },
+    {
+      "ResourceType": "Microsoft.OperationalInsights/workspaces",
+      "Path": "samples/workspaces/main.bicep",
+      "Description": "A basic example of deploying Log Analytics (formally Operational Insights) Workspace."
+    },
+    {
+      "ResourceType": "Microsoft.OperationalInsights/workspaces/dataExports",
+      "Path": "samples/workspaces/dataexports/main.bicep",
+      "Description": "A basic example of deploying log analytics Data Export Rule."
+    },
+    {
+      "ResourceType": "Microsoft.OperationalInsights/workspaces/dataSources",
+      "Path": "samples/workspaces/datasources/main.bicep",
+      "Description": "A basic example of deploying Log Analytics (formally Operational Insights) DataSource."
+    },
+    {
+      "ResourceType": "Microsoft.OperationalInsights/workspaces/linkedServices",
+      "Path": "samples/workspaces/linkedservices/main.bicep",
+      "Description": "A basic example of deploying Log Analytics Linked Service."
+    },
+    {
+      "ResourceType": "Microsoft.OperationalInsights/workspaces/linkedStorageAccounts",
+      "Path": "samples/workspaces/linkedstorageaccounts/main.bicep",
+      "Description": "A basic example of deploying Log Analytics Linked Storage Account."
+    },
+    {
+      "ResourceType": "Microsoft.OperationalInsights/workspaces/savedSearches",
+      "Path": "samples/workspaces/savedsearches/main.bicep",
+      "Description": "A basic example of deploying Log Analytics (formally Operational Insights) Saved Search."
+    },
+    {
+      "ResourceType": "Microsoft.OperationalInsights/workspaces/storageInsightConfigs",
+      "Path": "samples/workspaces/storageinsightconfigs/main.bicep",
+      "Description": "A basic example of deploying Log Analytics Storage Insights resource."
+    },
+    {
+      "ResourceType": "Microsoft.OperationalInsights/workspaces/tables",
+      "Path": "samples/workspaces/tables/auditlog/main.bicep",
+      "Description": "A auditlog example of deploying Operational Insights Workspaces Tables."
+    },
+    {
+      "ResourceType": "Microsoft.OperationalInsights/workspaces/tables",
+      "Path": "samples/workspaces/tables/basic/main.bicep",
+      "Description": "A basic example of deploying Operational Insights Workspaces Tables."
+    },
+    {
+      "ResourceType": "Microsoft.OperationalInsights/workspaces/tables",
+      "Path": "samples/workspaces/tables/datacollectionlogs/main.bicep",
+      "Description": "A datacollectionlogs example of deploying Operational Insights Workspaces Tables."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.operationalinsights/samples/clusters/main.bicep b/settings/remarks/microsoft.operationalinsights/samples/clusters/main.bicep
new file mode 100644
index 00000000..1accf041
--- /dev/null
+++ b/settings/remarks/microsoft.operationalinsights/samples/clusters/main.bicep
@@ -0,0 +1,11 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource cluster 'Microsoft.OperationalInsights/clusters@2020-08-01' = {
+  name: resourceName
+  location: location
+  sku: {
+    capacity: 1000
+    name: 'CapacityReservation'
+  }
+}
diff --git a/settings/remarks/microsoft.operationalinsights/samples/querypacks/main.bicep b/settings/remarks/microsoft.operationalinsights/samples/querypacks/main.bicep
new file mode 100644
index 00000000..6000b7c6
--- /dev/null
+++ b/settings/remarks/microsoft.operationalinsights/samples/querypacks/main.bicep
@@ -0,0 +1,8 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource queryPack 'Microsoft.OperationalInsights/queryPacks@2019-09-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.operationalinsights/samples/querypacks/queries/main.bicep b/settings/remarks/microsoft.operationalinsights/samples/querypacks/queries/main.bicep
new file mode 100644
index 00000000..45473f5d
--- /dev/null
+++ b/settings/remarks/microsoft.operationalinsights/samples/querypacks/queries/main.bicep
@@ -0,0 +1,30 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource queryPack 'Microsoft.OperationalInsights/queryPacks@2019-09-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
+
+resource query 'Microsoft.OperationalInsights/queryPacks/queries@2019-09-01' = {
+  parent: queryPack
+  name: 'aca50e92-d3e6-8f7d-1f70-2ec7adc1a926'
+  properties: {
+    body: '''    let newExceptionsTimeRange = 1d;
+    let timeRangeToCheckBefore = 7d;
+    exceptions
+    | where timestamp < ago(timeRangeToCheckBefore)
+    | summarize count() by problemId
+    | join kind= rightanti (
+        exceptions
+        | where timestamp >= ago(newExceptionsTimeRange)
+        | extend stack = tostring(details[0].rawStack)
+        | summarize count(), dcount(user_AuthenticatedId), min(timestamp), max(timestamp), any(stack) by problemId
+    ) on problemId
+    | order by count_ desc
+'''
+    displayName: 'Exceptions - New in the last 24 hours'
+    related: {}
+  }
+}
diff --git a/settings/remarks/microsoft.operationalinsights/samples/workspaces/dataexports/main.bicep b/settings/remarks/microsoft.operationalinsights/samples/workspaces/dataexports/main.bicep
new file mode 100644
index 00000000..c2af68a5
--- /dev/null
+++ b/settings/remarks/microsoft.operationalinsights/samples/workspaces/dataexports/main.bicep
@@ -0,0 +1,72 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
+
+resource dataExport 'Microsoft.OperationalInsights/workspaces/dataExports@2020-08-01' = {
+  parent: workspace
+  name: resourceName
+  properties: {
+    destination: {
+      resourceId: storageAccount.id
+    }
+    enable: false
+    tableNames: [
+      'Heartbeat'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.operationalinsights/samples/workspaces/datasources/main.bicep b/settings/remarks/microsoft.operationalinsights/samples/workspaces/datasources/main.bicep
new file mode 100644
index 00000000..5ba8c4da
--- /dev/null
+++ b/settings/remarks/microsoft.operationalinsights/samples/workspaces/datasources/main.bicep
@@ -0,0 +1,34 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
+
+resource dataSource 'Microsoft.OperationalInsights/workspaces/dataSources@2020-08-01' = {
+  parent: workspace
+  name: resourceName
+  kind: 'WindowsPerformanceCounter'
+  properties: {
+    counterName: 'CPU'
+    instanceName: '*'
+    intervalSeconds: 10
+    objectName: 'CPU'
+  }
+}
diff --git a/settings/remarks/microsoft.operationalinsights/samples/workspaces/linkedservices/main.bicep b/settings/remarks/microsoft.operationalinsights/samples/workspaces/linkedservices/main.bicep
new file mode 100644
index 00000000..c25e31ac
--- /dev/null
+++ b/settings/remarks/microsoft.operationalinsights/samples/workspaces/linkedservices/main.bicep
@@ -0,0 +1,44 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = {
+  name: resourceName
+  location: location
+  properties: {
+    encryption: {
+      keySource: 'Microsoft.Automation'
+    }
+    publicNetworkAccess: true
+    sku: {
+      name: 'Basic'
+    }
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
+
+resource linkedService 'Microsoft.OperationalInsights/workspaces/linkedServices@2020-08-01' = {
+  parent: workspace
+  name: 'Automation'
+  properties: {
+    resourceId: automationAccount.id
+  }
+}
diff --git a/settings/remarks/microsoft.operationalinsights/samples/workspaces/linkedstorageaccounts/main.bicep b/settings/remarks/microsoft.operationalinsights/samples/workspaces/linkedstorageaccounts/main.bicep
new file mode 100644
index 00000000..05d122f7
--- /dev/null
+++ b/settings/remarks/microsoft.operationalinsights/samples/workspaces/linkedstorageaccounts/main.bicep
@@ -0,0 +1,68 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_GRS'
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
+
+resource linkedStorageAccount 'Microsoft.OperationalInsights/workspaces/linkedStorageAccounts@2020-08-01' = {
+  parent: workspace
+  name: 'CustomLogs'
+  properties: {
+    storageAccountIds: [
+      storageAccount.id
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.operationalinsights/samples/workspaces/main.bicep b/settings/remarks/microsoft.operationalinsights/samples/workspaces/main.bicep
new file mode 100644
index 00000000..9079a531
--- /dev/null
+++ b/settings/remarks/microsoft.operationalinsights/samples/workspaces/main.bicep
@@ -0,0 +1,22 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.operationalinsights/samples/workspaces/savedsearches/main.bicep b/settings/remarks/microsoft.operationalinsights/samples/workspaces/savedsearches/main.bicep
new file mode 100644
index 00000000..f51a1484
--- /dev/null
+++ b/settings/remarks/microsoft.operationalinsights/samples/workspaces/savedsearches/main.bicep
@@ -0,0 +1,34 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
+
+resource savedSearch 'Microsoft.OperationalInsights/workspaces/savedSearches@2020-08-01' = {
+  parent: workspace
+  name: resourceName
+  properties: {
+    category: 'Saved Search Test Category'
+    displayName: 'Create or Update Saved Search Test'
+    functionAlias: ''
+    query: 'Heartbeat | summarize Count() by Computer | take a'
+    tags: []
+  }
+}
diff --git a/settings/remarks/microsoft.operationalinsights/samples/workspaces/storageinsightconfigs/main.bicep b/settings/remarks/microsoft.operationalinsights/samples/workspaces/storageinsightconfigs/main.bicep
new file mode 100644
index 00000000..d1e20186
--- /dev/null
+++ b/settings/remarks/microsoft.operationalinsights/samples/workspaces/storageinsightconfigs/main.bicep
@@ -0,0 +1,69 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
+
+resource storageInsightConfig 'Microsoft.OperationalInsights/workspaces/storageInsightConfigs@2020-08-01' = {
+  parent: workspace
+  name: resourceName
+  properties: {
+    storageAccount: {
+      id: storageAccount.id
+      key: storageAccount.listKeys().keys[0].value
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.operationalinsights/samples/workspaces/tables/auditlog/main.bicep b/settings/remarks/microsoft.operationalinsights/samples/workspaces/tables/auditlog/main.bicep
new file mode 100644
index 00000000..c12edf51
--- /dev/null
+++ b/settings/remarks/microsoft.operationalinsights/samples/workspaces/tables/auditlog/main.bicep
@@ -0,0 +1,36 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+var auditLogTableName = 'AuditLog_CL'
+var auditLogColumns = {} // TODO: Complex type needs manual conversion
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
+
+resource table 'Microsoft.OperationalInsights/workspaces/tables@2022-10-01' = {
+  parent: workspace
+  name: auditLogTableName
+  properties: {
+    schema: {
+      name: auditLogTableName
+      columns: auditLogColumns
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.operationalinsights/samples/workspaces/tables/basic/main.bicep b/settings/remarks/microsoft.operationalinsights/samples/workspaces/tables/basic/main.bicep
new file mode 100644
index 00000000..3625aa63
--- /dev/null
+++ b/settings/remarks/microsoft.operationalinsights/samples/workspaces/tables/basic/main.bicep
@@ -0,0 +1,38 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+var sentinelTiAlertsTableName = 'SentinelTIAlerts_CL'
+var sentinelTiAlertsColumns = {} // TODO: Complex type needs manual conversion
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
+
+resource table 'Microsoft.OperationalInsights/workspaces/tables@2022-10-01' = {
+  parent: workspace
+  name: sentinelTiAlertsTableName
+  properties: {
+    schema: {
+      name: sentinelTiAlertsTableName
+      columns: sentinelTiAlertsColumns
+    }
+    retentionInDays: 30
+    totalRetentionInDays: 30
+  }
+}
diff --git a/settings/remarks/microsoft.operationalinsights/samples/workspaces/tables/datacollectionlogs/main.bicep b/settings/remarks/microsoft.operationalinsights/samples/workspaces/tables/datacollectionlogs/main.bicep
new file mode 100644
index 00000000..b47ae2d2
--- /dev/null
+++ b/settings/remarks/microsoft.operationalinsights/samples/workspaces/tables/datacollectionlogs/main.bicep
@@ -0,0 +1,36 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+var dataCollectionLogTableName = 'DataCollectionLog_CL'
+var dataCollectionLogColumns = {} // TODO: Complex type needs manual conversion
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
+
+resource table 'Microsoft.OperationalInsights/workspaces/tables@2022-10-01' = {
+  parent: workspace
+  name: dataCollectionLogTableName
+  properties: {
+    schema: {
+      name: dataCollectionLogTableName
+      columns: dataCollectionLogColumns
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.operationsmanagement/remarks.json b/settings/remarks/microsoft.operationsmanagement/remarks.json
index 2cd20360..c7dd291f 100644
--- a/settings/remarks/microsoft.operationsmanagement/remarks.json
+++ b/settings/remarks/microsoft.operationsmanagement/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/solutions/main.tf",
       "Description": "A basic example of deploying Log Analytics (formally Operational Insights) Solution."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.OperationsManagement/solutions",
+      "Path": "samples/solutions/main.bicep",
+      "Description": "A basic example of deploying Log Analytics (formally Operational Insights) Solution."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.operationsmanagement/samples/solutions/main.bicep b/settings/remarks/microsoft.operationsmanagement/samples/solutions/main.bicep
new file mode 100644
index 00000000..d2fa20f2
--- /dev/null
+++ b/settings/remarks/microsoft.operationsmanagement/samples/solutions/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource solution 'Microsoft.OperationsManagement/solutions@2015-11-01-preview' = {
+  name: 'ContainerInsights(${resourceName})'
+  location: location
+  plan: {
+    name: 'ContainerInsights(acctest0001)'
+    product: 'OMSGallery/ContainerInsights'
+    promotionCode: ''
+    publisher: 'Microsoft'
+  }
+  properties: {
+    workspaceResourceId: workspace.id
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    sku: {
+      name: 'PerGB2018'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.orbital/remarks.json b/settings/remarks/microsoft.orbital/remarks.json
index ff34d561..eba99dcb 100644
--- a/settings/remarks/microsoft.orbital/remarks.json
+++ b/settings/remarks/microsoft.orbital/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/spacecrafts/main.tf",
       "Description": "A basic example of deploying Spacecraft resource."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Orbital/spacecrafts",
+      "Path": "samples/spacecrafts/main.bicep",
+      "Description": "A basic example of deploying Spacecraft resource."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.orbital/samples/spacecrafts/main.bicep b/settings/remarks/microsoft.orbital/samples/spacecrafts/main.bicep
new file mode 100644
index 00000000..9fea2ed7
--- /dev/null
+++ b/settings/remarks/microsoft.orbital/samples/spacecrafts/main.bicep
@@ -0,0 +1,22 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource spacecraft 'Microsoft.Orbital/spacecrafts@2022-11-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    links: [
+      {
+        bandwidthMHz: 100
+        centerFrequencyMHz: 101
+        direction: 'Uplink'
+        name: 'linkname'
+        polarization: 'LHCP'
+      }
+    ]
+    noradId: '12345'
+    titleLine: 'AQUA'
+    tleLine1: '1 23455U 94089A   97320.90946019  .00000140  00000-0  10191-3 0  2621'
+    tleLine2: '2 23455  99.0090 272.6745 0008546 223.1686 136.8816 14.11711747148495'
+  }
+}
diff --git a/settings/remarks/microsoft.policyinsights/remarks.json b/settings/remarks/microsoft.policyinsights/remarks.json
index 10edf984..13ba5be5 100644
--- a/settings/remarks/microsoft.policyinsights/remarks.json
+++ b/settings/remarks/microsoft.policyinsights/remarks.json
@@ -11,5 +11,12 @@
       "Path": "samples/remediations/main.tf",
       "Description": "A basic example of deploying Azure Policy Remediation."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.PolicyInsights/remediations",
+      "Path": "samples/remediations/main.bicep",
+      "Description": "A basic example of deploying Azure Policy Remediation."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.policyinsights/samples/remediations/main.bicep b/settings/remarks/microsoft.policyinsights/samples/remediations/main.bicep
new file mode 100644
index 00000000..416c116c
--- /dev/null
+++ b/settings/remarks/microsoft.policyinsights/samples/remediations/main.bicep
@@ -0,0 +1,34 @@
+targetScope = 'subscription'
+
+param resourceName string = 'acctest0001'
+
+resource policyAssignment 'Microsoft.Authorization/policyAssignments@2022-06-01' = {
+  name: resourceName
+  properties: {
+    displayName: ''
+    enforcementMode: 'Default'
+    parameters: {
+      listOfAllowedLocations: {
+        value: [
+          'West Europe'
+          'West US 2'
+          'East US 2'
+        ]
+      }
+    }
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c'
+    scope: subscription().id
+  }
+}
+
+resource remediation 'Microsoft.PolicyInsights/remediations@2021-10-01' = {
+  name: resourceName
+  properties: {
+    filters: {
+      locations: []
+    }
+    policyAssignmentId: policyAssignment.id
+    policyDefinitionReferenceId: ''
+    resourceDiscoveryMode: 'ExistingNonCompliant'
+  }
+}
diff --git a/settings/remarks/microsoft.portal/remarks.json b/settings/remarks/microsoft.portal/remarks.json
index a9a32bfd..5102c9d1 100644
--- a/settings/remarks/microsoft.portal/remarks.json
+++ b/settings/remarks/microsoft.portal/remarks.json
@@ -14,5 +14,12 @@
       "Path": "samples/dashboards/main.tf",
       "Description": "A basic example of deploying shared dashboard in the Azure Portal."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Portal/dashboards",
+      "Path": "samples/dashboards/main.bicep",
+      "Description": "A basic example of deploying shared dashboard in the Azure Portal."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.portal/samples/dashboards/main.bicep b/settings/remarks/microsoft.portal/samples/dashboards/main.bicep
new file mode 100644
index 00000000..18c8f0ca
--- /dev/null
+++ b/settings/remarks/microsoft.portal/samples/dashboards/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource dashboard 'Microsoft.Portal/dashboards@2019-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    lenses: {}
+  }
+}
diff --git a/settings/remarks/microsoft.powerbidedicated/remarks.json b/settings/remarks/microsoft.powerbidedicated/remarks.json
index cb121516..a711e54d 100644
--- a/settings/remarks/microsoft.powerbidedicated/remarks.json
+++ b/settings/remarks/microsoft.powerbidedicated/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/capacities/main.tf",
       "Description": "A basic example of deploying PowerBI Embedded."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.PowerBIDedicated/capacities",
+      "Path": "samples/capacities/main.bicep",
+      "Description": "A basic example of deploying PowerBI Embedded."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.powerbidedicated/samples/capacities/main.bicep b/settings/remarks/microsoft.powerbidedicated/samples/capacities/main.bicep
new file mode 100644
index 00000000..f9f6c53c
--- /dev/null
+++ b/settings/remarks/microsoft.powerbidedicated/samples/capacities/main.bicep
@@ -0,0 +1,18 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource capacity 'Microsoft.PowerBIDedicated/capacities@2021-01-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    administration: {
+      members: [
+        deployer().objectId
+      ]
+    }
+    mode: 'Gen2'
+  }
+  sku: {
+    name: 'A1'
+  }
+}
diff --git a/settings/remarks/microsoft.purview/remarks.json b/settings/remarks/microsoft.purview/remarks.json
index 0e53bb0a..9c497f1c 100644
--- a/settings/remarks/microsoft.purview/remarks.json
+++ b/settings/remarks/microsoft.purview/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/accounts/main.tf",
       "Description": "A basic example of deploying Purview Account."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Purview/accounts",
+      "Path": "samples/accounts/main.bicep",
+      "Description": "A basic example of deploying Purview Account."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.purview/samples/accounts/main.bicep b/settings/remarks/microsoft.purview/samples/accounts/main.bicep
new file mode 100644
index 00000000..0f6843fe
--- /dev/null
+++ b/settings/remarks/microsoft.purview/samples/accounts/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource account 'Microsoft.Purview/accounts@2021-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.recoveryservices/remarks.json b/settings/remarks/microsoft.recoveryservices/remarks.json
index da4081af..00dc08b7 100644
--- a/settings/remarks/microsoft.recoveryservices/remarks.json
+++ b/settings/remarks/microsoft.recoveryservices/remarks.json
@@ -61,5 +61,57 @@
       "Path": "samples/vaults/replicationpolicies/main.tf",
       "Description": "A basic example of deploying Azure Site Recovery replication policy on Azure."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.RecoveryServices/vaults",
+      "Path": "samples/vaults/main.bicep",
+      "Description": "A basic example of deploying Recovery Services Vault."
+    },
+    {
+      "ResourceType": "Microsoft.RecoveryServices/vaults/backupPolicies",
+      "Path": "samples/vaults/backuppolicies/main.bicep",
+      "Description": "A basic example of deploying Backup Policy."
+    },
+    {
+      "ResourceType": "Microsoft.RecoveryServices/vaults/backupResourceGuardProxies",
+      "Path": "samples/vaults/backupresourceguardproxies/main.bicep",
+      "Description": "A basic example of deploying association of a Resource Guard and Recovery Services Vault."
+    },
+    {
+      "ResourceType": "Microsoft.RecoveryServices/vaults/backupStorageConfig",
+      "Path": "samples/vaults/backupstorageconfig/main.bicep",
+      "Description": "A basic example of deploying Azure Backup Storage Configuration."
+    },
+    {
+      "ResourceType": "Microsoft.RecoveryServices/vaults/backupconfig",
+      "Path": "samples/vaults/backupconfig/main.bicep",
+      "Description": "A basic example of deploying Recovery Services Vaults Backup Config."
+    },
+    {
+      "ResourceType": "Microsoft.RecoveryServices/vaults/replicationFabrics",
+      "Path": "samples/vaults/replicationfabrics/main.bicep",
+      "Description": "A basic example of deploying Site Recovery Replication Fabric on Azure."
+    },
+    {
+      "ResourceType": "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings",
+      "Path": "samples/vaults/replicationfabrics/replicationnetworks/replicationnetworkmappings/main.bicep",
+      "Description": "A basic example of deploying site recovery network mapping on Azure."
+    },
+    {
+      "ResourceType": "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers",
+      "Path": "samples/vaults/replicationfabrics/replicationprotectioncontainers/main.bicep",
+      "Description": "A basic example of deploying site recovery services protection container on Azure."
+    },
+    {
+      "ResourceType": "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings",
+      "Path": "samples/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotectioncontainermappings/main.bicep",
+      "Description": "A basic example of deploying Site Recovery protection container mapping on Azure."
+    },
+    {
+      "ResourceType": "Microsoft.RecoveryServices/vaults/replicationPolicies",
+      "Path": "samples/vaults/replicationpolicies/main.bicep",
+      "Description": "A basic example of deploying Azure Site Recovery replication policy on Azure."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.recoveryservices/samples/vaults/backupconfig/main.bicep b/settings/remarks/microsoft.recoveryservices/samples/vaults/backupconfig/main.bicep
new file mode 100644
index 00000000..da8cea45
--- /dev/null
+++ b/settings/remarks/microsoft.recoveryservices/samples/vaults/backupconfig/main.bicep
@@ -0,0 +1,21 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource vault 'Microsoft.RecoveryServices/vaults@2024-04-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource softDeleteRetentionPeriodInDays 'Microsoft.RecoveryServices/vaults/backupconfig@2024-04-01' = {
+  parent: vault
+  name: 'vaultconfig'
+  properties: {
+    softDeleteRetentionPeriodInDays: 14
+  }
+}
diff --git a/settings/remarks/microsoft.recoveryservices/samples/vaults/backuppolicies/main.bicep b/settings/remarks/microsoft.recoveryservices/samples/vaults/backuppolicies/main.bicep
new file mode 100644
index 00000000..7401e9df
--- /dev/null
+++ b/settings/remarks/microsoft.recoveryservices/samples/vaults/backuppolicies/main.bicep
@@ -0,0 +1,42 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource vault 'Microsoft.RecoveryServices/vaults@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource backupPolicy 'Microsoft.RecoveryServices/vaults/backupPolicies@2023-02-01' = {
+  parent: vault
+  name: resourceName
+  properties: {
+    backupManagementType: 'AzureStorage'
+    retentionPolicy: {
+      dailySchedule: {
+        retentionDuration: {
+          count: 10
+          durationType: 'Days'
+        }
+        retentionTimes: [
+          '2018-07-30T23:00:00Z'
+        ]
+      }
+      retentionPolicyType: 'LongTermRetentionPolicy'
+    }
+    schedulePolicy: {
+      schedulePolicyType: 'SimpleSchedulePolicy'
+      scheduleRunFrequency: 'Daily'
+      scheduleRunTimes: [
+        '2018-07-30T23:00:00Z'
+      ]
+    }
+    timeZone: 'UTC'
+    workLoadType: 'AzureFileShare'
+  }
+}
diff --git a/settings/remarks/microsoft.recoveryservices/samples/vaults/backupresourceguardproxies/main.bicep b/settings/remarks/microsoft.recoveryservices/samples/vaults/backupresourceguardproxies/main.bicep
new file mode 100644
index 00000000..376afd38
--- /dev/null
+++ b/settings/remarks/microsoft.recoveryservices/samples/vaults/backupresourceguardproxies/main.bicep
@@ -0,0 +1,30 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource resourceGuard 'Microsoft.DataProtection/resourceGuards@2022-04-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    vaultCriticalOperationExclusionList: []
+  }
+}
+
+resource vault 'Microsoft.RecoveryServices/vaults@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource backupResourceGuardProxy 'Microsoft.RecoveryServices/vaults/backupResourceGuardProxies@2023-02-01' = {
+  parent: vault
+  name: resourceName
+  properties: {
+    resourceGuardResourceId: resourceGuard.id
+  }
+  type: 'Microsoft.RecoveryServices/vaults/backupResourceGuardProxies'
+}
diff --git a/settings/remarks/microsoft.recoveryservices/samples/vaults/backupstorageconfig/main.bicep b/settings/remarks/microsoft.recoveryservices/samples/vaults/backupstorageconfig/main.bicep
new file mode 100644
index 00000000..8e5323d9
--- /dev/null
+++ b/settings/remarks/microsoft.recoveryservices/samples/vaults/backupstorageconfig/main.bicep
@@ -0,0 +1,22 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource vault 'Microsoft.RecoveryServices/vaults@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource backupStorageConfig 'Microsoft.RecoveryServices/vaults/backupStorageConfig@2023-02-01' = {
+  parent: vault
+  name: 'vaultstorageconfig'
+  properties: {
+    crossRegionRestoreFlag: false
+    storageModelType: 'GeoRedundant'
+  }
+}
diff --git a/settings/remarks/microsoft.recoveryservices/samples/vaults/main.bicep b/settings/remarks/microsoft.recoveryservices/samples/vaults/main.bicep
new file mode 100644
index 00000000..002b46b9
--- /dev/null
+++ b/settings/remarks/microsoft.recoveryservices/samples/vaults/main.bicep
@@ -0,0 +1,13 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource vault 'Microsoft.RecoveryServices/vaults@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
diff --git a/settings/remarks/microsoft.recoveryservices/samples/vaults/replicationfabrics/main.bicep b/settings/remarks/microsoft.recoveryservices/samples/vaults/replicationfabrics/main.bicep
new file mode 100644
index 00000000..66e5d2b2
--- /dev/null
+++ b/settings/remarks/microsoft.recoveryservices/samples/vaults/replicationfabrics/main.bicep
@@ -0,0 +1,24 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus2'
+
+resource vault 'Microsoft.RecoveryServices/vaults@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource replicationFabric2 'Microsoft.RecoveryServices/vaults/replicationFabrics@2022-10-01' = {
+  parent: vault
+  name: resourceName
+  properties: {
+    customDetails: {
+      instanceType: 'Azure'
+      location: 'westus2'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.recoveryservices/samples/vaults/replicationfabrics/replicationnetworks/replicationnetworkmappings/main.bicep b/settings/remarks/microsoft.recoveryservices/samples/vaults/replicationfabrics/replicationnetworks/replicationnetworkmappings/main.bicep
new file mode 100644
index 00000000..a692b184
--- /dev/null
+++ b/settings/remarks/microsoft.recoveryservices/samples/vaults/replicationfabrics/replicationnetworks/replicationnetworkmappings/main.bicep
@@ -0,0 +1,91 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource vault 'Microsoft.RecoveryServices/vaults@2024-01-01' = {
+  name: '${resourceName}-rsv'
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    redundancySettings: {
+      crossRegionRestore: 'Disabled'
+      standardTierStorageRedundancy: 'GeoRedundant'
+    }
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
+  name: '${resourceName}-vnet1'
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '192.168.1.0/24'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    privateEndpointVNetPolicies: 'Disabled'
+    subnets: []
+  }
+}
+
+resource virtualnetwork1 'Microsoft.Network/virtualNetworks@2024-05-01' = {
+  name: '${resourceName}-vnet2'
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '192.168.2.0/24'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    privateEndpointVNetPolicies: 'Disabled'
+    subnets: []
+  }
+}
+
+resource replicationFabric 'Microsoft.RecoveryServices/vaults/replicationFabrics@2024-04-01' = {
+  parent: vault
+  name: '${resourceName}-fabric1'
+  properties: {
+    customDetails: {
+      instanceType: 'Azure'
+      location: 'westus'
+    }
+  }
+}
+
+resource replicationfabric1 'Microsoft.RecoveryServices/vaults/replicationFabrics@2024-04-01' = {
+  parent: vault
+  name: '${resourceName}-fabric2'
+  properties: {
+    customDetails: {
+      instanceType: 'Azure'
+      location: 'centralus'
+    }
+  }
+}
+
+// The replication network is an intermediate resource under the replication fabric
+resource replicationNetwork 'Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks@2024-04-01' existing = {
+  parent: replicationFabric
+  name: virtualNetwork.name
+}
+
+resource replicationNetworkMapping 'Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings@2024-04-01' = {
+  parent: replicationNetwork
+  name: '${resourceName}-mapping'
+  properties: {
+    fabricSpecificDetails: {
+      instanceType: 'AzureToAzure'
+      primaryNetworkId: virtualNetwork.id
+    }
+    recoveryFabricName: replicationfabric1.name
+    recoveryNetworkId: virtualnetwork1.id
+  }
+}
diff --git a/settings/remarks/microsoft.recoveryservices/samples/vaults/replicationfabrics/replicationprotectioncontainers/main.bicep b/settings/remarks/microsoft.recoveryservices/samples/vaults/replicationfabrics/replicationprotectioncontainers/main.bicep
new file mode 100644
index 00000000..042f4c10
--- /dev/null
+++ b/settings/remarks/microsoft.recoveryservices/samples/vaults/replicationfabrics/replicationprotectioncontainers/main.bicep
@@ -0,0 +1,30 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource vault 'Microsoft.RecoveryServices/vaults@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource replicationFabric 'Microsoft.RecoveryServices/vaults/replicationFabrics@2022-10-01' = {
+  parent: vault
+  name: resourceName
+  properties: {
+    customDetails: {
+      instanceType: 'Azure'
+      location: 'westeurope'
+    }
+  }
+}
+
+resource replicationProtectionContainer 'Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers@2022-10-01' = {
+  parent: replicationFabric
+  name: resourceName
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.recoveryservices/samples/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotectioncontainermappings/main.bicep b/settings/remarks/microsoft.recoveryservices/samples/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotectioncontainermappings/main.bicep
new file mode 100644
index 00000000..5d719654
--- /dev/null
+++ b/settings/remarks/microsoft.recoveryservices/samples/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotectioncontainermappings/main.bicep
@@ -0,0 +1,75 @@
+param location string = 'westus'
+
+resource vault 'Microsoft.RecoveryServices/vaults@2024-01-01' = {
+  name: 'acctest-vault-250703130022502990'
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+    redundancySettings: {
+      crossRegionRestore: 'Disabled'
+      standardTierStorageRedundancy: 'GeoRedundant'
+    }
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource replicationFabric 'Microsoft.RecoveryServices/vaults/replicationFabrics@2024-04-01' = {
+  parent: vault
+  name: 'acctest-fabric1-250703130022502990'
+  properties: {
+    customDetails: {
+      instanceType: 'Azure'
+      location: 'westeurope'
+    }
+  }
+}
+
+resource replicationfabric1 'Microsoft.RecoveryServices/vaults/replicationFabrics@2024-04-01' = {
+  parent: vault
+  name: 'acctest-fabric2b-250703130022502990'
+  properties: {
+    customDetails: {
+      instanceType: 'Azure'
+      location: 'westus2'
+    }
+  }
+}
+
+resource replicationPolicy 'Microsoft.RecoveryServices/vaults/replicationPolicies@2024-04-01' = {
+  parent: vault
+  name: 'acctest-policy-250703130022502990'
+  properties: {
+    providerSpecificInput: {
+      appConsistentFrequencyInMinutes: 240
+      instanceType: 'A2A'
+      multiVmSyncStatus: 'Enable'
+      recoveryPointHistory: 1440
+    }
+  }
+}
+
+resource replicationProtectionContainer 'Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers@2024-04-01' = {
+  parent: replicationFabric
+  name: 'acctest-protection-cont1-250703130022502990'
+  properties: {}
+}
+
+resource replicationprotectioncontainer1 'Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers@2024-04-01' = {
+  parent: replicationfabric1
+  name: 'acctest-protection-cont2-250703130022502990'
+  properties: {}
+}
+
+resource replicationProtectionContainerMapping 'Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings@2024-04-01' = {
+  parent: replicationProtectionContainer
+  name: 'mapping-250703130022502990'
+  properties: {
+    policyId: replicationPolicy.id
+    providerSpecificInput: {
+      instanceType: 'A2A'
+    }
+    targetProtectionContainerId: replicationprotectioncontainer1.id
+  }
+}
diff --git a/settings/remarks/microsoft.recoveryservices/samples/vaults/replicationpolicies/main.bicep b/settings/remarks/microsoft.recoveryservices/samples/vaults/replicationpolicies/main.bicep
new file mode 100644
index 00000000..11adf063
--- /dev/null
+++ b/settings/remarks/microsoft.recoveryservices/samples/vaults/replicationpolicies/main.bicep
@@ -0,0 +1,27 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource vault 'Microsoft.RecoveryServices/vaults@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    publicNetworkAccess: 'Enabled'
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource replicationPolicy 'Microsoft.RecoveryServices/vaults/replicationPolicies@2022-10-01' = {
+  parent: vault
+  name: resourceName
+  properties: {
+    providerSpecificInput: {
+      appConsistentFrequencyInMinutes: 240
+      crashConsistentFrequencyInMinutes: 10
+      enableMultiVmSync: 'True'
+      instanceType: 'InMageRcm'
+      recoveryPointHistoryInMinutes: 1440
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.relay/remarks.json b/settings/remarks/microsoft.relay/remarks.json
index c38ca546..04fedfc2 100644
--- a/settings/remarks/microsoft.relay/remarks.json
+++ b/settings/remarks/microsoft.relay/remarks.json
@@ -21,5 +21,27 @@
       "Path": "samples/namespaces/hybridconnections/authorizationrules/main.tf",
       "Description": "A basic example of deploying Azure Relay Hybrid Connection Authorization Rule."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Relay/namespaces",
+      "Path": "samples/namespaces/main.bicep",
+      "Description": "A basic example of deploying Azure Relay Namespace."
+    },
+    {
+      "ResourceType": "Microsoft.Relay/namespaces/authorizationRules",
+      "Path": "samples/namespaces/authorizationrules/main.bicep",
+      "Description": "A basic example of deploying Azure Relay Namespace Authorization Rule."
+    },
+    {
+      "ResourceType": "Microsoft.Relay/namespaces/hybridConnections",
+      "Path": "samples/namespaces/hybridconnections/main.bicep",
+      "Description": "A basic example of deploying Azure Relay Hybrid Connection."
+    },
+    {
+      "ResourceType": "Microsoft.Relay/namespaces/hybridConnections/authorizationRules",
+      "Path": "samples/namespaces/hybridconnections/authorizationrules/main.bicep",
+      "Description": "A basic example of deploying Azure Relay Hybrid Connection Authorization Rule."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.relay/samples/namespaces/authorizationrules/main.bicep b/settings/remarks/microsoft.relay/samples/namespaces/authorizationrules/main.bicep
new file mode 100644
index 00000000..030dcb85
--- /dev/null
+++ b/settings/remarks/microsoft.relay/samples/namespaces/authorizationrules/main.bicep
@@ -0,0 +1,23 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.Relay/namespaces@2017-04-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource authorizationRule 'Microsoft.Relay/namespaces/authorizationRules@2017-04-01' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    rights: [
+      'Listen'
+      'Send'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.relay/samples/namespaces/hybridconnections/authorizationrules/main.bicep b/settings/remarks/microsoft.relay/samples/namespaces/hybridconnections/authorizationrules/main.bicep
new file mode 100644
index 00000000..517463c3
--- /dev/null
+++ b/settings/remarks/microsoft.relay/samples/namespaces/hybridconnections/authorizationrules/main.bicep
@@ -0,0 +1,32 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.Relay/namespaces@2017-04-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource hybridConnection 'Microsoft.Relay/namespaces/hybridConnections@2017-04-01' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    requiresClientAuthorization: true
+    userMetadata: ''
+  }
+}
+
+resource authorizationRule 'Microsoft.Relay/namespaces/hybridConnections/authorizationRules@2017-04-01' = {
+  parent: hybridConnection
+  name: resourceName
+  properties: {
+    rights: [
+      'Listen'
+      'Send'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.relay/samples/namespaces/hybridconnections/main.bicep b/settings/remarks/microsoft.relay/samples/namespaces/hybridconnections/main.bicep
new file mode 100644
index 00000000..0be00b55
--- /dev/null
+++ b/settings/remarks/microsoft.relay/samples/namespaces/hybridconnections/main.bicep
@@ -0,0 +1,21 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.Relay/namespaces@2017-04-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource hybridConnection 'Microsoft.Relay/namespaces/hybridConnections@2017-04-01' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    requiresClientAuthorization: true
+    userMetadata: 'metadatatest'
+  }
+}
diff --git a/settings/remarks/microsoft.relay/samples/namespaces/main.bicep b/settings/remarks/microsoft.relay/samples/namespaces/main.bicep
new file mode 100644
index 00000000..1abbe644
--- /dev/null
+++ b/settings/remarks/microsoft.relay/samples/namespaces/main.bicep
@@ -0,0 +1,12 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.Relay/namespaces@2017-04-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
diff --git a/settings/remarks/microsoft.resourceconnector/remarks.json b/settings/remarks/microsoft.resourceconnector/remarks.json
index b9e412f0..adaa9637 100644
--- a/settings/remarks/microsoft.resourceconnector/remarks.json
+++ b/settings/remarks/microsoft.resourceconnector/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/appliances/main.tf",
       "Description": "A basic example of deploying Arc Resource Bridge Appliance."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.ResourceConnector/appliances",
+      "Path": "samples/appliances/main.bicep",
+      "Description": "A basic example of deploying Arc Resource Bridge Appliance."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.resourceconnector/samples/appliances/main.bicep b/settings/remarks/microsoft.resourceconnector/samples/appliances/main.bicep
new file mode 100644
index 00000000..cbe8ac53
--- /dev/null
+++ b/settings/remarks/microsoft.resourceconnector/samples/appliances/main.bicep
@@ -0,0 +1,13 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource appliance 'Microsoft.ResourceConnector/appliances@2022-10-27' = {
+  name: '${resourceName}-appliance'
+  location: location
+  properties: {
+    distro: 'AKSEdge'
+    infrastructureConfig: {
+      provider: 'VMWare'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.resources/remarks.json b/settings/remarks/microsoft.resources/remarks.json
index 2857efc4..ee99d493 100644
--- a/settings/remarks/microsoft.resources/remarks.json
+++ b/settings/remarks/microsoft.resources/remarks.json
@@ -5,6 +5,16 @@
       "Description": "A basic example of deploying a resource group.",
       "Path": "samples/resourceGroups/basic.bicep",
       "ResourceType": "microsoft.resources/resourceGroups"
+    },
+    {
+      "ResourceType": "Microsoft.Resources/deploymentScripts",
+      "Path": "samples/deploymentscripts/main.bicep",
+      "Description": "A basic example of deploying Resource Deployment Script."
+    },
+    {
+      "ResourceType": "Microsoft.Resources/resourceGroups",
+      "Path": "samples/resourceGroups/main.bicep",
+      "Description": "A basic example of deploying Resource Group."
     }
   ],
   "ResourceRemarks": [
@@ -56,4 +66,4 @@
       "Description": "A basic example of deploying Resource Group."
     }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.resources/samples/deploymentscripts/main.bicep b/settings/remarks/microsoft.resources/samples/deploymentscripts/main.bicep
new file mode 100644
index 00000000..88cf13d0
--- /dev/null
+++ b/settings/remarks/microsoft.resources/samples/deploymentscripts/main.bicep
@@ -0,0 +1,21 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+  name: resourceName
+  location: location
+  kind: 'AzurePowerShell'
+  properties: {
+    azPowerShellVersion: '8.3'
+    cleanupPreference: 'Always'
+    environmentVariables: null
+    retentionInterval: 'P1D'
+    scriptContent: '''		$output = ''Hello''
+		Write-Output $output
+		$DeploymentScriptOutputs = @{}
+		$DeploymentScriptOutputs[''text''] = $output
+'''
+    supportingScriptUris: null
+    timeout: 'P1D'
+  }
+}
diff --git a/settings/remarks/microsoft.resources/samples/resourceGroups/main.bicep b/settings/remarks/microsoft.resources/samples/resourceGroups/main.bicep
new file mode 100644
index 00000000..e9189e3f
--- /dev/null
+++ b/settings/remarks/microsoft.resources/samples/resourceGroups/main.bicep
@@ -0,0 +1,9 @@
+targetScope = 'subscription'
+
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2020-06-01' = {
+  name: resourceName
+  location: location
+}
diff --git a/settings/remarks/microsoft.search/remarks.json b/settings/remarks/microsoft.search/remarks.json
index 7fdf341c..d0c98a39 100644
--- a/settings/remarks/microsoft.search/remarks.json
+++ b/settings/remarks/microsoft.search/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/searchservices/sharedprivatelinkresources/main.tf",
       "Description": "A basic example of deploying Shared Private Link Service for an Azure Search Service."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Search/searchServices",
+      "Path": "samples/searchservices/main.bicep",
+      "Description": "A basic example of deploying Search Service."
+    },
+    {
+      "ResourceType": "Microsoft.Search/searchServices/sharedPrivateLinkResources",
+      "Path": "samples/searchservices/sharedprivatelinkresources/main.bicep",
+      "Description": "A basic example of deploying Shared Private Link Service for an Azure Search Service."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.search/samples/searchservices/main.bicep b/settings/remarks/microsoft.search/samples/searchservices/main.bicep
new file mode 100644
index 00000000..4cba26a1
--- /dev/null
+++ b/settings/remarks/microsoft.search/samples/searchservices/main.bicep
@@ -0,0 +1,29 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource searchService 'Microsoft.Search/searchServices@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    authOptions: {
+      apiKeyOnly: {}
+    }
+    disableLocalAuth: false
+    encryptionWithCmk: {
+      enforcement: 'Disabled'
+    }
+    hostingMode: 'default'
+    networkRuleSet: {
+      ipRules: []
+    }
+    partitionCount: 1
+    publicNetworkAccess: 'Enabled'
+    replicaCount: 1
+  }
+  sku: {
+    name: 'standard'
+  }
+  tags: {
+    environment: 'staging'
+  }
+}
diff --git a/settings/remarks/microsoft.search/samples/searchservices/sharedprivatelinkresources/main.bicep b/settings/remarks/microsoft.search/samples/searchservices/sharedprivatelinkresources/main.bicep
new file mode 100644
index 00000000..49098a5c
--- /dev/null
+++ b/settings/remarks/microsoft.search/samples/searchservices/sharedprivatelinkresources/main.bicep
@@ -0,0 +1,75 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource searchService 'Microsoft.Search/searchServices@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    authOptions: {
+      apiKeyOnly: {}
+    }
+    disableLocalAuth: false
+    encryptionWithCmk: {
+      enforcement: 'Disabled'
+    }
+    hostingMode: 'default'
+    networkRuleSet: {
+      ipRules: []
+    }
+    partitionCount: 1
+    publicNetworkAccess: 'Enabled'
+    replicaCount: 1
+  }
+  sku: {
+    name: 'standard'
+  }
+  tags: {
+    environment: 'staging'
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource sharedPrivateLinkResource 'Microsoft.Search/searchServices/sharedPrivateLinkResources@2022-09-01' = {
+  parent: searchService
+  name: resourceName
+  properties: {
+    groupId: 'blob'
+    privateLinkResourceId: storageAccount.id
+    requestMessage: 'please approve'
+  }
+}
diff --git a/settings/remarks/microsoft.security/remarks.json b/settings/remarks/microsoft.security/remarks.json
index 431c888a..7dcae2d7 100644
--- a/settings/remarks/microsoft.security/remarks.json
+++ b/settings/remarks/microsoft.security/remarks.json
@@ -41,5 +41,37 @@
       "Path": "samples/workspacesettings/main.tf",
       "Description": "A basic example of deploying subscription's Security Center Workspace."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Security/advancedThreatProtectionSettings",
+      "Path": "samples/advancedthreatprotectionsettings/main.bicep",
+      "Description": "A basic example of deploying resources Advanced Threat Protection setting."
+    },
+    {
+      "ResourceType": "Microsoft.Security/assessmentMetadata",
+      "Path": "samples/assessmentmetadata/main.bicep",
+      "Description": "A basic example of deploying Security Center Assessment Metadata for Azure Security Center."
+    },
+    {
+      "ResourceType": "Microsoft.Security/automations",
+      "Path": "samples/automations/main.bicep",
+      "Description": "A basic example of deploying Security Center Automation and Continuous Export."
+    },
+    {
+      "ResourceType": "Microsoft.Security/defenderForStorageSettings",
+      "Path": "samples/defenderforstoragesettings/main.bicep",
+      "Description": "A basic example of deploying Microsoft Defender for Storage."
+    },
+    {
+      "ResourceType": "Microsoft.Security/iotSecuritySolutions",
+      "Path": "samples/iotsecuritysolutions/main.bicep",
+      "Description": "A basic example of deploying iot security solution."
+    },
+    {
+      "ResourceType": "Microsoft.Security/securityContacts",
+      "Path": "samples/securitycontacts/main.bicep",
+      "Description": "A basic example of deploying subscription's Security Center Contact."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.security/samples/advancedthreatprotectionsettings/main.bicep b/settings/remarks/microsoft.security/samples/advancedthreatprotectionsettings/main.bicep
new file mode 100644
index 00000000..34547249
--- /dev/null
+++ b/settings/remarks/microsoft.security/samples/advancedthreatprotectionsettings/main.bicep
@@ -0,0 +1,49 @@
+param resourceName string = 'acctest0002'
+param location string = 'westeurope'
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+  tags: {
+    environment: 'production'
+  }
+}
+
+resource updateAdvancedthreatprotectionsetting 'Microsoft.Security/advancedThreatProtectionSettings@2019-01-01' = {
+  scope: storageAccount
+  name: 'current'
+  properties: {
+    isEnabled: true
+  }
+}
diff --git a/settings/remarks/microsoft.security/samples/assessmentmetadata/main.bicep b/settings/remarks/microsoft.security/samples/assessmentmetadata/main.bicep
new file mode 100644
index 00000000..e1df1985
--- /dev/null
+++ b/settings/remarks/microsoft.security/samples/assessmentmetadata/main.bicep
@@ -0,0 +1,11 @@
+targetScope = 'subscription'
+
+resource assessmentMetadatum 'Microsoft.Security/assessmentMetadata@2020-01-01' = {
+  name: '95c7a001-d595-43af-9754-1310c740d34c'
+  properties: {
+    assessmentType: 'CustomerManaged'
+    description: 'Test Description'
+    displayName: 'Test Display Name'
+    severity: 'Medium'
+  }
+}
diff --git a/settings/remarks/microsoft.security/samples/automations/main.bicep b/settings/remarks/microsoft.security/samples/automations/main.bicep
new file mode 100644
index 00000000..2124cda6
--- /dev/null
+++ b/settings/remarks/microsoft.security/samples/automations/main.bicep
@@ -0,0 +1,142 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource automation 'Microsoft.Security/automations@2019-01-01-preview' = {
+  name: 'ExportToWorkspace'
+  properties: {
+    actions: [
+      {
+        actionType: 'Workspace'
+        workspaceResourceId: workspace.id
+      }
+    ]
+    isEnabled: true
+    scopes: [
+      {
+        description: 'Security Export for the subscription'
+        scopePath: resourceGroup().id
+      }
+    ]
+    sources: [
+      {
+        eventSource: 'Assessments'
+        ruleSets: [
+          {
+            rules: [
+              {
+                expectedValue: 'Microsoft.Security/assessments'
+                operator: 'Contains'
+                propertyJPath: 'type'
+                propertyType: 'String'
+              }
+            ]
+          }
+        ]
+      }
+      {
+        eventSource: 'AssessmentsSnapshot'
+        ruleSets: [
+          {
+            rules: [
+              {
+                expectedValue: 'Microsoft.Security/assessments'
+                operator: 'Contains'
+                propertyJPath: 'type'
+                propertyType: 'String'
+              }
+            ]
+          }
+        ]
+      }
+      {
+        eventSource: 'SubAssessments'
+      }
+      {
+        eventSource: 'SubAssessmentsSnapshot'
+      }
+      {
+        eventSource: 'Alerts'
+        ruleSets: [
+          {
+            rules: [
+              {
+                expectedValue: 'low'
+                operator: 'Equals'
+                propertyJPath: 'Severity'
+                propertyType: 'String'
+              }
+            ]
+          }
+          {
+            rules: [
+              {
+                expectedValue: 'medium'
+                operator: 'Equals'
+                propertyJPath: 'Severity'
+                propertyType: 'String'
+              }
+            ]
+          }
+          {
+            rules: [
+              {
+                expectedValue: 'high'
+                operator: 'Equals'
+                propertyJPath: 'Severity'
+                propertyType: 'String'
+              }
+            ]
+          }
+          {
+            rules: [
+              {
+                expectedValue: 'informational'
+                operator: 'Equals'
+                propertyJPath: 'Severity'
+                propertyType: 'String'
+              }
+            ]
+          }
+        ]
+      }
+      {
+        eventSource: 'SecureScores'
+      }
+      {
+        eventSource: 'SecureScoresSnapshot'
+      }
+      {
+        eventSource: 'SecureScoreControls'
+      }
+      {
+        eventSource: 'SecureScoreControlsSnapshot'
+      }
+      {
+        eventSource: 'RegulatoryComplianceAssessment'
+      }
+      {
+        eventSource: 'RegulatoryComplianceAssessmentSnapshot'
+      }
+    ]
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.security/samples/defenderforstoragesettings/main.bicep b/settings/remarks/microsoft.security/samples/defenderforstoragesettings/main.bicep
new file mode 100644
index 00000000..9dbe3c19
--- /dev/null
+++ b/settings/remarks/microsoft.security/samples/defenderforstoragesettings/main.bicep
@@ -0,0 +1,30 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource defenderForStorageSetting 'Microsoft.Security/defenderForStorageSettings@2022-12-01-preview' = {
+  scope: storageAccount
+  name: 'current'
+  properties: {
+    isEnabled: true
+    malwareScanning: {
+      onUpload: {
+        capGBPerMonth: 5000
+        isEnabled: true
+      }
+    }
+    overrideSubscriptionLevelSettings: true
+    sensitiveDataDiscovery: {
+      isEnabled: true
+    }
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
diff --git a/settings/remarks/microsoft.security/samples/iotsecuritysolutions/main.bicep b/settings/remarks/microsoft.security/samples/iotsecuritysolutions/main.bicep
new file mode 100644
index 00000000..57985dc0
--- /dev/null
+++ b/settings/remarks/microsoft.security/samples/iotsecuritysolutions/main.bicep
@@ -0,0 +1,40 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource iothub 'Microsoft.Devices/IotHubs@2022-04-30-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    cloudToDevice: {}
+    enableFileUploadNotifications: false
+    messagingEndpoints: {}
+    routing: {
+      fallbackRoute: {
+        condition: 'true'
+        endpointNames: [
+          'events'
+        ]
+        isEnabled: true
+        source: 'DeviceMessages'
+      }
+    }
+    storageEndpoints: {}
+  }
+  sku: {
+    capacity: 1
+    name: 'S1'
+  }
+}
+
+resource iotSecuritySolution 'Microsoft.Security/iotSecuritySolutions@2019-08-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    displayName: 'Iot Security Solution'
+    iotHubs: [
+      iothub.id
+    ]
+    status: 'Enabled'
+    unmaskedIpLoggingStatus: 'Disabled'
+  }
+}
diff --git a/settings/remarks/microsoft.security/samples/securitycontacts/main.bicep b/settings/remarks/microsoft.security/samples/securitycontacts/main.bicep
new file mode 100644
index 00000000..0251d4a3
--- /dev/null
+++ b/settings/remarks/microsoft.security/samples/securitycontacts/main.bicep
@@ -0,0 +1,13 @@
+targetScope = 'subscription'
+
+param resourceName string = 'acctest0001'
+
+resource securityContact 'Microsoft.Security/securityContacts@2017-08-01-preview' = {
+  name: resourceName
+  properties: {
+    alertNotifications: 'On'
+    alertsToAdmins: 'On'
+    email: 'basic@example.com'
+    phone: '+1-555-555-5555'
+  }
+}
diff --git a/settings/remarks/microsoft.securityinsights/remarks.json b/settings/remarks/microsoft.securityinsights/remarks.json
index bb973bfc..92b49b93 100644
--- a/settings/remarks/microsoft.securityinsights/remarks.json
+++ b/settings/remarks/microsoft.securityinsights/remarks.json
@@ -36,5 +36,42 @@
       "Path": "samples/watchlists/watchlistitems/main.tf",
       "Description": "A basic example of deploying Sentinel Watchlist Item."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.SecurityInsights/alertRules",
+      "Path": "samples/alertrules/main.bicep",
+      "Description": "A basic example of deploying Sentinel Alert Rule."
+    },
+    {
+      "ResourceType": "Microsoft.SecurityInsights/automationRules",
+      "Path": "samples/automationrules/main.bicep",
+      "Description": "A basic example of deploying Sentinel Automation Rule."
+    },
+    {
+      "ResourceType": "Microsoft.SecurityInsights/dataConnectors",
+      "Path": "samples/dataconnectors/main.bicep",
+      "Description": "A basic example of deploying Data Connector."
+    },
+    {
+      "ResourceType": "Microsoft.SecurityInsights/metadata",
+      "Path": "samples/metadata/main.bicep",
+      "Description": "A basic example of deploying Sentinel Metadata."
+    },
+    {
+      "ResourceType": "Microsoft.SecurityInsights/onboardingStates",
+      "Path": "samples/onboardingstates/main.bicep",
+      "Description": "A basic example of deploying Security Insights Sentinel Onboarding States."
+    },
+    {
+      "ResourceType": "Microsoft.SecurityInsights/watchlists",
+      "Path": "samples/watchlists/main.bicep",
+      "Description": "A basic example of deploying Sentinel Watchlist."
+    },
+    {
+      "ResourceType": "Microsoft.SecurityInsights/watchlists/watchlistItems",
+      "Path": "samples/watchlists/watchlistitems/main.bicep",
+      "Description": "A basic example of deploying Sentinel Watchlist Item."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.securityinsights/samples/alertrules/main.bicep b/settings/remarks/microsoft.securityinsights/samples/alertrules/main.bicep
new file mode 100644
index 00000000..dd9d4787
--- /dev/null
+++ b/settings/remarks/microsoft.securityinsights/samples/alertrules/main.bicep
@@ -0,0 +1,54 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource alertRule 'Microsoft.SecurityInsights/alertRules@2022-10-01-preview' = {
+  scope: workspace
+  name: resourceName
+  kind: 'NRT'
+  properties: {
+    description: ''
+    displayName: 'Some Rule'
+    enabled: true
+    query: '''AzureActivity |
+  where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
+  where ActivityStatus == "Succeeded" |
+  make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
+'''
+    severity: 'High'
+    suppressionDuration: 'PT5H'
+    suppressionEnabled: false
+    tactics: []
+    techniques: []
+  }
+  dependsOn: [
+    onboardingState
+  ]
+}
+
+resource onboardingState 'Microsoft.SecurityInsights/onboardingStates@2023-06-01-preview' = {
+  scope: workspace
+  name: 'default'
+  properties: {
+    customerManagedKey: false
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.securityinsights/samples/automationrules/main.bicep b/settings/remarks/microsoft.securityinsights/samples/automationrules/main.bicep
new file mode 100644
index 00000000..cf9fc9b2
--- /dev/null
+++ b/settings/remarks/microsoft.securityinsights/samples/automationrules/main.bicep
@@ -0,0 +1,60 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource automationRule 'Microsoft.SecurityInsights/automationRules@2022-10-01-preview' = {
+  scope: workspace
+  name: '3b862818-ad7b-409e-83be-8812f2a06d37'
+  properties: {
+    actions: [
+      {
+        actionConfiguration: {
+          classification: ''
+          classificationComment: ''
+          classificationReason: ''
+          severity: ''
+          status: 'Active'
+        }
+        actionType: 'ModifyProperties'
+        order: 1
+      }
+    ]
+    displayName: 'acctest-SentinelAutoRule-230630033910945846'
+    order: 1
+    triggeringLogic: {
+      isEnabled: true
+      triggersOn: 'Incidents'
+      triggersWhen: 'Created'
+    }
+  }
+  dependsOn: [
+    onboardingState
+  ]
+}
+
+resource onboardingState 'Microsoft.SecurityInsights/onboardingStates@2023-06-01-preview' = {
+  scope: workspace
+  name: 'default'
+  properties: {
+    customerManagedKey: false
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.securityinsights/samples/dataconnectors/main.bicep b/settings/remarks/microsoft.securityinsights/samples/dataconnectors/main.bicep
new file mode 100644
index 00000000..88cc042e
--- /dev/null
+++ b/settings/remarks/microsoft.securityinsights/samples/dataconnectors/main.bicep
@@ -0,0 +1,52 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource dataConnector 'Microsoft.SecurityInsights/dataConnectors@2022-10-01-preview' = {
+  scope: workspace
+  name: resourceName
+  kind: 'MicrosoftThreatIntelligence'
+  properties: {
+    dataTypes: {
+      bingSafetyPhishingURL: {
+        lookbackPeriod: ''
+        state: 'Disabled'
+      }
+      microsoftEmergingThreatFeed: {
+        lookbackPeriod: '1970-01-01T00:00:00Z'
+        state: 'enabled'
+      }
+    }
+    tenantId: deployer().tenantId
+  }
+  dependsOn: [
+    onboardingState
+  ]
+}
+
+resource onboardingState 'Microsoft.SecurityInsights/onboardingStates@2023-06-01-preview' = {
+  scope: workspace
+  name: 'default'
+  properties: {
+    customerManagedKey: false
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.securityinsights/samples/metadata/main.bicep b/settings/remarks/microsoft.securityinsights/samples/metadata/main.bicep
new file mode 100644
index 00000000..22d4ad0a
--- /dev/null
+++ b/settings/remarks/microsoft.securityinsights/samples/metadata/main.bicep
@@ -0,0 +1,65 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource alertRule 'Microsoft.SecurityInsights/alertRules@2022-10-01-preview' = {
+  scope: workspace
+  name: resourceName
+  kind: 'NRT'
+  properties: {
+    description: ''
+    displayName: 'Some Rule'
+    enabled: true
+    query: '''AzureActivity |
+  where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
+  where ActivityStatus == "Succeeded" |
+  make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
+'''
+    severity: 'High'
+    suppressionDuration: 'PT5H'
+    suppressionEnabled: false
+    tactics: []
+    techniques: []
+  }
+  dependsOn: [
+    onboardingState
+  ]
+}
+
+resource metadata 'Microsoft.SecurityInsights/metadata@2022-10-01-preview' = {
+  scope: workspace
+  name: resourceName
+  properties: {
+    contentId: 'acctest0001'
+    contentSchemaVersion: '2.0'
+    kind: 'AnalyticsRule'
+    parentId: alertRule.id
+  }
+}
+
+resource onboardingState 'Microsoft.SecurityInsights/onboardingStates@2023-06-01-preview' = {
+  scope: workspace
+  name: 'default'
+  properties: {
+    customerManagedKey: false
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.securityinsights/samples/onboardingstates/main.bicep b/settings/remarks/microsoft.securityinsights/samples/onboardingstates/main.bicep
new file mode 100644
index 00000000..d37e2336
--- /dev/null
+++ b/settings/remarks/microsoft.securityinsights/samples/onboardingstates/main.bicep
@@ -0,0 +1,30 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource onboardingState 'Microsoft.SecurityInsights/onboardingStates@2022-11-01' = {
+  scope: workspace
+  name: 'default'
+  properties: {
+    customerManagedKey: false
+  }
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.securityinsights/samples/watchlists/main.bicep b/settings/remarks/microsoft.securityinsights/samples/watchlists/main.bicep
new file mode 100644
index 00000000..670b0966
--- /dev/null
+++ b/settings/remarks/microsoft.securityinsights/samples/watchlists/main.bicep
@@ -0,0 +1,44 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource onboardingState 'Microsoft.SecurityInsights/onboardingStates@2022-11-01' = {
+  scope: workspace
+  name: 'default'
+  properties: {
+    customerManagedKey: false
+  }
+}
+
+resource watchlist 'Microsoft.SecurityInsights/watchlists@2022-11-01' = {
+  scope: workspace
+  name: resourceName
+  properties: {
+    displayName: 'test'
+    itemsSearchKey: 'k1'
+    provider: 'Microsoft'
+    source: ''
+  }
+  dependsOn: [
+    onboardingState
+  ]
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.securityinsights/samples/watchlists/watchlistitems/main.bicep b/settings/remarks/microsoft.securityinsights/samples/watchlists/watchlistitems/main.bicep
new file mode 100644
index 00000000..9c412d24
--- /dev/null
+++ b/settings/remarks/microsoft.securityinsights/samples/watchlists/watchlistitems/main.bicep
@@ -0,0 +1,54 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource onboardingState 'Microsoft.SecurityInsights/onboardingStates@2022-11-01' = {
+  scope: workspace
+  name: 'default'
+  properties: {
+    customerManagedKey: false
+  }
+}
+
+resource watchlist 'Microsoft.SecurityInsights/watchlists@2022-11-01' = {
+  scope: workspace
+  name: resourceName
+  properties: {
+    displayName: 'test'
+    itemsSearchKey: 'k1'
+    provider: 'Microsoft'
+    source: ''
+  }
+  dependsOn: [
+    onboardingState
+  ]
+}
+
+resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    features: {
+      disableLocalAuth: false
+      enableLogAccessUsingOnlyResourcePermissions: true
+    }
+    publicNetworkAccessForIngestion: 'Enabled'
+    publicNetworkAccessForQuery: 'Enabled'
+    retentionInDays: 30
+    sku: {
+      name: 'PerGB2018'
+    }
+    workspaceCapping: {
+      dailyQuotaGb: -1
+    }
+  }
+}
+
+resource watchlistItem 'Microsoft.SecurityInsights/watchlists/watchlistItems@2022-11-01' = {
+  parent: watchlist
+  name: '196abd06-eb4e-4322-9c70-37c32e1a588a'
+  properties: {
+    itemsKeyValue: {
+      k1: 'v1'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.servicebus/remarks.json b/settings/remarks/microsoft.servicebus/remarks.json
index dee90709..8a04ea8a 100644
--- a/settings/remarks/microsoft.servicebus/remarks.json
+++ b/settings/remarks/microsoft.servicebus/remarks.json
@@ -46,5 +46,47 @@
       "Path": "samples/namespaces/topics/subscriptions/rules/main.tf",
       "Description": "A basic example of deploying ServiceBus Subscription Rule."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.ServiceBus/namespaces",
+      "Path": "samples/namespaces/main.bicep",
+      "Description": "A basic example of deploying ServiceBus Namespace."
+    },
+    {
+      "ResourceType": "Microsoft.ServiceBus/namespaces/authorizationRules",
+      "Path": "samples/namespaces/authorizationrules/main.bicep",
+      "Description": "A basic example of deploying ServiceBus Namespace authorization Rule within a ServiceBus."
+    },
+    {
+      "ResourceType": "Microsoft.ServiceBus/namespaces/queues",
+      "Path": "samples/namespaces/queues/main.bicep",
+      "Description": "A basic example of deploying ServiceBus Queue."
+    },
+    {
+      "ResourceType": "Microsoft.ServiceBus/namespaces/queues/authorizationRules",
+      "Path": "samples/namespaces/queues/authorizationrules/main.bicep",
+      "Description": "A basic example of deploying Authorization Rule for a ServiceBus Queue."
+    },
+    {
+      "ResourceType": "Microsoft.ServiceBus/namespaces/topics",
+      "Path": "samples/namespaces/topics/main.bicep",
+      "Description": "A basic example of deploying ServiceBus Topic."
+    },
+    {
+      "ResourceType": "Microsoft.ServiceBus/namespaces/topics/authorizationRules",
+      "Path": "samples/namespaces/topics/authorizationrules/main.bicep",
+      "Description": "A basic example of deploying ServiceBus Topic authorization Rule within a ServiceBus Topic."
+    },
+    {
+      "ResourceType": "Microsoft.ServiceBus/namespaces/topics/subscriptions",
+      "Path": "samples/namespaces/topics/subscriptions/main.bicep",
+      "Description": "A basic example of deploying ServiceBus Subscription."
+    },
+    {
+      "ResourceType": "Microsoft.ServiceBus/namespaces/topics/subscriptions/rules",
+      "Path": "samples/namespaces/topics/subscriptions/rules/main.bicep",
+      "Description": "A basic example of deploying ServiceBus Subscription Rule."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.servicebus/samples/namespaces/authorizationrules/main.bicep b/settings/remarks/microsoft.servicebus/samples/namespaces/authorizationrules/main.bicep
new file mode 100644
index 00000000..1eb0d005
--- /dev/null
+++ b/settings/remarks/microsoft.servicebus/samples/namespaces/authorizationrules/main.bicep
@@ -0,0 +1,27 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.ServiceBus/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 0
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource authorizationRule 'Microsoft.ServiceBus/namespaces/authorizationRules@2021-06-01-preview' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    rights: [
+      'Listen'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.servicebus/samples/namespaces/main.bicep b/settings/remarks/microsoft.servicebus/samples/namespaces/main.bicep
new file mode 100644
index 00000000..6ce84253
--- /dev/null
+++ b/settings/remarks/microsoft.servicebus/samples/namespaces/main.bicep
@@ -0,0 +1,17 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.ServiceBus/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 0
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
diff --git a/settings/remarks/microsoft.servicebus/samples/namespaces/queues/authorizationrules/main.bicep b/settings/remarks/microsoft.servicebus/samples/namespaces/queues/authorizationrules/main.bicep
new file mode 100644
index 00000000..27597805
--- /dev/null
+++ b/settings/remarks/microsoft.servicebus/samples/namespaces/queues/authorizationrules/main.bicep
@@ -0,0 +1,43 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.ServiceBus/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 0
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource queue 'Microsoft.ServiceBus/namespaces/queues@2021-06-01-preview' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    deadLetteringOnMessageExpiration: false
+    enableBatchedOperations: true
+    enableExpress: false
+    enablePartitioning: true
+    maxDeliveryCount: 10
+    maxSizeInMegabytes: 81920
+    requiresDuplicateDetection: false
+    requiresSession: false
+    status: 'Active'
+  }
+}
+
+resource authorizationRule 'Microsoft.ServiceBus/namespaces/queues/authorizationRules@2021-06-01-preview' = {
+  parent: queue
+  name: resourceName
+  properties: {
+    rights: [
+      'Send'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.servicebus/samples/namespaces/queues/main.bicep b/settings/remarks/microsoft.servicebus/samples/namespaces/queues/main.bicep
new file mode 100644
index 00000000..bf7f1a65
--- /dev/null
+++ b/settings/remarks/microsoft.servicebus/samples/namespaces/queues/main.bicep
@@ -0,0 +1,33 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.ServiceBus/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 0
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource queue 'Microsoft.ServiceBus/namespaces/queues@2021-06-01-preview' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    deadLetteringOnMessageExpiration: false
+    enableBatchedOperations: true
+    enableExpress: false
+    enablePartitioning: true
+    maxDeliveryCount: 10
+    maxSizeInMegabytes: 81920
+    requiresDuplicateDetection: false
+    requiresSession: false
+    status: 'Active'
+  }
+}
diff --git a/settings/remarks/microsoft.servicebus/samples/namespaces/topics/authorizationrules/main.bicep b/settings/remarks/microsoft.servicebus/samples/namespaces/topics/authorizationrules/main.bicep
new file mode 100644
index 00000000..186d84d2
--- /dev/null
+++ b/settings/remarks/microsoft.servicebus/samples/namespaces/topics/authorizationrules/main.bicep
@@ -0,0 +1,41 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.ServiceBus/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 0
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource topic 'Microsoft.ServiceBus/namespaces/topics@2021-06-01-preview' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    enableBatchedOperations: false
+    enableExpress: false
+    enablePartitioning: false
+    maxSizeInMegabytes: 5120
+    requiresDuplicateDetection: false
+    status: 'Active'
+    supportOrdering: false
+  }
+}
+
+resource authorizationRule 'Microsoft.ServiceBus/namespaces/topics/authorizationRules@2021-06-01-preview' = {
+  parent: topic
+  name: resourceName
+  properties: {
+    rights: [
+      'Send'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.servicebus/samples/namespaces/topics/main.bicep b/settings/remarks/microsoft.servicebus/samples/namespaces/topics/main.bicep
new file mode 100644
index 00000000..402630bf
--- /dev/null
+++ b/settings/remarks/microsoft.servicebus/samples/namespaces/topics/main.bicep
@@ -0,0 +1,31 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.ServiceBus/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 0
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource topic 'Microsoft.ServiceBus/namespaces/topics@2021-06-01-preview' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    enableBatchedOperations: false
+    enableExpress: false
+    enablePartitioning: true
+    maxSizeInMegabytes: 81920
+    requiresDuplicateDetection: false
+    status: 'Active'
+    supportOrdering: false
+  }
+}
diff --git a/settings/remarks/microsoft.servicebus/samples/namespaces/topics/subscriptions/main.bicep b/settings/remarks/microsoft.servicebus/samples/namespaces/topics/subscriptions/main.bicep
new file mode 100644
index 00000000..21d9fb63
--- /dev/null
+++ b/settings/remarks/microsoft.servicebus/samples/namespaces/topics/subscriptions/main.bicep
@@ -0,0 +1,46 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.ServiceBus/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 0
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource topic 'Microsoft.ServiceBus/namespaces/topics@2021-06-01-preview' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    enableBatchedOperations: false
+    enableExpress: false
+    enablePartitioning: false
+    maxSizeInMegabytes: 5120
+    requiresDuplicateDetection: false
+    status: 'Active'
+    supportOrdering: false
+  }
+}
+
+resource subscription 'Microsoft.ServiceBus/namespaces/topics/subscriptions@2021-06-01-preview' = {
+  parent: topic
+  name: resourceName
+  properties: {
+    clientAffineProperties: {}
+    deadLetteringOnFilterEvaluationExceptions: true
+    deadLetteringOnMessageExpiration: false
+    enableBatchedOperations: false
+    isClientAffine: false
+    maxDeliveryCount: 10
+    requiresSession: false
+    status: 'Active'
+  }
+}
diff --git a/settings/remarks/microsoft.servicebus/samples/namespaces/topics/subscriptions/rules/main.bicep b/settings/remarks/microsoft.servicebus/samples/namespaces/topics/subscriptions/rules/main.bicep
new file mode 100644
index 00000000..1175d8a0
--- /dev/null
+++ b/settings/remarks/microsoft.servicebus/samples/namespaces/topics/subscriptions/rules/main.bicep
@@ -0,0 +1,64 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource namespace 'Microsoft.ServiceBus/namespaces@2022-01-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableLocalAuth: false
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 0
+    name: 'Standard'
+    tier: 'Standard'
+  }
+}
+
+resource topic 'Microsoft.ServiceBus/namespaces/topics@2021-06-01-preview' = {
+  parent: namespace
+  name: resourceName
+  properties: {
+    enableBatchedOperations: false
+    enableExpress: false
+    enablePartitioning: false
+    maxSizeInMegabytes: 5120
+    requiresDuplicateDetection: false
+    status: 'Active'
+    supportOrdering: false
+  }
+}
+
+resource subscription 'Microsoft.ServiceBus/namespaces/topics/subscriptions@2021-06-01-preview' = {
+  parent: topic
+  name: resourceName
+  properties: {
+    clientAffineProperties: {}
+    deadLetteringOnFilterEvaluationExceptions: true
+    deadLetteringOnMessageExpiration: false
+    enableBatchedOperations: false
+    isClientAffine: false
+    maxDeliveryCount: 10
+    requiresSession: false
+    status: 'Active'
+  }
+}
+
+resource rule 'Microsoft.ServiceBus/namespaces/topics/subscriptions/rules@2021-06-01-preview' = {
+  parent: subscription
+  name: resourceName
+  properties: {
+    correlationFilter: {
+      contentType: 'test_content_type'
+      correlationId: 'test_correlation_id'
+      label: 'test_label'
+      messageId: 'test_message_id'
+      replyTo: 'test_reply_to'
+      replyToSessionId: 'test_reply_to_session_id'
+      sessionId: 'test_session_id'
+      to: 'test_to'
+    }
+    filterType: 'CorrelationFilter'
+  }
+}
diff --git a/settings/remarks/microsoft.servicefabric/remarks.json b/settings/remarks/microsoft.servicefabric/remarks.json
index b283a02a..422e830e 100644
--- a/settings/remarks/microsoft.servicefabric/remarks.json
+++ b/settings/remarks/microsoft.servicefabric/remarks.json
@@ -16,5 +16,22 @@
       "Path": "samples/managedclusters/nodetypes/main.tf",
       "Description": "A basic example of deploying Service Fabric Managed Clusters Node Types."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.ServiceFabric/clusters",
+      "Path": "samples/clusters/main.bicep",
+      "Description": "A basic example of deploying Service Fabric Cluster."
+    },
+    {
+      "ResourceType": "Microsoft.ServiceFabric/managedClusters",
+      "Path": "samples/managedclusters/main.bicep",
+      "Description": "A basic example of deploying Resource Group."
+    },
+    {
+      "ResourceType": "Microsoft.ServiceFabric/managedClusters/nodeTypes",
+      "Path": "samples/managedclusters/nodetypes/main.bicep",
+      "Description": "A basic example of deploying Service Fabric Managed Clusters Node Types."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.servicefabric/samples/clusters/main.bicep b/settings/remarks/microsoft.servicefabric/samples/clusters/main.bicep
new file mode 100644
index 00000000..de2f7d17
--- /dev/null
+++ b/settings/remarks/microsoft.servicefabric/samples/clusters/main.bicep
@@ -0,0 +1,29 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource cluster 'Microsoft.ServiceFabric/clusters@2021-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addOnFeatures: []
+    fabricSettings: []
+    managementEndpoint: 'http://example:80'
+    nodeTypes: [
+      {
+        capacities: {}
+        clientConnectionEndpointPort: 2020
+        durabilityLevel: 'Bronze'
+        httpGatewayEndpointPort: 80
+        isPrimary: true
+        isStateless: false
+        multipleAvailabilityZones: false
+        name: 'first'
+        placementProperties: {}
+        vmInstanceCount: 3
+      }
+    ]
+    reliabilityLevel: 'Bronze'
+    upgradeMode: 'Automatic'
+    vmImage: 'Windows'
+  }
+}
diff --git a/settings/remarks/microsoft.servicefabric/samples/managedclusters/main.bicep b/settings/remarks/microsoft.servicefabric/samples/managedclusters/main.bicep
new file mode 100644
index 00000000..ddf6bc1b
--- /dev/null
+++ b/settings/remarks/microsoft.servicefabric/samples/managedclusters/main.bicep
@@ -0,0 +1,59 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator username for the Service Fabric managed cluster')
+param adminUsername string
+@secure()
+@description('The administrator password for the Service Fabric managed cluster')
+param adminPassword string
+
+resource managedCluster 'Microsoft.ServiceFabric/managedClusters@2021-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addonFeatures: [
+      'DnsService'
+    ]
+    adminPassword: null
+    adminUserName: null
+    clientConnectionPort: 12345
+    clusterUpgradeCadence: 'Wave0'
+    dnsName: 'acctest0001'
+    httpGatewayConnectionPort: 23456
+    loadBalancingRules: [
+      {
+        backendPort: 8000
+        frontendPort: 443
+        probeProtocol: 'http'
+        probeRequestPath: '/'
+        protocol: 'tcp'
+      }
+    ]
+    networkSecurityRules: [
+      {
+        access: 'allow'
+        destinationAddressPrefixes: [
+          '0.0.0.0/0'
+        ]
+        destinationPortRanges: [
+          '443'
+        ]
+        direction: 'inbound'
+        name: 'rule443-allow-fe'
+        priority: 1000
+        protocol: 'tcp'
+        sourceAddressPrefixes: [
+          '0.0.0.0/0'
+        ]
+        sourcePortRanges: [
+          '1-65535'
+        ]
+      }
+    ]
+  }
+  sku: {
+    name: 'Standard'
+  }
+  tags: {
+    Test: 'value'
+  }
+}
diff --git a/settings/remarks/microsoft.servicefabric/samples/managedclusters/nodetypes/main.bicep b/settings/remarks/microsoft.servicefabric/samples/managedclusters/nodetypes/main.bicep
new file mode 100644
index 00000000..9eb60689
--- /dev/null
+++ b/settings/remarks/microsoft.servicefabric/samples/managedclusters/nodetypes/main.bicep
@@ -0,0 +1,88 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator username for the Service Fabric managed cluster')
+param adminUsername string
+@secure()
+@description('The administrator password for the Service Fabric managed cluster')
+param adminPassword string
+
+resource managedCluster 'Microsoft.ServiceFabric/managedClusters@2021-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addonFeatures: [
+      'DnsService'
+    ]
+    adminPassword: null
+    adminUserName: null
+    clientConnectionPort: 12345
+    clusterUpgradeCadence: 'Wave0'
+    dnsName: 'acctest0001'
+    httpGatewayConnectionPort: 23456
+    loadBalancingRules: [
+      {
+        backendPort: 8000
+        frontendPort: 443
+        probeProtocol: 'http'
+        probeRequestPath: '/'
+        protocol: 'tcp'
+      }
+    ]
+    networkSecurityRules: [
+      {
+        access: 'allow'
+        destinationAddressPrefixes: [
+          '0.0.0.0/0'
+        ]
+        destinationPortRanges: [
+          '443'
+        ]
+        direction: 'inbound'
+        name: 'rule443-allow-fe'
+        priority: 1000
+        protocol: 'tcp'
+        sourceAddressPrefixes: [
+          '0.0.0.0/0'
+        ]
+        sourcePortRanges: [
+          '1-65535'
+        ]
+      }
+    ]
+  }
+  sku: {
+    name: 'Standard'
+  }
+  tags: {
+    Test: 'value'
+  }
+}
+
+resource nodeType 'Microsoft.ServiceFabric/managedClusters/nodeTypes@2021-05-01' = {
+  parent: managedCluster
+  name: resourceName
+  properties: {
+    applicationPorts: {
+      endPort: 9000
+      startPort: 7000
+    }
+    capacities: {}
+    dataDiskSizeGB: 130
+    dataDiskType: 'Standard_LRS'
+    ephemeralPorts: {
+      endPort: 20000
+      startPort: 10000
+    }
+    isPrimary: true
+    isStateless: false
+    multiplePlacementGroups: false
+    placementProperties: {}
+    vmImageOffer: 'WindowsServer'
+    vmImagePublisher: 'MicrosoftWindowsServer'
+    vmImageSku: '2016-Datacenter'
+    vmImageVersion: 'latest'
+    vmInstanceCount: 5
+    vmSecrets: []
+    vmSize: 'Standard_DS2_v2'
+  }
+}
diff --git a/settings/remarks/microsoft.servicelinker/remarks.json b/settings/remarks/microsoft.servicelinker/remarks.json
index 329c97a6..622fa1cd 100644
--- a/settings/remarks/microsoft.servicelinker/remarks.json
+++ b/settings/remarks/microsoft.servicelinker/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/linkers/main.tf",
       "Description": "A basic example of deploying service connector."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.ServiceLinker/linkers",
+      "Path": "samples/linkers/main.bicep",
+      "Description": "A basic example of deploying service connector."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.servicelinker/samples/linkers/main.bicep b/settings/remarks/microsoft.servicelinker/samples/linkers/main.bicep
new file mode 100644
index 00000000..e5fa0c24
--- /dev/null
+++ b/settings/remarks/microsoft.servicelinker/samples/linkers/main.bicep
@@ -0,0 +1,113 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource spring 'Microsoft.AppPlatform/Spring@2023-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'S0'
+  }
+}
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'GlobalDocumentDB'
+  properties: {
+    capabilities: []
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'BoundedStaleness'
+      maxIntervalInSeconds: 10
+      maxStalenessPrefix: 200
+    }
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
+      }
+    ]
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
+  }
+}
+
+resource linker 'Microsoft.ServiceLinker/linkers@2022-05-01' = {
+  scope: deployment
+  name: resourceName
+  properties: {
+    authInfo: {
+      authType: 'systemAssignedIdentity'
+    }
+    clientType: 'none'
+    targetService: {
+      id: sqlDatabase.id
+      resourceProperties: null
+      type: 'AzureResource'
+    }
+  }
+}
+
+resource app 'Microsoft.AppPlatform/Spring/apps@2023-05-01-preview' = {
+  parent: spring
+  name: resourceName
+  location: location
+  properties: {
+    customPersistentDisks: []
+    enableEndToEndTLS: false
+    public: false
+  }
+}
+
+resource sqlDatabase 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2021-10-15' = {
+  parent: databaseAccount
+  name: resourceName
+  properties: {
+    options: {
+      throughput: 400
+    }
+    resource: {
+      id: 'acctest0001'
+    }
+  }
+}
+
+resource deployment 'Microsoft.AppPlatform/Spring/apps/deployments@2023-05-01-preview' = {
+  parent: app
+  name: 'deploy-q4uff'
+  properties: {
+    deploymentSettings: {
+      environmentVariables: {}
+      resourceRequests: {
+        cpu: '1'
+        memory: '1Gi'
+      }
+    }
+    source: {
+      jvmOptions: ''
+      relativePath: '<default>'
+      runtimeVersion: 'Java_8'
+      type: 'Jar'
+    }
+  }
+  sku: {
+    capacity: 1
+    name: 'S0'
+    tier: 'Standard'
+  }
+}
diff --git a/settings/remarks/microsoft.servicenetworking/remarks.json b/settings/remarks/microsoft.servicenetworking/remarks.json
index 874de15e..fd4f07ca 100644
--- a/settings/remarks/microsoft.servicenetworking/remarks.json
+++ b/settings/remarks/microsoft.servicenetworking/remarks.json
@@ -16,5 +16,22 @@
       "Path": "samples/trafficcontrollers/frontends/main.tf",
       "Description": "A basic example of deploying Application Gateway for Containers Frontend."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.ServiceNetworking/trafficControllers",
+      "Path": "samples/trafficcontrollers/main.bicep",
+      "Description": "A basic example of deploying Application Gateway for Containers (ALB)."
+    },
+    {
+      "ResourceType": "Microsoft.ServiceNetworking/trafficControllers/associations",
+      "Path": "samples/trafficcontrollers/associations/main.bicep",
+      "Description": "A basic example of deploying association between an Application Gateway for Containers and a Subnet."
+    },
+    {
+      "ResourceType": "Microsoft.ServiceNetworking/trafficControllers/frontends",
+      "Path": "samples/trafficcontrollers/frontends/main.bicep",
+      "Description": "A basic example of deploying Application Gateway for Containers Frontend."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.servicenetworking/samples/trafficcontrollers/associations/main.bicep b/settings/remarks/microsoft.servicenetworking/samples/trafficcontrollers/associations/main.bicep
new file mode 100644
index 00000000..1b9932b2
--- /dev/null
+++ b/settings/remarks/microsoft.servicenetworking/samples/trafficcontrollers/associations/main.bicep
@@ -0,0 +1,57 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2023-11-01' = {
+  name: '${resourceName}-tc'
+  location: location
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
+  name: '${resourceName}-vnet'
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    privateEndpointVNetPolicies: 'Disabled'
+    subnets: []
+  }
+}
+
+resource association 'Microsoft.ServiceNetworking/trafficControllers/associations@2023-11-01' = {
+  parent: trafficController
+  name: '${resourceName}-assoc'
+  location: location
+  properties: {
+    associationType: 'subnets'
+    subnet: {
+      id: subnet.id
+    }
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
+  parent: virtualNetwork
+  name: '${resourceName}-subnet'
+  properties: {
+    addressPrefix: '10.0.1.0/24'
+    defaultOutboundAccess: true
+    delegations: [
+      {
+        name: 'delegation'
+        properties: {
+          serviceName: 'Microsoft.ServiceNetworking/trafficControllers'
+        }
+      }
+    ]
+    privateEndpointNetworkPolicies: 'Disabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.servicenetworking/samples/trafficcontrollers/frontends/main.bicep b/settings/remarks/microsoft.servicenetworking/samples/trafficcontrollers/frontends/main.bicep
new file mode 100644
index 00000000..1d959084
--- /dev/null
+++ b/settings/remarks/microsoft.servicenetworking/samples/trafficcontrollers/frontends/main.bicep
@@ -0,0 +1,14 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2023-11-01' = {
+  name: resourceName
+  location: location
+}
+
+resource frontend 'Microsoft.ServiceNetworking/trafficControllers/frontends@2023-11-01' = {
+  parent: trafficController
+  name: '${resourceName}-frontend'
+  location: location
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.servicenetworking/samples/trafficcontrollers/main.bicep b/settings/remarks/microsoft.servicenetworking/samples/trafficcontrollers/main.bicep
new file mode 100644
index 00000000..d64277a2
--- /dev/null
+++ b/settings/remarks/microsoft.servicenetworking/samples/trafficcontrollers/main.bicep
@@ -0,0 +1,7 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource trafficController 'Microsoft.ServiceNetworking/trafficControllers@2023-11-01' = {
+  name: resourceName
+  location: location
+}
diff --git a/settings/remarks/microsoft.signalrservice/remarks.json b/settings/remarks/microsoft.signalrservice/remarks.json
index dda2dcc5..3961dcbe 100644
--- a/settings/remarks/microsoft.signalrservice/remarks.json
+++ b/settings/remarks/microsoft.signalrservice/remarks.json
@@ -26,5 +26,32 @@
       "Path": "samples/webpubsub/sharedprivatelinkresources/main.tf",
       "Description": "A basic example of deploying Shared Private Link Resource for a Web Pubsub service."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.SignalRService/signalR",
+      "Path": "samples/signalr/main.bicep",
+      "Description": "A basic example of deploying Azure SignalR service."
+    },
+    {
+      "ResourceType": "Microsoft.SignalRService/signalR/sharedPrivateLinkResources",
+      "Path": "samples/signalr/sharedprivatelinkresources/main.bicep",
+      "Description": "A basic example of deploying Shared Private Link Resource for a Signalr service."
+    },
+    {
+      "ResourceType": "Microsoft.SignalRService/webPubSub",
+      "Path": "samples/webpubsub/main.bicep",
+      "Description": "A basic example of deploying Azure Web PubSub service."
+    },
+    {
+      "ResourceType": "Microsoft.SignalRService/webPubSub/hubs",
+      "Path": "samples/webpubsub/hubs/main.bicep",
+      "Description": "A basic example of deploying hub settings for a Web Pubsub service."
+    },
+    {
+      "ResourceType": "Microsoft.SignalRService/webPubSub/sharedPrivateLinkResources",
+      "Path": "samples/webpubsub/sharedprivatelinkresources/main.bicep",
+      "Description": "A basic example of deploying Shared Private Link Resource for a Web Pubsub service."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.signalrservice/samples/signalr/main.bicep b/settings/remarks/microsoft.signalrservice/samples/signalr/main.bicep
new file mode 100644
index 00000000..cf280b4f
--- /dev/null
+++ b/settings/remarks/microsoft.signalrservice/samples/signalr/main.bicep
@@ -0,0 +1,60 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource signalR 'Microsoft.SignalRService/signalR@2023-02-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    cors: {}
+    disableAadAuth: false
+    disableLocalAuth: false
+    features: [
+      {
+        flag: 'ServiceMode'
+        value: 'Default'
+      }
+      {
+        flag: 'EnableConnectivityLogs'
+        value: 'False'
+      }
+      {
+        flag: 'EnableMessagingLogs'
+        value: 'False'
+      }
+      {
+        flag: 'EnableLiveTrace'
+        value: 'False'
+      }
+    ]
+    publicNetworkAccess: 'Enabled'
+    resourceLogConfiguration: {
+      categories: [
+        {
+          enabled: 'false'
+          name: 'MessagingLogs'
+        }
+        {
+          enabled: 'false'
+          name: 'ConnectivityLogs'
+        }
+        {
+          enabled: 'false'
+          name: 'HttpRequestLogs'
+        }
+      ]
+    }
+    serverless: {
+      connectionTimeoutInSeconds: 30
+    }
+    tls: {
+      clientCertEnabled: false
+    }
+    upstream: {
+      templates: []
+    }
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard_S1'
+  }
+}
diff --git a/settings/remarks/microsoft.signalrservice/samples/signalr/sharedprivatelinkresources/main.bicep b/settings/remarks/microsoft.signalrservice/samples/signalr/sharedprivatelinkresources/main.bicep
new file mode 100644
index 00000000..8e2ebab2
--- /dev/null
+++ b/settings/remarks/microsoft.signalrservice/samples/signalr/sharedprivatelinkresources/main.bicep
@@ -0,0 +1,108 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource signalR 'Microsoft.SignalRService/signalR@2023-02-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    cors: {}
+    disableAadAuth: false
+    disableLocalAuth: false
+    features: [
+      {
+        flag: 'ServiceMode'
+        value: 'Default'
+      }
+      {
+        flag: 'EnableConnectivityLogs'
+        value: 'False'
+      }
+      {
+        flag: 'EnableMessagingLogs'
+        value: 'False'
+      }
+      {
+        flag: 'EnableLiveTrace'
+        value: 'False'
+      }
+    ]
+    publicNetworkAccess: 'Enabled'
+    resourceLogConfiguration: {
+      categories: [
+        {
+          enabled: 'false'
+          name: 'MessagingLogs'
+        }
+        {
+          enabled: 'false'
+          name: 'ConnectivityLogs'
+        }
+        {
+          enabled: 'false'
+          name: 'HttpRequestLogs'
+        }
+      ]
+    }
+    serverless: {
+      connectionTimeoutInSeconds: 30
+    }
+    tls: {
+      clientCertEnabled: false
+    }
+    upstream: {
+      templates: []
+    }
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard_S1'
+  }
+}
+
+resource vault 'Microsoft.KeyVault/vaults@2021-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    accessPolicies: [
+      {
+        objectId: deployer().objectId
+        permissions: {
+          certificates: [
+            'ManageContacts'
+          ]
+          keys: [
+            'Create'
+          ]
+          secrets: [
+            'Set'
+          ]
+          storage: []
+        }
+        tenantId: deployer().tenantId
+      }
+    ]
+    createMode: 'default'
+    enableRbacAuthorization: false
+    enableSoftDelete: true
+    enabledForDeployment: false
+    enabledForDiskEncryption: false
+    enabledForTemplateDeployment: false
+    publicNetworkAccess: 'Enabled'
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    softDeleteRetentionInDays: 7
+    tenantId: deployer().tenantId
+  }
+}
+
+resource sharedPrivateLinkResource 'Microsoft.SignalRService/signalR/sharedPrivateLinkResources@2023-02-01' = {
+  parent: signalR
+  name: resourceName
+  properties: {
+    groupId: 'vault'
+    privateLinkResourceId: vault.id
+    requestMessage: 'please approve'
+  }
+}
diff --git a/settings/remarks/microsoft.signalrservice/samples/webpubsub/hubs/main.bicep b/settings/remarks/microsoft.signalrservice/samples/webpubsub/hubs/main.bicep
new file mode 100644
index 00000000..fe288f3f
--- /dev/null
+++ b/settings/remarks/microsoft.signalrservice/samples/webpubsub/hubs/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource webPubSub 'Microsoft.SignalRService/webPubSub@2023-02-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableAadAuth: false
+    disableLocalAuth: false
+    publicNetworkAccess: 'Enabled'
+    tls: {
+      clientCertEnabled: false
+    }
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard_S1'
+  }
+}
+
+resource hub 'Microsoft.SignalRService/webPubSub/hubs@2023-02-01' = {
+  parent: webPubSub
+  name: resourceName
+  properties: {
+    anonymousConnectPolicy: 'Deny'
+    eventListeners: []
+  }
+}
diff --git a/settings/remarks/microsoft.signalrservice/samples/webpubsub/main.bicep b/settings/remarks/microsoft.signalrservice/samples/webpubsub/main.bicep
new file mode 100644
index 00000000..9e647d23
--- /dev/null
+++ b/settings/remarks/microsoft.signalrservice/samples/webpubsub/main.bicep
@@ -0,0 +1,19 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource webPubSub 'Microsoft.SignalRService/webPubSub@2023-02-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableAadAuth: false
+    disableLocalAuth: false
+    publicNetworkAccess: 'Enabled'
+    tls: {
+      clientCertEnabled: false
+    }
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard_S1'
+  }
+}
diff --git a/settings/remarks/microsoft.signalrservice/samples/webpubsub/sharedprivatelinkresources/main.bicep b/settings/remarks/microsoft.signalrservice/samples/webpubsub/sharedprivatelinkresources/main.bicep
new file mode 100644
index 00000000..054ee992
--- /dev/null
+++ b/settings/remarks/microsoft.signalrservice/samples/webpubsub/sharedprivatelinkresources/main.bicep
@@ -0,0 +1,66 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource vault 'Microsoft.KeyVault/vaults@2021-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    accessPolicies: [
+      {
+        objectId: deployer().objectId
+        permissions: {
+          certificates: [
+            'ManageContacts'
+          ]
+          keys: [
+            'Create'
+          ]
+          secrets: [
+            'Set'
+          ]
+          storage: []
+        }
+        tenantId: deployer().tenantId
+      }
+    ]
+    createMode: 'default'
+    enableRbacAuthorization: false
+    enableSoftDelete: true
+    enabledForDeployment: false
+    enabledForDiskEncryption: false
+    enabledForTemplateDeployment: false
+    publicNetworkAccess: 'Enabled'
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    softDeleteRetentionInDays: 7
+    tenantId: deployer().tenantId
+  }
+}
+
+resource webPubSub 'Microsoft.SignalRService/webPubSub@2023-02-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    disableAadAuth: false
+    disableLocalAuth: false
+    publicNetworkAccess: 'Enabled'
+    tls: {
+      clientCertEnabled: false
+    }
+  }
+  sku: {
+    capacity: 1
+    name: 'Standard_S1'
+  }
+}
+
+resource sharedPrivateLinkResource 'Microsoft.SignalRService/webPubSub/sharedPrivateLinkResources@2023-02-01' = {
+  parent: webPubSub
+  name: resourceName
+  properties: {
+    groupId: 'vault'
+    privateLinkResourceId: vault.id
+  }
+}
diff --git a/settings/remarks/microsoft.solutions/remarks.json b/settings/remarks/microsoft.solutions/remarks.json
index 527b5b6b..9e2b78e5 100644
--- a/settings/remarks/microsoft.solutions/remarks.json
+++ b/settings/remarks/microsoft.solutions/remarks.json
@@ -11,5 +11,12 @@
       "Path": "samples/applications/main.tf",
       "Description": "A basic example of deploying Managed Application."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Solutions/applications",
+      "Path": "samples/applications/main.bicep",
+      "Description": "A basic example of deploying Managed Application."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.solutions/samples/applications/main.bicep b/settings/remarks/microsoft.solutions/samples/applications/main.bicep
new file mode 100644
index 00000000..70a405e6
--- /dev/null
+++ b/settings/remarks/microsoft.solutions/samples/applications/main.bicep
@@ -0,0 +1,129 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource application 'Microsoft.Solutions/applications@2021-07-01' = {
+  name: '${resourceName}-app'
+  location: location
+  kind: 'ServiceCatalog'
+  properties: {
+    applicationDefinitionId: applicationDefinition.id
+    managedResourceGroupId: '/subscriptions/subscription().subscriptionId/resourceGroups/acctest0001-infragroup'
+    parameters: {
+      arrayParameter: {
+        value: [
+          'value_1'
+          'value_2'
+        ]
+      }
+      boolParameter: {
+        value: true
+      }
+      intParameter: {
+        value: 100
+      }
+      objectParameter: {
+        value: {
+          nested_array: [
+            'value_1'
+            'value_2'
+          ]
+          nested_bool: true
+          nested_object: {
+            key_0: 0
+          }
+        }
+      }
+      secureStringParameter: {
+        value: ''
+      }
+      stringParameter: {
+        value: 'value_1'
+      }
+    }
+  }
+}
+
+resource applicationDefinition 'Microsoft.Solutions/applicationDefinitions@2021-07-01' = {
+  name: '${resourceName}-appdef'
+  location: location
+  properties: {
+    authorizations: [
+      {
+        principalId: deployer().objectId
+        roleDefinitionId: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
+      }
+    ]
+    createUiDefinition: '''    {
+      "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+      "handler": "Microsoft.Azure.CreateUIDef",
+      "version": "0.1.2-preview",
+      "parameters": {
+         "basics": [],
+         "steps": [],
+         "outputs": {}
+      }
+    }
+'''
+    description: 'Test Managed App Definition'
+    displayName: 'TestManagedAppDefinition'
+    isEnabled: true
+    lockLevel: 'ReadOnly'
+    mainTemplate: '''    {
+      "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+      "contentVersion": "1.0.0.0",
+      "parameters": {
+
+         "boolParameter": {
+            "type": "bool"
+         },
+         "intParameter": {
+            "type": "int"
+         },
+         "stringParameter": {
+            "type": "string"
+         },
+         "secureStringParameter": {
+            "type": "secureString"
+         },
+         "objectParameter": {
+            "type": "object"
+         },
+         "arrayParameter": {
+            "type": "array"
+         }
+
+      },
+      "variables": {},
+      "resources": [],
+      "outputs": {
+        "boolOutput": {
+          "type": "bool",
+          "value": true
+        },
+        "intOutput": {
+          "type": "int",
+          "value": 100
+        },
+        "stringOutput": {
+          "type": "string",
+          "value": "stringOutputValue"
+        },
+        "objectOutput": {
+          "type": "object",
+          "value": {
+            "nested_bool": true,
+            "nested_array": ["value_1", "value_2"],
+            "nested_object": {
+              "key_0": 0
+            }
+          }
+        },
+        "arrayOutput": {
+          "type": "array",
+          "value": ["value_1", "value_2"]
+        }
+      }
+    }
+'''
+  }
+}
diff --git a/settings/remarks/microsoft.sql/remarks.json b/settings/remarks/microsoft.sql/remarks.json
index 6da7b201..4435dec1 100644
--- a/settings/remarks/microsoft.sql/remarks.json
+++ b/settings/remarks/microsoft.sql/remarks.json
@@ -151,5 +151,112 @@
       "Path": "samples/servers/vulnerabilityassessments/main.tf",
       "Description": "A basic example of deploying Vulnerability Assessment for an MS SQL Server."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Sql/instancePools",
+      "Path": "samples/instancepools/main.bicep",
+      "Description": "A basic example of deploying SQL Instance Pools."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers",
+      "Path": "samples/servers/main.bicep",
+      "Description": "A basic example of deploying Microsoft SQL Azure Database Server."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/administrators",
+      "Path": "samples/servers/administrators/main.bicep",
+      "Description": "A basic example of deploying SQL Server Administrators."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/auditingSettings",
+      "Path": "samples/servers/auditingsettings/main.bicep",
+      "Description": "A basic example of deploying SQL Server Auditing Settings."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/connectionPolicies",
+      "Path": "samples/servers/connectionpolicies/main.bicep",
+      "Description": "A basic example of deploying SQL Server Connection Policies."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/databases",
+      "Path": "samples/servers/databases/main.bicep",
+      "Description": "A basic example of deploying MS SQL Database."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/databases/securityAlertPolicies",
+      "Path": "samples/servers/databases/securityalertpolicies/main.bicep",
+      "Description": "A basic example of deploying SQL Server Databases Security Alert Policies."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/databases/transparentDataEncryption",
+      "Path": "samples/servers/databases/transparentdataencryption/main.bicep",
+      "Description": "A basic example of deploying SQL Server Databases Transparent Data Encryption."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/dnsAliases",
+      "Path": "samples/servers/dnsaliases/main.bicep",
+      "Description": "A basic example of deploying MS SQL Server DNS Alias."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/elasticPools",
+      "Path": "samples/servers/elasticpools/main.bicep",
+      "Description": "A basic example of deploying Azure SQL Elastic Pool."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/encryptionProtector",
+      "Path": "samples/servers/encryptionprotector/main.bicep",
+      "Description": "A basic example of deploying transparent data encryption configuration for a MSSQL Server."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/failoverGroups",
+      "Path": "samples/servers/failovergroups/main.bicep",
+      "Description": "A basic example of deploying Microsoft Azure SQL Failover Group."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/firewallRules",
+      "Path": "samples/servers/firewallrules/main.bicep",
+      "Description": "A basic example of deploying Azure SQL Firewall Rule."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/jobAgents",
+      "Path": "samples/servers/jobagents/main.bicep",
+      "Description": "A basic example of deploying Elastic Job Agent."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/jobAgents/credentials",
+      "Path": "samples/servers/jobagents/credentials/main.bicep",
+      "Description": "A basic example of deploying Elastic Job Credential."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/jobAgents/jobs",
+      "Path": "samples/servers/jobagents/jobs/main.bicep",
+      "Description": "A basic example of deploying Elastic Job."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/jobAgents/targetGroups",
+      "Path": "samples/servers/jobagents/targetgroups/main.bicep",
+      "Description": "A basic example of deploying Elastic Job Target Group."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/outboundFirewallRules",
+      "Path": "samples/servers/outboundfirewallrules/main.bicep",
+      "Description": "A basic example of deploying Azure SQL Outbound Firewall Rule."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/securityAlertPolicies",
+      "Path": "samples/servers/securityalertpolicies/main.bicep",
+      "Description": "A basic example of deploying Security Alert Policy for a MS SQL Server."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/sqlVulnerabilityAssessments",
+      "Path": "samples/servers/sqlvulnerabilityassessments/main.bicep",
+      "Description": "A basic example of deploying SQL Server Vulnerability Assessments."
+    },
+    {
+      "ResourceType": "Microsoft.Sql/servers/virtualNetworkRules",
+      "Path": "samples/servers/virtualnetworkrules/main.bicep",
+      "Description": "A basic example of deploying Azure SQL Virtual Network Rule."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.sql/samples/instancepools/main.bicep b/settings/remarks/microsoft.sql/samples/instancepools/main.bicep
new file mode 100644
index 00000000..b18f9384
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/instancepools/main.bicep
@@ -0,0 +1,186 @@
+param resourceName string = 'acctest0001'
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2023-04-01' existing = {
+  parent: virtualNetwork
+  name: resourceName
+}
+
+resource instancePool 'Microsoft.Sql/instancePools@2022-05-01-preview' = {
+  name: resourceName
+  properties: {
+    licenseType: 'LicenseIncluded'
+    subnetId: subnet.id
+    vCores: 8
+  }
+  sku: {
+    family: 'Gen5'
+    name: 'GP_Gen5'
+    tier: 'GeneralPurpose'
+  }
+}
+
+resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2023-04-01' = {
+  name: resourceName
+  properties: {
+    securityRules: [
+      {
+        name: 'allow_tds_inbound'
+        properties: {
+          access: 'Allow'
+          description: 'Allow access to data'
+          destinationAddressPrefix: '*'
+          destinationPortRange: '1433'
+          direction: 'Inbound'
+          priority: 1000
+          protocol: 'TCP'
+          sourceAddressPrefix: 'VirtualNetwork'
+          sourcePortRange: '*'
+        }
+      }
+      {
+        name: 'allow_redirect_inbound'
+        properties: {
+          access: 'Allow'
+          description: 'Allow inbound redirect traffic to Managed Instance inside the virtual network'
+          destinationAddressPrefix: '*'
+          destinationPortRange: '11000-11999'
+          direction: 'Inbound'
+          priority: 1100
+          protocol: 'Tcp'
+          sourceAddressPrefix: 'VirtualNetwork'
+          sourcePortRange: '*'
+        }
+      }
+      {
+        name: 'allow_geodr_inbound'
+        properties: {
+          access: 'Allow'
+          description: 'Allow inbound geodr traffic inside the virtual network'
+          destinationAddressPrefix: '*'
+          destinationPortRange: '5022'
+          direction: 'Inbound'
+          priority: 1200
+          protocol: 'Tcp'
+          sourceAddressPrefix: 'VirtualNetwork'
+          sourcePortRange: '*'
+        }
+      }
+      {
+        name: 'deny_all_inbound'
+        properties: {
+          access: 'Deny'
+          description: 'Deny all other inbound traffic'
+          destinationAddressPrefix: '*'
+          destinationPortRange: '*'
+          direction: 'Inbound'
+          priority: 4096
+          protocol: '*'
+          sourceAddressPrefix: '*'
+          sourcePortRange: '*'
+        }
+      }
+      {
+        name: 'allow_linkedserver_outbound'
+        properties: {
+          access: 'Allow'
+          description: 'Allow outbound linkedserver traffic inside the virtual network'
+          destinationAddressPrefix: 'VirtualNetwork'
+          destinationPortRange: '1433'
+          direction: 'Outbound'
+          priority: 1000
+          protocol: 'Tcp'
+          sourceAddressPrefix: '*'
+          sourcePortRange: '*'
+        }
+      }
+      {
+        name: 'allow_redirect_outbound'
+        properties: {
+          access: 'Allow'
+          description: 'Allow outbound redirect traffic to Managed Instance inside the virtual network'
+          destinationAddressPrefix: 'VirtualNetwork'
+          destinationPortRange: '11000-11999'
+          direction: 'Outbound'
+          priority: 1100
+          protocol: 'Tcp'
+          sourceAddressPrefix: '*'
+          sourcePortRange: '*'
+        }
+      }
+      {
+        name: 'allow_geodr_outbound'
+        properties: {
+          access: 'Allow'
+          description: 'Allow outbound geodr traffic inside the virtual network'
+          destinationAddressPrefix: 'VirtualNetwork'
+          destinationPortRange: '5022'
+          direction: 'Outbound'
+          priority: 1200
+          protocol: 'Tcp'
+          sourceAddressPrefix: '*'
+          sourcePortRange: '*'
+        }
+      }
+      {
+        name: 'deny_all_outbound'
+        properties: {
+          access: 'Deny'
+          description: 'Deny all other outbound traffic'
+          destinationAddressPrefix: '*'
+          destinationPortRange: '*'
+          direction: 'Outbound'
+          priority: 4096
+          protocol: '*'
+          sourceAddressPrefix: '*'
+          sourcePortRange: '*'
+        }
+      }
+    ]
+  }
+}
+
+resource routeTable 'Microsoft.Network/routeTables@2023-04-01' = {
+  name: resourceName
+  properties: {
+    disableBgpRoutePropagation: false
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
+  name: resourceName
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    subnets: [
+      {
+        name: 'Default'
+        properties: {
+          addressPrefix: '10.0.0.0/24'
+        }
+      }
+      {
+        name: 'acctest0001'
+        properties: {
+          addressPrefix: '10.0.1.0/24'
+          delegations: [
+            {
+              name: 'miDelegation'
+              properties: {
+                serviceName: 'Microsoft.Sql/managedInstances'
+              }
+            }
+          ]
+          networkSecurityGroup: {
+            id: networkSecurityGroup.id
+          }
+          routeTable: {
+            id: routeTable.id
+          }
+        }
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/administrators/main.bicep b/settings/remarks/microsoft.sql/samples/servers/administrators/main.bicep
new file mode 100644
index 00000000..ebcec94e
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/administrators/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.Sql/servers@2015-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: 'mradministrator'
+    administratorLoginPassword: null
+    version: '12.0'
+  }
+}
+
+resource administrator 'Microsoft.Sql/servers/administrators@2020-11-01-preview' = {
+  parent: server
+  name: 'ActiveDirectory'
+  properties: {
+    administratorType: 'ActiveDirectory'
+    login: 'sqladmin'
+    sid: deployer().objectId
+    tenantId: deployer().tenantId
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/auditingsettings/main.bicep b/settings/remarks/microsoft.sql/samples/servers/auditingsettings/main.bicep
new file mode 100644
index 00000000..b8a48ccd
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/auditingsettings/main.bicep
@@ -0,0 +1,31 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.Sql/servers@2022-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: 'mradministrator'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource auditingSettings 'Microsoft.Sql/servers/auditingSettings@2022-05-01-preview' = {
+  parent: server
+  name: 'default'
+  properties: {
+    auditActionsAndGroups: [
+      'FAILED_DATABASE_AUTHENTICATION_GROUP'
+      'SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP'
+    ]
+    isAzureMonitorTargetEnabled: true
+    state: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/connectionpolicies/main.bicep b/settings/remarks/microsoft.sql/samples/servers/connectionpolicies/main.bicep
new file mode 100644
index 00000000..80a772ec
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/connectionpolicies/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login name for the SQL server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.Sql/servers@2021-02-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource connectionPolicy 'Microsoft.Sql/servers/connectionPolicies@2014-04-01' = {
+  parent: server
+  name: 'default'
+  properties: {
+    connectionType: 'Default'
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/databases/main.bicep b/settings/remarks/microsoft.sql/samples/servers/databases/main.bicep
new file mode 100644
index 00000000..b6fb2f83
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/databases/main.bicep
@@ -0,0 +1,37 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.Sql/servers@2021-02-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: 'mradministrator'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource database 'Microsoft.Sql/servers/databases@2021-02-01-preview' = {
+  parent: server
+  name: resourceName
+  location: location
+  properties: {
+    autoPauseDelay: 0
+    createMode: 'Default'
+    elasticPoolId: ''
+    highAvailabilityReplicaCount: 0
+    isLedgerOn: false
+    licenseType: 'LicenseIncluded'
+    maintenanceConfigurationId: resourceId('Microsoft.Maintenance/publicMaintenanceConfigurations', 'SQL_Default')
+    minCapacity: 0
+    readScale: 'Disabled'
+    requestedBackupStorageRedundancy: 'Geo'
+    zoneRedundant: false
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/databases/securityalertpolicies/main.bicep b/settings/remarks/microsoft.sql/samples/servers/databases/securityalertpolicies/main.bicep
new file mode 100644
index 00000000..3250298c
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/databases/securityalertpolicies/main.bicep
@@ -0,0 +1,45 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.Sql/servers@2021-02-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: 'mradministrator'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource database 'Microsoft.Sql/servers/databases@2021-02-01-preview' = {
+  parent: server
+  name: resourceName
+  location: location
+  properties: {
+    autoPauseDelay: 0
+    createMode: 'Default'
+    elasticPoolId: ''
+    highAvailabilityReplicaCount: 0
+    isLedgerOn: false
+    licenseType: 'LicenseIncluded'
+    maintenanceConfigurationId: resourceId('Microsoft.Maintenance/publicMaintenanceConfigurations', 'SQL_Default')
+    minCapacity: 0
+    readScale: 'Disabled'
+    requestedBackupStorageRedundancy: 'Geo'
+    zoneRedundant: false
+  }
+}
+
+resource securityAlertPolicy 'Microsoft.Sql/servers/databases/securityAlertPolicies@2020-11-01-preview' = {
+  parent: database
+  name: 'default'
+  properties: {
+    state: 'Disabled'
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/databases/transparentdataencryption/main.bicep b/settings/remarks/microsoft.sql/samples/servers/databases/transparentdataencryption/main.bicep
new file mode 100644
index 00000000..a2dfb33b
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/databases/transparentdataencryption/main.bicep
@@ -0,0 +1,45 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.Sql/servers@2021-02-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: 'mradministrator'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource database 'Microsoft.Sql/servers/databases@2021-02-01-preview' = {
+  parent: server
+  name: resourceName
+  location: location
+  properties: {
+    autoPauseDelay: 0
+    createMode: 'Default'
+    elasticPoolId: ''
+    highAvailabilityReplicaCount: 0
+    isLedgerOn: false
+    licenseType: 'LicenseIncluded'
+    maintenanceConfigurationId: resourceId('Microsoft.Maintenance/publicMaintenanceConfigurations', 'SQL_Default')
+    minCapacity: 0
+    readScale: 'Disabled'
+    requestedBackupStorageRedundancy: 'Geo'
+    zoneRedundant: false
+  }
+}
+
+resource transparentDataEncryption 'Microsoft.Sql/servers/databases/transparentDataEncryption@2014-04-01' = {
+  parent: database
+  name: 'current'
+  properties: {
+    status: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/dnsaliases/main.bicep b/settings/remarks/microsoft.sql/samples/servers/dnsaliases/main.bicep
new file mode 100644
index 00000000..6401087e
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/dnsaliases/main.bicep
@@ -0,0 +1,25 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login name for the SQL server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.Sql/servers@2021-02-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource dnsAlias 'Microsoft.Sql/servers/dnsAliases@2020-11-01-preview' = {
+  parent: server
+  name: resourceName
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/elasticpools/main.bicep b/settings/remarks/microsoft.sql/samples/servers/elasticpools/main.bicep
new file mode 100644
index 00000000..9051a2ab
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/elasticpools/main.bicep
@@ -0,0 +1,39 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.Sql/servers@2021-02-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: '4dm1n157r470r'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource elasticPool 'Microsoft.Sql/servers/elasticPools@2020-11-01-preview' = {
+  parent: server
+  name: resourceName
+  location: location
+  properties: {
+    maintenanceConfigurationId: resourceId('Microsoft.Maintenance/publicMaintenanceConfigurations', 'SQL_Default')
+    maxSizeBytes: 5242880000
+    perDatabaseSettings: {
+      maxCapacity: 5
+      minCapacity: 0
+    }
+    zoneRedundant: false
+  }
+  sku: {
+    capacity: 50
+    family: ''
+    name: 'BasicPool'
+    tier: 'Basic'
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/encryptionprotector/main.bicep b/settings/remarks/microsoft.sql/samples/servers/encryptionprotector/main.bicep
new file mode 100644
index 00000000..15f96329
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/encryptionprotector/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.Sql/servers@2023-08-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: 'mradministrator'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource encryptionProtector 'Microsoft.Sql/servers/encryptionProtector@2023-08-01-preview' = {
+  parent: server
+  name: 'current'
+  properties: {
+    autoRotationEnabled: false
+    serverKeyName: ''
+    serverKeyType: 'ServiceManaged'
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/failovergroups/main.bicep b/settings/remarks/microsoft.sql/samples/servers/failovergroups/main.bicep
new file mode 100644
index 00000000..c7a6ba1c
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/failovergroups/main.bicep
@@ -0,0 +1,79 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+param secondaryLocation string = 'eastus'
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.Sql/servers@2023-08-01-preview' = {
+  name: '${resourceName}-primary'
+  location: location
+  properties: {
+    administratorLogin: 'mradministrator'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource server1 'Microsoft.Sql/servers@2023-08-01-preview' = {
+  name: '${resourceName}-secondary'
+  properties: {
+    administratorLogin: 'mradministrator'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource database 'Microsoft.Sql/servers/databases@2023-08-01-preview' = {
+  parent: server
+  name: '${resourceName}-db'
+  location: location
+  properties: {
+    autoPauseDelay: 0
+    collation: 'SQL_Latin1_General_CP1_CI_AS'
+    createMode: 'Default'
+    elasticPoolId: ''
+    encryptionProtectorAutoRotation: false
+    highAvailabilityReplicaCount: 0
+    isLedgerOn: false
+    licenseType: ''
+    maxSizeBytes: 214748364800
+    minCapacity: 0
+    readScale: 'Disabled'
+    requestedBackupStorageRedundancy: 'Geo'
+    sampleName: ''
+    secondaryType: ''
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'S1'
+  }
+}
+
+resource failoverGroup 'Microsoft.Sql/servers/failoverGroups@2023-08-01-preview' = {
+  parent: server
+  name: '${resourceName}-fg'
+  properties: {
+    databases: [
+      database.id
+    ]
+    partnerServers: [
+      {
+        id: server1.id
+      }
+    ]
+    readOnlyEndpoint: {
+      failoverPolicy: 'Disabled'
+    }
+    readWriteEndpoint: {
+      failoverPolicy: 'Automatic'
+      failoverWithDataLossGracePeriodMinutes: 60
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/firewallrules/main.bicep b/settings/remarks/microsoft.sql/samples/servers/firewallrules/main.bicep
new file mode 100644
index 00000000..aa411a36
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/firewallrules/main.bicep
@@ -0,0 +1,27 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.Sql/servers@2021-02-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: 'msincredible'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource firewallRule 'Microsoft.Sql/servers/firewallRules@2020-11-01-preview' = {
+  parent: server
+  name: resourceName
+  properties: {
+    endIpAddress: '255.255.255.255'
+    startIpAddress: '0.0.0.0'
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/jobagents/credentials/main.bicep b/settings/remarks/microsoft.sql/samples/servers/jobagents/credentials/main.bicep
new file mode 100644
index 00000000..1520d8b1
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/jobagents/credentials/main.bicep
@@ -0,0 +1,59 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator username for the SQL server credential')
+param sqlAdminUsername string
+@secure()
+@description('The administrator password for the SQL server credential')
+param sqlAdminPassword string
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.Sql/servers@2021-02-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: '4dministr4t0r'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource database 'Microsoft.Sql/servers/databases@2021-02-01-preview' = {
+  parent: server
+  name: resourceName
+  location: location
+  properties: {
+    autoPauseDelay: 0
+    collation: 'SQL_Latin1_General_CP1_CI_AS'
+    createMode: 'Default'
+    elasticPoolId: ''
+    highAvailabilityReplicaCount: 0
+    isLedgerOn: false
+    minCapacity: 0
+    readScale: 'Disabled'
+    requestedBackupStorageRedundancy: 'Geo'
+    zoneRedundant: false
+  }
+}
+
+resource jobAgent 'Microsoft.Sql/servers/jobAgents@2020-11-01-preview' = {
+  parent: server
+  name: resourceName
+  location: location
+  properties: {
+    databaseId: database.id
+  }
+}
+
+resource credential 'Microsoft.Sql/servers/jobAgents/credentials@2020-11-01-preview' = {
+  parent: jobAgent
+  name: resourceName
+  properties: {
+    password: null
+    username: null
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/jobagents/jobs/main.bicep b/settings/remarks/microsoft.sql/samples/servers/jobagents/jobs/main.bicep
new file mode 100644
index 00000000..67bbb970
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/jobagents/jobs/main.bicep
@@ -0,0 +1,64 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.Sql/servers@2023-08-01-preview' = {
+  name: '${resourceName}-server'
+  location: location
+  properties: {
+    administratorLogin: '4dm1n157r470r'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource database 'Microsoft.Sql/servers/databases@2023-08-01-preview' = {
+  parent: server
+  name: '${resourceName}-db'
+  location: location
+  properties: {
+    autoPauseDelay: 0
+    collation: 'SQL_Latin1_General_CP1_CI_AS'
+    createMode: 'Default'
+    elasticPoolId: ''
+    encryptionProtectorAutoRotation: false
+    highAvailabilityReplicaCount: 0
+    isLedgerOn: false
+    licenseType: ''
+    maintenanceConfigurationId: '/subscriptions/subscription().subscriptionId/providers/Microsoft.Maintenance/publicMaintenanceConfigurations/SQL_Default'
+    minCapacity: 0
+    readScale: 'Disabled'
+    requestedBackupStorageRedundancy: 'Geo'
+    sampleName: ''
+    secondaryType: ''
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'S1'
+  }
+}
+
+resource jobAgent 'Microsoft.Sql/servers/jobAgents@2023-08-01-preview' = {
+  parent: server
+  name: '${resourceName}-job-agent'
+  location: location
+  properties: {
+    databaseId: database.id
+  }
+  sku: {
+    name: 'JA100'
+  }
+}
+
+resource job 'Microsoft.Sql/servers/jobAgents/jobs@2023-08-01-preview' = {
+  parent: jobAgent
+  name: '${resourceName}-job'
+  properties: {
+    description: ''
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/jobagents/main.bicep b/settings/remarks/microsoft.sql/samples/servers/jobagents/main.bicep
new file mode 100644
index 00000000..a30fcdd9
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/jobagents/main.bicep
@@ -0,0 +1,46 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the SQL server')
+param sqlAdministratorPassword string
+
+resource server 'Microsoft.Sql/servers@2021-02-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: '4dministr4t0r'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource database 'Microsoft.Sql/servers/databases@2021-02-01-preview' = {
+  parent: server
+  name: resourceName
+  location: location
+  properties: {
+    autoPauseDelay: 0
+    collation: 'SQL_Latin1_General_CP1_CI_AS'
+    createMode: 'Default'
+    elasticPoolId: ''
+    highAvailabilityReplicaCount: 0
+    isLedgerOn: false
+    maintenanceConfigurationId: resourceId('Microsoft.Maintenance/publicMaintenanceConfigurations', 'SQL_Default')
+    minCapacity: 0
+    readScale: 'Disabled'
+    requestedBackupStorageRedundancy: 'Geo'
+    zoneRedundant: false
+  }
+}
+
+resource jobAgent 'Microsoft.Sql/servers/jobAgents@2020-11-01-preview' = {
+  parent: server
+  name: resourceName
+  location: location
+  properties: {
+    databaseId: database.id
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/jobagents/targetgroups/main.bicep b/settings/remarks/microsoft.sql/samples/servers/jobagents/targetgroups/main.bicep
new file mode 100644
index 00000000..008aa16c
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/jobagents/targetgroups/main.bicep
@@ -0,0 +1,76 @@
+param resourceName string = 'acctest0001'
+param location string = 'centralus'
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+@secure()
+@description('The password for the SQL job credential')
+param jobCredentialPassword string
+
+resource server 'Microsoft.Sql/servers@2023-08-01-preview' = {
+  name: '${resourceName}-server'
+  location: location
+  properties: {
+    administratorLogin: '4dm1n157r470r'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource database 'Microsoft.Sql/servers/databases@2023-08-01-preview' = {
+  parent: server
+  name: '${resourceName}-db'
+  location: location
+  properties: {
+    autoPauseDelay: 0
+    collation: 'SQL_Latin1_General_CP1_CI_AS'
+    createMode: 'Default'
+    elasticPoolId: ''
+    encryptionProtectorAutoRotation: false
+    highAvailabilityReplicaCount: 0
+    isLedgerOn: false
+    licenseType: ''
+    maintenanceConfigurationId: '/subscriptions/subscription().subscriptionId/providers/Microsoft.Maintenance/publicMaintenanceConfigurations/SQL_Default'
+    minCapacity: 0
+    readScale: 'Disabled'
+    requestedBackupStorageRedundancy: 'Geo'
+    sampleName: ''
+    secondaryType: ''
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'S1'
+  }
+}
+
+resource jobAgent 'Microsoft.Sql/servers/jobAgents@2023-08-01-preview' = {
+  parent: server
+  name: '${resourceName}-job-agent'
+  location: location
+  properties: {
+    databaseId: database.id
+  }
+  sku: {
+    name: 'JA100'
+  }
+}
+
+resource credential 'Microsoft.Sql/servers/jobAgents/credentials@2023-08-01-preview' = {
+  parent: jobAgent
+  name: '${resourceName}-job-credential'
+  properties: {
+    password: null
+    username: 'testusername'
+  }
+}
+
+resource targetGroup 'Microsoft.Sql/servers/jobAgents/targetGroups@2023-08-01-preview' = {
+  parent: jobAgent
+  name: '${resourceName}-target-group'
+  properties: {
+    members: []
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/main.bicep b/settings/remarks/microsoft.sql/samples/servers/main.bicep
new file mode 100644
index 00000000..2df7ea10
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/main.bicep
@@ -0,0 +1,18 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the SQL server')
+param sqlAdministratorPassword string
+
+resource server 'Microsoft.Sql/servers@2021-02-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: 'mradministrator'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/outboundfirewallrules/main.bicep b/settings/remarks/microsoft.sql/samples/servers/outboundfirewallrules/main.bicep
new file mode 100644
index 00000000..9e3d5381
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/outboundfirewallrules/main.bicep
@@ -0,0 +1,24 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('Admin password for the database')
+param adminPassword string
+
+resource server 'Microsoft.Sql/servers@2021-02-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: 'msincredible'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Enabled'
+    version: '12.0'
+  }
+}
+
+resource outboundFirewallRule 'Microsoft.Sql/servers/outboundFirewallRules@2021-02-01-preview' = {
+  parent: server
+  name: 'sql230630033612934212.database.windows.net'
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/securityalertpolicies/main.bicep b/settings/remarks/microsoft.sql/samples/servers/securityalertpolicies/main.bicep
new file mode 100644
index 00000000..e63e42f1
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/securityalertpolicies/main.bicep
@@ -0,0 +1,25 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The administrator login name for the SQL server')
+param administratorLogin string
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.Sql/servers@2015-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: null
+    administratorLoginPassword: null
+    version: '12.0'
+  }
+}
+
+resource securityAlertPolicy 'Microsoft.Sql/servers/securityAlertPolicies@2017-03-01-preview' = {
+  parent: server
+  name: 'Default'
+  properties: {
+    state: 'Disabled'
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/sqlvulnerabilityassessments/main.bicep b/settings/remarks/microsoft.sql/samples/servers/sqlvulnerabilityassessments/main.bicep
new file mode 100644
index 00000000..ba2ba40a
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/sqlvulnerabilityassessments/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+@secure()
+@description('The administrator login password for the SQL server')
+param administratorLoginPassword string
+
+resource server 'Microsoft.Sql/servers@2022-05-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: 'mradministrator'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource sqlVulnerabilityAssessments 'Microsoft.Sql/servers/sqlVulnerabilityAssessments@2022-05-01-preview' = {
+  parent: server
+  name: 'default'
+  properties: {
+    state: 'Enabled'
+  }
+}
diff --git a/settings/remarks/microsoft.sql/samples/servers/virtualnetworkrules/main.bicep b/settings/remarks/microsoft.sql/samples/servers/virtualnetworkrules/main.bicep
new file mode 100644
index 00000000..9cab05b5
--- /dev/null
+++ b/settings/remarks/microsoft.sql/samples/servers/virtualnetworkrules/main.bicep
@@ -0,0 +1,60 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the SQL server')
+param sqlAdministratorPassword string
+
+resource server 'Microsoft.Sql/servers@2021-02-01-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    administratorLogin: 'missadmin'
+    administratorLoginPassword: null
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    restrictOutboundNetworkAccess: 'Disabled'
+    version: '12.0'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.7.28.0/23'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.7.28.0/25'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: [
+      {
+        service: 'Microsoft.Sql'
+      }
+    ]
+  }
+}
+
+resource virtualNetworkRule 'Microsoft.Sql/servers/virtualNetworkRules@2020-11-01-preview' = {
+  parent: server
+  name: resourceName
+  properties: {
+    ignoreMissingVnetServiceEndpoint: false
+    virtualNetworkSubnetId: subnet.id
+  }
+}
diff --git a/settings/remarks/microsoft.sqlvirtualmachine/remarks.json b/settings/remarks/microsoft.sqlvirtualmachine/remarks.json
index 0919ed3e..806f1091 100644
--- a/settings/remarks/microsoft.sqlvirtualmachine/remarks.json
+++ b/settings/remarks/microsoft.sqlvirtualmachine/remarks.json
@@ -16,5 +16,17 @@
       "Path": "samples/sqlvirtualmachines/sqlbestpracticesassessment/main.tf",
       "Description": "A sqlbestpracticesassessment example of deploying Microsoft SQL Virtual Machine."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.SqlVirtualMachine/sqlVirtualMachineGroups",
+      "Path": "samples/sqlvirtualmachinegroups/main.bicep",
+      "Description": "A basic example of deploying Microsoft SQL Virtual Machine Group."
+    },
+    {
+      "ResourceType": "Microsoft.SqlVirtualMachine/sqlVirtualMachines",
+      "Path": "samples/sqlvirtualmachines/basic/main.bicep",
+      "Description": "A basic example of deploying Microsoft SQL Virtual Machine."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.sqlvirtualmachine/samples/sqlvirtualmachinegroups/main.bicep b/settings/remarks/microsoft.sqlvirtualmachine/samples/sqlvirtualmachinegroups/main.bicep
new file mode 100644
index 00000000..386b1a28
--- /dev/null
+++ b/settings/remarks/microsoft.sqlvirtualmachine/samples/sqlvirtualmachinegroups/main.bicep
@@ -0,0 +1,21 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource sqlVirtualMachineGroup 'Microsoft.SqlVirtualMachine/sqlVirtualMachineGroups@2023-10-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    sqlImageOffer: 'SQL2017-WS2016'
+    sqlImageSku: 'Developer'
+    wsfcDomainProfile: {
+      clusterBootstrapAccount: ''
+      clusterOperatorAccount: ''
+      clusterSubnetType: 'SingleSubnet'
+      domainFqdn: 'testdomain.com'
+      ouPath: ''
+      sqlServiceAccount: ''
+      storageAccountPrimaryKey: ''
+      storageAccountUrl: ''
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.sqlvirtualmachine/samples/sqlvirtualmachines/basic/main.bicep b/settings/remarks/microsoft.sqlvirtualmachine/samples/sqlvirtualmachines/basic/main.bicep
new file mode 100644
index 00000000..dc0fcf1d
--- /dev/null
+++ b/settings/remarks/microsoft.sqlvirtualmachine/samples/sqlvirtualmachines/basic/main.bicep
@@ -0,0 +1,172 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrator password for the SQL virtual machine')
+param vmAdminPassword string
+
+resource networkInterface 'Microsoft.Network/networkInterfaces@2024-05-01' = {
+  name: resourceName
+  properties: {
+    auxiliaryMode: 'None'
+    auxiliarySku: 'None'
+    disableTcpStateTracking: false
+    dnsSettings: {
+      dnsServers: []
+    }
+    enableAcceleratedNetworking: false
+    enableIPForwarding: false
+    ipConfigurations: [
+      {
+        name: 'testconfiguration1'
+        properties: {
+          primary: true
+          privateIPAddress: '10.0.0.4'
+          privateIPAddressVersion: 'IPv4'
+          privateIPAllocationMethod: 'Dynamic'
+          publicIPAddress: {
+            id: publicIPAddress.id
+          }
+          subnet: {
+            id: subnet.id
+          }
+        }
+        type: 'Microsoft.Network/networkInterfaces/ipConfigurations'
+      }
+    ]
+    nicType: 'Standard'
+  }
+}
+
+resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2024-05-01' = {
+  name: resourceName
+  properties: {
+    securityRules: [
+      {
+        name: 'MSSQLRule'
+        properties: {
+          access: 'Allow'
+          destinationAddressPrefix: '*'
+          destinationAddressPrefixes: []
+          destinationPortRange: '1433'
+          destinationPortRanges: []
+          direction: 'Inbound'
+          priority: 1001
+          protocol: 'Tcp'
+          sourceAddressPrefix: '167.220.255.0/25'
+          sourceAddressPrefixes: []
+          sourcePortRange: '*'
+          sourcePortRanges: []
+        }
+      }
+    ]
+  }
+}
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2024-05-01' = {
+  name: resourceName
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 4
+    ipTags: []
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Dynamic'
+  }
+  sku: {
+    name: 'Basic'
+    tier: 'Regional'
+  }
+}
+
+resource sqlvirtualMachine 'Microsoft.SqlVirtualMachine/sqlVirtualMachines@2023-10-01' = {
+  name: 'virtualMachine.name'
+  properties: {
+    enableAutomaticUpgrade: true
+    leastPrivilegeMode: 'Enabled'
+    sqlImageOffer: 'SQL2017-WS2016'
+    sqlImageSku: 'Developer'
+    sqlManagement: 'Full'
+    sqlServerLicenseType: 'PAYG'
+    virtualMachineResourceId: virtualMachine.id
+  }
+}
+
+resource virtualMachine 'Microsoft.Compute/virtualMachines@2024-07-01' = {
+  name: resourceName
+  properties: {
+    hardwareProfile: {
+      vmSize: 'Standard_F2s'
+    }
+    networkProfile: {
+      networkInterfaces: [
+        {
+          id: networkInterface.id
+          properties: {
+            primary: false
+          }
+        }
+      ]
+    }
+    osProfile: {
+      adminPassword: null
+      adminUsername: 'testadmin'
+      allowExtensionOperations: true
+      computerName: 'winhost01'
+      secrets: []
+      windowsConfiguration: {
+        enableAutomaticUpdates: true
+        patchSettings: {
+          assessmentMode: 'ImageDefault'
+          patchMode: 'AutomaticByOS'
+        }
+        provisionVMAgent: true
+        timeZone: 'Pacific Standard Time'
+      }
+    }
+    storageProfile: {
+      dataDisks: []
+      imageReference: {
+        offer: 'SQL2017-WS2016'
+        publisher: 'MicrosoftSQLServer'
+        sku: 'SQLDEV'
+        version: 'latest'
+      }
+      osDisk: {
+        caching: 'ReadOnly'
+        createOption: 'FromImage'
+        deleteOption: 'Detach'
+        diskSizeGB: 127
+        managedDisk: {
+          storageAccountType: 'Premium_LRS'
+        }
+        name: 'acctvm-250116171212663925OSDisk'
+        osType: 'Windows'
+        writeAcceleratorEnabled: false
+      }
+    }
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.0.0/24'
+    networkSecurityGroup: {
+      id: networkSecurityGroup.id
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.standbypool/remarks.json b/settings/remarks/microsoft.standbypool/remarks.json
index 58cf4042..a3851871 100644
--- a/settings/remarks/microsoft.standbypool/remarks.json
+++ b/settings/remarks/microsoft.standbypool/remarks.json
@@ -11,5 +11,12 @@
       "Path": "samples/standbyvirtualmachinepools/main.tf",
       "Description": "A basic example of deploying Microsoft Standby pools for Virtual Machine Scale Sets."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.StandbyPool/standbyContainerGroupPools",
+      "Path": "samples/standbycontainergrouppools/basic/main.bicep",
+      "Description": "A basic example of deploying Microsoft Standby pools for Container Groups."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.standbypool/samples/standbycontainergrouppools/basic/main.bicep b/settings/remarks/microsoft.standbypool/samples/standbycontainergrouppools/basic/main.bicep
new file mode 100644
index 00000000..05908b4d
--- /dev/null
+++ b/settings/remarks/microsoft.standbypool/samples/standbycontainergrouppools/basic/main.bicep
@@ -0,0 +1,98 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource containerGroupProfile 'Microsoft.ContainerInstance/containerGroupProfiles@2024-05-01-preview' = {
+  name: '${resourceName}-contianerGroup'
+  location: location
+  properties: {
+    containers: [
+      {
+        name: 'mycontainergroupprofile'
+        properties: {
+          command: []
+          environmentVariables: []
+          image: 'mcr.microsoft.com/azuredocs/aci-helloworld:latest'
+          ports: [
+            {
+              port: 8000
+            }
+          ]
+          resources: {
+            requests: {
+              cpu: 1
+              memoryInGB: any('1.5')
+            }
+          }
+        }
+      }
+    ]
+    imageRegistryCredentials: []
+    ipAddress: {
+      ports: [
+        {
+          port: 8000
+          protocol: 'TCP'
+        }
+      ]
+      type: 'Public'
+    }
+    osType: 'Linux'
+    sku: 'Standard'
+  }
+}
+
+resource standbyContainerGroupPool 'Microsoft.StandbyPool/standbyContainerGroupPools@2025-03-01' = {
+  name: '${resourceName}-CGPool'
+  location: 'eastus'
+  properties: {
+    containerGroupProperties: {
+      containerGroupProfile: {
+        id: containerGroupProfile.id
+        revision: 1
+      }
+      subnetIds: [
+        {
+          id: subnet.id
+        }
+      ]
+    }
+    elasticityProfile: {
+      maxReadyCapacity: 5
+      refillPolicy: 'always'
+    }
+    zones: [
+      '1'
+      '2'
+      '3'
+    ]
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: '${resourceName}-vnet'
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: '${resourceName}-subnet'
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.storage/remarks.json b/settings/remarks/microsoft.storage/remarks.json
index edfd3573..52ce7558 100644
--- a/settings/remarks/microsoft.storage/remarks.json
+++ b/settings/remarks/microsoft.storage/remarks.json
@@ -61,5 +61,52 @@
       "Path": "samples/storageaccounts/tableservices/tables/main.tf",
       "Description": "A basic example of deploying Table within Azure Storage."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Storage/storageAccounts",
+      "Path": "samples/storageaccounts/basic/main.bicep",
+      "Description": "A basic example of deploying Azure Storage Account."
+    },
+    {
+      "ResourceType": "Microsoft.Storage/storageAccounts/blobServices",
+      "Path": "samples/storageaccounts/blobservices/main.bicep",
+      "Description": "A basic example of deploying Blob Service within Azure Storage."
+    },
+    {
+      "ResourceType": "Microsoft.Storage/storageAccounts/blobServices/containers",
+      "Path": "samples/storageaccounts/blobservices/containers/main.bicep",
+      "Description": "A basic example of deploying Blob Container within Azure Storage."
+    },
+    {
+      "ResourceType": "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies",
+      "Path": "samples/storageaccounts/blobservices/containers/immutabilitypolicies/main.bicep",
+      "Description": "A basic example of deploying Immutability Policy for a Container within an Azure Storage Account."
+    },
+    {
+      "ResourceType": "Microsoft.Storage/storageAccounts/fileServices/shares",
+      "Path": "samples/storageaccounts/fileservices/shares/main.bicep",
+      "Description": "A basic example of deploying File Share within Azure Storage."
+    },
+    {
+      "ResourceType": "Microsoft.Storage/storageAccounts/localUsers",
+      "Path": "samples/storageaccounts/localusers/basic/main.bicep",
+      "Description": "A basic example of deploying Storage Account Local User."
+    },
+    {
+      "ResourceType": "Microsoft.Storage/storageAccounts/managementPolicies",
+      "Path": "samples/storageaccounts/managementpolicies/main.bicep",
+      "Description": "A basic example of deploying Azure Storage Account Management Policy."
+    },
+    {
+      "ResourceType": "Microsoft.Storage/storageAccounts/queueServices/queues",
+      "Path": "samples/storageaccounts/queueservices/queues/main.bicep",
+      "Description": "A basic example of deploying Queue within Azure Storage."
+    },
+    {
+      "ResourceType": "Microsoft.Storage/storageAccounts/tableServices/tables",
+      "Path": "samples/storageaccounts/tableservices/tables/main.bicep",
+      "Description": "A basic example of deploying Table within Azure Storage."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.storage/samples/storageaccounts/basic/main.bicep b/settings/remarks/microsoft.storage/samples/storageaccounts/basic/main.bicep
new file mode 100644
index 00000000..5c7e206f
--- /dev/null
+++ b/settings/remarks/microsoft.storage/samples/storageaccounts/basic/main.bicep
@@ -0,0 +1,38 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
diff --git a/settings/remarks/microsoft.storage/samples/storageaccounts/blobservices/containers/immutabilitypolicies/main.bicep b/settings/remarks/microsoft.storage/samples/storageaccounts/blobservices/containers/immutabilitypolicies/main.bicep
new file mode 100644
index 00000000..c7c59b53
--- /dev/null
+++ b/settings/remarks/microsoft.storage/samples/storageaccounts/blobservices/containers/immutabilitypolicies/main.bicep
@@ -0,0 +1,35 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+  parent: blobService
+  name: resourceName
+  properties: {
+    metadata: {
+      key: 'value'
+    }
+  }
+}
+
+resource immutabilityPolicy 'Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies@2023-05-01' = {
+  parent: container
+  name: 'default'
+  properties: {
+    allowProtectedAppendWrites: false
+    immutabilityPeriodSinceCreationInDays: 4
+  }
+}
diff --git a/settings/remarks/microsoft.storage/samples/storageaccounts/blobservices/containers/main.bicep b/settings/remarks/microsoft.storage/samples/storageaccounts/blobservices/containers/main.bicep
new file mode 100644
index 00000000..4efc6c29
--- /dev/null
+++ b/settings/remarks/microsoft.storage/samples/storageaccounts/blobservices/containers/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+  parent: blobService
+  name: resourceName
+  properties: {
+    metadata: {
+      key: 'value'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.storage/samples/storageaccounts/blobservices/main.bicep b/settings/remarks/microsoft.storage/samples/storageaccounts/blobservices/main.bicep
new file mode 100644
index 00000000..e53e1805
--- /dev/null
+++ b/settings/remarks/microsoft.storage/samples/storageaccounts/blobservices/main.bicep
@@ -0,0 +1,62 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' = {
+  parent: storageAccount
+  name: 'default'
+  properties: {
+    changeFeed: {
+      enabled: true
+    }
+    containerDeleteRetentionPolicy: {
+      enabled: false
+    }
+    cors: {}
+    deleteRetentionPolicy: {
+      enabled: false
+    }
+    isVersioningEnabled: true
+    lastAccessTimeTrackingPolicy: {
+      enable: false
+    }
+    restorePolicy: {
+      enabled: false
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.storage/samples/storageaccounts/fileservices/shares/main.bicep b/settings/remarks/microsoft.storage/samples/storageaccounts/fileservices/shares/main.bicep
new file mode 100644
index 00000000..0ba2cdcb
--- /dev/null
+++ b/settings/remarks/microsoft.storage/samples/storageaccounts/fileservices/shares/main.bicep
@@ -0,0 +1,24 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource fileService 'Microsoft.Storage/storageAccounts/fileServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource share 'Microsoft.Storage/storageAccounts/fileServices/shares@2022-09-01' = {
+  parent: fileService
+  name: resourceName
+  properties: {
+    accessTier: 'Cool'
+  }
+}
diff --git a/settings/remarks/microsoft.storage/samples/storageaccounts/localusers/basic/main.bicep b/settings/remarks/microsoft.storage/samples/storageaccounts/localusers/basic/main.bicep
new file mode 100644
index 00000000..3575fd63
--- /dev/null
+++ b/settings/remarks/microsoft.storage/samples/storageaccounts/localusers/basic/main.bicep
@@ -0,0 +1,56 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource localUser 'Microsoft.Storage/storageAccounts/localUsers@2021-09-01' = {
+  parent: storageAccount
+  name: resourceName
+  properties: {
+    hasSharedKey: true
+    hasSshKey: false
+    hasSshPassword: false
+    homeDirectory: 'containername/'
+    permissionScopes: [
+      {
+        permissions: 'cwl'
+        resourceName: 'containername'
+        service: 'blob'
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.storage/samples/storageaccounts/managementpolicies/main.bicep b/settings/remarks/microsoft.storage/samples/storageaccounts/managementpolicies/main.bicep
new file mode 100644
index 00000000..7464c6f1
--- /dev/null
+++ b/settings/remarks/microsoft.storage/samples/storageaccounts/managementpolicies/main.bicep
@@ -0,0 +1,82 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'BlobStorage'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource managementPolicy 'Microsoft.Storage/storageAccounts/managementPolicies@2021-09-01' = {
+  parent: storageAccount
+  name: 'default'
+  properties: {
+    policy: {
+      rules: [
+        {
+          definition: {
+            actions: {
+              baseBlob: {
+                delete: {
+                  daysAfterModificationGreaterThan: 100
+                }
+                tierToArchive: {
+                  daysAfterModificationGreaterThan: 50
+                }
+                tierToCool: {
+                  daysAfterModificationGreaterThan: 10
+                }
+              }
+              snapshot: {
+                delete: {
+                  daysAfterCreationGreaterThan: 30
+                }
+              }
+            }
+            filters: {
+              blobTypes: [
+                'blockBlob'
+              ]
+              prefixMatch: [
+                'container1/prefix1'
+              ]
+            }
+          }
+          enabled: true
+          name: 'rule-1'
+          type: 'Lifecycle'
+        }
+      ]
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.storage/samples/storageaccounts/queueservices/queues/main.bicep b/settings/remarks/microsoft.storage/samples/storageaccounts/queueservices/queues/main.bicep
new file mode 100644
index 00000000..4a063a33
--- /dev/null
+++ b/settings/remarks/microsoft.storage/samples/storageaccounts/queueservices/queues/main.bicep
@@ -0,0 +1,26 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource queueService 'Microsoft.Storage/storageAccounts/queueServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource queue 'Microsoft.Storage/storageAccounts/queueServices/queues@2022-09-01' = {
+  parent: queueService
+  name: resourceName
+  properties: {
+    metadata: {
+      key: 'value'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.storage/samples/storageaccounts/tableservices/tables/main.bicep b/settings/remarks/microsoft.storage/samples/storageaccounts/tableservices/tables/main.bicep
new file mode 100644
index 00000000..a5e05ede
--- /dev/null
+++ b/settings/remarks/microsoft.storage/samples/storageaccounts/tableservices/tables/main.bicep
@@ -0,0 +1,24 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource tableService 'Microsoft.Storage/storageAccounts/tableServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource table 'Microsoft.Storage/storageAccounts/tableServices/tables@2022-09-01' = {
+  parent: tableService
+  name: resourceName
+  properties: {
+    signedIdentifiers: []
+  }
+}
diff --git a/settings/remarks/microsoft.storagecache/remarks.json b/settings/remarks/microsoft.storagecache/remarks.json
index 25653600..375869eb 100644
--- a/settings/remarks/microsoft.storagecache/remarks.json
+++ b/settings/remarks/microsoft.storagecache/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/caches/main.tf",
       "Description": "A basic example of deploying HPC Cache."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.StorageCache/amlFilesystems",
+      "Path": "samples/amlfilesystems/main.bicep",
+      "Description": "A basic example of deploying Azure Managed Lustre File System."
+    },
+    {
+      "ResourceType": "Microsoft.StorageCache/caches",
+      "Path": "samples/caches/main.bicep",
+      "Description": "A basic example of deploying HPC Cache."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.storagecache/samples/amlfilesystems/main.bicep b/settings/remarks/microsoft.storagecache/samples/amlfilesystems/main.bicep
new file mode 100644
index 00000000..6eb0dde6
--- /dev/null
+++ b/settings/remarks/microsoft.storagecache/samples/amlfilesystems/main.bicep
@@ -0,0 +1,52 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource amlFilesystem 'Microsoft.StorageCache/amlFilesystems@2024-07-01' = {
+  name: '${resourceName}-amlfs'
+  location: location
+  properties: {
+    filesystemSubnet: subnet.id
+    maintenanceWindow: {
+      dayOfWeek: 'Friday'
+      timeOfDayUTC: '22:00'
+    }
+    storageCapacityTiB: 8
+  }
+  sku: {
+    name: 'AMLFS-Durable-Premium-250'
+  }
+  zones: [
+    '1'
+  ]
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
+  name: '${resourceName}-vnet'
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    privateEndpointVNetPolicies: 'Disabled'
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
+  parent: virtualNetwork
+  name: '${resourceName}-subnet'
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    defaultOutboundAccess: true
+    delegations: []
+    privateEndpointNetworkPolicies: 'Disabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.storagecache/samples/caches/main.bicep b/settings/remarks/microsoft.storagecache/samples/caches/main.bicep
new file mode 100644
index 00000000..459e9c0d
--- /dev/null
+++ b/settings/remarks/microsoft.storagecache/samples/caches/main.bicep
@@ -0,0 +1,47 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource cach 'Microsoft.StorageCache/caches@2023-01-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    cacheSizeGB: 3072
+    networkSettings: {
+      mtu: 1500
+      ntpServer: 'time.windows.com'
+    }
+    subnet: subnet.id
+  }
+  sku: {
+    name: 'Standard_2G'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
+  parent: virtualNetwork
+  name: resourceName
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    delegations: []
+    privateEndpointNetworkPolicies: 'Enabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/microsoft.storagemover/remarks.json b/settings/remarks/microsoft.storagemover/remarks.json
index fda88659..fc4683a6 100644
--- a/settings/remarks/microsoft.storagemover/remarks.json
+++ b/settings/remarks/microsoft.storagemover/remarks.json
@@ -16,5 +16,22 @@
       "Path": "samples/storagemovers/projects/main.tf",
       "Description": "A basic example of deploying Storage Mover Project."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.StorageMover/storageMovers",
+      "Path": "samples/storagemovers/main.bicep",
+      "Description": "A basic example of deploying Storage Mover."
+    },
+    {
+      "ResourceType": "Microsoft.StorageMover/storageMovers/endpoints",
+      "Path": "samples/storagemovers/endpoints/main.bicep",
+      "Description": "A basic example of deploying Storage Mover Source Endpoint."
+    },
+    {
+      "ResourceType": "Microsoft.StorageMover/storageMovers/projects",
+      "Path": "samples/storagemovers/projects/main.bicep",
+      "Description": "A basic example of deploying Storage Mover Project."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.storagemover/samples/storagemovers/endpoints/main.bicep b/settings/remarks/microsoft.storagemover/samples/storagemovers/endpoints/main.bicep
new file mode 100644
index 00000000..7163200e
--- /dev/null
+++ b/settings/remarks/microsoft.storagemover/samples/storagemovers/endpoints/main.bicep
@@ -0,0 +1,19 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource storageMover 'Microsoft.StorageMover/storageMovers@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
+
+resource endpoint 'Microsoft.StorageMover/storageMovers/endpoints@2023-03-01' = {
+  parent: storageMover
+  name: resourceName
+  properties: {
+    endpointType: 'NfsMount'
+    export: ''
+    host: '192.168.0.1'
+    nfsVersion: 'NFSauto'
+  }
+}
diff --git a/settings/remarks/microsoft.storagemover/samples/storagemovers/main.bicep b/settings/remarks/microsoft.storagemover/samples/storagemovers/main.bicep
new file mode 100644
index 00000000..1fdd4632
--- /dev/null
+++ b/settings/remarks/microsoft.storagemover/samples/storagemovers/main.bicep
@@ -0,0 +1,8 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource storageMover 'Microsoft.StorageMover/storageMovers@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.storagemover/samples/storagemovers/projects/main.bicep b/settings/remarks/microsoft.storagemover/samples/storagemovers/projects/main.bicep
new file mode 100644
index 00000000..f621af83
--- /dev/null
+++ b/settings/remarks/microsoft.storagemover/samples/storagemovers/projects/main.bicep
@@ -0,0 +1,14 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+
+resource storageMover 'Microsoft.StorageMover/storageMovers@2023-03-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+}
+
+resource project 'Microsoft.StorageMover/storageMovers/projects@2023-03-01' = {
+  parent: storageMover
+  name: resourceName
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.storagesync/remarks.json b/settings/remarks/microsoft.storagesync/remarks.json
index 70ad3016..74c6e079 100644
--- a/settings/remarks/microsoft.storagesync/remarks.json
+++ b/settings/remarks/microsoft.storagesync/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/storagesyncservices/syncgroups/main.tf",
       "Description": "A basic example of deploying Storage Sync Group."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.StorageSync/storageSyncServices",
+      "Path": "samples/storagesyncservices/main.bicep",
+      "Description": "A basic example of deploying Storage Sync."
+    },
+    {
+      "ResourceType": "Microsoft.StorageSync/storageSyncServices/syncGroups",
+      "Path": "samples/storagesyncservices/syncgroups/main.bicep",
+      "Description": "A basic example of deploying Storage Sync Group."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.storagesync/samples/storagesyncservices/main.bicep b/settings/remarks/microsoft.storagesync/samples/storagesyncservices/main.bicep
new file mode 100644
index 00000000..e808c55f
--- /dev/null
+++ b/settings/remarks/microsoft.storagesync/samples/storagesyncservices/main.bicep
@@ -0,0 +1,10 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource storageSyncService 'Microsoft.StorageSync/storageSyncServices@2020-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    incomingTrafficPolicy: 'AllowAllTraffic'
+  }
+}
diff --git a/settings/remarks/microsoft.storagesync/samples/storagesyncservices/syncgroups/main.bicep b/settings/remarks/microsoft.storagesync/samples/storagesyncservices/syncgroups/main.bicep
new file mode 100644
index 00000000..cc582be8
--- /dev/null
+++ b/settings/remarks/microsoft.storagesync/samples/storagesyncservices/syncgroups/main.bicep
@@ -0,0 +1,15 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource storageSyncService 'Microsoft.StorageSync/storageSyncServices@2020-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    incomingTrafficPolicy: 'AllowAllTraffic'
+  }
+}
+
+resource syncGroup 'Microsoft.StorageSync/storageSyncServices/syncGroups@2020-03-01' = {
+  parent: storageSyncService
+  name: resourceName
+}
diff --git a/settings/remarks/microsoft.streamanalytics/remarks.json b/settings/remarks/microsoft.streamanalytics/remarks.json
index b71ab76c..d312b9d3 100644
--- a/settings/remarks/microsoft.streamanalytics/remarks.json
+++ b/settings/remarks/microsoft.streamanalytics/remarks.json
@@ -26,5 +26,32 @@
       "Path": "samples/streamingjobs/outputs/main.tf",
       "Description": "A basic example of deploying Stream Analytics Output Table."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.StreamAnalytics/clusters",
+      "Path": "samples/clusters/main.bicep",
+      "Description": "A basic example of deploying Stream Analytics Cluster."
+    },
+    {
+      "ResourceType": "Microsoft.StreamAnalytics/streamingJobs",
+      "Path": "samples/streamingjobs/main.bicep",
+      "Description": "A basic example of deploying Stream Analytics Job."
+    },
+    {
+      "ResourceType": "Microsoft.StreamAnalytics/streamingJobs/functions",
+      "Path": "samples/streamingjobs/functions/main.bicep",
+      "Description": "A basic example of deploying JavaScript UDA Function within a Stream Analytics Streaming Job."
+    },
+    {
+      "ResourceType": "Microsoft.StreamAnalytics/streamingJobs/inputs",
+      "Path": "samples/streamingjobs/inputs/main.bicep",
+      "Description": "A basic example of deploying Stream Analytics Reference Input."
+    },
+    {
+      "ResourceType": "Microsoft.StreamAnalytics/streamingJobs/outputs",
+      "Path": "samples/streamingjobs/outputs/main.bicep",
+      "Description": "A basic example of deploying Stream Analytics Output Table."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.streamanalytics/samples/clusters/main.bicep b/settings/remarks/microsoft.streamanalytics/samples/clusters/main.bicep
new file mode 100644
index 00000000..4dd506c0
--- /dev/null
+++ b/settings/remarks/microsoft.streamanalytics/samples/clusters/main.bicep
@@ -0,0 +1,11 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource cluster 'Microsoft.StreamAnalytics/clusters@2020-03-01' = {
+  name: resourceName
+  location: location
+  sku: {
+    capacity: 36
+    name: 'Default'
+  }
+}
diff --git a/settings/remarks/microsoft.streamanalytics/samples/streamingjobs/functions/main.bicep b/settings/remarks/microsoft.streamanalytics/samples/streamingjobs/functions/main.bicep
new file mode 100644
index 00000000..1e464e7a
--- /dev/null
+++ b/settings/remarks/microsoft.streamanalytics/samples/streamingjobs/functions/main.bicep
@@ -0,0 +1,59 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource streamingJob 'Microsoft.StreamAnalytics/streamingJobs@2020-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    cluster: {}
+    compatibilityLevel: '1.0'
+    contentStoragePolicy: 'SystemAccount'
+    dataLocale: 'en-GB'
+    eventsLateArrivalMaxDelayInSeconds: 60
+    eventsOutOfOrderMaxDelayInSeconds: 50
+    eventsOutOfOrderPolicy: 'Adjust'
+    jobType: 'Cloud'
+    outputErrorPolicy: 'Drop'
+    sku: {
+      name: 'Standard'
+    }
+    transformation: {
+      name: 'main'
+      properties: {
+        query: '''    SELECT *
+    INTO [YourOutputAlias]
+    FROM [YourInputAlias]
+'''
+        streamingUnits: 3
+      }
+    }
+  }
+}
+
+resource function 'Microsoft.StreamAnalytics/streamingJobs/functions@2020-03-01' = {
+  parent: streamingJob
+  name: resourceName
+  properties: {
+    properties: {
+      binding: {
+        properties: {
+          script: '''function getRandomNumber(in) {
+  return in;
+}
+'''
+        }
+        type: 'Microsoft.StreamAnalytics/JavascriptUdf'
+      }
+      inputs: [
+        {
+          dataType: 'bigint'
+          isConfigurationParameter: false
+        }
+      ]
+      output: {
+        dataType: 'bigint'
+      }
+    }
+    type: 'Scalar'
+  }
+}
diff --git a/settings/remarks/microsoft.streamanalytics/samples/streamingjobs/inputs/main.bicep b/settings/remarks/microsoft.streamanalytics/samples/streamingjobs/inputs/main.bicep
new file mode 100644
index 00000000..444d70e6
--- /dev/null
+++ b/settings/remarks/microsoft.streamanalytics/samples/streamingjobs/inputs/main.bicep
@@ -0,0 +1,78 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource iothub 'Microsoft.Devices/IotHubs@2022-04-30-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    cloudToDevice: {}
+    enableFileUploadNotifications: false
+    messagingEndpoints: {}
+    routing: {
+      fallbackRoute: {
+        condition: 'true'
+        endpointNames: [
+          'events'
+        ]
+        isEnabled: true
+        source: 'DeviceMessages'
+      }
+    }
+    storageEndpoints: {}
+  }
+  sku: {
+    capacity: 1
+    name: 'S1'
+  }
+}
+
+resource streamingJob 'Microsoft.StreamAnalytics/streamingJobs@2020-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    cluster: {}
+    compatibilityLevel: '1.0'
+    contentStoragePolicy: 'SystemAccount'
+    dataLocale: 'en-GB'
+    eventsLateArrivalMaxDelayInSeconds: 60
+    eventsOutOfOrderMaxDelayInSeconds: 50
+    eventsOutOfOrderPolicy: 'Adjust'
+    jobType: 'Cloud'
+    outputErrorPolicy: 'Drop'
+    sku: {
+      name: 'Standard'
+    }
+    transformation: {
+      name: 'main'
+      properties: {
+        query: '''   SELECT *
+   INTO [YourOutputAlias]
+   FROM [YourInputAlias]
+'''
+        streamingUnits: 3
+      }
+    }
+  }
+}
+
+resource input 'Microsoft.StreamAnalytics/streamingJobs/inputs@2020-03-01' = {
+  parent: streamingJob
+  name: resourceName
+  properties: {
+    datasource: {
+      properties: {
+        consumerGroupName: '$Default'
+        endpoint: 'messages/events'
+        iotHubNamespace: iothub.name
+        sharedAccessPolicyKey: iothub.listkeys().value[0].primaryKey
+        sharedAccessPolicyName: 'iothubowner'
+      }
+      type: 'Microsoft.Devices/IotHubs'
+    }
+    serialization: {
+      properties: {}
+      type: 'Avro'
+    }
+    type: 'Stream'
+  }
+}
diff --git a/settings/remarks/microsoft.streamanalytics/samples/streamingjobs/main.bicep b/settings/remarks/microsoft.streamanalytics/samples/streamingjobs/main.bicep
new file mode 100644
index 00000000..d84d889c
--- /dev/null
+++ b/settings/remarks/microsoft.streamanalytics/samples/streamingjobs/main.bicep
@@ -0,0 +1,31 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource streamingJob 'Microsoft.StreamAnalytics/streamingJobs@2020-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    cluster: {}
+    compatibilityLevel: '1.0'
+    contentStoragePolicy: 'SystemAccount'
+    dataLocale: 'en-GB'
+    eventsLateArrivalMaxDelayInSeconds: 60
+    eventsOutOfOrderMaxDelayInSeconds: 50
+    eventsOutOfOrderPolicy: 'Adjust'
+    jobType: 'Cloud'
+    outputErrorPolicy: 'Drop'
+    sku: {
+      name: 'Standard'
+    }
+    transformation: {
+      name: 'main'
+      properties: {
+        query: '''   SELECT *
+   INTO [YourOutputAlias]
+   FROM [YourInputAlias]
+'''
+        streamingUnits: 3
+      }
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.streamanalytics/samples/streamingjobs/outputs/main.bicep b/settings/remarks/microsoft.streamanalytics/samples/streamingjobs/outputs/main.bicep
new file mode 100644
index 00000000..a164e7d9
--- /dev/null
+++ b/settings/remarks/microsoft.streamanalytics/samples/streamingjobs/outputs/main.bicep
@@ -0,0 +1,86 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource streamingJob 'Microsoft.StreamAnalytics/streamingJobs@2020-03-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    cluster: {}
+    compatibilityLevel: '1.0'
+    contentStoragePolicy: 'SystemAccount'
+    dataLocale: 'en-GB'
+    eventsLateArrivalMaxDelayInSeconds: 60
+    eventsOutOfOrderMaxDelayInSeconds: 50
+    eventsOutOfOrderPolicy: 'Adjust'
+    jobType: 'Cloud'
+    outputErrorPolicy: 'Drop'
+    sku: {
+      name: 'Standard'
+    }
+    transformation: {
+      name: 'main'
+      properties: {
+        query: '''    SELECT *
+    INTO [YourOutputAlias]
+    FROM [YourInputAlias]
+'''
+        streamingUnits: 3
+      }
+    }
+  }
+}
+
+resource output 'Microsoft.StreamAnalytics/streamingJobs/outputs@2021-10-01-preview' = {
+  parent: streamingJob
+  name: resourceName
+  properties: {
+    datasource: {
+      properties: {
+        accountKey: storageAccount.listKeys().keys[0].value
+        accountName: storageAccount.name
+        batchSize: 100
+        partitionKey: 'foo'
+        rowKey: 'bar'
+        table: 'foobar'
+      }
+      type: 'Microsoft.Storage/Table'
+    }
+    serialization: null
+  }
+}
diff --git a/settings/remarks/microsoft.synapse/remarks.json b/settings/remarks/microsoft.synapse/remarks.json
index 82f12f69..7c7a6174 100644
--- a/settings/remarks/microsoft.synapse/remarks.json
+++ b/settings/remarks/microsoft.synapse/remarks.json
@@ -76,5 +76,67 @@
       "Path": "samples/workspaces/vulnerabilityassessments/main.tf",
       "Description": "A basic example of deploying Vulnerability Assessment for a Synapse Workspace."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Synapse/privateLinkHubs",
+      "Path": "samples/privatelinkhubs/main.bicep",
+      "Description": "A basic example of deploying Synapse Private Link Hub."
+    },
+    {
+      "ResourceType": "Microsoft.Synapse/workspaces",
+      "Path": "samples/workspaces/main.bicep",
+      "Description": "A basic example of deploying Synapse Workspace."
+    },
+    {
+      "ResourceType": "Microsoft.Synapse/workspaces/azureADOnlyAuthentications",
+      "Path": "samples/workspaces/azureadonlyauthentications/main.bicep",
+      "Description": "A basic example of deploying Synapse Workspaces Azure AD Only Authentications."
+    },
+    {
+      "ResourceType": "Microsoft.Synapse/workspaces/bigDataPools",
+      "Path": "samples/workspaces/bigdatapools/main.bicep",
+      "Description": "A basic example of deploying Synapse Spark Pool."
+    },
+    {
+      "ResourceType": "Microsoft.Synapse/workspaces/firewallRules",
+      "Path": "samples/workspaces/firewallrules/main.bicep",
+      "Description": "A basic example of deploying Synapse Firewall Rule."
+    },
+    {
+      "ResourceType": "Microsoft.Synapse/workspaces/integrationRuntimes",
+      "Path": "samples/workspaces/integrationruntimes/main.bicep",
+      "Description": "A basic example of deploying Synapse Azure Integration Runtime."
+    },
+    {
+      "ResourceType": "Microsoft.Synapse/workspaces/managedIdentitySqlControlSettings",
+      "Path": "samples/workspaces/managedidentitysqlcontrolsettings/main.bicep",
+      "Description": "A basic example of deploying Synapse Workspaces Managed Identity SQL Control Settings."
+    },
+    {
+      "ResourceType": "Microsoft.Synapse/workspaces/securityAlertPolicies",
+      "Path": "samples/workspaces/securityalertpolicies/main.bicep",
+      "Description": "A basic example of deploying Security Alert Policy for a Synapse Workspace."
+    },
+    {
+      "ResourceType": "Microsoft.Synapse/workspaces/sqlPools",
+      "Path": "samples/workspaces/sqlpools/main.bicep",
+      "Description": "A basic example of deploying Synapse SQL Pool."
+    },
+    {
+      "ResourceType": "Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments",
+      "Path": "samples/workspaces/sqlpools/vulnerabilityassessments/main.bicep",
+      "Description": "A basic example of deploying Vulnerability Assessment for a Synapse SQL Pool."
+    },
+    {
+      "ResourceType": "Microsoft.Synapse/workspaces/sqlPools/workloadGroups",
+      "Path": "samples/workspaces/sqlpools/workloadgroups/main.bicep",
+      "Description": "A basic example of deploying Synapse SQL Pool Workload Group."
+    },
+    {
+      "ResourceType": "Microsoft.Synapse/workspaces/sqlPools/workloadGroups/workloadClassifiers",
+      "Path": "samples/workspaces/sqlpools/workloadgroups/workloadclassifiers/main.bicep",
+      "Description": "A basic example of deploying Synapse SQL Pool Workload Classifier."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.synapse/samples/privatelinkhubs/main.bicep b/settings/remarks/microsoft.synapse/samples/privatelinkhubs/main.bicep
new file mode 100644
index 00000000..8670b092
--- /dev/null
+++ b/settings/remarks/microsoft.synapse/samples/privatelinkhubs/main.bicep
@@ -0,0 +1,7 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource privateLinkHub 'Microsoft.Synapse/privateLinkHubs@2021-06-01' = {
+  name: resourceName
+  location: location
+}
diff --git a/settings/remarks/microsoft.synapse/samples/workspaces/azureadonlyauthentications/main.bicep b/settings/remarks/microsoft.synapse/samples/workspaces/azureadonlyauthentications/main.bicep
new file mode 100644
index 00000000..9c13441c
--- /dev/null
+++ b/settings/remarks/microsoft.synapse/samples/workspaces/azureadonlyauthentications/main.bicep
@@ -0,0 +1,55 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus'
+@description('The SQL administrator login for the Synapse workspace')
+param sqlAdministratorLogin string
+@secure()
+@description('The SQL administrator login password for the Synapse workspace')
+param sqlAdministratorLoginPassword string
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource workspace 'Microsoft.Synapse/workspaces@2021-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    defaultDataLakeStorage: {
+      accountUrl: storageAccount.properties.primaryEndpoints.dfs
+      filesystem: container.name
+    }
+    managedVirtualNetwork: ''
+    publicNetworkAccess: 'Enabled'
+    sqlAdministratorLogin: sqlAdministratorLogin
+    sqlAdministratorLoginPassword: sqlAdministratorLoginPassword
+  }
+}
+
+resource synapseAzureadOnlyAuthentication 'Microsoft.Synapse/workspaces/azureADOnlyAuthentications@2021-06-01-preview' = {
+  parent: workspace
+  name: 'default'
+  properties: {
+    azureADOnlyAuthentication: true
+  }
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+  parent: blobService
+  name: resourceName
+  properties: {
+    metadata: {
+      key: 'value'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.synapse/samples/workspaces/bigdatapools/main.bicep b/settings/remarks/microsoft.synapse/samples/workspaces/bigdatapools/main.bicep
new file mode 100644
index 00000000..8414c368
--- /dev/null
+++ b/settings/remarks/microsoft.synapse/samples/workspaces/bigdatapools/main.bicep
@@ -0,0 +1,76 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The SQL administrator login for the Synapse workspace')
+param sqlAdministratorLogin string
+@secure()
+@description('The SQL administrator login password for the Synapse workspace')
+param sqlAdministratorLoginPassword string
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource workspace 'Microsoft.Synapse/workspaces@2021-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    defaultDataLakeStorage: {
+      accountUrl: storageAccount.properties.primaryEndpoints.dfs
+      filesystem: container.name
+    }
+
+    managedVirtualNetwork: ''
+    publicNetworkAccess: 'Enabled'
+    sqlAdministratorLogin: sqlAdministratorLogin
+    sqlAdministratorLoginPassword: sqlAdministratorLoginPassword
+  }
+}
+
+resource bigDataPool 'Microsoft.Synapse/workspaces/bigDataPools@2021-06-01-preview' = {
+  parent: workspace
+  name: resourceName
+  location: location
+  properties: {
+    autoPause: {
+      enabled: false
+    }
+    autoScale: {
+      enabled: false
+    }
+    cacheSize: 0
+    defaultSparkLogFolder: '/logs'
+    dynamicExecutorAllocation: {
+      enabled: false
+      maxExecutors: 0
+      minExecutors: 0
+    }
+    isComputeIsolationEnabled: false
+    nodeCount: 3
+    nodeSize: 'Small'
+    nodeSizeFamily: 'MemoryOptimized'
+    sessionLevelPackagesEnabled: false
+    sparkEventsFolder: '/events'
+    sparkVersion: '2.4'
+  }
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+  parent: blobService
+  name: resourceName
+  properties: {
+    metadata: {
+      key: 'value'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.synapse/samples/workspaces/firewallrules/main.bicep b/settings/remarks/microsoft.synapse/samples/workspaces/firewallrules/main.bicep
new file mode 100644
index 00000000..b556f446
--- /dev/null
+++ b/settings/remarks/microsoft.synapse/samples/workspaces/firewallrules/main.bicep
@@ -0,0 +1,57 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The SQL administrator login for the Synapse workspace')
+param sqlAdministratorLogin string
+@secure()
+@description('The SQL administrator login password for the Synapse workspace')
+param sqlAdministratorLoginPassword string
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource workspace 'Microsoft.Synapse/workspaces@2021-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    defaultDataLakeStorage: {
+      accountUrl: storageAccount.properties.primaryEndpoints.dfs
+      filesystem: container.name
+    }
+
+    managedVirtualNetwork: ''
+    publicNetworkAccess: 'Enabled'
+    sqlAdministratorLogin: sqlAdministratorLogin
+    sqlAdministratorLoginPassword: sqlAdministratorLoginPassword
+  }
+}
+
+resource firewallRule 'Microsoft.Synapse/workspaces/firewallRules@2021-06-01' = {
+  parent: workspace
+  name: 'AllowAll'
+  properties: {
+    endIpAddress: '255.255.255.255'
+    startIpAddress: '0.0.0.0'
+  }
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+  parent: blobService
+  name: resourceName
+  properties: {
+    metadata: {
+      key: 'value'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.synapse/samples/workspaces/integrationruntimes/main.bicep b/settings/remarks/microsoft.synapse/samples/workspaces/integrationruntimes/main.bicep
new file mode 100644
index 00000000..32629f13
--- /dev/null
+++ b/settings/remarks/microsoft.synapse/samples/workspaces/integrationruntimes/main.bicep
@@ -0,0 +1,57 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The SQL administrator login for the Synapse workspace')
+param sqlAdministratorLogin string
+@secure()
+@description('The SQL administrator login password for the Synapse workspace')
+param sqlAdministratorLoginPassword string
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource workspace 'Microsoft.Synapse/workspaces@2021-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    defaultDataLakeStorage: {
+      accountUrl: storageAccount.properties.primaryEndpoints.dfs
+      filesystem: container.name
+    }
+
+    managedVirtualNetwork: 'default'
+    publicNetworkAccess: 'Enabled'
+    sqlAdministratorLogin: sqlAdministratorLogin
+    sqlAdministratorLoginPassword: sqlAdministratorLoginPassword
+  }
+}
+
+resource integrationRuntime 'Microsoft.Synapse/workspaces/integrationRuntimes@2021-06-01-preview' = {
+  parent: workspace
+  name: resourceName
+  properties: {
+    description: 'test'
+    type: 'SelfHosted'
+  }
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+  parent: blobService
+  name: resourceName
+  properties: {
+    metadata: {
+      key: 'value'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.synapse/samples/workspaces/main.bicep b/settings/remarks/microsoft.synapse/samples/workspaces/main.bicep
new file mode 100644
index 00000000..63bdfeb2
--- /dev/null
+++ b/settings/remarks/microsoft.synapse/samples/workspaces/main.bicep
@@ -0,0 +1,47 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The SQL administrator login name for the Synapse workspace')
+param sqlAdministratorLogin string
+@secure()
+@description('The SQL administrator login password for the Synapse workspace')
+param sqlAdministratorLoginPassword string
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource workspace 'Microsoft.Synapse/workspaces@2021-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    defaultDataLakeStorage: {
+      accountUrl: storageAccount.properties.primaryEndpoints.dfs
+      filesystem: container.name
+    }
+    managedVirtualNetwork: ''
+    publicNetworkAccess: 'Enabled'
+    sqlAdministratorLogin: sqlAdministratorLogin
+    sqlAdministratorLoginPassword: sqlAdministratorLoginPassword
+  }
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+  parent: blobService
+  name: resourceName
+  properties: {
+    metadata: {
+      key: 'value'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.synapse/samples/workspaces/managedidentitysqlcontrolsettings/main.bicep b/settings/remarks/microsoft.synapse/samples/workspaces/managedidentitysqlcontrolsettings/main.bicep
new file mode 100644
index 00000000..2b54ab6d
--- /dev/null
+++ b/settings/remarks/microsoft.synapse/samples/workspaces/managedidentitysqlcontrolsettings/main.bicep
@@ -0,0 +1,58 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The SQL administrator login name for the Synapse workspace')
+param sqlAdministratorLogin string
+@secure()
+@description('The SQL administrator login password for the Synapse workspace')
+param sqlAdministratorLoginPassword string
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource workspace 'Microsoft.Synapse/workspaces@2021-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    defaultDataLakeStorage: {
+      accountUrl: storageAccount.properties.primaryEndpoints.dfs
+      filesystem: container.name
+    }
+
+    managedVirtualNetwork: ''
+    publicNetworkAccess: 'Enabled'
+    sqlAdministratorLogin: sqlAdministratorLogin
+    sqlAdministratorLoginPassword: sqlAdministratorLoginPassword
+  }
+}
+
+resource managedIdentitySqlControlSetting 'Microsoft.Synapse/workspaces/managedIdentitySqlControlSettings@2021-06-01' = {
+  parent: workspace
+  name: 'default'
+  properties: {
+    grantSqlControlToManagedIdentity: {
+      desiredState: 'Disabled'
+    }
+  }
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+  parent: blobService
+  name: resourceName
+  properties: {
+    metadata: {
+      key: 'value'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.synapse/samples/workspaces/securityalertpolicies/main.bicep b/settings/remarks/microsoft.synapse/samples/workspaces/securityalertpolicies/main.bicep
new file mode 100644
index 00000000..2a327d4b
--- /dev/null
+++ b/settings/remarks/microsoft.synapse/samples/workspaces/securityalertpolicies/main.bicep
@@ -0,0 +1,58 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The SQL administrator login name for the Synapse workspace')
+param sqlAdministratorLogin string
+@secure()
+@description('The SQL administrator login password for the Synapse workspace')
+param sqlAdministratorLoginPassword string
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource workspace 'Microsoft.Synapse/workspaces@2021-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    defaultDataLakeStorage: {
+      accountUrl: storageAccount.properties.primaryEndpoints.dfs
+      filesystem: container.name
+    }
+
+    managedVirtualNetwork: ''
+    publicNetworkAccess: 'Enabled'
+    sqlAdministratorLogin: sqlAdministratorLogin
+    sqlAdministratorLoginPassword: sqlAdministratorLoginPassword
+  }
+}
+
+resource securityAlertPolicy 'Microsoft.Synapse/workspaces/securityAlertPolicies@2021-06-01' = {
+  parent: workspace
+  name: 'Default'
+  properties: {
+    state: 'Enabled'
+    storageAccountAccessKey: storageAccount.listKeys().keys[0].value
+    storageEndpoint: storageAccount.properties.primaryEndpoints.blob
+  }
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+  parent: blobService
+  name: resourceName
+  properties: {
+    metadata: {
+      key: 'value'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/main.bicep b/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/main.bicep
new file mode 100644
index 00000000..b6f07408
--- /dev/null
+++ b/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/main.bicep
@@ -0,0 +1,60 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The SQL administrator login name for the Synapse workspace')
+param sqlAdministratorLogin string
+@secure()
+@description('The SQL administrator login password for the Synapse workspace')
+param sqlAdministratorLoginPassword string
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource workspace 'Microsoft.Synapse/workspaces@2021-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    defaultDataLakeStorage: {
+      accountUrl: storageAccount.properties.primaryEndpoints.dfs
+      filesystem: container.name
+    }
+
+    managedVirtualNetwork: ''
+    publicNetworkAccess: 'Enabled'
+    sqlAdministratorLogin: sqlAdministratorLogin
+    sqlAdministratorLoginPassword: sqlAdministratorLoginPassword
+  }
+}
+
+resource sqlPool 'Microsoft.Synapse/workspaces/sqlPools@2021-06-01' = {
+  parent: workspace
+  name: resourceName
+  location: location
+  properties: {
+    createMode: 'Default'
+  }
+  sku: {
+    name: 'DW100c'
+  }
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+  parent: blobService
+  name: resourceName
+  properties: {
+    metadata: {
+      key: 'value'
+    }
+  }
+}
diff --git a/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/vulnerabilityassessments/main.bicep b/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/vulnerabilityassessments/main.bicep
new file mode 100644
index 00000000..efbceb15
--- /dev/null
+++ b/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/vulnerabilityassessments/main.bicep
@@ -0,0 +1,68 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The SQL administrator login for the Synapse workspace')
+param sqlAdministratorLogin string
+@secure()
+@description('The SQL administrator login password for the Synapse workspace')
+param sqlAdministratorLoginPassword string
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource workspace 'Microsoft.Synapse/workspaces@2021-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    defaultDataLakeStorage: {
+      accountUrl: storageAccount.properties.primaryEndpoints.dfs
+      filesystem: container.name
+    }
+    managedVirtualNetwork: ''
+    publicNetworkAccess: 'Enabled'
+    sqlAdministratorLogin: sqlAdministratorLogin
+    sqlAdministratorLoginPassword: sqlAdministratorLoginPassword
+  }
+}
+
+resource sqlPool 'Microsoft.Synapse/workspaces/sqlPools@2021-06-01' = {
+  parent: workspace
+  name: resourceName
+  location: location
+  properties: {
+    createMode: 'Default'
+  }
+  sku: {
+    name: 'DW100c'
+  }
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+  parent: blobService
+  name: resourceName
+  properties: {
+    metadata: {
+      key: 'value'
+    }
+  }
+}
+
+resource vulnerabilityAssessment 'Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments@2021-06-01' = {
+  parent: sqlPool
+  name: 'default'
+  properties: {
+    storageAccountAccessKey: storageAccount.listKeys().keys[0].value
+    storageContainerPath: 'https://${storageAccount.name}.blob.core.windows.net/${container.name}/'
+  }
+}
diff --git a/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/workloadgroups/main.bicep b/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/workloadgroups/main.bicep
new file mode 100644
index 00000000..b92ed4a2
--- /dev/null
+++ b/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/workloadgroups/main.bicep
@@ -0,0 +1,71 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The SQL administrator login for the Synapse workspace')
+param sqlAdministratorLogin string
+@secure()
+@description('The SQL administrator login password for the Synapse workspace')
+param sqlAdministratorLoginPassword string
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource workspace 'Microsoft.Synapse/workspaces@2021-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    defaultDataLakeStorage: {
+      accountUrl: storageAccount.properties.primaryEndpoints.dfs
+      filesystem: container.name
+    }
+    managedVirtualNetwork: ''
+    publicNetworkAccess: 'Enabled'
+    sqlAdministratorLogin: sqlAdministratorLogin
+    sqlAdministratorLoginPassword: sqlAdministratorLoginPassword
+  }
+}
+
+resource sqlPool 'Microsoft.Synapse/workspaces/sqlPools@2021-06-01' = {
+  parent: workspace
+  name: resourceName
+  location: location
+  properties: {
+    createMode: 'Default'
+  }
+  sku: {
+    name: 'DW100c'
+  }
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+  parent: blobService
+  name: resourceName
+  properties: {
+    metadata: {
+      key: 'value'
+    }
+  }
+}
+
+resource workloadGroup 'Microsoft.Synapse/workspaces/sqlPools/workloadGroups@2021-06-01' = {
+  parent: sqlPool
+  name: resourceName
+  properties: {
+    importance: 'normal'
+    maxResourcePercent: 100
+    maxResourcePercentPerRequest: 3
+    minResourcePercent: 0
+    minResourcePercentPerRequest: 3
+  }
+}
diff --git a/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/workloadgroups/workloadclassifiers/main.bicep b/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/workloadgroups/workloadclassifiers/main.bicep
new file mode 100644
index 00000000..54aadcb8
--- /dev/null
+++ b/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/workloadgroups/workloadclassifiers/main.bicep
@@ -0,0 +1,80 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@description('The SQL administrator login for the Synapse workspace')
+param sqlAdministratorLogin string
+@secure()
+@description('The SQL administrator login password for the Synapse workspace')
+param sqlAdministratorLoginPassword string
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' existing = {
+  parent: storageAccount
+  name: 'default'
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {}
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource workspace 'Microsoft.Synapse/workspaces@2021-06-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    defaultDataLakeStorage: {
+      accountUrl: storageAccount.properties.primaryEndpoints.dfs
+      filesystem: container.name
+    }
+
+    managedVirtualNetwork: ''
+    publicNetworkAccess: 'Enabled'
+    sqlAdministratorLogin: sqlAdministratorLogin
+    sqlAdministratorLoginPassword: sqlAdministratorLoginPassword
+  }
+}
+
+resource sqlPool 'Microsoft.Synapse/workspaces/sqlPools@2021-06-01' = {
+  parent: workspace
+  name: resourceName
+  location: location
+  properties: {
+    createMode: 'Default'
+  }
+  sku: {
+    name: 'DW100c'
+  }
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
+  parent: blobService
+  name: resourceName
+  properties: {
+    metadata: {
+      key: 'value'
+    }
+  }
+}
+
+resource workloadGroup 'Microsoft.Synapse/workspaces/sqlPools/workloadGroups@2021-06-01' = {
+  parent: sqlPool
+  name: resourceName
+  properties: {
+    importance: 'normal'
+    maxResourcePercent: 100
+    maxResourcePercentPerRequest: 3
+    minResourcePercent: 0
+    minResourcePercentPerRequest: 3
+  }
+}
+
+resource workloadClassifier 'Microsoft.Synapse/workspaces/sqlPools/workloadGroups/workloadClassifiers@2021-06-01' = {
+  parent: workloadGroup
+  name: resourceName
+  properties: {
+    memberName: 'dbo'
+  }
+}
diff --git a/settings/remarks/microsoft.timeseriesinsights/remarks.json b/settings/remarks/microsoft.timeseriesinsights/remarks.json
index 39042a37..24289959 100644
--- a/settings/remarks/microsoft.timeseriesinsights/remarks.json
+++ b/settings/remarks/microsoft.timeseriesinsights/remarks.json
@@ -21,5 +21,27 @@
       "Path": "samples/environments/referencedatasets/main.tf",
       "Description": "A basic example of deploying Time Series Insights Environments Reference Data Sets."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.TimeSeriesInsights/environments",
+      "Path": "samples/environments/main.bicep",
+      "Description": "A basic example of deploying Time Series Insights Environments."
+    },
+    {
+      "ResourceType": "Microsoft.TimeSeriesInsights/environments/accessPolicies",
+      "Path": "samples/environments/accesspolicies/main.bicep",
+      "Description": "A basic example of deploying Time Series Insights Environments Access Policies."
+    },
+    {
+      "ResourceType": "Microsoft.TimeSeriesInsights/environments/eventSources",
+      "Path": "samples/environments/eventsources/main.bicep",
+      "Description": "A basic example of deploying Time Series Insights Environments Event Sources."
+    },
+    {
+      "ResourceType": "Microsoft.TimeSeriesInsights/environments/referenceDataSets",
+      "Path": "samples/environments/referencedatasets/main.bicep",
+      "Description": "A basic example of deploying Time Series Insights Environments Reference Data Sets."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.timeseriesinsights/samples/environments/accesspolicies/main.bicep b/settings/remarks/microsoft.timeseriesinsights/samples/environments/accesspolicies/main.bicep
new file mode 100644
index 00000000..da33ae18
--- /dev/null
+++ b/settings/remarks/microsoft.timeseriesinsights/samples/environments/accesspolicies/main.bicep
@@ -0,0 +1,28 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource environment 'Microsoft.TimeSeriesInsights/environments@2020-05-15' = {
+  name: resourceName
+  location: location
+  kind: 'Gen1'
+  properties: {
+    dataRetentionTime: 'P30D'
+    storageLimitExceededBehavior: 'PurgeOldData'
+  }
+  sku: {
+    capacity: 1
+    name: 'S1'
+  }
+}
+
+resource accessPolicy 'Microsoft.TimeSeriesInsights/environments/accessPolicies@2020-05-15' = {
+  parent: environment
+  name: resourceName
+  properties: {
+    description: ''
+    principalObjectId: 'aGUID'
+    roles: [
+      'Reader'
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.timeseriesinsights/samples/environments/eventsources/main.bicep b/settings/remarks/microsoft.timeseriesinsights/samples/environments/eventsources/main.bicep
new file mode 100644
index 00000000..9d649fbb
--- /dev/null
+++ b/settings/remarks/microsoft.timeseriesinsights/samples/environments/eventsources/main.bicep
@@ -0,0 +1,103 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource iothub 'Microsoft.Devices/IotHubs@2022-04-30-preview' = {
+  name: resourceName
+  location: location
+  properties: {
+    cloudToDevice: {}
+    enableFileUploadNotifications: false
+    messagingEndpoints: {}
+    routing: {
+      fallbackRoute: {
+        condition: 'true'
+        endpointNames: [
+          'events'
+        ]
+        isEnabled: true
+        source: 'DeviceMessages'
+      }
+    }
+    storageEndpoints: {}
+  }
+  sku: {
+    capacity: 1
+    name: 'B1'
+  }
+  tags: {
+    purpose: 'testing'
+  }
+}
+
+resource environment 'Microsoft.TimeSeriesInsights/environments@2020-05-15' = {
+  name: resourceName
+  location: location
+  kind: 'Gen2'
+  properties: {
+    storageConfiguration: {
+      accountName: storageAccount.name
+      managementKey: storageAccount.listKeys().keys[0].value
+    }
+    timeSeriesIdProperties: [
+      {
+        name: 'id'
+        type: 'String'
+      }
+    ]
+  }
+  sku: {
+    capacity: 1
+    name: 'L1'
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: resourceName
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: true
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      defaultAction: 'Allow'
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource eventSource 'Microsoft.TimeSeriesInsights/environments/eventSources@2020-05-15' = {
+  parent: environment
+  name: resourceName
+  location: location
+  kind: 'Microsoft.IoTHub'
+  properties: {
+    consumerGroupName: 'test'
+    eventSourceResourceId: iothub.id
+    iotHubName: iothub.name
+    keyName: 'iothubowner'
+    sharedAccessKey: iothub.listkeys().value[0].primaryKey
+    timestampPropertyName: ''
+  }
+}
diff --git a/settings/remarks/microsoft.timeseriesinsights/samples/environments/main.bicep b/settings/remarks/microsoft.timeseriesinsights/samples/environments/main.bicep
new file mode 100644
index 00000000..773185ef
--- /dev/null
+++ b/settings/remarks/microsoft.timeseriesinsights/samples/environments/main.bicep
@@ -0,0 +1,16 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource environment 'Microsoft.TimeSeriesInsights/environments@2020-05-15' = {
+  name: resourceName
+  location: location
+  kind: 'Gen1'
+  properties: {
+    dataRetentionTime: 'P30D'
+    storageLimitExceededBehavior: 'PurgeOldData'
+  }
+  sku: {
+    capacity: 1
+    name: 'S1'
+  }
+}
diff --git a/settings/remarks/microsoft.timeseriesinsights/samples/environments/referencedatasets/main.bicep b/settings/remarks/microsoft.timeseriesinsights/samples/environments/referencedatasets/main.bicep
new file mode 100644
index 00000000..f7bf257f
--- /dev/null
+++ b/settings/remarks/microsoft.timeseriesinsights/samples/environments/referencedatasets/main.bicep
@@ -0,0 +1,31 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource environment 'Microsoft.TimeSeriesInsights/environments@2020-05-15' = {
+  name: resourceName
+  location: location
+  kind: 'Gen1'
+  properties: {
+    dataRetentionTime: 'P30D'
+    storageLimitExceededBehavior: 'PurgeOldData'
+  }
+  sku: {
+    capacity: 1
+    name: 'S1'
+  }
+}
+
+resource referenceDataSet 'Microsoft.TimeSeriesInsights/environments/referenceDataSets@2020-05-15' = {
+  parent: environment
+  name: resourceName
+  location: location
+  properties: {
+    dataStringComparisonBehavior: 'Ordinal'
+    keyProperties: [
+      {
+        name: 'keyProperty1'
+        type: 'String'
+      }
+    ]
+  }
+}
diff --git a/settings/remarks/microsoft.videoindexer/remarks.json b/settings/remarks/microsoft.videoindexer/remarks.json
index 8e30a0b3..8cca65bf 100644
--- a/settings/remarks/microsoft.videoindexer/remarks.json
+++ b/settings/remarks/microsoft.videoindexer/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/accounts/main.tf",
       "Description": "A basic example of deploying Video Indexer Account."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.VideoIndexer/accounts",
+      "Path": "samples/accounts/main.bicep",
+      "Description": "A basic example of deploying Video Indexer Account."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.videoindexer/samples/accounts/main.bicep b/settings/remarks/microsoft.videoindexer/samples/accounts/main.bicep
new file mode 100644
index 00000000..305a02af
--- /dev/null
+++ b/settings/remarks/microsoft.videoindexer/samples/accounts/main.bicep
@@ -0,0 +1,60 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource account 'Microsoft.VideoIndexer/accounts@2025-04-01' = {
+  name: '${resourceName}-vi'
+  location: location
+  properties: {
+    storageServices: {
+      resourceId: storageAccount.id
+      userAssignedIdentity: ''
+    }
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' = {
+  name: '${replace(resourceName, '-', '')}sa'
+  location: location
+  kind: 'StorageV2'
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: true
+    allowCrossTenantReplication: false
+    allowSharedKeyAccess: true
+    defaultToOAuthAuthentication: false
+    dnsEndpointType: 'Standard'
+    encryption: {
+      keySource: 'Microsoft.Storage'
+      services: {
+        queue: {
+          keyType: 'Service'
+        }
+        table: {
+          keyType: 'Service'
+        }
+      }
+    }
+    isHnsEnabled: false
+    isLocalUserEnabled: true
+    isNfsV3Enabled: false
+    isSftpEnabled: false
+    minimumTlsVersion: 'TLS1_2'
+    networkAcls: {
+      bypass: 'AzureServices'
+      defaultAction: 'Allow'
+      ipRules: []
+      resourceAccessRules: []
+      virtualNetworkRules: []
+    }
+    publicNetworkAccess: 'Enabled'
+    supportsHttpsTrafficOnly: true
+  }
+  sku: {
+    name: 'Standard_LRS'
+  }
+}
+
+resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: '${resourceName}-identity'
+  location: location
+}
diff --git a/settings/remarks/microsoft.voiceservices/remarks.json b/settings/remarks/microsoft.voiceservices/remarks.json
index 30499944..84401bf8 100644
--- a/settings/remarks/microsoft.voiceservices/remarks.json
+++ b/settings/remarks/microsoft.voiceservices/remarks.json
@@ -11,5 +11,17 @@
       "Path": "samples/communicationsgateways/testlines/main.tf",
       "Description": "A basic example of deploying Voice Services Communications Gateway Test Line."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.VoiceServices/communicationsGateways",
+      "Path": "samples/communicationsgateways/main.bicep",
+      "Description": "A basic example of deploying Voice Services Communications Gateways."
+    },
+    {
+      "ResourceType": "Microsoft.VoiceServices/communicationsGateways/testLines",
+      "Path": "samples/communicationsgateways/testlines/main.bicep",
+      "Description": "A basic example of deploying Voice Services Communications Gateway Test Line."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.voiceservices/samples/communicationsgateways/main.bicep b/settings/remarks/microsoft.voiceservices/samples/communicationsgateways/main.bicep
new file mode 100644
index 00000000..259c0806
--- /dev/null
+++ b/settings/remarks/microsoft.voiceservices/samples/communicationsgateways/main.bicep
@@ -0,0 +1,49 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus2euap'
+
+resource communicationsGateway 'Microsoft.VoiceServices/communicationsGateways@2023-01-31' = {
+  name: resourceName
+  location: location
+  properties: {
+    autoGeneratedDomainNameLabelScope: 'NoReuse'
+    codecs: [
+      'PCMA'
+    ]
+    connectivity: 'PublicAddress'
+    e911Type: 'Standard'
+    platforms: [
+      'OperatorConnect'
+    ]
+    serviceLocations: [
+      {
+        name: 'useast'
+        primaryRegionProperties: {
+          allowedMediaSourceAddressPrefixes: [
+            '10.1.2.0/24'
+          ]
+          allowedSignalingSourceAddressPrefixes: [
+            '10.1.1.0/24'
+          ]
+          operatorAddresses: [
+            '198.51.100.1'
+          ]
+        }
+      }
+      {
+        name: 'useast2'
+        primaryRegionProperties: {
+          allowedMediaSourceAddressPrefixes: [
+            '10.2.2.0/24'
+          ]
+          allowedSignalingSourceAddressPrefixes: [
+            '10.2.1.0/24'
+          ]
+          operatorAddresses: [
+            '198.51.100.2'
+          ]
+        }
+      }
+    ]
+    teamsVoicemailPilotNumber: '1234567890'
+  }
+}
diff --git a/settings/remarks/microsoft.voiceservices/samples/communicationsgateways/testlines/main.bicep b/settings/remarks/microsoft.voiceservices/samples/communicationsgateways/testlines/main.bicep
new file mode 100644
index 00000000..66d475f3
--- /dev/null
+++ b/settings/remarks/microsoft.voiceservices/samples/communicationsgateways/testlines/main.bicep
@@ -0,0 +1,59 @@
+param resourceName string = 'acctest0001'
+param location string = 'eastus2euap'
+
+resource communicationsGateway 'Microsoft.VoiceServices/communicationsGateways@2023-01-31' = {
+  name: resourceName
+  location: location
+  properties: {
+    autoGeneratedDomainNameLabelScope: 'NoReuse'
+    codecs: [
+      'PCMA'
+    ]
+    connectivity: 'PublicAddress'
+    e911Type: 'Standard'
+    platforms: [
+      'OperatorConnect'
+    ]
+    serviceLocations: [
+      {
+        name: 'useast'
+        primaryRegionProperties: {
+          allowedMediaSourceAddressPrefixes: [
+            '10.1.2.0/24'
+          ]
+          allowedSignalingSourceAddressPrefixes: [
+            '10.1.1.0/24'
+          ]
+          operatorAddresses: [
+            '198.51.100.1'
+          ]
+        }
+      }
+      {
+        name: 'useast2'
+        primaryRegionProperties: {
+          allowedMediaSourceAddressPrefixes: [
+            '10.2.2.0/24'
+          ]
+          allowedSignalingSourceAddressPrefixes: [
+            '10.2.1.0/24'
+          ]
+          operatorAddresses: [
+            '198.51.100.2'
+          ]
+        }
+      }
+    ]
+    teamsVoicemailPilotNumber: '1234567890'
+  }
+}
+
+resource testline 'Microsoft.VoiceServices/communicationsGateways/testLines@2023-01-31' = {
+  parent: communicationsGateway
+  name: resourceName
+  location: location
+  properties: {
+    phoneNumber: '123456789'
+    purpose: 'Automated'
+  }
+}
diff --git a/settings/remarks/microsoft.web/remarks.json b/settings/remarks/microsoft.web/remarks.json
index 3c8d1534..893c9a34 100644
--- a/settings/remarks/microsoft.web/remarks.json
+++ b/settings/remarks/microsoft.web/remarks.json
@@ -75,5 +75,52 @@
       "Path": "samples/staticsites/customdomains/main.tf",
       "Description": "A basic example of deploying Static Web App Custom Domain."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Microsoft.Web/serverfarms",
+      "Path": "samples/serverfarms/main.bicep",
+      "Description": "A basic example of deploying App Service: Service Plan."
+    },
+    {
+      "ResourceType": "Microsoft.Web/sites",
+      "Path": "samples/sites/main.bicep",
+      "Description": "A basic example of deploying Function App, Web App, or Logic App."
+    },
+    {
+      "ResourceType": "Microsoft.Web/sites/config",
+      "Path": "samples/sites/config/main.bicep",
+      "Description": "A basic example of deploying App Service Virtual Network Association."
+    },
+    {
+      "ResourceType": "Microsoft.Web/sites/publicCertificates",
+      "Path": "samples/sites/publiccertificates/main.bicep",
+      "Description": "A basic example of deploying App Service Public Certificate."
+    },
+    {
+      "ResourceType": "Microsoft.Web/sites/siteextensions",
+      "Path": "samples/sites/siteextensions/main.bicep",
+      "Description": "A basic example of deploying Web Sites Site Extensions."
+    },
+    {
+      "ResourceType": "Microsoft.Web/sites/slots",
+      "Path": "samples/sites/slots/main.bicep",
+      "Description": "A basic example of deploying App Service Slot (within an App Service)."
+    },
+    {
+      "ResourceType": "Microsoft.Web/sites/slots/config",
+      "Path": "samples/sites/slots/config/main.bicep",
+      "Description": "A basic example of deploying App Service's Slot Virtual Network Association."
+    },
+    {
+      "ResourceType": "Microsoft.Web/staticSites",
+      "Path": "samples/staticsites/main.bicep",
+      "Description": "A basic example of deploying Static Web App."
+    },
+    {
+      "ResourceType": "Microsoft.Web/staticSites/customDomains",
+      "Path": "samples/staticsites/customdomains/main.bicep",
+      "Description": "A basic example of deploying Static Web App Custom Domain."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/microsoft.web/samples/serverfarms/main.bicep b/settings/remarks/microsoft.web/samples/serverfarms/main.bicep
new file mode 100644
index 00000000..ac77f6af
--- /dev/null
+++ b/settings/remarks/microsoft.web/samples/serverfarms/main.bicep
@@ -0,0 +1,16 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource serverfarm 'Microsoft.Web/serverfarms@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    hyperV: false
+    perSiteScaling: false
+    reserved: false
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'S1'
+  }
+}
diff --git a/settings/remarks/microsoft.web/samples/sites/config/main.bicep b/settings/remarks/microsoft.web/samples/sites/config/main.bicep
new file mode 100644
index 00000000..bdfaa837
--- /dev/null
+++ b/settings/remarks/microsoft.web/samples/sites/config/main.bicep
@@ -0,0 +1,56 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource serverfarm 'Microsoft.Web/serverfarms@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    hyperV: false
+    perSiteScaling: false
+    reserved: false
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'S1'
+  }
+}
+
+resource site 'Microsoft.Web/sites@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    clientAffinityEnabled: false
+    clientCertEnabled: false
+    clientCertMode: 'Required'
+    enabled: true
+    httpsOnly: false
+    publicNetworkAccess: 'Enabled'
+    serverFarmId: serverfarm.id
+    siteConfig: {
+      acrUseManagedIdentityCreds: false
+      alwaysOn: true
+      autoHealEnabled: false
+      ftpsState: 'Disabled'
+      http20Enabled: false
+      loadBalancing: 'LeastRequests'
+      localMySqlEnabled: false
+      managedPipelineMode: 'Integrated'
+      minTlsVersion: '1.2'
+      publicNetworkAccess: 'Enabled'
+      remoteDebuggingEnabled: false
+      scmIpSecurityRestrictionsUseMain: false
+      scmMinTlsVersion: '1.2'
+      use32BitWorkerProcess: true
+      vnetRouteAllEnabled: false
+      webSocketsEnabled: false
+      windowsFxVersion: ''
+    }
+    vnetRouteAllEnabled: false
+  }
+}
+
+resource config 'Microsoft.Web/sites/config@2022-09-01' = {
+  parent: site
+  name: 'azurestorageaccounts'
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.web/samples/sites/main.bicep b/settings/remarks/microsoft.web/samples/sites/main.bicep
new file mode 100644
index 00000000..84754e11
--- /dev/null
+++ b/settings/remarks/microsoft.web/samples/sites/main.bicep
@@ -0,0 +1,50 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource serverfarm 'Microsoft.Web/serverfarms@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    hyperV: false
+    perSiteScaling: false
+    reserved: false
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'S1'
+  }
+}
+
+resource site 'Microsoft.Web/sites@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    clientAffinityEnabled: false
+    clientCertEnabled: false
+    clientCertMode: 'Required'
+    enabled: true
+    httpsOnly: false
+    publicNetworkAccess: 'Enabled'
+    serverFarmId: serverfarm.id
+    siteConfig: {
+      acrUseManagedIdentityCreds: false
+      alwaysOn: true
+      autoHealEnabled: false
+      ftpsState: 'Disabled'
+      http20Enabled: false
+      loadBalancing: 'LeastRequests'
+      localMySqlEnabled: false
+      managedPipelineMode: 'Integrated'
+      minTlsVersion: '1.2'
+      publicNetworkAccess: 'Enabled'
+      remoteDebuggingEnabled: false
+      scmIpSecurityRestrictionsUseMain: false
+      scmMinTlsVersion: '1.2'
+      use32BitWorkerProcess: true
+      vnetRouteAllEnabled: false
+      webSocketsEnabled: false
+      windowsFxVersion: ''
+    }
+    vnetRouteAllEnabled: false
+  }
+}
diff --git a/settings/remarks/microsoft.web/samples/sites/publiccertificates/main.bicep b/settings/remarks/microsoft.web/samples/sites/publiccertificates/main.bicep
new file mode 100644
index 00000000..b98d9d7a
--- /dev/null
+++ b/settings/remarks/microsoft.web/samples/sites/publiccertificates/main.bicep
@@ -0,0 +1,39 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource serverfarm 'Microsoft.Web/serverfarms@2021-02-01' = {
+  name: resourceName
+  location: location
+  kind: 'Windows'
+  properties: {
+    isXenon: false
+  }
+  sku: {
+    capacity: 1
+    name: 'S1'
+    size: 'S1'
+    tier: 'Standard'
+  }
+}
+
+resource site 'Microsoft.Web/sites@2021-02-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    clientAffinityEnabled: false
+    clientCertEnabled: false
+    enabled: true
+    httpsOnly: false
+    serverFarmId: serverfarm.id
+    siteConfig: {}
+  }
+}
+
+resource publicCertificate 'Microsoft.Web/sites/publicCertificates@2022-09-01' = {
+  parent: site
+  name: resourceName
+  properties: {
+    blob: 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNzakNDQVpvQ0NRQ01kdDdEdnlnUHREQU5CZ2txaGtpRzl3MEJBUXNGQURBYk1Sa3dGd1lEVlFRRERCQmgKY0drdWRHVnljbUZtYjNKdExtbHZNQjRYRFRFNE1EY3dOVEV3TXpNek1Gb1hEVEk0TURjd01qRXdNek16TUZvdwpHekVaTUJjR0ExVUVBd3dRWVhCcExuUmxjbkpoWm05eWJTNXBiekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBS1FXMzMyT2wyOENzaWRBaGVEMWFMOVVsOEpXbktMZGFWeEtaM3NzbDVDWGpQRE8KbU03SVhrMFNnYlFuVUM4bElsUEZaaURHYlExc0I2T1RNdW42Wlo0aXBMcDgwZHRsMHJvQ0x0Q25EUU9CR3pDTgpBckNZQW9YUnVyamtYRVk3dHBEMHd3dFU3MiszN2gzSFE0ZzBWUzZWSXRKQ3FKOVFBRFYrSE8yWld1WlRlejcwCk1ob0w2T0xmWlA3SEdZZEpES2dmRVZORjVYbGJWek5BR2tESUpGZGhqTnh5R0d1NU5mc20xcGZRaEF5dW5razcKSlZhbWpVZzVJb2pSZG82M0lTOXd3ek1PZGVHU0FiQmNzSmZZZUNmVmcya3VwUjhxMFRtWit4OTNSbW1PbGJTaQo2NmtFWXhSelo5WUNRZUhKbW4xWWZKOTJCcENVaXk5QTZaMWlhS1VDQXdFQUFUQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBSjdKaGxlY1A3SjQ4d0kyUUhUTWJBTWtrV0J2L2lXcTEvUUlGNHVnSDNaYjVQb3JPditOZmhRMEwKbFdpdy9Tek44QWU5NXZVaXhBR1lITVNhMjhvdW1NNUsxT3NxS0VrVklvMUFvQkg4bkJ6K1ZjVHBSRC9tSFhvdApBSFBBWnQ5ajVMcWVIWCtlblI2UmJJTkFmM2puK1lVM01kVmUwTXNBRGRGQVNWRGZqbVFQMlI3bzlhSmIvUXFPCmczYlpCV3NpQkRFSVNmeWFIMitwZ1VNN3d0d0VvRldtRU1sZ2pMSzFNUkJzMWNEWlhxbkhhQ2QvcnMrTm1XVjkKbmFFdTd4NWZ5UU9rNEhvemtwd2VSK0p4MXNCbFRSc2E0OS9xU0h0LzZVTEtmTzAxL2NUczRpRjcxeWtYUGJoMwpLajljSTJ1bzlhWXRYa3hraEtyR3lVcEE3RkpxV3c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=='
+    publicCertificateLocation: 'Unknown'
+  }
+}
diff --git a/settings/remarks/microsoft.web/samples/sites/siteextensions/main.bicep b/settings/remarks/microsoft.web/samples/sites/siteextensions/main.bicep
new file mode 100644
index 00000000..94f2c216
--- /dev/null
+++ b/settings/remarks/microsoft.web/samples/sites/siteextensions/main.bicep
@@ -0,0 +1,57 @@
+param resourceName string = 'acctest0001'
+param resourceSiteName string = 'acctestsite0001'
+param location string = 'westeurope'
+
+resource serverfarm 'Microsoft.Web/serverfarms@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    hyperV: false
+    perSiteScaling: false
+    reserved: false
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'S1'
+  }
+}
+
+resource site 'Microsoft.Web/sites@2022-09-01' = {
+  name: resourceSiteName
+  location: location
+  properties: {
+    clientAffinityEnabled: false
+    clientCertEnabled: false
+    clientCertMode: 'Required'
+    enabled: true
+    httpsOnly: false
+    publicNetworkAccess: 'Enabled'
+    serverFarmId: serverfarm.id
+    siteConfig: {
+      acrUseManagedIdentityCreds: false
+      alwaysOn: true
+      autoHealEnabled: false
+      ftpsState: 'Disabled'
+      http20Enabled: false
+      loadBalancing: 'LeastRequests'
+      localMySqlEnabled: false
+      managedPipelineMode: 'Integrated'
+      minTlsVersion: '1.2'
+      publicNetworkAccess: 'Enabled'
+      remoteDebuggingEnabled: false
+      scmIpSecurityRestrictionsUseMain: false
+      scmMinTlsVersion: '1.2'
+      use32BitWorkerProcess: true
+      vnetRouteAllEnabled: false
+      webSocketsEnabled: false
+      windowsFxVersion: ''
+    }
+    vnetRouteAllEnabled: false
+  }
+}
+
+resource dynatraceSiteExtension 'Microsoft.Web/sites/siteextensions@2022-09-01' = {
+  parent: site
+  name: 'Dynatrace'
+  location: location
+}
diff --git a/settings/remarks/microsoft.web/samples/sites/slots/config/main.bicep b/settings/remarks/microsoft.web/samples/sites/slots/config/main.bicep
new file mode 100644
index 00000000..a261a10d
--- /dev/null
+++ b/settings/remarks/microsoft.web/samples/sites/slots/config/main.bicep
@@ -0,0 +1,92 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource serverfarm 'Microsoft.Web/serverfarms@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    hyperV: false
+    perSiteScaling: false
+    reserved: false
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'S1'
+  }
+}
+
+resource site 'Microsoft.Web/sites@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    clientAffinityEnabled: false
+    clientCertEnabled: false
+    clientCertMode: 'Required'
+    enabled: true
+    httpsOnly: false
+    publicNetworkAccess: 'Enabled'
+    serverFarmId: serverfarm.id
+    siteConfig: {
+      acrUseManagedIdentityCreds: false
+      alwaysOn: true
+      autoHealEnabled: false
+      ftpsState: 'Disabled'
+      http20Enabled: false
+      loadBalancing: 'LeastRequests'
+      localMySqlEnabled: false
+      managedPipelineMode: 'Integrated'
+      minTlsVersion: '1.2'
+      publicNetworkAccess: 'Enabled'
+      remoteDebuggingEnabled: false
+      scmIpSecurityRestrictionsUseMain: false
+      scmMinTlsVersion: '1.2'
+      use32BitWorkerProcess: true
+      vnetRouteAllEnabled: false
+      webSocketsEnabled: false
+      windowsFxVersion: ''
+    }
+    vnetRouteAllEnabled: false
+  }
+}
+
+resource slot 'Microsoft.Web/sites/slots@2022-09-01' = {
+  parent: site
+  name: resourceName
+  location: location
+  properties: {
+    clientAffinityEnabled: false
+    clientCertEnabled: false
+    clientCertExclusionPaths: ''
+    clientCertMode: 'Required'
+    enabled: true
+    httpsOnly: false
+    publicNetworkAccess: 'Enabled'
+    serverFarmId: serverfarm.id
+    siteConfig: {
+      acrUseManagedIdentityCreds: false
+      alwaysOn: true
+      autoHealEnabled: false
+      ftpsState: 'Disabled'
+      http20Enabled: false
+      loadBalancing: 'LeastRequests'
+      localMySqlEnabled: false
+      managedPipelineMode: 'Integrated'
+      minTlsVersion: '1.2'
+      publicNetworkAccess: 'Enabled'
+      remoteDebuggingEnabled: false
+      scmIpSecurityRestrictionsUseMain: false
+      scmMinTlsVersion: '1.2'
+      use32BitWorkerProcess: false
+      vnetRouteAllEnabled: false
+      webSocketsEnabled: false
+      windowsFxVersion: ''
+    }
+    vnetRouteAllEnabled: false
+  }
+}
+
+resource config 'Microsoft.Web/sites/slots/config@2022-09-01' = {
+  parent: slot
+  name: 'azurestorageaccounts'
+  properties: {}
+}
diff --git a/settings/remarks/microsoft.web/samples/sites/slots/main.bicep b/settings/remarks/microsoft.web/samples/sites/slots/main.bicep
new file mode 100644
index 00000000..a38c7b91
--- /dev/null
+++ b/settings/remarks/microsoft.web/samples/sites/slots/main.bicep
@@ -0,0 +1,86 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource serverfarm 'Microsoft.Web/serverfarms@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    hyperV: false
+    perSiteScaling: false
+    reserved: false
+    zoneRedundant: false
+  }
+  sku: {
+    name: 'S1'
+  }
+}
+
+resource site 'Microsoft.Web/sites@2022-09-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    clientAffinityEnabled: false
+    clientCertEnabled: false
+    clientCertMode: 'Required'
+    enabled: true
+    httpsOnly: false
+    publicNetworkAccess: 'Enabled'
+    serverFarmId: serverfarm.id
+    siteConfig: {
+      acrUseManagedIdentityCreds: false
+      alwaysOn: true
+      autoHealEnabled: false
+      ftpsState: 'Disabled'
+      http20Enabled: false
+      loadBalancing: 'LeastRequests'
+      localMySqlEnabled: false
+      managedPipelineMode: 'Integrated'
+      minTlsVersion: '1.2'
+      publicNetworkAccess: 'Enabled'
+      remoteDebuggingEnabled: false
+      scmIpSecurityRestrictionsUseMain: false
+      scmMinTlsVersion: '1.2'
+      use32BitWorkerProcess: true
+      vnetRouteAllEnabled: false
+      webSocketsEnabled: false
+      windowsFxVersion: ''
+    }
+    vnetRouteAllEnabled: false
+  }
+}
+
+resource slot 'Microsoft.Web/sites/slots@2022-09-01' = {
+  parent: site
+  name: resourceName
+  location: location
+  properties: {
+    clientAffinityEnabled: false
+    clientCertEnabled: false
+    clientCertExclusionPaths: ''
+    clientCertMode: 'Required'
+    enabled: true
+    httpsOnly: false
+    publicNetworkAccess: 'Enabled'
+    serverFarmId: serverfarm.id
+    siteConfig: {
+      acrUseManagedIdentityCreds: false
+      alwaysOn: true
+      autoHealEnabled: false
+      ftpsState: 'Disabled'
+      http20Enabled: false
+      loadBalancing: 'LeastRequests'
+      localMySqlEnabled: false
+      managedPipelineMode: 'Integrated'
+      minTlsVersion: '1.2'
+      publicNetworkAccess: 'Enabled'
+      remoteDebuggingEnabled: false
+      scmIpSecurityRestrictionsUseMain: false
+      scmMinTlsVersion: '1.2'
+      use32BitWorkerProcess: false
+      vnetRouteAllEnabled: false
+      webSocketsEnabled: false
+      windowsFxVersion: ''
+    }
+    vnetRouteAllEnabled: false
+  }
+}
diff --git a/settings/remarks/microsoft.web/samples/staticsites/customdomains/main.bicep b/settings/remarks/microsoft.web/samples/staticsites/customdomains/main.bicep
new file mode 100644
index 00000000..a9b765ba
--- /dev/null
+++ b/settings/remarks/microsoft.web/samples/staticsites/customdomains/main.bicep
@@ -0,0 +1,19 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource staticSite 'Microsoft.Web/staticSites@2021-02-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Free'
+  }
+}
+
+resource customDomain 'Microsoft.Web/staticSites/customDomains@2021-02-01' = {
+  parent: staticSite
+  name: '${resourceName}.contoso.com'
+  properties: {
+    validationMethod: 'dns-txt-token'
+  }
+}
diff --git a/settings/remarks/microsoft.web/samples/staticsites/main.bicep b/settings/remarks/microsoft.web/samples/staticsites/main.bicep
new file mode 100644
index 00000000..722c6511
--- /dev/null
+++ b/settings/remarks/microsoft.web/samples/staticsites/main.bicep
@@ -0,0 +1,12 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource staticSite 'Microsoft.Web/staticSites@2021-02-01' = {
+  name: resourceName
+  location: location
+  properties: {}
+  sku: {
+    name: 'Free'
+    tier: 'Free'
+  }
+}
diff --git a/settings/remarks/nginx.nginxplus/remarks.json b/settings/remarks/nginx.nginxplus/remarks.json
index e84f3ae6..5dcd133c 100644
--- a/settings/remarks/nginx.nginxplus/remarks.json
+++ b/settings/remarks/nginx.nginxplus/remarks.json
@@ -16,5 +16,17 @@
       "Path": "samples/nginxdeployments/configurations/main.tf",
       "Description": "A basic example of deploying configuration for a Nginx Deployment."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Nginx.NginxPlus/nginxDeployments",
+      "Path": "samples/nginxdeployments/main.bicep",
+      "Description": "A basic example of deploying NGINX Deployment."
+    },
+    {
+      "ResourceType": "Nginx.NginxPlus/nginxDeployments/configurations",
+      "Path": "samples/nginxdeployments/configurations/main.bicep",
+      "Description": "A basic example of deploying configuration for a Nginx Deployment."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/nginx.nginxplus/samples/nginxdeployments/configurations/main.bicep b/settings/remarks/nginx.nginxplus/samples/nginxdeployments/configurations/main.bicep
new file mode 100644
index 00000000..ea30bb24
--- /dev/null
+++ b/settings/remarks/nginx.nginxplus/samples/nginxdeployments/configurations/main.bicep
@@ -0,0 +1,105 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource nginxDeployment 'Nginx.NginxPlus/nginxDeployments@2024-11-01-preview' = {
+  name: '${resourceName}-nginx'
+  location: location
+  properties: {
+    autoUpgradeProfile: {
+      upgradeChannel: 'stable'
+    }
+    enableDiagnosticsSupport: false
+    networkProfile: {
+      frontEndIPConfiguration: {
+        publicIPAddresses: [
+          {
+            id: publicIPAddress.id
+          }
+        ]
+      }
+      networkInterfaceConfiguration: {
+        subnetId: subnet.id
+      }
+    }
+    scalingProperties: {
+      capacity: 10
+    }
+  }
+  sku: {
+    name: 'standardv2_Monthly'
+  }
+}
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2024-05-01' = {
+  name: '${resourceName}-pip'
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 4
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+  }
+  sku: {
+    name: 'Standard'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
+  name: '${resourceName}-vnet'
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    privateEndpointVNetPolicies: 'Disabled'
+    subnets: []
+  }
+}
+
+resource configuration 'Nginx.NginxPlus/nginxDeployments/configurations@2024-11-01-preview' = {
+  parent: nginxDeployment
+  name: 'default'
+  properties: {
+    files: [
+      {
+        content: 'aHR0cCB7CiAgICBzZXJ2ZXIgewogICAgICAgIGxpc3RlbiA4MDsKICAgICAgICBsb2NhdGlvbiAvIHsKICAgICAgICAgICAgYXV0aF9iYXNpYyAiUHJvdGVjdGVkIEFyZWEiOwogICAgICAgICAgICBhdXRoX2Jhc2ljX3VzZXJfZmlsZSAvb3B0Ly5odHBhc3N3ZDsKICAgICAgICAgICAgZGVmYXVsdF90eXBlIHRleHQvaHRtbDsKICAgICAgICAgICAgcmV0dXJuIDIwMCAnPCFkb2N0eXBlIGh0bWw+PGh0bWwgbGFuZz0iZW4iPjxoZWFkPjwvaGVhZD48Ym9keT4KICAgICAgICAgICAgICAgIDxkaXY+dGhpcyBvbmUgd2lsbCBiZSB1cGRhdGVkPC9kaXY+CiAgICAgICAgICAgICAgICA8ZGl2PmF0IDEwOjM4IGFtPC9kaXY+CiAgICAgICAgICAgIDwvYm9keT48L2h0bWw+JzsKICAgICAgICB9CiAgICAgICAgaW5jbHVkZSBzaXRlLyouY29uZjsKICAgIH0KfQo='
+        virtualPath: '/etc/nginx/nginx.conf'
+      }
+    ]
+    protectedFiles: [
+      {
+        content: 'dXNlcjokYXByMSRWZVVBNWt0LiRJampSay8vOG1pUnhEc1p2RDRkYUYxCg=='
+        virtualPath: '/opt/.htpasswd'
+      }
+    ]
+    rootFile: '/etc/nginx/nginx.conf'
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
+  parent: virtualNetwork
+  name: '${resourceName}-subnet'
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    defaultOutboundAccess: true
+    delegations: [
+      {
+        name: 'delegation'
+        properties: {
+          serviceName: 'NGINX.NGINXPLUS/nginxDeployments'
+        }
+      }
+    ]
+    privateEndpointNetworkPolicies: 'Disabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/nginx.nginxplus/samples/nginxdeployments/main.bicep b/settings/remarks/nginx.nginxplus/samples/nginxdeployments/main.bicep
new file mode 100644
index 00000000..21aa7c31
--- /dev/null
+++ b/settings/remarks/nginx.nginxplus/samples/nginxdeployments/main.bicep
@@ -0,0 +1,137 @@
+param resourceName string = 'acctest0001'
+param location string = 'westus'
+
+resource nginxDeployment 'Nginx.NginxPlus/nginxDeployments@2024-11-01-preview' = {
+  name: '${resourceName}-nginx'
+  location: location
+  properties: {
+    autoUpgradeProfile: {
+      upgradeChannel: 'stable'
+    }
+    enableDiagnosticsSupport: false
+    networkProfile: {
+      frontEndIPConfiguration: {
+        publicIPAddresses: [
+          {
+            id: publicIPAddress.id
+          }
+        ]
+      }
+      networkInterfaceConfiguration: {
+        subnetId: subnet.id
+      }
+    }
+    scalingProperties: {
+      autoScaleSettings: {
+        profiles: [
+          {
+            capacity: {
+              max: 30
+              min: 10
+            }
+            name: 'test'
+          }
+        ]
+      }
+    }
+    userProfile: {
+      preferredEmail: 'test@test.com'
+    }
+  }
+  sku: {
+    name: 'standardv2_Monthly'
+  }
+}
+
+resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2024-05-01' = {
+  name: '${resourceName}-pip'
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 4
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
+
+resource publicipaddress1 'Microsoft.Network/publicIPAddresses@2024-05-01' = {
+  name: '${resourceName}-pip2'
+  location: location
+  properties: {
+    ddosSettings: {
+      protectionMode: 'VirtualNetworkInherited'
+    }
+    idleTimeoutInMinutes: 4
+    publicIPAddressVersion: 'IPv4'
+    publicIPAllocationMethod: 'Static'
+  }
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
+  name: '${resourceName}-vnet'
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    dhcpOptions: {
+      dnsServers: []
+    }
+    privateEndpointVNetPolicies: 'Disabled'
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
+  parent: virtualNetwork
+  name: '${resourceName}-subnet'
+  properties: {
+    addressPrefix: '10.0.2.0/24'
+    defaultOutboundAccess: true
+    delegations: [
+      {
+        name: 'delegation'
+        properties: {
+          serviceName: 'NGINX.NGINXPLUS/nginxDeployments'
+        }
+      }
+    ]
+    privateEndpointNetworkPolicies: 'Disabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
+
+resource subnet1 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
+  parent: virtualNetwork
+  name: '${resourceName}-subnet2'
+  properties: {
+    addressPrefix: '10.0.3.0/24'
+    defaultOutboundAccess: true
+    delegations: [
+      {
+        name: 'delegation'
+        properties: {
+          serviceName: 'NGINX.NGINXPLUS/nginxDeployments'
+        }
+      }
+    ]
+    privateEndpointNetworkPolicies: 'Disabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+    serviceEndpointPolicies: []
+    serviceEndpoints: []
+  }
+}
diff --git a/settings/remarks/qumulo.storage/remarks.json b/settings/remarks/qumulo.storage/remarks.json
index 368c31d3..adc6bf0b 100644
--- a/settings/remarks/qumulo.storage/remarks.json
+++ b/settings/remarks/qumulo.storage/remarks.json
@@ -6,5 +6,12 @@
       "Path": "samples/filesystems/main.tf",
       "Description": "A basic example of deploying Qumulo File System."
     }
+  ],
+  "BicepSamples": [
+    {
+      "ResourceType": "Qumulo.Storage/fileSystems",
+      "Path": "samples/filesystems/main.bicep",
+      "Description": "A basic example of deploying Qumulo File System."
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/settings/remarks/qumulo.storage/samples/filesystems/main.bicep b/settings/remarks/qumulo.storage/samples/filesystems/main.bicep
new file mode 100644
index 00000000..526a60f7
--- /dev/null
+++ b/settings/remarks/qumulo.storage/samples/filesystems/main.bicep
@@ -0,0 +1,61 @@
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+@secure()
+@description('The administrative password for the Qumulo file system')
+param qumuloPassword string
+
+resource qumuloFileSystem 'Qumulo.Storage/fileSystems@2024-06-19' = {
+  name: resourceName
+  location: location
+  properties: {
+    adminPassword: null
+    availabilityZone: '1'
+    delegatedSubnetId: subnet.id
+    marketplaceDetails: {
+      offerId: 'qumulo-saas-mpp'
+      planId: 'azure-native-qumulo-v3'
+      publisherId: 'qumulo1584033880660'
+    }
+    storageSku: 'Cold_LRS'
+    userDetails: {
+      email: 'test@test.com'
+    }
+  }
+}
+
+resource vnet 'Microsoft.Network/virtualNetworks@2024-05-01' = {
+  name: resourceName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    privateEndpointVNetPolicies: 'Disabled'
+    subnets: []
+  }
+}
+
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
+  parent: vnet
+  name: resourceName
+  location: location
+  properties: {
+    addressPrefix: '10.0.1.0/24'
+    defaultOutboundAccess: true
+    delegations: [
+      {
+        name: 'delegation'
+        properties: {
+          actions: [
+            'Microsoft.Network/virtualNetworks/subnets/join/action'
+          ]
+          serviceName: 'Qumulo.Storage/fileSystems'
+        }
+      }
+    ]
+    privateEndpointNetworkPolicies: 'Disabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+  }
+}
diff --git a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.authorization/2022-04-01/roledefinitions.md b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.authorization/2022-04-01/roledefinitions.md
index aee15b0d..1007121e 100644
--- a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.authorization/2022-04-01/roledefinitions.md
+++ b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.authorization/2022-04-01/roledefinitions.md
@@ -1,344 +1,375 @@
----
-title: Microsoft.Authorization/roleDefinitions 2022-04-01
-description: Azure Microsoft.Authorization/roleDefinitions syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2022-04-01
-zone_pivot_groups: deployment-languages-reference
-ms.service: azure-resource-manager
-ms.topic: reference
----
-# Microsoft.Authorization roleDefinitions 2022-04-01
-
-> [!div class="op_single_selector" title1="API Versions:"]
-> - [Latest](../roledefinitions.md)
-> - [2022-05-01-preview](../2022-05-01-preview/roledefinitions.md)
-> - [2022-04-01](../2022-04-01/roledefinitions.md)
-> - [2018-01-01-preview](../2018-01-01-preview/roledefinitions.md)
-> - [2015-07-01](../2015-07-01/roledefinitions.md)
-
-## Remarks
-
-For guidance on creating role assignments and definitions, see [Create Azure RBAC resources by using Bicep](/azure/azure-resource-manager/bicep/scenarios-rbac).
-
-
-::: zone pivot="deployment-language-bicep"
-
-## Bicep resource definition
-
-The roleDefinitions resource type can be deployed with operations that target: 
-
-* **Tenant** - See [tenant deployment commands](/azure/azure-resource-manager/bicep/deploy-to-tenant)* **Management groups** - See [management group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-management-group)* **Subscription** - See [subscription deployment commands](/azure/azure-resource-manager/bicep/deploy-to-subscription)* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-resource-group)
-
-For a list of changed properties in each API version, see [change log](~/microsoft.authorization/change-log/roledefinitions.md).
-
-## Resource format
-
-To create a Microsoft.Authorization/roleDefinitions resource, add the following Bicep to your template.
-
-```bicep
-resource symbolicname 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
-  scope: resourceSymbolicName or scope
-  name: 'string'
+---
+title: Microsoft.Authorization/roleDefinitions 2022-04-01
+description: Azure Microsoft.Authorization/roleDefinitions syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2022-04-01
+zone_pivot_groups: deployment-languages-reference
+ms.service: azure-resource-manager
+ms.topic: reference
+---
+# Microsoft.Authorization roleDefinitions 2022-04-01
+
+> [!div class="op_single_selector" title1="API Versions:"]
+> - [Latest](../roledefinitions.md)
+> - [2022-05-01-preview](../2022-05-01-preview/roledefinitions.md)
+> - [2022-04-01](../2022-04-01/roledefinitions.md)
+> - [2018-01-01-preview](../2018-01-01-preview/roledefinitions.md)
+> - [2015-07-01](../2015-07-01/roledefinitions.md)
+
+## Remarks
+
+For guidance on creating role assignments and definitions, see [Create Azure RBAC resources by using Bicep](/azure/azure-resource-manager/bicep/scenarios-rbac).
+
+
+::: zone pivot="deployment-language-bicep"
+
+## Bicep resource definition
+
+The roleDefinitions resource type can be deployed with operations that target: 
+
+* **Tenant** - See [tenant deployment commands](/azure/azure-resource-manager/bicep/deploy-to-tenant)* **Management groups** - See [management group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-management-group)* **Subscription** - See [subscription deployment commands](/azure/azure-resource-manager/bicep/deploy-to-subscription)* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-resource-group)
+
+For a list of changed properties in each API version, see [change log](~/microsoft.authorization/change-log/roledefinitions.md).
+
+## Resource format
+
+To create a Microsoft.Authorization/roleDefinitions resource, add the following Bicep to your template.
+
+```bicep
+resource symbolicname 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
+  scope: resourceSymbolicName or scope
+  name: 'string'
+  properties: {
+    assignableScopes: [
+      'string'
+    ]
+    description: 'string'
+    permissions: [
+      {
+        actions: [
+          'string'
+        ]
+        dataActions: [
+          'string'
+        ]
+        notActions: [
+          'string'
+        ]
+        notDataActions: [
+          'string'
+        ]
+      }
+    ]
+    roleName: 'string'
+    type: 'string'
+  }
+}
+```
+## Property Values
+### Microsoft.Authorization/roleDefinitions
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| name | The resource name | string (required) |
+| properties | Role definition properties. | [RoleDefinitionProperties](#roledefinitionproperties) |
+| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the [extension resource](/azure/azure-resource-manager/bicep/scope-extension-resources). |
+
+### Permission
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| actions | Allowed actions. | string[] |
+| dataActions | Allowed Data actions. | string[] |
+| notActions | Denied actions. | string[] |
+| notDataActions | Denied Data actions. | string[] |
+
+### RoleDefinitionProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| assignableScopes | Role definition assignable scopes. | string[] |
+| description | The role definition description. | string |
+| permissions | Role definition permissions. | [Permission](#permission)[] |
+| roleName | The role name. | string |
+| type | The role type. | string |
+
+## Usage Examples
+### Bicep Samples
+
+A basic example of deploying custom Role Definition.
+
+```bicep
+targetScope = 'subscription'
+
+param resourceName string = 'acctest0001'
+
+resource roleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
+  name: '6faae21a-0cd6-4536-8c23-a278823d12ed'
   properties: {
     assignableScopes: [
-      'string'
+      subscription().id
     ]
-    description: 'string'
+    description: ''
     permissions: [
       {
         actions: [
-          'string'
-        ]
-        dataActions: [
-          'string'
-        ]
-        notActions: [
-          'string'
-        ]
-        notDataActions: [
-          'string'
+          '*'
         ]
+        dataActions: []
+        notActions: []
+        notDataActions: []
       }
     ]
-    roleName: 'string'
-    type: 'string'
-  }
-}
-```
-## Property Values
-### Microsoft.Authorization/roleDefinitions
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| name | The resource name | string (required) |
-| properties | Role definition properties. | [RoleDefinitionProperties](#roledefinitionproperties) |
-| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the [extension resource](/azure/azure-resource-manager/bicep/scope-extension-resources). |
-
-### Permission
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| actions | Allowed actions. | string[] |
-| dataActions | Allowed Data actions. | string[] |
-| notActions | Denied actions. | string[] |
-| notDataActions | Denied Data actions. | string[] |
-
-### RoleDefinitionProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| assignableScopes | Role definition assignable scopes. | string[] |
-| description | The role definition description. | string |
-| permissions | Role definition permissions. | [Permission](#permission)[] |
-| roleName | The role name. | string |
-| type | The role type. | string |
-
-## Usage Examples
-### Azure Quickstart Samples
-
-The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Bicep File | Description |
-> | ----- | ----- |
-> | [Azure Image Builder with Azure Windows Baseline](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/imagebuilder-windowsbaseline/main.bicep) | Creates an Azure Image Builder environment and builds a Windows Server image with the latest Windows Updates and Azure Windows Baseline applied. |
-> | [Configure Dev Box service](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.devcenter/devbox-with-customized-image/main.bicep) | This template would create all Dev Box admin resources as per Dev Box quick start guide (/azure/dev-box/quickstart-create-dev-box). You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box. |
-> | [Create a new role def via a subscription level deployment](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-role-def/main.bicep) | This template is a subscription level template that will create a role definition at subscription scope. |
-
-
-::: zone-end
-
-::: zone pivot="deployment-language-arm-template"
-
-## ARM template resource definition
-
-The roleDefinitions resource type can be deployed with operations that target: 
-
-* **Tenant** - See [tenant deployment commands](/azure/azure-resource-manager/templates/deploy-to-tenant)* **Management groups** - See [management group deployment commands](/azure/azure-resource-manager/templates/deploy-to-management-group)* **Subscription** - See [subscription deployment commands](/azure/azure-resource-manager/templates/deploy-to-subscription)* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/templates/deploy-to-resource-group)
-
-For a list of changed properties in each API version, see [change log](~/microsoft.authorization/change-log/roledefinitions.md).
-
-## Resource format
-
-To create a Microsoft.Authorization/roleDefinitions resource, add the following JSON to your template.
-
-```json
-{
-  "type": "Microsoft.Authorization/roleDefinitions",
-  "apiVersion": "2022-04-01",
-  "name": "string",
-  "properties": {
-    "assignableScopes": [ "string" ],
-    "description": "string",
-    "permissions": [
-      {
-        "actions": [ "string" ],
-        "dataActions": [ "string" ],
-        "notActions": [ "string" ],
-        "notDataActions": [ "string" ]
-      }
-    ],
-    "roleName": "string",
-    "type": "string"
-  }
-}
-```
-## Property Values
-### Microsoft.Authorization/roleDefinitions
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| apiVersion | The api version | '2022-04-01' |
-| name | The resource name | string (required) |
-| properties | Role definition properties. | [RoleDefinitionProperties](#roledefinitionproperties-1) |
-| type | The resource type | 'Microsoft.Authorization/roleDefinitions' |
-
-### Permission
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| actions | Allowed actions. | string[] |
-| dataActions | Allowed Data actions. | string[] |
-| notActions | Denied actions. | string[] |
-| notDataActions | Denied Data actions. | string[] |
-
-### RoleDefinitionProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| assignableScopes | Role definition assignable scopes. | string[] |
-| description | The role definition description. | string |
-| permissions | Role definition permissions. | [Permission](#permission-1)[] |
-| roleName | The role name. | string |
-| type | The role type. | string |
-
-## Usage Examples
-### Azure Quickstart Templates
-
-The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Template | Description |
-> | ----- | ----- |
-> | [Azure Image Builder with Azure Windows Baseline](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/imagebuilder-windowsbaseline)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fimagebuilder-windowsbaseline%2Fazuredeploy.json) | Creates an Azure Image Builder environment and builds a Windows Server image with the latest Windows Updates and Azure Windows Baseline applied. |
-> | [Configure Dev Box service](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.devcenter/devbox-with-customized-image)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.devcenter%2Fdevbox-with-customized-image%2Fazuredeploy.json) | This template would create all Dev Box admin resources as per Dev Box quick start guide (/azure/dev-box/quickstart-create-dev-box). You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box. |
-> | [Create a new role def via a subscription level deployment](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-role-def)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fcreate-role-def%2Fazuredeploy.json) | This template is a subscription level template that will create a role definition at subscription scope. |
-> | [Deploy a Storage Account for SAP ILM Store](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/sap/sap-ilm-store)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Fsap%2Fsap-ilm-store%2Fazuredeploy.json) | The Microsoft Azure Storage Account can now be used as a ILM Store to persist the Archive files and attachments from an SAP ILM system. An ILM Store is a component which fulfills the requirements of SAP ILM compliant storage systems. One can store archive files in a storage media using WebDAV interface standards while making use of SAP ILM Retention Management rules. For more information about SAP ILM Store, refer to the &lt;a href='https://www.sap.com'&gt; SAP Help Portal &lt;/a&gt;. |
-> | [Deploy Darktrace Autoscaling vSensors](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/darktrace/darktrace-vsensor-autoscaling)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Fdarktrace%2Fdarktrace-vsensor-autoscaling%2Fazuredeploy.json) | This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors |
-> | [IBM Cloud Pak for Data on Azure](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/ibm-cloud-pak/ibm-cloud-pak-for-data)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Fibm-cloud-pak%2Fibm-cloud-pak-for-data%2Fazuredeploy.json) | This template deploys an Openshift cluster on Azure with all the required resources, infrastructure and then deploys IBM Cloud Pak for Data  along with the add-ons that user chooses. |
-
-
-::: zone-end
-
-::: zone pivot="deployment-language-terraform"
-
-## Terraform (AzAPI provider) resource definition
-
-The roleDefinitions resource type can be deployed with operations that target: 
-
-* **Tenant*** **Management groups*** **Subscription*** **Resource groups**
-
-For a list of changed properties in each API version, see [change log](~/microsoft.authorization/change-log/roledefinitions.md).
-
-## Resource format
-
-To create a Microsoft.Authorization/roleDefinitions resource, add the following Terraform to your template.
-
-```terraform
-resource "azapi_resource" "symbolicname" {
-  type = "Microsoft.Authorization/roleDefinitions@2022-04-01"
-  name = "string"
-  parent_id = "string"
-  body = {
-    properties = {
-      assignableScopes = [
-        "string"
-      ]
-      description = "string"
-      permissions = [
-        {
-          actions = [
-            "string"
-          ]
-          dataActions = [
-            "string"
-          ]
-          notActions = [
-            "string"
-          ]
-          notDataActions = [
-            "string"
-          ]
-        }
-      ]
-      roleName = "string"
-      type = "string"
-    }
+    roleName: 'acctest0001'
+    type: 'CustomRole'
   }
-}
-```
-## Property Values
-### Microsoft.Authorization/roleDefinitions
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| name | The resource name | string (required) |
-| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
-| properties | Role definition properties. | [RoleDefinitionProperties](#roledefinitionproperties-2) |
-| type | The resource type | "Microsoft.Authorization/roleDefinitions@2022-04-01" |
-
-### Permission
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| actions | Allowed actions. | string[] |
-| dataActions | Allowed Data actions. | string[] |
-| notActions | Denied actions. | string[] |
-| notDataActions | Denied Data actions. | string[] |
-
-### RoleDefinitionProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| assignableScopes | Role definition assignable scopes. | string[] |
-| description | The role definition description. | string |
-| permissions | Role definition permissions. | [Permission](#permission-2)[] |
-| roleName | The role name. | string |
-| type | The role type. | string |
-
-## Usage Examples
-### Terraform Samples
-
-A basic example of deploying custom Role Definition.
-
-```terraform
-terraform {
-  required_providers {
-    azapi = {
-      source = "Azure/azapi"
-    }
-    azurerm = {
-      source = "hashicorp/azurerm"
-    }
-  }
-}
-
-provider "azurerm" {
-  features {
-  }
-}
-
-provider "azapi" {
-  skip_provider_registration = false
-}
-
-variable "resource_name" {
-  type    = string
-  default = "acctest0001"
-}
-
-variable "location" {
-  type    = string
-  default = "eastus"
-}
-
-data "azurerm_client_config" "current" {
-}
-
-data "azapi_resource" "subscription" {
-  type                   = "Microsoft.Resources/subscriptions@2021-01-01"
-  resource_id            = "/subscriptions/${data.azurerm_client_config.current.subscription_id}"
-  response_export_values = ["*"]
-}
-
-resource "azapi_resource" "roleDefinition" {
-  type      = "Microsoft.Authorization/roleDefinitions@2018-01-01-preview"
-  parent_id = data.azapi_resource.subscription.id
-  name      = "6faae21a-0cd6-4536-8c23-a278823d12ed"
-  body = {
-    properties = {
-      assignableScopes = [
-        data.azapi_resource.subscription.id,
-      ]
-      description = ""
-      permissions = [
-        {
-          actions = [
-            "*",
-          ]
-          dataActions = [
-          ]
-          notActions = [
-          ]
-          notDataActions = [
-          ]
-        },
-      ]
-      roleName = var.resource_name
-      type     = "CustomRole"
-    }
-  }
-  schema_validation_enabled = false
-  response_export_values    = ["*"]
-}
-```
-
-::: zone-end
+}
+```
+### Azure Quickstart Samples
+
+The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Bicep File | Description |
+> | ----- | ----- |
+> | [Azure Image Builder with Azure Windows Baseline](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/imagebuilder-windowsbaseline/main.bicep) | Creates an Azure Image Builder environment and builds a Windows Server image with the latest Windows Updates and Azure Windows Baseline applied. |
+> | [Configure Dev Box service](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.devcenter/devbox-with-customized-image/main.bicep) | This template would create all Dev Box admin resources as per Dev Box quick start guide (/azure/dev-box/quickstart-create-dev-box). You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box. |
+> | [Create a new role def via a subscription level deployment](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-role-def/main.bicep) | This template is a subscription level template that will create a role definition at subscription scope. |
+
+
+::: zone-end
+
+::: zone pivot="deployment-language-arm-template"
+
+## ARM template resource definition
+
+The roleDefinitions resource type can be deployed with operations that target: 
+
+* **Tenant** - See [tenant deployment commands](/azure/azure-resource-manager/templates/deploy-to-tenant)* **Management groups** - See [management group deployment commands](/azure/azure-resource-manager/templates/deploy-to-management-group)* **Subscription** - See [subscription deployment commands](/azure/azure-resource-manager/templates/deploy-to-subscription)* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/templates/deploy-to-resource-group)
+
+For a list of changed properties in each API version, see [change log](~/microsoft.authorization/change-log/roledefinitions.md).
+
+## Resource format
+
+To create a Microsoft.Authorization/roleDefinitions resource, add the following JSON to your template.
+
+```json
+{
+  "type": "Microsoft.Authorization/roleDefinitions",
+  "apiVersion": "2022-04-01",
+  "name": "string",
+  "properties": {
+    "assignableScopes": [ "string" ],
+    "description": "string",
+    "permissions": [
+      {
+        "actions": [ "string" ],
+        "dataActions": [ "string" ],
+        "notActions": [ "string" ],
+        "notDataActions": [ "string" ]
+      }
+    ],
+    "roleName": "string",
+    "type": "string"
+  }
+}
+```
+## Property Values
+### Microsoft.Authorization/roleDefinitions
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| apiVersion | The api version | '2022-04-01' |
+| name | The resource name | string (required) |
+| properties | Role definition properties. | [RoleDefinitionProperties](#roledefinitionproperties-1) |
+| type | The resource type | 'Microsoft.Authorization/roleDefinitions' |
+
+### Permission
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| actions | Allowed actions. | string[] |
+| dataActions | Allowed Data actions. | string[] |
+| notActions | Denied actions. | string[] |
+| notDataActions | Denied Data actions. | string[] |
+
+### RoleDefinitionProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| assignableScopes | Role definition assignable scopes. | string[] |
+| description | The role definition description. | string |
+| permissions | Role definition permissions. | [Permission](#permission-1)[] |
+| roleName | The role name. | string |
+| type | The role type. | string |
+
+## Usage Examples
+### Azure Quickstart Templates
+
+The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Template | Description |
+> | ----- | ----- |
+> | [Azure Image Builder with Azure Windows Baseline](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/imagebuilder-windowsbaseline)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fimagebuilder-windowsbaseline%2Fazuredeploy.json) | Creates an Azure Image Builder environment and builds a Windows Server image with the latest Windows Updates and Azure Windows Baseline applied. |
+> | [Configure Dev Box service](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.devcenter/devbox-with-customized-image)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.devcenter%2Fdevbox-with-customized-image%2Fazuredeploy.json) | This template would create all Dev Box admin resources as per Dev Box quick start guide (/azure/dev-box/quickstart-create-dev-box). You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box. |
+> | [Create a new role def via a subscription level deployment](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-role-def)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fcreate-role-def%2Fazuredeploy.json) | This template is a subscription level template that will create a role definition at subscription scope. |
+> | [Deploy a Storage Account for SAP ILM Store](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/sap/sap-ilm-store)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Fsap%2Fsap-ilm-store%2Fazuredeploy.json) | The Microsoft Azure Storage Account can now be used as a ILM Store to persist the Archive files and attachments from an SAP ILM system. An ILM Store is a component which fulfills the requirements of SAP ILM compliant storage systems. One can store archive files in a storage media using WebDAV interface standards while making use of SAP ILM Retention Management rules. For more information about SAP ILM Store, refer to the &lt;a href='https://www.sap.com'&gt; SAP Help Portal &lt;/a&gt;. |
+> | [Deploy Darktrace Autoscaling vSensors](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/darktrace/darktrace-vsensor-autoscaling)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Fdarktrace%2Fdarktrace-vsensor-autoscaling%2Fazuredeploy.json) | This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors |
+> | [IBM Cloud Pak for Data on Azure](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/ibm-cloud-pak/ibm-cloud-pak-for-data)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Fibm-cloud-pak%2Fibm-cloud-pak-for-data%2Fazuredeploy.json) | This template deploys an Openshift cluster on Azure with all the required resources, infrastructure and then deploys IBM Cloud Pak for Data  along with the add-ons that user chooses. |
+
+
+::: zone-end
+
+::: zone pivot="deployment-language-terraform"
+
+## Terraform (AzAPI provider) resource definition
+
+The roleDefinitions resource type can be deployed with operations that target: 
+
+* **Tenant*** **Management groups*** **Subscription*** **Resource groups**
+
+For a list of changed properties in each API version, see [change log](~/microsoft.authorization/change-log/roledefinitions.md).
+
+## Resource format
+
+To create a Microsoft.Authorization/roleDefinitions resource, add the following Terraform to your template.
+
+```terraform
+resource "azapi_resource" "symbolicname" {
+  type = "Microsoft.Authorization/roleDefinitions@2022-04-01"
+  name = "string"
+  parent_id = "string"
+  body = {
+    properties = {
+      assignableScopes = [
+        "string"
+      ]
+      description = "string"
+      permissions = [
+        {
+          actions = [
+            "string"
+          ]
+          dataActions = [
+            "string"
+          ]
+          notActions = [
+            "string"
+          ]
+          notDataActions = [
+            "string"
+          ]
+        }
+      ]
+      roleName = "string"
+      type = "string"
+    }
+  }
+}
+```
+## Property Values
+### Microsoft.Authorization/roleDefinitions
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| name | The resource name | string (required) |
+| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
+| properties | Role definition properties. | [RoleDefinitionProperties](#roledefinitionproperties-2) |
+| type | The resource type | "Microsoft.Authorization/roleDefinitions@2022-04-01" |
+
+### Permission
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| actions | Allowed actions. | string[] |
+| dataActions | Allowed Data actions. | string[] |
+| notActions | Denied actions. | string[] |
+| notDataActions | Denied Data actions. | string[] |
+
+### RoleDefinitionProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| assignableScopes | Role definition assignable scopes. | string[] |
+| description | The role definition description. | string |
+| permissions | Role definition permissions. | [Permission](#permission-2)[] |
+| roleName | The role name. | string |
+| type | The role type. | string |
+
+## Usage Examples
+### Terraform Samples
+
+A basic example of deploying custom Role Definition.
+
+```terraform
+terraform {
+  required_providers {
+    azapi = {
+      source = "Azure/azapi"
+    }
+    azurerm = {
+      source = "hashicorp/azurerm"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {
+  }
+}
+
+provider "azapi" {
+  skip_provider_registration = false
+}
+
+variable "resource_name" {
+  type    = string
+  default = "acctest0001"
+}
+
+variable "location" {
+  type    = string
+  default = "eastus"
+}
+
+data "azurerm_client_config" "current" {
+}
+
+data "azapi_resource" "subscription" {
+  type                   = "Microsoft.Resources/subscriptions@2021-01-01"
+  resource_id            = "/subscriptions/${data.azurerm_client_config.current.subscription_id}"
+  response_export_values = ["*"]
+}
+
+resource "azapi_resource" "roleDefinition" {
+  type      = "Microsoft.Authorization/roleDefinitions@2018-01-01-preview"
+  parent_id = data.azapi_resource.subscription.id
+  name      = "6faae21a-0cd6-4536-8c23-a278823d12ed"
+  body = {
+    properties = {
+      assignableScopes = [
+        data.azapi_resource.subscription.id,
+      ]
+      description = ""
+      permissions = [
+        {
+          actions = [
+            "*",
+          ]
+          dataActions = [
+          ]
+          notActions = [
+          ]
+          notDataActions = [
+          ]
+        },
+      ]
+      roleName = var.resource_name
+      type     = "CustomRole"
+    }
+  }
+  schema_validation_enabled = false
+  response_export_values    = ["*"]
+}
+```
+
+::: zone-end
diff --git a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.compute/2024-03-02/disks.md b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.compute/2024-03-02/disks.md
index 3095776d..b5950790 100644
--- a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.compute/2024-03-02/disks.md
+++ b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.compute/2024-03-02/disks.md
@@ -1,956 +1,984 @@
----
-title: Microsoft.Compute/disks 2024-03-02
-description: Azure Microsoft.Compute/disks syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2024-03-02
-zone_pivot_groups: deployment-languages-reference
-ms.service: azure-resource-manager
-ms.topic: reference
----
-# Microsoft.Compute disks 2024-03-02
-
-> [!div class="op_single_selector" title1="API Versions:"]
-> - [Latest](../disks.md)
-> - [2025-01-02](../2025-01-02/disks.md)
-> - [2024-03-02](../2024-03-02/disks.md)
-> - [2023-10-02](../2023-10-02/disks.md)
-> - [2023-04-02](../2023-04-02/disks.md)
-> - [2023-01-02](../2023-01-02/disks.md)
-> - [2022-07-02](../2022-07-02/disks.md)
-> - [2022-03-02](../2022-03-02/disks.md)
-> - [2021-12-01](../2021-12-01/disks.md)
-> - [2021-08-01](../2021-08-01/disks.md)
-> - [2021-04-01](../2021-04-01/disks.md)
-> - [2020-12-01](../2020-12-01/disks.md)
-> - [2020-09-30](../2020-09-30/disks.md)
-> - [2020-06-30](../2020-06-30/disks.md)
-> - [2020-05-01](../2020-05-01/disks.md)
-> - [2019-11-01](../2019-11-01/disks.md)
-> - [2019-07-01](../2019-07-01/disks.md)
-> - [2019-03-01](../2019-03-01/disks.md)
-> - [2018-09-30](../2018-09-30/disks.md)
-> - [2018-06-01](../2018-06-01/disks.md)
-> - [2018-04-01](../2018-04-01/disks.md)
-> - [2017-03-30](../2017-03-30/disks.md)
-> - [2016-04-30-preview](../2016-04-30-preview/disks.md)
-
-
-::: zone pivot="deployment-language-bicep"
-
-## Bicep resource definition
-
-The disks resource type can be deployed with operations that target: 
-
-* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-resource-group)
-
-For a list of changed properties in each API version, see [change log](~/microsoft.compute/change-log/disks.md).
-
-## Resource format
-
-To create a Microsoft.Compute/disks resource, add the following Bicep to your template.
-
-```bicep
-resource symbolicname 'Microsoft.Compute/disks@2024-03-02' = {
-  extendedLocation: {
-    name: 'string'
-    type: 'string'
-  }
-  location: 'string'
-  name: 'string'
+---
+title: Microsoft.Compute/disks 2024-03-02
+description: Azure Microsoft.Compute/disks syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2024-03-02
+zone_pivot_groups: deployment-languages-reference
+ms.service: azure-resource-manager
+ms.topic: reference
+---
+# Microsoft.Compute disks 2024-03-02
+
+> [!div class="op_single_selector" title1="API Versions:"]
+> - [Latest](../disks.md)
+> - [2025-01-02](../2025-01-02/disks.md)
+> - [2024-03-02](../2024-03-02/disks.md)
+> - [2023-10-02](../2023-10-02/disks.md)
+> - [2023-04-02](../2023-04-02/disks.md)
+> - [2023-01-02](../2023-01-02/disks.md)
+> - [2022-07-02](../2022-07-02/disks.md)
+> - [2022-03-02](../2022-03-02/disks.md)
+> - [2021-12-01](../2021-12-01/disks.md)
+> - [2021-08-01](../2021-08-01/disks.md)
+> - [2021-04-01](../2021-04-01/disks.md)
+> - [2020-12-01](../2020-12-01/disks.md)
+> - [2020-09-30](../2020-09-30/disks.md)
+> - [2020-06-30](../2020-06-30/disks.md)
+> - [2020-05-01](../2020-05-01/disks.md)
+> - [2019-11-01](../2019-11-01/disks.md)
+> - [2019-07-01](../2019-07-01/disks.md)
+> - [2019-03-01](../2019-03-01/disks.md)
+> - [2018-09-30](../2018-09-30/disks.md)
+> - [2018-06-01](../2018-06-01/disks.md)
+> - [2018-04-01](../2018-04-01/disks.md)
+> - [2017-03-30](../2017-03-30/disks.md)
+> - [2016-04-30-preview](../2016-04-30-preview/disks.md)
+
+
+::: zone pivot="deployment-language-bicep"
+
+## Bicep resource definition
+
+The disks resource type can be deployed with operations that target: 
+
+* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-resource-group)
+
+For a list of changed properties in each API version, see [change log](~/microsoft.compute/change-log/disks.md).
+
+## Resource format
+
+To create a Microsoft.Compute/disks resource, add the following Bicep to your template.
+
+```bicep
+resource symbolicname 'Microsoft.Compute/disks@2024-03-02' = {
+  extendedLocation: {
+    name: 'string'
+    type: 'string'
+  }
+  location: 'string'
+  name: 'string'
+  properties: {
+    burstingEnabled: bool
+    completionPercent: int
+    creationData: {
+      createOption: 'string'
+      elasticSanResourceId: 'string'
+      galleryImageReference: {
+        communityGalleryImageId: 'string'
+        id: 'string'
+        lun: int
+        sharedGalleryImageId: 'string'
+      }
+      imageReference: {
+        communityGalleryImageId: 'string'
+        id: 'string'
+        lun: int
+        sharedGalleryImageId: 'string'
+      }
+      logicalSectorSize: int
+      performancePlus: bool
+      provisionedBandwidthCopySpeed: 'string'
+      securityDataUri: 'string'
+      sourceResourceId: 'string'
+      sourceUri: 'string'
+      storageAccountId: 'string'
+      uploadSizeBytes: int
+    }
+    dataAccessAuthMode: 'string'
+    diskAccessId: 'string'
+    diskIOPSReadOnly: int
+    diskIOPSReadWrite: int
+    diskMBpsReadOnly: int
+    diskMBpsReadWrite: int
+    diskSizeGB: int
+    encryption: {
+      diskEncryptionSetId: 'string'
+      type: 'string'
+    }
+    encryptionSettingsCollection: {
+      enabled: bool
+      encryptionSettings: [
+        {
+          diskEncryptionKey: {
+            secretUrl: 'string'
+            sourceVault: {
+              id: 'string'
+            }
+          }
+          keyEncryptionKey: {
+            keyUrl: 'string'
+            sourceVault: {
+              id: 'string'
+            }
+          }
+        }
+      ]
+      encryptionSettingsVersion: 'string'
+    }
+    hyperVGeneration: 'string'
+    maxShares: int
+    networkAccessPolicy: 'string'
+    optimizedForFrequentAttach: bool
+    osType: 'string'
+    publicNetworkAccess: 'string'
+    purchasePlan: {
+      name: 'string'
+      product: 'string'
+      promotionCode: 'string'
+      publisher: 'string'
+    }
+    securityProfile: {
+      secureVMDiskEncryptionSetId: 'string'
+      securityType: 'string'
+    }
+    supportedCapabilities: {
+      acceleratedNetwork: bool
+      architecture: 'string'
+      diskControllerTypes: 'string'
+    }
+    supportsHibernation: bool
+    tier: 'string'
+  }
+  sku: {
+    name: 'string'
+  }
+  tags: {
+    {customized property}: 'string'
+  }
+  zones: [
+    'string'
+  ]
+}
+```
+## Property Values
+### Microsoft.Compute/disks
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| extendedLocation | The extended location where the disk will be created. Extended location cannot be changed. | [ExtendedLocation](#extendedlocation) |
+| location | The geo-location where the resource lives | string (required) |
+| name | The resource name | string (required) |
+| properties | Disk resource properties. | [DiskProperties](#diskproperties) |
+| sku | The disks sku name. Can be Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, StandardSSD_ZRS, or PremiumV2_LRS. | [DiskSku](#disksku) |
+| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
+| zones | The Logical zone list for Disk. | string[] |
+
+### CreationData
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| createOption | This enumerates the possible sources of a disk's creation. | 'Attach'<br />'Copy'<br />'CopyFromSanSnapshot'<br />'CopyStart'<br />'Empty'<br />'FromImage'<br />'Import'<br />'ImportSecure'<br />'Restore'<br />'Upload'<br />'UploadPreparedSecure' (required) |
+| elasticSanResourceId | Required if createOption is CopyFromSanSnapshot. This is the ARM id of the source elastic san volume snapshot. | string |
+| galleryImageReference | Required if creating from a Gallery Image. The id/sharedGalleryImageId/communityGalleryImageId of the ImageDiskReference will be the ARM id of the shared galley image version from which to create a disk. | [ImageDiskReference](#imagediskreference) |
+| imageReference | Disk source information for PIR or user images. | [ImageDiskReference](#imagediskreference) |
+| logicalSectorSize | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. 4096 is the default. | int |
+| performancePlus | Set this flag to true to get a boost on the performance target of the disk deployed, see here on the respective performance target. This flag can only be set on disk creation time and cannot be disabled after enabled. | bool |
+| provisionedBandwidthCopySpeed | If this field is set on a snapshot and createOption is CopyStart, the snapshot will be copied at a quicker speed. | 'Enhanced'<br />'None' |
+| securityDataUri | If createOption is ImportSecure, this is the URI of a blob to be imported into VM guest state. | string |
+| sourceResourceId | If createOption is Copy, this is the ARM id of the source snapshot or disk. | string |
+| sourceUri | If createOption is Import, this is the URI of a blob to be imported into a managed disk. | string |
+| storageAccountId | Required if createOption is Import. The Azure Resource Manager identifier of the storage account containing the blob to import as a disk. | string |
+| uploadSizeBytes | If createOption is Upload, this is the size of the contents of the upload including the VHD footer. This value should be between 20972032 (20 MiB + 512 bytes for the VHD footer) and 35183298347520 bytes (32 TiB + 512 bytes for the VHD footer). | int |
+
+### DiskProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| burstingEnabled | Set to true to enable bursting beyond the provisioned performance target of the disk. Bursting is disabled by default. Does not apply to Ultra disks. | bool |
+| completionPercent | Percentage complete for the background copy when a resource is created via the CopyStart operation. | int |
+| creationData | Disk source information. CreationData information cannot be changed after the disk has been created. | [CreationData](#creationdata) (required) |
+| dataAccessAuthMode | Additional authentication requirements when exporting or uploading to a disk or snapshot. | 'AzureActiveDirectory'<br />'None' |
+| diskAccessId | ARM id of the DiskAccess resource for using private endpoints on disks. | string |
+| diskIOPSReadOnly | The total number of IOPS that will be allowed across all VMs mounting the shared disk as ReadOnly. One operation can transfer between 4k and 256k bytes. | int |
+| diskIOPSReadWrite | The number of IOPS allowed for this disk; only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes. | int |
+| diskMBpsReadOnly | The total throughput (MBps) that will be allowed across all VMs mounting the shared disk as ReadOnly. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int |
+| diskMBpsReadWrite | The bandwidth allowed for this disk; only settable for UltraSSD disks. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int |
+| diskSizeGB | If creationData.createOption is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size. | int |
+| encryption | Encryption property can be used to encrypt data at rest with customer managed keys or platform managed keys. | [Encryption](#encryption) |
+| encryptionSettingsCollection | Encryption settings collection used for Azure Disk Encryption, can contain multiple encryption settings per disk or snapshot. | [EncryptionSettingsCollection](#encryptionsettingscollection) |
+| hyperVGeneration | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | 'V1'<br />'V2' |
+| maxShares | The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time. | int |
+| networkAccessPolicy | Policy for accessing the disk via network. | 'AllowAll'<br />'AllowPrivate'<br />'DenyAll' |
+| optimizedForFrequentAttach | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | bool |
+| osType | The Operating System type. | 'Linux'<br />'Windows' |
+| publicNetworkAccess | Policy for controlling export on the disk. | 'Disabled'<br />'Enabled' |
+| purchasePlan | Purchase plan information for the the image from which the OS disk was created. E.g. - {name: 2019-Datacenter, publisher: MicrosoftWindowsServer, product: WindowsServer} | [DiskPurchasePlan](#diskpurchaseplan) |
+| securityProfile | Contains the security related information for the resource. | [DiskSecurityProfile](#disksecurityprofile) |
+| supportedCapabilities | List of supported capabilities for the image from which the OS disk was created. | [SupportedCapabilities](#supportedcapabilities) |
+| supportsHibernation | Indicates the OS on a disk supports hibernation. | bool |
+| tier | Performance tier of the disk (e.g, P4, S10) as described here: https://azure.microsoft.com/en-us/pricing/details/managed-disks/. Does not apply to Ultra disks. | string |
+
+### DiskPurchasePlan
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| name | The plan ID. | string (required) |
+| product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string (required) |
+| promotionCode | The Offer Promotion Code. | string |
+| publisher | The publisher ID. | string (required) |
+
+### DiskSecurityProfile
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| secureVMDiskEncryptionSetId | ResourceId of the disk encryption set associated to Confidential VM supported disk encrypted with customer managed key | string |
+| securityType | Specifies the SecurityType of the VM. Applicable for OS disks only. | 'ConfidentialVM_DiskEncryptedWithCustomerKey'<br />'ConfidentialVM_DiskEncryptedWithPlatformKey'<br />'ConfidentialVM_NonPersistedTPM'<br />'ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey'<br />'TrustedLaunch' |
+
+### DiskSku
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| name | The sku name. | 'PremiumV2_LRS'<br />'Premium_LRS'<br />'Premium_ZRS'<br />'StandardSSD_LRS'<br />'StandardSSD_ZRS'<br />'Standard_LRS'<br />'UltraSSD_LRS' |
+
+### Encryption
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| diskEncryptionSetId | ResourceId of the disk encryption set to use for enabling encryption at rest. | string |
+| type | The type of key used to encrypt the data of the disk. | 'EncryptionAtRestWithCustomerKey'<br />'EncryptionAtRestWithPlatformAndCustomerKeys'<br />'EncryptionAtRestWithPlatformKey' |
+
+### EncryptionSettingsCollection
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| enabled | Set this flag to true and provide DiskEncryptionKey and optional KeyEncryptionKey to enable encryption. Set this flag to false and remove DiskEncryptionKey and KeyEncryptionKey to disable encryption. If EncryptionSettings is null in the request object, the existing settings remain unchanged. | bool (required) |
+| encryptionSettings | A collection of encryption settings, one for each disk volume. | [EncryptionSettingsElement](#encryptionsettingselement)[] |
+| encryptionSettingsVersion | Describes what type of encryption is used for the disks. Once this field is set, it cannot be overwritten. '1.0' corresponds to Azure Disk Encryption with AAD app.'1.1' corresponds to Azure Disk Encryption. | string |
+
+### EncryptionSettingsElement
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| diskEncryptionKey | Key Vault Secret Url and vault id of the disk encryption key | [KeyVaultAndSecretReference](#keyvaultandsecretreference) |
+| keyEncryptionKey | Key Vault Key Url and vault id of the key encryption key. KeyEncryptionKey is optional and when provided is used to unwrap the disk encryption key. | [KeyVaultAndKeyReference](#keyvaultandkeyreference) |
+
+### ExtendedLocation
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| name | The name of the extended location. | string |
+| type | The type of the extended location. | 'EdgeZone' |
+
+### ImageDiskReference
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| communityGalleryImageId | A relative uri containing a community Azure Compute Gallery image reference. | string |
+| id | A relative uri containing either a Platform Image Repository, user image, or Azure Compute Gallery image reference. | string |
+| lun | If the disk is created from an image's data disk, this is an index that indicates which of the data disks in the image to use. For OS disks, this field is null. | int |
+| sharedGalleryImageId | A relative uri containing a direct shared Azure Compute Gallery image reference. | string |
+
+### KeyVaultAndKeyReference
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| keyUrl | Url pointing to a key or secret in KeyVault | string (required) |
+| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault) (required) |
+
+### KeyVaultAndSecretReference
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| secretUrl | Url pointing to a key or secret in KeyVault | string (required) |
+| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault) (required) |
+
+### SourceVault
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| id | Resource Id | string |
+
+### SupportedCapabilities
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| acceleratedNetwork | True if the image from which the OS disk is created supports accelerated networking. | bool |
+| architecture | CPU architecture supported by an OS disk. | 'Arm64'<br />'x64' |
+| diskControllerTypes | The disk controllers that an OS disk supports. If set it can be SCSI or SCSI, NVME or NVME, SCSI. | string |
+
+### TrackedResourceTags
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+## Usage Examples
+### Bicep Samples
+
+A basic example of deploying Managed Disk.
+
+```bicep
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource disk 'Microsoft.Compute/disks@2022-03-02' = {
+  name: resourceName
+  location: location
   properties: {
-    burstingEnabled: bool
-    completionPercent: int
     creationData: {
-      createOption: 'string'
-      elasticSanResourceId: 'string'
-      galleryImageReference: {
-        communityGalleryImageId: 'string'
-        id: 'string'
-        lun: int
-        sharedGalleryImageId: 'string'
-      }
-      imageReference: {
-        communityGalleryImageId: 'string'
-        id: 'string'
-        lun: int
-        sharedGalleryImageId: 'string'
-      }
-      logicalSectorSize: int
-      performancePlus: bool
-      provisionedBandwidthCopySpeed: 'string'
-      securityDataUri: 'string'
-      sourceResourceId: 'string'
-      sourceUri: 'string'
-      storageAccountId: 'string'
-      uploadSizeBytes: int
+      createOption: 'Empty'
     }
-    dataAccessAuthMode: 'string'
-    diskAccessId: 'string'
-    diskIOPSReadOnly: int
-    diskIOPSReadWrite: int
-    diskMBpsReadOnly: int
-    diskMBpsReadWrite: int
-    diskSizeGB: int
+    diskSizeGB: 10
     encryption: {
-      diskEncryptionSetId: 'string'
-      type: 'string'
-    }
-    encryptionSettingsCollection: {
-      enabled: bool
-      encryptionSettings: [
-        {
-          diskEncryptionKey: {
-            secretUrl: 'string'
-            sourceVault: {
-              id: 'string'
-            }
-          }
-          keyEncryptionKey: {
-            keyUrl: 'string'
-            sourceVault: {
-              id: 'string'
-            }
-          }
-        }
-      ]
-      encryptionSettingsVersion: 'string'
-    }
-    hyperVGeneration: 'string'
-    maxShares: int
-    networkAccessPolicy: 'string'
-    optimizedForFrequentAttach: bool
-    osType: 'string'
-    publicNetworkAccess: 'string'
-    purchasePlan: {
-      name: 'string'
-      product: 'string'
-      promotionCode: 'string'
-      publisher: 'string'
-    }
-    securityProfile: {
-      secureVMDiskEncryptionSetId: 'string'
-      securityType: 'string'
-    }
-    supportedCapabilities: {
-      acceleratedNetwork: bool
-      architecture: 'string'
-      diskControllerTypes: 'string'
+      type: 'EncryptionAtRestWithPlatformKey'
     }
-    supportsHibernation: bool
-    tier: 'string'
+    networkAccessPolicy: 'AllowAll'
+    osType: ''
+    publicNetworkAccess: 'Enabled'
   }
   sku: {
-    name: 'string'
-  }
-  tags: {
-    {customized property}: 'string'
-  }
-  zones: [
-    'string'
-  ]
-}
-```
-## Property Values
-### Microsoft.Compute/disks
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| extendedLocation | The extended location where the disk will be created. Extended location cannot be changed. | [ExtendedLocation](#extendedlocation) |
-| location | The geo-location where the resource lives | string (required) |
-| name | The resource name | string (required) |
-| properties | Disk resource properties. | [DiskProperties](#diskproperties) |
-| sku | The disks sku name. Can be Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, StandardSSD_ZRS, or PremiumV2_LRS. | [DiskSku](#disksku) |
-| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
-| zones | The Logical zone list for Disk. | string[] |
-
-### CreationData
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| createOption | This enumerates the possible sources of a disk's creation. | 'Attach'<br />'Copy'<br />'CopyFromSanSnapshot'<br />'CopyStart'<br />'Empty'<br />'FromImage'<br />'Import'<br />'ImportSecure'<br />'Restore'<br />'Upload'<br />'UploadPreparedSecure' (required) |
-| elasticSanResourceId | Required if createOption is CopyFromSanSnapshot. This is the ARM id of the source elastic san volume snapshot. | string |
-| galleryImageReference | Required if creating from a Gallery Image. The id/sharedGalleryImageId/communityGalleryImageId of the ImageDiskReference will be the ARM id of the shared galley image version from which to create a disk. | [ImageDiskReference](#imagediskreference) |
-| imageReference | Disk source information for PIR or user images. | [ImageDiskReference](#imagediskreference) |
-| logicalSectorSize | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. 4096 is the default. | int |
-| performancePlus | Set this flag to true to get a boost on the performance target of the disk deployed, see here on the respective performance target. This flag can only be set on disk creation time and cannot be disabled after enabled. | bool |
-| provisionedBandwidthCopySpeed | If this field is set on a snapshot and createOption is CopyStart, the snapshot will be copied at a quicker speed. | 'Enhanced'<br />'None' |
-| securityDataUri | If createOption is ImportSecure, this is the URI of a blob to be imported into VM guest state. | string |
-| sourceResourceId | If createOption is Copy, this is the ARM id of the source snapshot or disk. | string |
-| sourceUri | If createOption is Import, this is the URI of a blob to be imported into a managed disk. | string |
-| storageAccountId | Required if createOption is Import. The Azure Resource Manager identifier of the storage account containing the blob to import as a disk. | string |
-| uploadSizeBytes | If createOption is Upload, this is the size of the contents of the upload including the VHD footer. This value should be between 20972032 (20 MiB + 512 bytes for the VHD footer) and 35183298347520 bytes (32 TiB + 512 bytes for the VHD footer). | int |
-
-### DiskProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| burstingEnabled | Set to true to enable bursting beyond the provisioned performance target of the disk. Bursting is disabled by default. Does not apply to Ultra disks. | bool |
-| completionPercent | Percentage complete for the background copy when a resource is created via the CopyStart operation. | int |
-| creationData | Disk source information. CreationData information cannot be changed after the disk has been created. | [CreationData](#creationdata) (required) |
-| dataAccessAuthMode | Additional authentication requirements when exporting or uploading to a disk or snapshot. | 'AzureActiveDirectory'<br />'None' |
-| diskAccessId | ARM id of the DiskAccess resource for using private endpoints on disks. | string |
-| diskIOPSReadOnly | The total number of IOPS that will be allowed across all VMs mounting the shared disk as ReadOnly. One operation can transfer between 4k and 256k bytes. | int |
-| diskIOPSReadWrite | The number of IOPS allowed for this disk; only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes. | int |
-| diskMBpsReadOnly | The total throughput (MBps) that will be allowed across all VMs mounting the shared disk as ReadOnly. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int |
-| diskMBpsReadWrite | The bandwidth allowed for this disk; only settable for UltraSSD disks. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int |
-| diskSizeGB | If creationData.createOption is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size. | int |
-| encryption | Encryption property can be used to encrypt data at rest with customer managed keys or platform managed keys. | [Encryption](#encryption) |
-| encryptionSettingsCollection | Encryption settings collection used for Azure Disk Encryption, can contain multiple encryption settings per disk or snapshot. | [EncryptionSettingsCollection](#encryptionsettingscollection) |
-| hyperVGeneration | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | 'V1'<br />'V2' |
-| maxShares | The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time. | int |
-| networkAccessPolicy | Policy for accessing the disk via network. | 'AllowAll'<br />'AllowPrivate'<br />'DenyAll' |
-| optimizedForFrequentAttach | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | bool |
-| osType | The Operating System type. | 'Linux'<br />'Windows' |
-| publicNetworkAccess | Policy for controlling export on the disk. | 'Disabled'<br />'Enabled' |
-| purchasePlan | Purchase plan information for the the image from which the OS disk was created. E.g. - {name: 2019-Datacenter, publisher: MicrosoftWindowsServer, product: WindowsServer} | [DiskPurchasePlan](#diskpurchaseplan) |
-| securityProfile | Contains the security related information for the resource. | [DiskSecurityProfile](#disksecurityprofile) |
-| supportedCapabilities | List of supported capabilities for the image from which the OS disk was created. | [SupportedCapabilities](#supportedcapabilities) |
-| supportsHibernation | Indicates the OS on a disk supports hibernation. | bool |
-| tier | Performance tier of the disk (e.g, P4, S10) as described here: https://azure.microsoft.com/en-us/pricing/details/managed-disks/. Does not apply to Ultra disks. | string |
-
-### DiskPurchasePlan
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| name | The plan ID. | string (required) |
-| product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string (required) |
-| promotionCode | The Offer Promotion Code. | string |
-| publisher | The publisher ID. | string (required) |
-
-### DiskSecurityProfile
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| secureVMDiskEncryptionSetId | ResourceId of the disk encryption set associated to Confidential VM supported disk encrypted with customer managed key | string |
-| securityType | Specifies the SecurityType of the VM. Applicable for OS disks only. | 'ConfidentialVM_DiskEncryptedWithCustomerKey'<br />'ConfidentialVM_DiskEncryptedWithPlatformKey'<br />'ConfidentialVM_NonPersistedTPM'<br />'ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey'<br />'TrustedLaunch' |
-
-### DiskSku
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| name | The sku name. | 'PremiumV2_LRS'<br />'Premium_LRS'<br />'Premium_ZRS'<br />'StandardSSD_LRS'<br />'StandardSSD_ZRS'<br />'Standard_LRS'<br />'UltraSSD_LRS' |
-
-### Encryption
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| diskEncryptionSetId | ResourceId of the disk encryption set to use for enabling encryption at rest. | string |
-| type | The type of key used to encrypt the data of the disk. | 'EncryptionAtRestWithCustomerKey'<br />'EncryptionAtRestWithPlatformAndCustomerKeys'<br />'EncryptionAtRestWithPlatformKey' |
-
-### EncryptionSettingsCollection
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| enabled | Set this flag to true and provide DiskEncryptionKey and optional KeyEncryptionKey to enable encryption. Set this flag to false and remove DiskEncryptionKey and KeyEncryptionKey to disable encryption. If EncryptionSettings is null in the request object, the existing settings remain unchanged. | bool (required) |
-| encryptionSettings | A collection of encryption settings, one for each disk volume. | [EncryptionSettingsElement](#encryptionsettingselement)[] |
-| encryptionSettingsVersion | Describes what type of encryption is used for the disks. Once this field is set, it cannot be overwritten. '1.0' corresponds to Azure Disk Encryption with AAD app.'1.1' corresponds to Azure Disk Encryption. | string |
-
-### EncryptionSettingsElement
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| diskEncryptionKey | Key Vault Secret Url and vault id of the disk encryption key | [KeyVaultAndSecretReference](#keyvaultandsecretreference) |
-| keyEncryptionKey | Key Vault Key Url and vault id of the key encryption key. KeyEncryptionKey is optional and when provided is used to unwrap the disk encryption key. | [KeyVaultAndKeyReference](#keyvaultandkeyreference) |
-
-### ExtendedLocation
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| name | The name of the extended location. | string |
-| type | The type of the extended location. | 'EdgeZone' |
-
-### ImageDiskReference
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| communityGalleryImageId | A relative uri containing a community Azure Compute Gallery image reference. | string |
-| id | A relative uri containing either a Platform Image Repository, user image, or Azure Compute Gallery image reference. | string |
-| lun | If the disk is created from an image's data disk, this is an index that indicates which of the data disks in the image to use. For OS disks, this field is null. | int |
-| sharedGalleryImageId | A relative uri containing a direct shared Azure Compute Gallery image reference. | string |
-
-### KeyVaultAndKeyReference
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| keyUrl | Url pointing to a key or secret in KeyVault | string (required) |
-| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault) (required) |
-
-### KeyVaultAndSecretReference
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| secretUrl | Url pointing to a key or secret in KeyVault | string (required) |
-| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault) (required) |
-
-### SourceVault
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| id | Resource Id | string |
-
-### SupportedCapabilities
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| acceleratedNetwork | True if the image from which the OS disk is created supports accelerated networking. | bool |
-| architecture | CPU architecture supported by an OS disk. | 'Arm64'<br />'x64' |
-| diskControllerTypes | The disk controllers that an OS disk supports. If set it can be SCSI or SCSI, NVME or NVME, SCSI. | string |
-
-### TrackedResourceTags
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-## Usage Examples
-### Azure Verified Modules
-
-The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Module | Description |
-> | ----- | ----- |
-> | [Compute Disk](https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/compute/disk) | AVM Resource Module for Compute Disk |
-
-### Azure Quickstart Samples
-
-The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Bicep File | Description |
-> | ----- | ----- |
-> | [Create Disk & enable protection via Backup Vault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.dataprotection/backup-create-disk-enable-protection/main.bicep) | Template that creates a disk and enables protection via Backup Vault |
-> | [Windows Docker Host with Portainer and Traefik pre-installed](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/traefik/docker-portainer-traefik-windows-vm/main.bicep) | Windows Docker Host with Portainer and Traefik pre-installed |
-> | [Windows Server VM with SSH](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-windows-ssh/main.bicep) | Deploy a single Windows VM with Open SSH enabled so that you can connect through SSH using key-based authentication. |
-
-
-::: zone-end
-
-::: zone pivot="deployment-language-arm-template"
-
-## ARM template resource definition
-
-The disks resource type can be deployed with operations that target: 
-
-* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/templates/deploy-to-resource-group)
-
-For a list of changed properties in each API version, see [change log](~/microsoft.compute/change-log/disks.md).
-
-## Resource format
-
-To create a Microsoft.Compute/disks resource, add the following JSON to your template.
-
-```json
-{
-  "type": "Microsoft.Compute/disks",
-  "apiVersion": "2024-03-02",
-  "name": "string",
-  "extendedLocation": {
-    "name": "string",
-    "type": "string"
-  },
-  "location": "string",
-  "properties": {
-    "burstingEnabled": "bool",
-    "completionPercent": "int",
-    "creationData": {
-      "createOption": "string",
-      "elasticSanResourceId": "string",
-      "galleryImageReference": {
-        "communityGalleryImageId": "string",
-        "id": "string",
-        "lun": "int",
-        "sharedGalleryImageId": "string"
-      },
-      "imageReference": {
-        "communityGalleryImageId": "string",
-        "id": "string",
-        "lun": "int",
-        "sharedGalleryImageId": "string"
-      },
-      "logicalSectorSize": "int",
-      "performancePlus": "bool",
-      "provisionedBandwidthCopySpeed": "string",
-      "securityDataUri": "string",
-      "sourceResourceId": "string",
-      "sourceUri": "string",
-      "storageAccountId": "string",
-      "uploadSizeBytes": "int"
-    },
-    "dataAccessAuthMode": "string",
-    "diskAccessId": "string",
-    "diskIOPSReadOnly": "int",
-    "diskIOPSReadWrite": "int",
-    "diskMBpsReadOnly": "int",
-    "diskMBpsReadWrite": "int",
-    "diskSizeGB": "int",
-    "encryption": {
-      "diskEncryptionSetId": "string",
-      "type": "string"
-    },
-    "encryptionSettingsCollection": {
-      "enabled": "bool",
-      "encryptionSettings": [
-        {
-          "diskEncryptionKey": {
-            "secretUrl": "string",
-            "sourceVault": {
-              "id": "string"
-            }
-          },
-          "keyEncryptionKey": {
-            "keyUrl": "string",
-            "sourceVault": {
-              "id": "string"
-            }
-          }
-        }
-      ],
-      "encryptionSettingsVersion": "string"
-    },
-    "hyperVGeneration": "string",
-    "maxShares": "int",
-    "networkAccessPolicy": "string",
-    "optimizedForFrequentAttach": "bool",
-    "osType": "string",
-    "publicNetworkAccess": "string",
-    "purchasePlan": {
-      "name": "string",
-      "product": "string",
-      "promotionCode": "string",
-      "publisher": "string"
-    },
-    "securityProfile": {
-      "secureVMDiskEncryptionSetId": "string",
-      "securityType": "string"
-    },
-    "supportedCapabilities": {
-      "acceleratedNetwork": "bool",
-      "architecture": "string",
-      "diskControllerTypes": "string"
-    },
-    "supportsHibernation": "bool",
-    "tier": "string"
-  },
-  "sku": {
-    "name": "string"
-  },
-  "tags": {
-    "{customized property}": "string"
-  },
-  "zones": [ "string" ]
-}
-```
-## Property Values
-### Microsoft.Compute/disks
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| apiVersion | The api version | '2024-03-02' |
-| extendedLocation | The extended location where the disk will be created. Extended location cannot be changed. | [ExtendedLocation](#extendedlocation-1) |
-| location | The geo-location where the resource lives | string (required) |
-| name | The resource name | string (required) |
-| properties | Disk resource properties. | [DiskProperties](#diskproperties-1) |
-| sku | The disks sku name. Can be Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, StandardSSD_ZRS, or PremiumV2_LRS. | [DiskSku](#disksku-1) |
-| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
-| type | The resource type | 'Microsoft.Compute/disks' |
-| zones | The Logical zone list for Disk. | string[] |
-
-### CreationData
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| createOption | This enumerates the possible sources of a disk's creation. | 'Attach'<br />'Copy'<br />'CopyFromSanSnapshot'<br />'CopyStart'<br />'Empty'<br />'FromImage'<br />'Import'<br />'ImportSecure'<br />'Restore'<br />'Upload'<br />'UploadPreparedSecure' (required) |
-| elasticSanResourceId | Required if createOption is CopyFromSanSnapshot. This is the ARM id of the source elastic san volume snapshot. | string |
-| galleryImageReference | Required if creating from a Gallery Image. The id/sharedGalleryImageId/communityGalleryImageId of the ImageDiskReference will be the ARM id of the shared galley image version from which to create a disk. | [ImageDiskReference](#imagediskreference-1) |
-| imageReference | Disk source information for PIR or user images. | [ImageDiskReference](#imagediskreference-1) |
-| logicalSectorSize | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. 4096 is the default. | int |
-| performancePlus | Set this flag to true to get a boost on the performance target of the disk deployed, see here on the respective performance target. This flag can only be set on disk creation time and cannot be disabled after enabled. | bool |
-| provisionedBandwidthCopySpeed | If this field is set on a snapshot and createOption is CopyStart, the snapshot will be copied at a quicker speed. | 'Enhanced'<br />'None' |
-| securityDataUri | If createOption is ImportSecure, this is the URI of a blob to be imported into VM guest state. | string |
-| sourceResourceId | If createOption is Copy, this is the ARM id of the source snapshot or disk. | string |
-| sourceUri | If createOption is Import, this is the URI of a blob to be imported into a managed disk. | string |
-| storageAccountId | Required if createOption is Import. The Azure Resource Manager identifier of the storage account containing the blob to import as a disk. | string |
-| uploadSizeBytes | If createOption is Upload, this is the size of the contents of the upload including the VHD footer. This value should be between 20972032 (20 MiB + 512 bytes for the VHD footer) and 35183298347520 bytes (32 TiB + 512 bytes for the VHD footer). | int |
-
-### DiskProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| burstingEnabled | Set to true to enable bursting beyond the provisioned performance target of the disk. Bursting is disabled by default. Does not apply to Ultra disks. | bool |
-| completionPercent | Percentage complete for the background copy when a resource is created via the CopyStart operation. | int |
-| creationData | Disk source information. CreationData information cannot be changed after the disk has been created. | [CreationData](#creationdata-1) (required) |
-| dataAccessAuthMode | Additional authentication requirements when exporting or uploading to a disk or snapshot. | 'AzureActiveDirectory'<br />'None' |
-| diskAccessId | ARM id of the DiskAccess resource for using private endpoints on disks. | string |
-| diskIOPSReadOnly | The total number of IOPS that will be allowed across all VMs mounting the shared disk as ReadOnly. One operation can transfer between 4k and 256k bytes. | int |
-| diskIOPSReadWrite | The number of IOPS allowed for this disk; only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes. | int |
-| diskMBpsReadOnly | The total throughput (MBps) that will be allowed across all VMs mounting the shared disk as ReadOnly. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int |
-| diskMBpsReadWrite | The bandwidth allowed for this disk; only settable for UltraSSD disks. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int |
-| diskSizeGB | If creationData.createOption is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size. | int |
-| encryption | Encryption property can be used to encrypt data at rest with customer managed keys or platform managed keys. | [Encryption](#encryption-1) |
-| encryptionSettingsCollection | Encryption settings collection used for Azure Disk Encryption, can contain multiple encryption settings per disk or snapshot. | [EncryptionSettingsCollection](#encryptionsettingscollection-1) |
-| hyperVGeneration | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | 'V1'<br />'V2' |
-| maxShares | The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time. | int |
-| networkAccessPolicy | Policy for accessing the disk via network. | 'AllowAll'<br />'AllowPrivate'<br />'DenyAll' |
-| optimizedForFrequentAttach | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | bool |
-| osType | The Operating System type. | 'Linux'<br />'Windows' |
-| publicNetworkAccess | Policy for controlling export on the disk. | 'Disabled'<br />'Enabled' |
-| purchasePlan | Purchase plan information for the the image from which the OS disk was created. E.g. - {name: 2019-Datacenter, publisher: MicrosoftWindowsServer, product: WindowsServer} | [DiskPurchasePlan](#diskpurchaseplan-1) |
-| securityProfile | Contains the security related information for the resource. | [DiskSecurityProfile](#disksecurityprofile-1) |
-| supportedCapabilities | List of supported capabilities for the image from which the OS disk was created. | [SupportedCapabilities](#supportedcapabilities-1) |
-| supportsHibernation | Indicates the OS on a disk supports hibernation. | bool |
-| tier | Performance tier of the disk (e.g, P4, S10) as described here: https://azure.microsoft.com/en-us/pricing/details/managed-disks/. Does not apply to Ultra disks. | string |
-
-### DiskPurchasePlan
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| name | The plan ID. | string (required) |
-| product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string (required) |
-| promotionCode | The Offer Promotion Code. | string |
-| publisher | The publisher ID. | string (required) |
-
-### DiskSecurityProfile
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| secureVMDiskEncryptionSetId | ResourceId of the disk encryption set associated to Confidential VM supported disk encrypted with customer managed key | string |
-| securityType | Specifies the SecurityType of the VM. Applicable for OS disks only. | 'ConfidentialVM_DiskEncryptedWithCustomerKey'<br />'ConfidentialVM_DiskEncryptedWithPlatformKey'<br />'ConfidentialVM_NonPersistedTPM'<br />'ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey'<br />'TrustedLaunch' |
-
-### DiskSku
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| name | The sku name. | 'PremiumV2_LRS'<br />'Premium_LRS'<br />'Premium_ZRS'<br />'StandardSSD_LRS'<br />'StandardSSD_ZRS'<br />'Standard_LRS'<br />'UltraSSD_LRS' |
-
-### Encryption
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| diskEncryptionSetId | ResourceId of the disk encryption set to use for enabling encryption at rest. | string |
-| type | The type of key used to encrypt the data of the disk. | 'EncryptionAtRestWithCustomerKey'<br />'EncryptionAtRestWithPlatformAndCustomerKeys'<br />'EncryptionAtRestWithPlatformKey' |
-
-### EncryptionSettingsCollection
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| enabled | Set this flag to true and provide DiskEncryptionKey and optional KeyEncryptionKey to enable encryption. Set this flag to false and remove DiskEncryptionKey and KeyEncryptionKey to disable encryption. If EncryptionSettings is null in the request object, the existing settings remain unchanged. | bool (required) |
-| encryptionSettings | A collection of encryption settings, one for each disk volume. | [EncryptionSettingsElement](#encryptionsettingselement-1)[] |
-| encryptionSettingsVersion | Describes what type of encryption is used for the disks. Once this field is set, it cannot be overwritten. '1.0' corresponds to Azure Disk Encryption with AAD app.'1.1' corresponds to Azure Disk Encryption. | string |
-
-### EncryptionSettingsElement
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| diskEncryptionKey | Key Vault Secret Url and vault id of the disk encryption key | [KeyVaultAndSecretReference](#keyvaultandsecretreference-1) |
-| keyEncryptionKey | Key Vault Key Url and vault id of the key encryption key. KeyEncryptionKey is optional and when provided is used to unwrap the disk encryption key. | [KeyVaultAndKeyReference](#keyvaultandkeyreference-1) |
-
-### ExtendedLocation
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| name | The name of the extended location. | string |
-| type | The type of the extended location. | 'EdgeZone' |
-
-### ImageDiskReference
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| communityGalleryImageId | A relative uri containing a community Azure Compute Gallery image reference. | string |
-| id | A relative uri containing either a Platform Image Repository, user image, or Azure Compute Gallery image reference. | string |
-| lun | If the disk is created from an image's data disk, this is an index that indicates which of the data disks in the image to use. For OS disks, this field is null. | int |
-| sharedGalleryImageId | A relative uri containing a direct shared Azure Compute Gallery image reference. | string |
-
-### KeyVaultAndKeyReference
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| keyUrl | Url pointing to a key or secret in KeyVault | string (required) |
-| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-1) (required) |
-
-### KeyVaultAndSecretReference
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| secretUrl | Url pointing to a key or secret in KeyVault | string (required) |
-| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-1) (required) |
-
-### SourceVault
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| id | Resource Id | string |
-
-### SupportedCapabilities
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| acceleratedNetwork | True if the image from which the OS disk is created supports accelerated networking. | bool |
-| architecture | CPU architecture supported by an OS disk. | 'Arm64'<br />'x64' |
-| diskControllerTypes | The disk controllers that an OS disk supports. If set it can be SCSI or SCSI, NVME or NVME, SCSI. | string |
-
-### TrackedResourceTags
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-## Usage Examples
-### Azure Quickstart Templates
-
-The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Template | Description |
-> | ----- | ----- |
-> | [Create a VM from a EfficientIP VHD](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-efficientip-vhd)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-efficientip-vhd%2Fazuredeploy.json) | This template creates a VM from a EfficientIP VHD and let you connect it to an existing VNET that can reside in another Resource Group then the virtual machine |
-> | [Create a VM in a new or existing vnet from a custom VHD](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-specialized-vhd-new-or-existing-vnet)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-specialized-vhd-new-or-existing-vnet%2Fazuredeploy.json) | This template creates a VM from a specialized VHD and let you connect it to a new or existing VNET that can reside in another Resource Group than the virtual machine |
-> | [Create Disk & enable protection via Backup Vault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.dataprotection/backup-create-disk-enable-protection)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.dataprotection%2Fbackup-create-disk-enable-protection%2Fazuredeploy.json) | Template that creates a disk and enables protection via Backup Vault |
-> | [Create VM from existing VHDs and connect it to existingVNET](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-os-disk-and-data-disk-existing-vnet)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-os-disk-and-data-disk-existing-vnet%2Fazuredeploy.json) | This template creates a VM from VHDs (OS + data disk) and let you connect it to an existing VNET that can reside in another Resource Group then the virtual machine |
-> | [Creates an ultra managed disk with a specific sector size](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/ultra-managed-disk)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fultra-managed-disk%2Fazuredeploy.json) | This template creates a new ultra managed disk allowing the user to specify a sector size of either 512 or 4096. |
-> | [Deploy a 3 node Percona XtraDB Cluster in Availability Zones](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/mysql/mysql-ha-pxc-zones)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Fmysql%2Fmysql-ha-pxc-zones%2Fazuredeploy.json) | This template deploys a 3 node MySQL high availability cluster on CentOS 6.5 or Ubuntu 12.04 |
-> | [SQL VM Performance Optimized Storage Settings on UltraSSD](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.sqlvirtualmachine/sql-vm-new-storage-ultrassd)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.sqlvirtualmachine%2Fsql-vm-new-storage-ultrassd%2Fazuredeploy.json) | Create a SQL Server Virtual Machine with performance optimized storage settings, using UltraSSD for SQL Log files |
-> | [Windows Docker Host with Portainer and Traefik pre-installed](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/traefik/docker-portainer-traefik-windows-vm)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Ftraefik%2Fdocker-portainer-traefik-windows-vm%2Fazuredeploy.json) | Windows Docker Host with Portainer and Traefik pre-installed |
-> | [Windows Server VM with SSH](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-windows-ssh)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-windows-ssh%2Fazuredeploy.json) | Deploy a single Windows VM with Open SSH enabled so that you can connect through SSH using key-based authentication. |
-
-
-::: zone-end
-
-::: zone pivot="deployment-language-terraform"
-
-## Terraform (AzAPI provider) resource definition
-
-The disks resource type can be deployed with operations that target: 
-
-* **Resource groups**
-
-For a list of changed properties in each API version, see [change log](~/microsoft.compute/change-log/disks.md).
-
-## Resource format
-
-To create a Microsoft.Compute/disks resource, add the following Terraform to your template.
-
-```terraform
-resource "azapi_resource" "symbolicname" {
-  type = "Microsoft.Compute/disks@2024-03-02"
-  name = "string"
-  parent_id = "string"
-  location = "string"
-  tags = {
-    {customized property} = "string"
-  }
-  body = {
-    extendedLocation = {
-      name = "string"
-      type = "string"
-    }
-    properties = {
-      burstingEnabled = bool
-      completionPercent = int
-      creationData = {
-        createOption = "string"
-        elasticSanResourceId = "string"
-        galleryImageReference = {
-          communityGalleryImageId = "string"
-          id = "string"
-          lun = int
-          sharedGalleryImageId = "string"
-        }
-        imageReference = {
-          communityGalleryImageId = "string"
-          id = "string"
-          lun = int
-          sharedGalleryImageId = "string"
-        }
-        logicalSectorSize = int
-        performancePlus = bool
-        provisionedBandwidthCopySpeed = "string"
-        securityDataUri = "string"
-        sourceResourceId = "string"
-        sourceUri = "string"
-        storageAccountId = "string"
-        uploadSizeBytes = int
-      }
-      dataAccessAuthMode = "string"
-      diskAccessId = "string"
-      diskIOPSReadOnly = int
-      diskIOPSReadWrite = int
-      diskMBpsReadOnly = int
-      diskMBpsReadWrite = int
-      diskSizeGB = int
-      encryption = {
-        diskEncryptionSetId = "string"
-        type = "string"
-      }
-      encryptionSettingsCollection = {
-        enabled = bool
-        encryptionSettings = [
-          {
-            diskEncryptionKey = {
-              secretUrl = "string"
-              sourceVault = {
-                id = "string"
-              }
-            }
-            keyEncryptionKey = {
-              keyUrl = "string"
-              sourceVault = {
-                id = "string"
-              }
-            }
-          }
-        ]
-        encryptionSettingsVersion = "string"
-      }
-      hyperVGeneration = "string"
-      maxShares = int
-      networkAccessPolicy = "string"
-      optimizedForFrequentAttach = bool
-      osType = "string"
-      publicNetworkAccess = "string"
-      purchasePlan = {
-        name = "string"
-        product = "string"
-        promotionCode = "string"
-        publisher = "string"
-      }
-      securityProfile = {
-        secureVMDiskEncryptionSetId = "string"
-        securityType = "string"
-      }
-      supportedCapabilities = {
-        acceleratedNetwork = bool
-        architecture = "string"
-        diskControllerTypes = "string"
-      }
-      supportsHibernation = bool
-      tier = "string"
-    }
-    sku = {
-      name = "string"
-    }
-    zones = [
-      "string"
-    ]
-  }
-}
-```
-## Property Values
-### Microsoft.Compute/disks
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| extendedLocation | The extended location where the disk will be created. Extended location cannot be changed. | [ExtendedLocation](#extendedlocation-2) |
-| location | The geo-location where the resource lives | string (required) |
-| name | The resource name | string (required) |
-| properties | Disk resource properties. | [DiskProperties](#diskproperties-2) |
-| sku | The disks sku name. Can be Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, StandardSSD_ZRS, or PremiumV2_LRS. | [DiskSku](#disksku-2) |
-| tags | Resource tags | Dictionary of tag names and values. |
-| type | The resource type | "Microsoft.Compute/disks@2024-03-02" |
-| zones | The Logical zone list for Disk. | string[] |
-
-### CreationData
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| createOption | This enumerates the possible sources of a disk's creation. | 'Attach'<br />'Copy'<br />'CopyFromSanSnapshot'<br />'CopyStart'<br />'Empty'<br />'FromImage'<br />'Import'<br />'ImportSecure'<br />'Restore'<br />'Upload'<br />'UploadPreparedSecure' (required) |
-| elasticSanResourceId | Required if createOption is CopyFromSanSnapshot. This is the ARM id of the source elastic san volume snapshot. | string |
-| galleryImageReference | Required if creating from a Gallery Image. The id/sharedGalleryImageId/communityGalleryImageId of the ImageDiskReference will be the ARM id of the shared galley image version from which to create a disk. | [ImageDiskReference](#imagediskreference-2) |
-| imageReference | Disk source information for PIR or user images. | [ImageDiskReference](#imagediskreference-2) |
-| logicalSectorSize | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. 4096 is the default. | int |
-| performancePlus | Set this flag to true to get a boost on the performance target of the disk deployed, see here on the respective performance target. This flag can only be set on disk creation time and cannot be disabled after enabled. | bool |
-| provisionedBandwidthCopySpeed | If this field is set on a snapshot and createOption is CopyStart, the snapshot will be copied at a quicker speed. | 'Enhanced'<br />'None' |
-| securityDataUri | If createOption is ImportSecure, this is the URI of a blob to be imported into VM guest state. | string |
-| sourceResourceId | If createOption is Copy, this is the ARM id of the source snapshot or disk. | string |
-| sourceUri | If createOption is Import, this is the URI of a blob to be imported into a managed disk. | string |
-| storageAccountId | Required if createOption is Import. The Azure Resource Manager identifier of the storage account containing the blob to import as a disk. | string |
-| uploadSizeBytes | If createOption is Upload, this is the size of the contents of the upload including the VHD footer. This value should be between 20972032 (20 MiB + 512 bytes for the VHD footer) and 35183298347520 bytes (32 TiB + 512 bytes for the VHD footer). | int |
-
-### DiskProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| burstingEnabled | Set to true to enable bursting beyond the provisioned performance target of the disk. Bursting is disabled by default. Does not apply to Ultra disks. | bool |
-| completionPercent | Percentage complete for the background copy when a resource is created via the CopyStart operation. | int |
-| creationData | Disk source information. CreationData information cannot be changed after the disk has been created. | [CreationData](#creationdata-2) (required) |
-| dataAccessAuthMode | Additional authentication requirements when exporting or uploading to a disk or snapshot. | 'AzureActiveDirectory'<br />'None' |
-| diskAccessId | ARM id of the DiskAccess resource for using private endpoints on disks. | string |
-| diskIOPSReadOnly | The total number of IOPS that will be allowed across all VMs mounting the shared disk as ReadOnly. One operation can transfer between 4k and 256k bytes. | int |
-| diskIOPSReadWrite | The number of IOPS allowed for this disk; only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes. | int |
-| diskMBpsReadOnly | The total throughput (MBps) that will be allowed across all VMs mounting the shared disk as ReadOnly. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int |
-| diskMBpsReadWrite | The bandwidth allowed for this disk; only settable for UltraSSD disks. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int |
-| diskSizeGB | If creationData.createOption is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size. | int |
-| encryption | Encryption property can be used to encrypt data at rest with customer managed keys or platform managed keys. | [Encryption](#encryption-2) |
-| encryptionSettingsCollection | Encryption settings collection used for Azure Disk Encryption, can contain multiple encryption settings per disk or snapshot. | [EncryptionSettingsCollection](#encryptionsettingscollection-2) |
-| hyperVGeneration | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | 'V1'<br />'V2' |
-| maxShares | The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time. | int |
-| networkAccessPolicy | Policy for accessing the disk via network. | 'AllowAll'<br />'AllowPrivate'<br />'DenyAll' |
-| optimizedForFrequentAttach | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | bool |
-| osType | The Operating System type. | 'Linux'<br />'Windows' |
-| publicNetworkAccess | Policy for controlling export on the disk. | 'Disabled'<br />'Enabled' |
-| purchasePlan | Purchase plan information for the the image from which the OS disk was created. E.g. - {name: 2019-Datacenter, publisher: MicrosoftWindowsServer, product: WindowsServer} | [DiskPurchasePlan](#diskpurchaseplan-2) |
-| securityProfile | Contains the security related information for the resource. | [DiskSecurityProfile](#disksecurityprofile-2) |
-| supportedCapabilities | List of supported capabilities for the image from which the OS disk was created. | [SupportedCapabilities](#supportedcapabilities-2) |
-| supportsHibernation | Indicates the OS on a disk supports hibernation. | bool |
-| tier | Performance tier of the disk (e.g, P4, S10) as described here: https://azure.microsoft.com/en-us/pricing/details/managed-disks/. Does not apply to Ultra disks. | string |
-
-### DiskPurchasePlan
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| name | The plan ID. | string (required) |
-| product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string (required) |
-| promotionCode | The Offer Promotion Code. | string |
-| publisher | The publisher ID. | string (required) |
-
-### DiskSecurityProfile
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| secureVMDiskEncryptionSetId | ResourceId of the disk encryption set associated to Confidential VM supported disk encrypted with customer managed key | string |
-| securityType | Specifies the SecurityType of the VM. Applicable for OS disks only. | 'ConfidentialVM_DiskEncryptedWithCustomerKey'<br />'ConfidentialVM_DiskEncryptedWithPlatformKey'<br />'ConfidentialVM_NonPersistedTPM'<br />'ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey'<br />'TrustedLaunch' |
-
-### DiskSku
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| name | The sku name. | 'PremiumV2_LRS'<br />'Premium_LRS'<br />'Premium_ZRS'<br />'StandardSSD_LRS'<br />'StandardSSD_ZRS'<br />'Standard_LRS'<br />'UltraSSD_LRS' |
-
-### Encryption
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| diskEncryptionSetId | ResourceId of the disk encryption set to use for enabling encryption at rest. | string |
-| type | The type of key used to encrypt the data of the disk. | 'EncryptionAtRestWithCustomerKey'<br />'EncryptionAtRestWithPlatformAndCustomerKeys'<br />'EncryptionAtRestWithPlatformKey' |
-
-### EncryptionSettingsCollection
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| enabled | Set this flag to true and provide DiskEncryptionKey and optional KeyEncryptionKey to enable encryption. Set this flag to false and remove DiskEncryptionKey and KeyEncryptionKey to disable encryption. If EncryptionSettings is null in the request object, the existing settings remain unchanged. | bool (required) |
-| encryptionSettings | A collection of encryption settings, one for each disk volume. | [EncryptionSettingsElement](#encryptionsettingselement-2)[] |
-| encryptionSettingsVersion | Describes what type of encryption is used for the disks. Once this field is set, it cannot be overwritten. '1.0' corresponds to Azure Disk Encryption with AAD app.'1.1' corresponds to Azure Disk Encryption. | string |
-
-### EncryptionSettingsElement
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| diskEncryptionKey | Key Vault Secret Url and vault id of the disk encryption key | [KeyVaultAndSecretReference](#keyvaultandsecretreference-2) |
-| keyEncryptionKey | Key Vault Key Url and vault id of the key encryption key. KeyEncryptionKey is optional and when provided is used to unwrap the disk encryption key. | [KeyVaultAndKeyReference](#keyvaultandkeyreference-2) |
-
-### ExtendedLocation
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| name | The name of the extended location. | string |
-| type | The type of the extended location. | 'EdgeZone' |
-
-### ImageDiskReference
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| communityGalleryImageId | A relative uri containing a community Azure Compute Gallery image reference. | string |
-| id | A relative uri containing either a Platform Image Repository, user image, or Azure Compute Gallery image reference. | string |
-| lun | If the disk is created from an image's data disk, this is an index that indicates which of the data disks in the image to use. For OS disks, this field is null. | int |
-| sharedGalleryImageId | A relative uri containing a direct shared Azure Compute Gallery image reference. | string |
-
-### KeyVaultAndKeyReference
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| keyUrl | Url pointing to a key or secret in KeyVault | string (required) |
-| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-2) (required) |
-
-### KeyVaultAndSecretReference
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| secretUrl | Url pointing to a key or secret in KeyVault | string (required) |
-| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-2) (required) |
-
-### SourceVault
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| id | Resource Id | string |
-
-### SupportedCapabilities
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| acceleratedNetwork | True if the image from which the OS disk is created supports accelerated networking. | bool |
-| architecture | CPU architecture supported by an OS disk. | 'Arm64'<br />'x64' |
-| diskControllerTypes | The disk controllers that an OS disk supports. If set it can be SCSI or SCSI, NVME or NVME, SCSI. | string |
-
-### TrackedResourceTags
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-## Usage Examples
-### Terraform Samples
-
-A basic example of deploying Managed Disk.
-
-```terraform
-terraform {
-  required_providers {
-    azapi = {
-      source = "Azure/azapi"
-    }
-  }
-}
-
-provider "azapi" {
-  skip_provider_registration = false
-}
-
-variable "resource_name" {
-  type    = string
-  default = "acctest0001"
-}
-
-variable "location" {
-  type    = string
-  default = "westeurope"
-}
-
-resource "azapi_resource" "resourceGroup" {
-  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
-  name     = var.resource_name
-  location = var.location
-}
-
-resource "azapi_resource" "disk" {
-  type      = "Microsoft.Compute/disks@2022-03-02"
-  parent_id = azapi_resource.resourceGroup.id
-  name      = var.resource_name
-  location  = var.location
-  body = {
-    properties = {
-      creationData = {
-        createOption = "Empty"
-      }
-      diskSizeGB = 10
-      encryption = {
-        type = "EncryptionAtRestWithPlatformKey"
-      }
-      networkAccessPolicy = "AllowAll"
-      osType              = ""
-      publicNetworkAccess = "Enabled"
-    }
-    sku = {
-      name = "Standard_LRS"
-    }
+    name: 'Standard_LRS'
   }
-  schema_validation_enabled = false
-  response_export_values    = ["*"]
-}
-```
-### Azure Verified Modules
-
-The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Module | Description |
-> | ----- | ----- |
-> | [Compute Disk](https://github.com/Azure/terraform-azurerm-avm-res-compute-disk) | AVM Resource Module for Compute Disk |
-
-
-::: zone-end
+}
+```
+### Azure Verified Modules
+
+The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Module | Description |
+> | ----- | ----- |
+> | [Compute Disk](https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/compute/disk) | AVM Resource Module for Compute Disk |
+
+### Azure Quickstart Samples
+
+The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Bicep File | Description |
+> | ----- | ----- |
+> | [Create Disk & enable protection via Backup Vault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.dataprotection/backup-create-disk-enable-protection/main.bicep) | Template that creates a disk and enables protection via Backup Vault |
+> | [Windows Docker Host with Portainer and Traefik pre-installed](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/traefik/docker-portainer-traefik-windows-vm/main.bicep) | Windows Docker Host with Portainer and Traefik pre-installed |
+> | [Windows Server VM with SSH](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-windows-ssh/main.bicep) | Deploy a single Windows VM with Open SSH enabled so that you can connect through SSH using key-based authentication. |
+
+
+::: zone-end
+
+::: zone pivot="deployment-language-arm-template"
+
+## ARM template resource definition
+
+The disks resource type can be deployed with operations that target: 
+
+* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/templates/deploy-to-resource-group)
+
+For a list of changed properties in each API version, see [change log](~/microsoft.compute/change-log/disks.md).
+
+## Resource format
+
+To create a Microsoft.Compute/disks resource, add the following JSON to your template.
+
+```json
+{
+  "type": "Microsoft.Compute/disks",
+  "apiVersion": "2024-03-02",
+  "name": "string",
+  "extendedLocation": {
+    "name": "string",
+    "type": "string"
+  },
+  "location": "string",
+  "properties": {
+    "burstingEnabled": "bool",
+    "completionPercent": "int",
+    "creationData": {
+      "createOption": "string",
+      "elasticSanResourceId": "string",
+      "galleryImageReference": {
+        "communityGalleryImageId": "string",
+        "id": "string",
+        "lun": "int",
+        "sharedGalleryImageId": "string"
+      },
+      "imageReference": {
+        "communityGalleryImageId": "string",
+        "id": "string",
+        "lun": "int",
+        "sharedGalleryImageId": "string"
+      },
+      "logicalSectorSize": "int",
+      "performancePlus": "bool",
+      "provisionedBandwidthCopySpeed": "string",
+      "securityDataUri": "string",
+      "sourceResourceId": "string",
+      "sourceUri": "string",
+      "storageAccountId": "string",
+      "uploadSizeBytes": "int"
+    },
+    "dataAccessAuthMode": "string",
+    "diskAccessId": "string",
+    "diskIOPSReadOnly": "int",
+    "diskIOPSReadWrite": "int",
+    "diskMBpsReadOnly": "int",
+    "diskMBpsReadWrite": "int",
+    "diskSizeGB": "int",
+    "encryption": {
+      "diskEncryptionSetId": "string",
+      "type": "string"
+    },
+    "encryptionSettingsCollection": {
+      "enabled": "bool",
+      "encryptionSettings": [
+        {
+          "diskEncryptionKey": {
+            "secretUrl": "string",
+            "sourceVault": {
+              "id": "string"
+            }
+          },
+          "keyEncryptionKey": {
+            "keyUrl": "string",
+            "sourceVault": {
+              "id": "string"
+            }
+          }
+        }
+      ],
+      "encryptionSettingsVersion": "string"
+    },
+    "hyperVGeneration": "string",
+    "maxShares": "int",
+    "networkAccessPolicy": "string",
+    "optimizedForFrequentAttach": "bool",
+    "osType": "string",
+    "publicNetworkAccess": "string",
+    "purchasePlan": {
+      "name": "string",
+      "product": "string",
+      "promotionCode": "string",
+      "publisher": "string"
+    },
+    "securityProfile": {
+      "secureVMDiskEncryptionSetId": "string",
+      "securityType": "string"
+    },
+    "supportedCapabilities": {
+      "acceleratedNetwork": "bool",
+      "architecture": "string",
+      "diskControllerTypes": "string"
+    },
+    "supportsHibernation": "bool",
+    "tier": "string"
+  },
+  "sku": {
+    "name": "string"
+  },
+  "tags": {
+    "{customized property}": "string"
+  },
+  "zones": [ "string" ]
+}
+```
+## Property Values
+### Microsoft.Compute/disks
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| apiVersion | The api version | '2024-03-02' |
+| extendedLocation | The extended location where the disk will be created. Extended location cannot be changed. | [ExtendedLocation](#extendedlocation-1) |
+| location | The geo-location where the resource lives | string (required) |
+| name | The resource name | string (required) |
+| properties | Disk resource properties. | [DiskProperties](#diskproperties-1) |
+| sku | The disks sku name. Can be Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, StandardSSD_ZRS, or PremiumV2_LRS. | [DiskSku](#disksku-1) |
+| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
+| type | The resource type | 'Microsoft.Compute/disks' |
+| zones | The Logical zone list for Disk. | string[] |
+
+### CreationData
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| createOption | This enumerates the possible sources of a disk's creation. | 'Attach'<br />'Copy'<br />'CopyFromSanSnapshot'<br />'CopyStart'<br />'Empty'<br />'FromImage'<br />'Import'<br />'ImportSecure'<br />'Restore'<br />'Upload'<br />'UploadPreparedSecure' (required) |
+| elasticSanResourceId | Required if createOption is CopyFromSanSnapshot. This is the ARM id of the source elastic san volume snapshot. | string |
+| galleryImageReference | Required if creating from a Gallery Image. The id/sharedGalleryImageId/communityGalleryImageId of the ImageDiskReference will be the ARM id of the shared galley image version from which to create a disk. | [ImageDiskReference](#imagediskreference-1) |
+| imageReference | Disk source information for PIR or user images. | [ImageDiskReference](#imagediskreference-1) |
+| logicalSectorSize | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. 4096 is the default. | int |
+| performancePlus | Set this flag to true to get a boost on the performance target of the disk deployed, see here on the respective performance target. This flag can only be set on disk creation time and cannot be disabled after enabled. | bool |
+| provisionedBandwidthCopySpeed | If this field is set on a snapshot and createOption is CopyStart, the snapshot will be copied at a quicker speed. | 'Enhanced'<br />'None' |
+| securityDataUri | If createOption is ImportSecure, this is the URI of a blob to be imported into VM guest state. | string |
+| sourceResourceId | If createOption is Copy, this is the ARM id of the source snapshot or disk. | string |
+| sourceUri | If createOption is Import, this is the URI of a blob to be imported into a managed disk. | string |
+| storageAccountId | Required if createOption is Import. The Azure Resource Manager identifier of the storage account containing the blob to import as a disk. | string |
+| uploadSizeBytes | If createOption is Upload, this is the size of the contents of the upload including the VHD footer. This value should be between 20972032 (20 MiB + 512 bytes for the VHD footer) and 35183298347520 bytes (32 TiB + 512 bytes for the VHD footer). | int |
+
+### DiskProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| burstingEnabled | Set to true to enable bursting beyond the provisioned performance target of the disk. Bursting is disabled by default. Does not apply to Ultra disks. | bool |
+| completionPercent | Percentage complete for the background copy when a resource is created via the CopyStart operation. | int |
+| creationData | Disk source information. CreationData information cannot be changed after the disk has been created. | [CreationData](#creationdata-1) (required) |
+| dataAccessAuthMode | Additional authentication requirements when exporting or uploading to a disk or snapshot. | 'AzureActiveDirectory'<br />'None' |
+| diskAccessId | ARM id of the DiskAccess resource for using private endpoints on disks. | string |
+| diskIOPSReadOnly | The total number of IOPS that will be allowed across all VMs mounting the shared disk as ReadOnly. One operation can transfer between 4k and 256k bytes. | int |
+| diskIOPSReadWrite | The number of IOPS allowed for this disk; only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes. | int |
+| diskMBpsReadOnly | The total throughput (MBps) that will be allowed across all VMs mounting the shared disk as ReadOnly. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int |
+| diskMBpsReadWrite | The bandwidth allowed for this disk; only settable for UltraSSD disks. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int |
+| diskSizeGB | If creationData.createOption is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size. | int |
+| encryption | Encryption property can be used to encrypt data at rest with customer managed keys or platform managed keys. | [Encryption](#encryption-1) |
+| encryptionSettingsCollection | Encryption settings collection used for Azure Disk Encryption, can contain multiple encryption settings per disk or snapshot. | [EncryptionSettingsCollection](#encryptionsettingscollection-1) |
+| hyperVGeneration | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | 'V1'<br />'V2' |
+| maxShares | The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time. | int |
+| networkAccessPolicy | Policy for accessing the disk via network. | 'AllowAll'<br />'AllowPrivate'<br />'DenyAll' |
+| optimizedForFrequentAttach | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | bool |
+| osType | The Operating System type. | 'Linux'<br />'Windows' |
+| publicNetworkAccess | Policy for controlling export on the disk. | 'Disabled'<br />'Enabled' |
+| purchasePlan | Purchase plan information for the the image from which the OS disk was created. E.g. - {name: 2019-Datacenter, publisher: MicrosoftWindowsServer, product: WindowsServer} | [DiskPurchasePlan](#diskpurchaseplan-1) |
+| securityProfile | Contains the security related information for the resource. | [DiskSecurityProfile](#disksecurityprofile-1) |
+| supportedCapabilities | List of supported capabilities for the image from which the OS disk was created. | [SupportedCapabilities](#supportedcapabilities-1) |
+| supportsHibernation | Indicates the OS on a disk supports hibernation. | bool |
+| tier | Performance tier of the disk (e.g, P4, S10) as described here: https://azure.microsoft.com/en-us/pricing/details/managed-disks/. Does not apply to Ultra disks. | string |
+
+### DiskPurchasePlan
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| name | The plan ID. | string (required) |
+| product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string (required) |
+| promotionCode | The Offer Promotion Code. | string |
+| publisher | The publisher ID. | string (required) |
+
+### DiskSecurityProfile
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| secureVMDiskEncryptionSetId | ResourceId of the disk encryption set associated to Confidential VM supported disk encrypted with customer managed key | string |
+| securityType | Specifies the SecurityType of the VM. Applicable for OS disks only. | 'ConfidentialVM_DiskEncryptedWithCustomerKey'<br />'ConfidentialVM_DiskEncryptedWithPlatformKey'<br />'ConfidentialVM_NonPersistedTPM'<br />'ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey'<br />'TrustedLaunch' |
+
+### DiskSku
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| name | The sku name. | 'PremiumV2_LRS'<br />'Premium_LRS'<br />'Premium_ZRS'<br />'StandardSSD_LRS'<br />'StandardSSD_ZRS'<br />'Standard_LRS'<br />'UltraSSD_LRS' |
+
+### Encryption
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| diskEncryptionSetId | ResourceId of the disk encryption set to use for enabling encryption at rest. | string |
+| type | The type of key used to encrypt the data of the disk. | 'EncryptionAtRestWithCustomerKey'<br />'EncryptionAtRestWithPlatformAndCustomerKeys'<br />'EncryptionAtRestWithPlatformKey' |
+
+### EncryptionSettingsCollection
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| enabled | Set this flag to true and provide DiskEncryptionKey and optional KeyEncryptionKey to enable encryption. Set this flag to false and remove DiskEncryptionKey and KeyEncryptionKey to disable encryption. If EncryptionSettings is null in the request object, the existing settings remain unchanged. | bool (required) |
+| encryptionSettings | A collection of encryption settings, one for each disk volume. | [EncryptionSettingsElement](#encryptionsettingselement-1)[] |
+| encryptionSettingsVersion | Describes what type of encryption is used for the disks. Once this field is set, it cannot be overwritten. '1.0' corresponds to Azure Disk Encryption with AAD app.'1.1' corresponds to Azure Disk Encryption. | string |
+
+### EncryptionSettingsElement
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| diskEncryptionKey | Key Vault Secret Url and vault id of the disk encryption key | [KeyVaultAndSecretReference](#keyvaultandsecretreference-1) |
+| keyEncryptionKey | Key Vault Key Url and vault id of the key encryption key. KeyEncryptionKey is optional and when provided is used to unwrap the disk encryption key. | [KeyVaultAndKeyReference](#keyvaultandkeyreference-1) |
+
+### ExtendedLocation
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| name | The name of the extended location. | string |
+| type | The type of the extended location. | 'EdgeZone' |
+
+### ImageDiskReference
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| communityGalleryImageId | A relative uri containing a community Azure Compute Gallery image reference. | string |
+| id | A relative uri containing either a Platform Image Repository, user image, or Azure Compute Gallery image reference. | string |
+| lun | If the disk is created from an image's data disk, this is an index that indicates which of the data disks in the image to use. For OS disks, this field is null. | int |
+| sharedGalleryImageId | A relative uri containing a direct shared Azure Compute Gallery image reference. | string |
+
+### KeyVaultAndKeyReference
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| keyUrl | Url pointing to a key or secret in KeyVault | string (required) |
+| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-1) (required) |
+
+### KeyVaultAndSecretReference
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| secretUrl | Url pointing to a key or secret in KeyVault | string (required) |
+| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-1) (required) |
+
+### SourceVault
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| id | Resource Id | string |
+
+### SupportedCapabilities
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| acceleratedNetwork | True if the image from which the OS disk is created supports accelerated networking. | bool |
+| architecture | CPU architecture supported by an OS disk. | 'Arm64'<br />'x64' |
+| diskControllerTypes | The disk controllers that an OS disk supports. If set it can be SCSI or SCSI, NVME or NVME, SCSI. | string |
+
+### TrackedResourceTags
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+## Usage Examples
+### Azure Quickstart Templates
+
+The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Template | Description |
+> | ----- | ----- |
+> | [Create a VM from a EfficientIP VHD](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-efficientip-vhd)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-efficientip-vhd%2Fazuredeploy.json) | This template creates a VM from a EfficientIP VHD and let you connect it to an existing VNET that can reside in another Resource Group then the virtual machine |
+> | [Create a VM in a new or existing vnet from a custom VHD](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-specialized-vhd-new-or-existing-vnet)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-specialized-vhd-new-or-existing-vnet%2Fazuredeploy.json) | This template creates a VM from a specialized VHD and let you connect it to a new or existing VNET that can reside in another Resource Group than the virtual machine |
+> | [Create Disk & enable protection via Backup Vault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.dataprotection/backup-create-disk-enable-protection)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.dataprotection%2Fbackup-create-disk-enable-protection%2Fazuredeploy.json) | Template that creates a disk and enables protection via Backup Vault |
+> | [Create VM from existing VHDs and connect it to existingVNET](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-os-disk-and-data-disk-existing-vnet)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-os-disk-and-data-disk-existing-vnet%2Fazuredeploy.json) | This template creates a VM from VHDs (OS + data disk) and let you connect it to an existing VNET that can reside in another Resource Group then the virtual machine |
+> | [Creates an ultra managed disk with a specific sector size](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/ultra-managed-disk)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fultra-managed-disk%2Fazuredeploy.json) | This template creates a new ultra managed disk allowing the user to specify a sector size of either 512 or 4096. |
+> | [Deploy a 3 node Percona XtraDB Cluster in Availability Zones](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/mysql/mysql-ha-pxc-zones)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Fmysql%2Fmysql-ha-pxc-zones%2Fazuredeploy.json) | This template deploys a 3 node MySQL high availability cluster on CentOS 6.5 or Ubuntu 12.04 |
+> | [SQL VM Performance Optimized Storage Settings on UltraSSD](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.sqlvirtualmachine/sql-vm-new-storage-ultrassd)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.sqlvirtualmachine%2Fsql-vm-new-storage-ultrassd%2Fazuredeploy.json) | Create a SQL Server Virtual Machine with performance optimized storage settings, using UltraSSD for SQL Log files |
+> | [Windows Docker Host with Portainer and Traefik pre-installed](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/traefik/docker-portainer-traefik-windows-vm)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Ftraefik%2Fdocker-portainer-traefik-windows-vm%2Fazuredeploy.json) | Windows Docker Host with Portainer and Traefik pre-installed |
+> | [Windows Server VM with SSH](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-windows-ssh)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fvm-windows-ssh%2Fazuredeploy.json) | Deploy a single Windows VM with Open SSH enabled so that you can connect through SSH using key-based authentication. |
+
+
+::: zone-end
+
+::: zone pivot="deployment-language-terraform"
+
+## Terraform (AzAPI provider) resource definition
+
+The disks resource type can be deployed with operations that target: 
+
+* **Resource groups**
+
+For a list of changed properties in each API version, see [change log](~/microsoft.compute/change-log/disks.md).
+
+## Resource format
+
+To create a Microsoft.Compute/disks resource, add the following Terraform to your template.
+
+```terraform
+resource "azapi_resource" "symbolicname" {
+  type = "Microsoft.Compute/disks@2024-03-02"
+  name = "string"
+  parent_id = "string"
+  location = "string"
+  tags = {
+    {customized property} = "string"
+  }
+  body = {
+    extendedLocation = {
+      name = "string"
+      type = "string"
+    }
+    properties = {
+      burstingEnabled = bool
+      completionPercent = int
+      creationData = {
+        createOption = "string"
+        elasticSanResourceId = "string"
+        galleryImageReference = {
+          communityGalleryImageId = "string"
+          id = "string"
+          lun = int
+          sharedGalleryImageId = "string"
+        }
+        imageReference = {
+          communityGalleryImageId = "string"
+          id = "string"
+          lun = int
+          sharedGalleryImageId = "string"
+        }
+        logicalSectorSize = int
+        performancePlus = bool
+        provisionedBandwidthCopySpeed = "string"
+        securityDataUri = "string"
+        sourceResourceId = "string"
+        sourceUri = "string"
+        storageAccountId = "string"
+        uploadSizeBytes = int
+      }
+      dataAccessAuthMode = "string"
+      diskAccessId = "string"
+      diskIOPSReadOnly = int
+      diskIOPSReadWrite = int
+      diskMBpsReadOnly = int
+      diskMBpsReadWrite = int
+      diskSizeGB = int
+      encryption = {
+        diskEncryptionSetId = "string"
+        type = "string"
+      }
+      encryptionSettingsCollection = {
+        enabled = bool
+        encryptionSettings = [
+          {
+            diskEncryptionKey = {
+              secretUrl = "string"
+              sourceVault = {
+                id = "string"
+              }
+            }
+            keyEncryptionKey = {
+              keyUrl = "string"
+              sourceVault = {
+                id = "string"
+              }
+            }
+          }
+        ]
+        encryptionSettingsVersion = "string"
+      }
+      hyperVGeneration = "string"
+      maxShares = int
+      networkAccessPolicy = "string"
+      optimizedForFrequentAttach = bool
+      osType = "string"
+      publicNetworkAccess = "string"
+      purchasePlan = {
+        name = "string"
+        product = "string"
+        promotionCode = "string"
+        publisher = "string"
+      }
+      securityProfile = {
+        secureVMDiskEncryptionSetId = "string"
+        securityType = "string"
+      }
+      supportedCapabilities = {
+        acceleratedNetwork = bool
+        architecture = "string"
+        diskControllerTypes = "string"
+      }
+      supportsHibernation = bool
+      tier = "string"
+    }
+    sku = {
+      name = "string"
+    }
+    zones = [
+      "string"
+    ]
+  }
+}
+```
+## Property Values
+### Microsoft.Compute/disks
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| extendedLocation | The extended location where the disk will be created. Extended location cannot be changed. | [ExtendedLocation](#extendedlocation-2) |
+| location | The geo-location where the resource lives | string (required) |
+| name | The resource name | string (required) |
+| properties | Disk resource properties. | [DiskProperties](#diskproperties-2) |
+| sku | The disks sku name. Can be Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, StandardSSD_ZRS, or PremiumV2_LRS. | [DiskSku](#disksku-2) |
+| tags | Resource tags | Dictionary of tag names and values. |
+| type | The resource type | "Microsoft.Compute/disks@2024-03-02" |
+| zones | The Logical zone list for Disk. | string[] |
+
+### CreationData
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| createOption | This enumerates the possible sources of a disk's creation. | 'Attach'<br />'Copy'<br />'CopyFromSanSnapshot'<br />'CopyStart'<br />'Empty'<br />'FromImage'<br />'Import'<br />'ImportSecure'<br />'Restore'<br />'Upload'<br />'UploadPreparedSecure' (required) |
+| elasticSanResourceId | Required if createOption is CopyFromSanSnapshot. This is the ARM id of the source elastic san volume snapshot. | string |
+| galleryImageReference | Required if creating from a Gallery Image. The id/sharedGalleryImageId/communityGalleryImageId of the ImageDiskReference will be the ARM id of the shared galley image version from which to create a disk. | [ImageDiskReference](#imagediskreference-2) |
+| imageReference | Disk source information for PIR or user images. | [ImageDiskReference](#imagediskreference-2) |
+| logicalSectorSize | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. 4096 is the default. | int |
+| performancePlus | Set this flag to true to get a boost on the performance target of the disk deployed, see here on the respective performance target. This flag can only be set on disk creation time and cannot be disabled after enabled. | bool |
+| provisionedBandwidthCopySpeed | If this field is set on a snapshot and createOption is CopyStart, the snapshot will be copied at a quicker speed. | 'Enhanced'<br />'None' |
+| securityDataUri | If createOption is ImportSecure, this is the URI of a blob to be imported into VM guest state. | string |
+| sourceResourceId | If createOption is Copy, this is the ARM id of the source snapshot or disk. | string |
+| sourceUri | If createOption is Import, this is the URI of a blob to be imported into a managed disk. | string |
+| storageAccountId | Required if createOption is Import. The Azure Resource Manager identifier of the storage account containing the blob to import as a disk. | string |
+| uploadSizeBytes | If createOption is Upload, this is the size of the contents of the upload including the VHD footer. This value should be between 20972032 (20 MiB + 512 bytes for the VHD footer) and 35183298347520 bytes (32 TiB + 512 bytes for the VHD footer). | int |
+
+### DiskProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| burstingEnabled | Set to true to enable bursting beyond the provisioned performance target of the disk. Bursting is disabled by default. Does not apply to Ultra disks. | bool |
+| completionPercent | Percentage complete for the background copy when a resource is created via the CopyStart operation. | int |
+| creationData | Disk source information. CreationData information cannot be changed after the disk has been created. | [CreationData](#creationdata-2) (required) |
+| dataAccessAuthMode | Additional authentication requirements when exporting or uploading to a disk or snapshot. | 'AzureActiveDirectory'<br />'None' |
+| diskAccessId | ARM id of the DiskAccess resource for using private endpoints on disks. | string |
+| diskIOPSReadOnly | The total number of IOPS that will be allowed across all VMs mounting the shared disk as ReadOnly. One operation can transfer between 4k and 256k bytes. | int |
+| diskIOPSReadWrite | The number of IOPS allowed for this disk; only settable for UltraSSD disks. One operation can transfer between 4k and 256k bytes. | int |
+| diskMBpsReadOnly | The total throughput (MBps) that will be allowed across all VMs mounting the shared disk as ReadOnly. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int |
+| diskMBpsReadWrite | The bandwidth allowed for this disk; only settable for UltraSSD disks. MBps means millions of bytes per second - MB here uses the ISO notation, of powers of 10. | int |
+| diskSizeGB | If creationData.createOption is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size. | int |
+| encryption | Encryption property can be used to encrypt data at rest with customer managed keys or platform managed keys. | [Encryption](#encryption-2) |
+| encryptionSettingsCollection | Encryption settings collection used for Azure Disk Encryption, can contain multiple encryption settings per disk or snapshot. | [EncryptionSettingsCollection](#encryptionsettingscollection-2) |
+| hyperVGeneration | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | 'V1'<br />'V2' |
+| maxShares | The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time. | int |
+| networkAccessPolicy | Policy for accessing the disk via network. | 'AllowAll'<br />'AllowPrivate'<br />'DenyAll' |
+| optimizedForFrequentAttach | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | bool |
+| osType | The Operating System type. | 'Linux'<br />'Windows' |
+| publicNetworkAccess | Policy for controlling export on the disk. | 'Disabled'<br />'Enabled' |
+| purchasePlan | Purchase plan information for the the image from which the OS disk was created. E.g. - {name: 2019-Datacenter, publisher: MicrosoftWindowsServer, product: WindowsServer} | [DiskPurchasePlan](#diskpurchaseplan-2) |
+| securityProfile | Contains the security related information for the resource. | [DiskSecurityProfile](#disksecurityprofile-2) |
+| supportedCapabilities | List of supported capabilities for the image from which the OS disk was created. | [SupportedCapabilities](#supportedcapabilities-2) |
+| supportsHibernation | Indicates the OS on a disk supports hibernation. | bool |
+| tier | Performance tier of the disk (e.g, P4, S10) as described here: https://azure.microsoft.com/en-us/pricing/details/managed-disks/. Does not apply to Ultra disks. | string |
+
+### DiskPurchasePlan
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| name | The plan ID. | string (required) |
+| product | Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference element. | string (required) |
+| promotionCode | The Offer Promotion Code. | string |
+| publisher | The publisher ID. | string (required) |
+
+### DiskSecurityProfile
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| secureVMDiskEncryptionSetId | ResourceId of the disk encryption set associated to Confidential VM supported disk encrypted with customer managed key | string |
+| securityType | Specifies the SecurityType of the VM. Applicable for OS disks only. | 'ConfidentialVM_DiskEncryptedWithCustomerKey'<br />'ConfidentialVM_DiskEncryptedWithPlatformKey'<br />'ConfidentialVM_NonPersistedTPM'<br />'ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey'<br />'TrustedLaunch' |
+
+### DiskSku
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| name | The sku name. | 'PremiumV2_LRS'<br />'Premium_LRS'<br />'Premium_ZRS'<br />'StandardSSD_LRS'<br />'StandardSSD_ZRS'<br />'Standard_LRS'<br />'UltraSSD_LRS' |
+
+### Encryption
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| diskEncryptionSetId | ResourceId of the disk encryption set to use for enabling encryption at rest. | string |
+| type | The type of key used to encrypt the data of the disk. | 'EncryptionAtRestWithCustomerKey'<br />'EncryptionAtRestWithPlatformAndCustomerKeys'<br />'EncryptionAtRestWithPlatformKey' |
+
+### EncryptionSettingsCollection
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| enabled | Set this flag to true and provide DiskEncryptionKey and optional KeyEncryptionKey to enable encryption. Set this flag to false and remove DiskEncryptionKey and KeyEncryptionKey to disable encryption. If EncryptionSettings is null in the request object, the existing settings remain unchanged. | bool (required) |
+| encryptionSettings | A collection of encryption settings, one for each disk volume. | [EncryptionSettingsElement](#encryptionsettingselement-2)[] |
+| encryptionSettingsVersion | Describes what type of encryption is used for the disks. Once this field is set, it cannot be overwritten. '1.0' corresponds to Azure Disk Encryption with AAD app.'1.1' corresponds to Azure Disk Encryption. | string |
+
+### EncryptionSettingsElement
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| diskEncryptionKey | Key Vault Secret Url and vault id of the disk encryption key | [KeyVaultAndSecretReference](#keyvaultandsecretreference-2) |
+| keyEncryptionKey | Key Vault Key Url and vault id of the key encryption key. KeyEncryptionKey is optional and when provided is used to unwrap the disk encryption key. | [KeyVaultAndKeyReference](#keyvaultandkeyreference-2) |
+
+### ExtendedLocation
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| name | The name of the extended location. | string |
+| type | The type of the extended location. | 'EdgeZone' |
+
+### ImageDiskReference
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| communityGalleryImageId | A relative uri containing a community Azure Compute Gallery image reference. | string |
+| id | A relative uri containing either a Platform Image Repository, user image, or Azure Compute Gallery image reference. | string |
+| lun | If the disk is created from an image's data disk, this is an index that indicates which of the data disks in the image to use. For OS disks, this field is null. | int |
+| sharedGalleryImageId | A relative uri containing a direct shared Azure Compute Gallery image reference. | string |
+
+### KeyVaultAndKeyReference
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| keyUrl | Url pointing to a key or secret in KeyVault | string (required) |
+| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-2) (required) |
+
+### KeyVaultAndSecretReference
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| secretUrl | Url pointing to a key or secret in KeyVault | string (required) |
+| sourceVault | Resource id of the KeyVault containing the key or secret | [SourceVault](#sourcevault-2) (required) |
+
+### SourceVault
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| id | Resource Id | string |
+
+### SupportedCapabilities
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| acceleratedNetwork | True if the image from which the OS disk is created supports accelerated networking. | bool |
+| architecture | CPU architecture supported by an OS disk. | 'Arm64'<br />'x64' |
+| diskControllerTypes | The disk controllers that an OS disk supports. If set it can be SCSI or SCSI, NVME or NVME, SCSI. | string |
+
+### TrackedResourceTags
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+## Usage Examples
+### Terraform Samples
+
+A basic example of deploying Managed Disk.
+
+```terraform
+terraform {
+  required_providers {
+    azapi = {
+      source = "Azure/azapi"
+    }
+  }
+}
+
+provider "azapi" {
+  skip_provider_registration = false
+}
+
+variable "resource_name" {
+  type    = string
+  default = "acctest0001"
+}
+
+variable "location" {
+  type    = string
+  default = "westeurope"
+}
+
+resource "azapi_resource" "resourceGroup" {
+  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
+  name     = var.resource_name
+  location = var.location
+}
+
+resource "azapi_resource" "disk" {
+  type      = "Microsoft.Compute/disks@2022-03-02"
+  parent_id = azapi_resource.resourceGroup.id
+  name      = var.resource_name
+  location  = var.location
+  body = {
+    properties = {
+      creationData = {
+        createOption = "Empty"
+      }
+      diskSizeGB = 10
+      encryption = {
+        type = "EncryptionAtRestWithPlatformKey"
+      }
+      networkAccessPolicy = "AllowAll"
+      osType              = ""
+      publicNetworkAccess = "Enabled"
+    }
+    sku = {
+      name = "Standard_LRS"
+    }
+  }
+  schema_validation_enabled = false
+  response_export_values    = ["*"]
+}
+```
+### Azure Verified Modules
+
+The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Module | Description |
+> | ----- | ----- |
+> | [Compute Disk](https://github.com/Azure/terraform-azurerm-avm-res-compute-disk) | AVM Resource Module for Compute Disk |
+
+
+::: zone-end
diff --git a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.documentdb/2024-05-15/databaseaccounts.md b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.documentdb/2024-05-15/databaseaccounts.md
index f8dfd4ef..4642b1fb 100644
--- a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.documentdb/2024-05-15/databaseaccounts.md
+++ b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.documentdb/2024-05-15/databaseaccounts.md
@@ -1,1316 +1,1359 @@
----
-title: Microsoft.DocumentDB/databaseAccounts 2024-05-15
-description: Azure Microsoft.DocumentDB/databaseAccounts syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2024-05-15
-zone_pivot_groups: deployment-languages-reference
-ms.service: azure-resource-manager
-ms.topic: reference
----
-# Microsoft.DocumentDB databaseAccounts 2024-05-15
-
-> [!div class="op_single_selector" title1="API Versions:"]
-> - [Latest](../databaseaccounts.md)
-> - [2025-11-01-preview](../2025-11-01-preview/databaseaccounts.md)
-> - [2025-10-15](../2025-10-15/databaseaccounts.md)
-> - [2025-05-01-preview](../2025-05-01-preview/databaseaccounts.md)
-> - [2025-04-15](../2025-04-15/databaseaccounts.md)
-> - [2024-12-01-preview](../2024-12-01-preview/databaseaccounts.md)
-> - [2024-11-15](../2024-11-15/databaseaccounts.md)
-> - [2024-09-01-preview](../2024-09-01-preview/databaseaccounts.md)
-> - [2024-08-15](../2024-08-15/databaseaccounts.md)
-> - [2024-05-15](../2024-05-15/databaseaccounts.md)
-> - [2024-05-15-preview](../2024-05-15-preview/databaseaccounts.md)
-> - [2024-02-15-preview](../2024-02-15-preview/databaseaccounts.md)
-> - [2023-11-15](../2023-11-15/databaseaccounts.md)
-> - [2023-11-15-preview](../2023-11-15-preview/databaseaccounts.md)
-> - [2023-09-15](../2023-09-15/databaseaccounts.md)
-> - [2023-09-15-preview](../2023-09-15-preview/databaseaccounts.md)
-> - [2023-04-15](../2023-04-15/databaseaccounts.md)
-> - [2023-03-15](../2023-03-15/databaseaccounts.md)
-> - [2023-03-15-preview](../2023-03-15-preview/databaseaccounts.md)
-> - [2023-03-01-preview](../2023-03-01-preview/databaseaccounts.md)
-> - [2022-11-15](../2022-11-15/databaseaccounts.md)
-> - [2022-11-15-preview](../2022-11-15-preview/databaseaccounts.md)
-> - [2022-08-15](../2022-08-15/databaseaccounts.md)
-> - [2022-08-15-preview](../2022-08-15-preview/databaseaccounts.md)
-> - [2022-05-15](../2022-05-15/databaseaccounts.md)
-> - [2022-05-15-preview](../2022-05-15-preview/databaseaccounts.md)
-> - [2022-02-15-preview](../2022-02-15-preview/databaseaccounts.md)
-> - [2021-11-15-preview](../2021-11-15-preview/databaseaccounts.md)
-> - [2021-10-15](../2021-10-15/databaseaccounts.md)
-> - [2021-10-15-preview](../2021-10-15-preview/databaseaccounts.md)
-> - [2021-07-01-preview](../2021-07-01-preview/databaseaccounts.md)
-> - [2021-06-15](../2021-06-15/databaseaccounts.md)
-> - [2021-05-15](../2021-05-15/databaseaccounts.md)
-> - [2021-04-15](../2021-04-15/databaseaccounts.md)
-> - [2021-04-01-preview](../2021-04-01-preview/databaseaccounts.md)
-> - [2021-03-15](../2021-03-15/databaseaccounts.md)
-> - [2021-03-01-preview](../2021-03-01-preview/databaseaccounts.md)
-> - [2021-01-15](../2021-01-15/databaseaccounts.md)
-> - [2020-09-01](../2020-09-01/databaseaccounts.md)
-> - [2020-06-01-preview](../2020-06-01-preview/databaseaccounts.md)
-> - [2020-04-01](../2020-04-01/databaseaccounts.md)
-> - [2020-03-01](../2020-03-01/databaseaccounts.md)
-> - [2019-12-12](../2019-12-12/databaseaccounts.md)
-> - [2019-08-01](../2019-08-01/databaseaccounts.md)
-> - [2016-03-31](../2016-03-31/databaseaccounts.md)
-> - [2016-03-19](../2016-03-19/databaseaccounts.md)
-> - [2015-11-06](../2015-11-06/databaseaccounts.md)
-> - [2015-04-08](../2015-04-08/databaseaccounts.md)
-> - [2015-04-01](../2015-04-01/databaseaccounts.md)
-
-
-::: zone pivot="deployment-language-bicep"
-
-## Bicep resource definition
-
-The databaseAccounts resource type can be deployed with operations that target: 
-
-* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-resource-group)
-
-For a list of changed properties in each API version, see [change log](~/microsoft.documentdb/change-log/databaseaccounts.md).
-
-## Resource format
-
-To create a Microsoft.DocumentDB/databaseAccounts resource, add the following Bicep to your template.
-
-```bicep
-resource symbolicname 'Microsoft.DocumentDB/databaseAccounts@2024-05-15' = {
-  identity: {
-    type: 'string'
-    userAssignedIdentities: {
-      {customized property}: {}
-    }
-  }
-  kind: 'string'
-  location: 'string'
-  name: 'string'
+---
+title: Microsoft.DocumentDB/databaseAccounts 2024-05-15
+description: Azure Microsoft.DocumentDB/databaseAccounts syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2024-05-15
+zone_pivot_groups: deployment-languages-reference
+ms.service: azure-resource-manager
+ms.topic: reference
+---
+# Microsoft.DocumentDB databaseAccounts 2024-05-15
+
+> [!div class="op_single_selector" title1="API Versions:"]
+> - [Latest](../databaseaccounts.md)
+> - [2025-11-01-preview](../2025-11-01-preview/databaseaccounts.md)
+> - [2025-10-15](../2025-10-15/databaseaccounts.md)
+> - [2025-05-01-preview](../2025-05-01-preview/databaseaccounts.md)
+> - [2025-04-15](../2025-04-15/databaseaccounts.md)
+> - [2024-12-01-preview](../2024-12-01-preview/databaseaccounts.md)
+> - [2024-11-15](../2024-11-15/databaseaccounts.md)
+> - [2024-09-01-preview](../2024-09-01-preview/databaseaccounts.md)
+> - [2024-08-15](../2024-08-15/databaseaccounts.md)
+> - [2024-05-15](../2024-05-15/databaseaccounts.md)
+> - [2024-05-15-preview](../2024-05-15-preview/databaseaccounts.md)
+> - [2024-02-15-preview](../2024-02-15-preview/databaseaccounts.md)
+> - [2023-11-15](../2023-11-15/databaseaccounts.md)
+> - [2023-11-15-preview](../2023-11-15-preview/databaseaccounts.md)
+> - [2023-09-15](../2023-09-15/databaseaccounts.md)
+> - [2023-09-15-preview](../2023-09-15-preview/databaseaccounts.md)
+> - [2023-04-15](../2023-04-15/databaseaccounts.md)
+> - [2023-03-15](../2023-03-15/databaseaccounts.md)
+> - [2023-03-15-preview](../2023-03-15-preview/databaseaccounts.md)
+> - [2023-03-01-preview](../2023-03-01-preview/databaseaccounts.md)
+> - [2022-11-15](../2022-11-15/databaseaccounts.md)
+> - [2022-11-15-preview](../2022-11-15-preview/databaseaccounts.md)
+> - [2022-08-15](../2022-08-15/databaseaccounts.md)
+> - [2022-08-15-preview](../2022-08-15-preview/databaseaccounts.md)
+> - [2022-05-15](../2022-05-15/databaseaccounts.md)
+> - [2022-05-15-preview](../2022-05-15-preview/databaseaccounts.md)
+> - [2022-02-15-preview](../2022-02-15-preview/databaseaccounts.md)
+> - [2021-11-15-preview](../2021-11-15-preview/databaseaccounts.md)
+> - [2021-10-15](../2021-10-15/databaseaccounts.md)
+> - [2021-10-15-preview](../2021-10-15-preview/databaseaccounts.md)
+> - [2021-07-01-preview](../2021-07-01-preview/databaseaccounts.md)
+> - [2021-06-15](../2021-06-15/databaseaccounts.md)
+> - [2021-05-15](../2021-05-15/databaseaccounts.md)
+> - [2021-04-15](../2021-04-15/databaseaccounts.md)
+> - [2021-04-01-preview](../2021-04-01-preview/databaseaccounts.md)
+> - [2021-03-15](../2021-03-15/databaseaccounts.md)
+> - [2021-03-01-preview](../2021-03-01-preview/databaseaccounts.md)
+> - [2021-01-15](../2021-01-15/databaseaccounts.md)
+> - [2020-09-01](../2020-09-01/databaseaccounts.md)
+> - [2020-06-01-preview](../2020-06-01-preview/databaseaccounts.md)
+> - [2020-04-01](../2020-04-01/databaseaccounts.md)
+> - [2020-03-01](../2020-03-01/databaseaccounts.md)
+> - [2019-12-12](../2019-12-12/databaseaccounts.md)
+> - [2019-08-01](../2019-08-01/databaseaccounts.md)
+> - [2016-03-31](../2016-03-31/databaseaccounts.md)
+> - [2016-03-19](../2016-03-19/databaseaccounts.md)
+> - [2015-11-06](../2015-11-06/databaseaccounts.md)
+> - [2015-04-08](../2015-04-08/databaseaccounts.md)
+> - [2015-04-01](../2015-04-01/databaseaccounts.md)
+
+
+::: zone pivot="deployment-language-bicep"
+
+## Bicep resource definition
+
+The databaseAccounts resource type can be deployed with operations that target: 
+
+* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-resource-group)
+
+For a list of changed properties in each API version, see [change log](~/microsoft.documentdb/change-log/databaseaccounts.md).
+
+## Resource format
+
+To create a Microsoft.DocumentDB/databaseAccounts resource, add the following Bicep to your template.
+
+```bicep
+resource symbolicname 'Microsoft.DocumentDB/databaseAccounts@2024-05-15' = {
+  identity: {
+    type: 'string'
+    userAssignedIdentities: {
+      {customized property}: {}
+    }
+  }
+  kind: 'string'
+  location: 'string'
+  name: 'string'
+  properties: {
+    analyticalStorageConfiguration: {
+      schemaType: 'string'
+    }
+    apiProperties: {
+      serverVersion: 'string'
+    }
+    backupPolicy: {
+      migrationState: {
+        startTime: 'string'
+        status: 'string'
+        targetType: 'string'
+      }
+      type: 'string'
+      // For remaining properties, see BackupPolicy objects
+    }
+    capabilities: [
+      {
+        name: 'string'
+      }
+    ]
+    capacity: {
+      totalThroughputLimit: int
+    }
+    connectorOffer: 'string'
+    consistencyPolicy: {
+      defaultConsistencyLevel: 'string'
+      maxIntervalInSeconds: int
+      maxStalenessPrefix: int
+    }
+    cors: [
+      {
+        allowedHeaders: 'string'
+        allowedMethods: 'string'
+        allowedOrigins: 'string'
+        exposedHeaders: 'string'
+        maxAgeInSeconds: int
+      }
+    ]
+    createMode: 'string'
+    customerManagedKeyStatus: 'string'
+    databaseAccountOfferType: 'Standard'
+    defaultIdentity: 'string'
+    disableKeyBasedMetadataWriteAccess: bool
+    disableLocalAuth: bool
+    enableAnalyticalStorage: bool
+    enableAutomaticFailover: bool
+    enableBurstCapacity: bool
+    enableCassandraConnector: bool
+    enableFreeTier: bool
+    enableMultipleWriteLocations: bool
+    enablePartitionMerge: bool
+    ipRules: [
+      {
+        ipAddressOrRange: 'string'
+      }
+    ]
+    isVirtualNetworkFilterEnabled: bool
+    keyVaultKeyUri: 'string'
+    locations: [
+      {
+        failoverPriority: int
+        isZoneRedundant: bool
+        locationName: 'string'
+      }
+    ]
+    minimalTlsVersion: 'string'
+    networkAclBypass: 'string'
+    networkAclBypassResourceIds: [
+      'string'
+    ]
+    publicNetworkAccess: 'string'
+    restoreParameters: {
+      databasesToRestore: [
+        {
+          collectionNames: [
+            'string'
+          ]
+          databaseName: 'string'
+        }
+      ]
+      gremlinDatabasesToRestore: [
+        {
+          databaseName: 'string'
+          graphNames: [
+            'string'
+          ]
+        }
+      ]
+      restoreMode: 'string'
+      restoreSource: 'string'
+      restoreTimestampInUtc: 'string'
+      tablesToRestore: [
+        'string'
+      ]
+    }
+    virtualNetworkRules: [
+      {
+        id: 'string'
+        ignoreMissingVNetServiceEndpoint: bool
+      }
+    ]
+  }
+  tags: {
+    {customized property}: 'string'
+  }
+}
+```
+### BackupPolicy objects
+
+Set the **type** property to specify the type of object.
+
+For **Continuous**, use:
+
+```bicep
+{
+  continuousModeProperties: {
+    tier: 'string'
+  }
+  type: 'Continuous'
+}
+```
+
+For **Periodic**, use:
+
+```bicep
+{
+  periodicModeProperties: {
+    backupIntervalInMinutes: int
+    backupRetentionIntervalInHours: int
+    backupStorageRedundancy: 'string'
+  }
+  type: 'Periodic'
+}
+```
+
+## Property Values
+### Microsoft.DocumentDB/databaseAccounts
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| identity | Identity for the resource. | [ManagedServiceIdentity](#managedserviceidentity) |
+| kind | Indicates the type of database account. This can only be set at database account creation. | 'GlobalDocumentDB'<br />'MongoDB'<br />'Parse' |
+| location | The location of the resource group to which the resource belongs. | string |
+| name | The resource name | string <br /><br />Constraints:<br />Min length = 3<br />Max length = 50<br />Pattern = `^[a-z0-9]+(-[a-z0-9]+)*` (required) |
+| properties | Properties to create and update Azure Cosmos DB database accounts. | [DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties](#databaseaccountcreateupdatepropertiesordatabaseaccountgetproperties) (required) |
+| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
+
+### AnalyticalStorageConfiguration
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| schemaType | Describes the types of schema for analytical storage. | 'FullFidelity'<br />'WellDefined' |
+
+### ApiProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| serverVersion | Describes the ServerVersion of an a MongoDB account. | '3.2'<br />'3.6'<br />'4.0'<br />'4.2'<br />'5.0'<br />'6.0' |
+
+### BackupPolicy
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| migrationState | The object representing the state of the migration between the backup policies. | [BackupPolicyMigrationState](#backuppolicymigrationstate) |
+| type | Set to 'Continuous' for type [ContinuousModeBackupPolicy](#continuousmodebackuppolicy). Set to 'Periodic' for type [PeriodicModeBackupPolicy](#periodicmodebackuppolicy). | 'Continuous'<br />'Periodic' (required) |
+
+### BackupPolicyMigrationState
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| startTime | Time at which the backup policy migration started (ISO-8601 format). | string |
+| status | Describes the status of migration between backup policy types. | 'Completed'<br />'Failed'<br />'InProgress'<br />'Invalid' |
+| targetType | Describes the target backup policy type of the backup policy migration. | 'Continuous'<br />'Periodic' |
+
+### Capability
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| name | Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". | string |
+
+### Capacity
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| totalThroughputLimit | The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. | int <br /><br />Constraints:<br />Min value = -1 |
+
+### Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+### ConsistencyPolicy
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| defaultConsistencyLevel | The default consistency level and configuration settings of the Cosmos DB account. | 'BoundedStaleness'<br />'ConsistentPrefix'<br />'Eventual'<br />'Session'<br />'Strong' (required) |
+| maxIntervalInSeconds | When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int <br /><br />Constraints:<br />Min value = 5<br />Max value = 86400 |
+| maxStalenessPrefix | When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int <br /><br />Constraints:<br />Min value = 1<br />Max value = 2147483647 |
+
+### ContinuousModeBackupPolicy
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| continuousModeProperties | Configuration values for continuous mode backup | [ContinuousModeProperties](#continuousmodeproperties) |
+| type | Describes the mode of backups. | 'Continuous' (required) |
+
+### ContinuousModeProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| tier | Enum to indicate type of Continuous backup mode | 'Continuous30Days'<br />'Continuous7Days' |
+
+### CorsPolicy
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| allowedHeaders | The request headers that the origin domain may specify on the CORS request. | string |
+| allowedMethods | The methods (HTTP request verbs) that the origin domain may use for a CORS request. | string |
+| allowedOrigins | The origin domains that are permitted to make a request against the service via CORS. | string (required) |
+| exposedHeaders | The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. | string |
+| maxAgeInSeconds | The maximum amount time that a browser should cache the preflight OPTIONS request. | int <br /><br />Constraints:<br />Min value = 1<br />Max value = 2147483647 |
+
+### DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| analyticalStorageConfiguration | Analytical storage specific properties. | [AnalyticalStorageConfiguration](#analyticalstorageconfiguration) |
+| apiProperties | API specific properties. Currently, supported only for MongoDB API. | [ApiProperties](#apiproperties) |
+| backupPolicy | The object representing the policy for taking backups on an account. | [BackupPolicy](#backuppolicy) |
+| capabilities | List of Cosmos DB capabilities for the account | [Capability](#capability)[] |
+| capacity | The object that represents all properties related to capacity enforcement on an account. | [Capacity](#capacity) |
+| connectorOffer | The cassandra connector offer type for the Cosmos DB database C* account. | 'Small' |
+| consistencyPolicy | The consistency policy for the Cosmos DB account. | [ConsistencyPolicy](#consistencypolicy) |
+| cors | The CORS policy for the Cosmos DB database account. | [CorsPolicy](#corspolicy)[] |
+| createMode | Enum to indicate the mode of account creation. | 'Default'<br />'Restore' |
+| customerManagedKeyStatus | Indicates the status of the Customer Managed Key feature on the account. In case there are errors, the property provides troubleshooting guidance. | string |
+| databaseAccountOfferType | The offer type for the database | 'Standard' (required) |
+| defaultIdentity | The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. | string |
+| disableKeyBasedMetadataWriteAccess | Disable write operations on metadata resources (databases, containers, throughput) via account keys | bool |
+| disableLocalAuth | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | bool |
+| enableAnalyticalStorage | Flag to indicate whether to enable storage analytics. | bool |
+| enableAutomaticFailover | Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. | bool |
+| enableBurstCapacity | Flag to indicate enabling/disabling of Burst Capacity feature on the account | bool |
+| enableCassandraConnector | Enables the cassandra connector on the Cosmos DB C* account | bool |
+| enableFreeTier | Flag to indicate whether Free Tier is enabled. | bool |
+| enableMultipleWriteLocations | Enables the account to write in multiple locations | bool |
+| enablePartitionMerge | Flag to indicate enabling/disabling of Partition Merge feature on the account | bool |
+| ipRules | List of IpRules. | [IpAddressOrRange](#ipaddressorrange)[] |
+| isVirtualNetworkFilterEnabled | Flag to indicate whether to enable/disable Virtual Network ACL rules. | bool |
+| keyVaultKeyUri | The URI of the key vault | string |
+| locations | An array that contains the georeplication locations enabled for the Cosmos DB account. | [Location](#location)[] (required) |
+| minimalTlsVersion | Indicates the minimum allowed Tls version. The default value is Tls 1.2. Cassandra and Mongo APIs only work with Tls 1.2. | 'Tls'<br />'Tls11'<br />'Tls12' |
+| networkAclBypass | Indicates what services are allowed to bypass firewall checks. | 'AzureServices'<br />'None' |
+| networkAclBypassResourceIds | An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. | string[] |
+| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled'<br />'Enabled'<br />'SecuredByPerimeter' |
+| restoreParameters | Parameters to indicate the information about the restore. | [RestoreParameters](#restoreparameters) |
+| virtualNetworkRules | List of Virtual Network ACL rules configured for the Cosmos DB account. | [VirtualNetworkRule](#virtualnetworkrule)[] |
+
+### DatabaseRestoreResource
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| collectionNames | The names of the collections available for restore. | string[] |
+| databaseName | The name of the database available for restore. | string |
+
+### GremlinDatabaseRestoreResource
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| databaseName | The name of the gremlin database available for restore. | string |
+| graphNames | The names of the graphs available for restore. | string[] |
+
+### IpAddressOrRange
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| ipAddressOrRange | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. | string |
+
+### Location
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| failoverPriority | The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. | int <br /><br />Constraints:<br />Min value = 0 |
+| isZoneRedundant | Flag to indicate whether or not this region is an AvailabilityZone region | bool |
+| locationName | The name of the region. | string |
+
+### ManagedServiceIdentity
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| type | The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. | 'None'<br />'SystemAssigned'<br />'SystemAssigned,UserAssigned'<br />'UserAssigned' |
+| userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | [ManagedServiceIdentityUserAssignedIdentities](#managedserviceidentityuserassignedidentities) |
+
+### ManagedServiceIdentityUserAssignedIdentities
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+### PeriodicModeBackupPolicy
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| periodicModeProperties | Configuration values for periodic mode backup | [PeriodicModeProperties](#periodicmodeproperties) |
+| type | Describes the mode of backups. | 'Periodic' (required) |
+
+### PeriodicModeProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| backupIntervalInMinutes | An integer representing the interval in minutes between two backups | int <br /><br />Constraints:<br />Min value = 0 |
+| backupRetentionIntervalInHours | An integer representing the time (in hours) that each backup is retained | int <br /><br />Constraints:<br />Min value = 0 |
+| backupStorageRedundancy | Enum to indicate type of backup residency | 'Geo'<br />'Local'<br />'Zone' |
+
+### RestoreParameters
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| databasesToRestore | List of specific databases available for restore. | [DatabaseRestoreResource](#databaserestoreresource)[] |
+| gremlinDatabasesToRestore | List of specific gremlin databases available for restore. | [GremlinDatabaseRestoreResource](#gremlindatabaserestoreresource)[] |
+| restoreMode | Describes the mode of the restore. | 'PointInTime' |
+| restoreSource | The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} | string |
+| restoreTimestampInUtc | Time to which the account has to be restored (ISO-8601 format). | string |
+| tablesToRestore | List of specific tables available for restore. | string[] |
+
+### Tags
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+### VirtualNetworkRule
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| id | Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | string |
+| ignoreMissingVNetServiceEndpoint | Create firewall rule before the virtual network has vnet service endpoint enabled. | bool |
+
+## Usage Examples
+### Bicep Samples
+
+A basic example of deploying CosmosDB (formally DocumentDB) Account.
+
+```bicep
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-10-15' = {
+  name: resourceName
+  location: location
+  kind: 'GlobalDocumentDB'
   properties: {
-    analyticalStorageConfiguration: {
-      schemaType: 'string'
-    }
-    apiProperties: {
-      serverVersion: 'string'
-    }
-    backupPolicy: {
-      migrationState: {
-        startTime: 'string'
-        status: 'string'
-        targetType: 'string'
-      }
-      type: 'string'
-      // For remaining properties, see BackupPolicy objects
-    }
-    capabilities: [
-      {
-        name: 'string'
-      }
-    ]
-    capacity: {
-      totalThroughputLimit: int
-    }
-    connectorOffer: 'string'
+    capabilities: []
     consistencyPolicy: {
-      defaultConsistencyLevel: 'string'
-      maxIntervalInSeconds: int
-      maxStalenessPrefix: int
+      defaultConsistencyLevel: 'BoundedStaleness'
+      maxIntervalInSeconds: 10
+      maxStalenessPrefix: 200
     }
-    cors: [
-      {
-        allowedHeaders: 'string'
-        allowedMethods: 'string'
-        allowedOrigins: 'string'
-        exposedHeaders: 'string'
-        maxAgeInSeconds: int
-      }
-    ]
-    createMode: 'string'
-    customerManagedKeyStatus: 'string'
     databaseAccountOfferType: 'Standard'
-    defaultIdentity: 'string'
-    disableKeyBasedMetadataWriteAccess: bool
-    disableLocalAuth: bool
-    enableAnalyticalStorage: bool
-    enableAutomaticFailover: bool
-    enableBurstCapacity: bool
-    enableCassandraConnector: bool
-    enableFreeTier: bool
-    enableMultipleWriteLocations: bool
-    enablePartitionMerge: bool
-    ipRules: [
-      {
-        ipAddressOrRange: 'string'
-      }
-    ]
-    isVirtualNetworkFilterEnabled: bool
-    keyVaultKeyUri: 'string'
+    defaultIdentity: 'FirstPartyIdentity'
+    disableKeyBasedMetadataWriteAccess: false
+    disableLocalAuth: false
+    enableAnalyticalStorage: false
+    enableAutomaticFailover: false
+    enableFreeTier: false
+    enableMultipleWriteLocations: false
+    ipRules: []
+    isVirtualNetworkFilterEnabled: false
     locations: [
       {
-        failoverPriority: int
-        isZoneRedundant: bool
-        locationName: 'string'
-      }
-    ]
-    minimalTlsVersion: 'string'
-    networkAclBypass: 'string'
-    networkAclBypassResourceIds: [
-      'string'
-    ]
-    publicNetworkAccess: 'string'
-    restoreParameters: {
-      databasesToRestore: [
-        {
-          collectionNames: [
-            'string'
-          ]
-          databaseName: 'string'
-        }
-      ]
-      gremlinDatabasesToRestore: [
-        {
-          databaseName: 'string'
-          graphNames: [
-            'string'
-          ]
-        }
-      ]
-      restoreMode: 'string'
-      restoreSource: 'string'
-      restoreTimestampInUtc: 'string'
-      tablesToRestore: [
-        'string'
-      ]
-    }
-    virtualNetworkRules: [
-      {
-        id: 'string'
-        ignoreMissingVNetServiceEndpoint: bool
-      }
-    ]
-  }
-  tags: {
-    {customized property}: 'string'
-  }
-}
-```
-### BackupPolicy objects
-
-Set the **type** property to specify the type of object.
-
-For **Continuous**, use:
-
-```bicep
-{
-  continuousModeProperties: {
-    tier: 'string'
-  }
-  type: 'Continuous'
-}
-```
-
-For **Periodic**, use:
-
-```bicep
-{
-  periodicModeProperties: {
-    backupIntervalInMinutes: int
-    backupRetentionIntervalInHours: int
-    backupStorageRedundancy: 'string'
-  }
-  type: 'Periodic'
-}
-```
-
-## Property Values
-### Microsoft.DocumentDB/databaseAccounts
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| identity | Identity for the resource. | [ManagedServiceIdentity](#managedserviceidentity) |
-| kind | Indicates the type of database account. This can only be set at database account creation. | 'GlobalDocumentDB'<br />'MongoDB'<br />'Parse' |
-| location | The location of the resource group to which the resource belongs. | string |
-| name | The resource name | string <br /><br />Constraints:<br />Min length = 3<br />Max length = 50<br />Pattern = `^[a-z0-9]+(-[a-z0-9]+)*` (required) |
-| properties | Properties to create and update Azure Cosmos DB database accounts. | [DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties](#databaseaccountcreateupdatepropertiesordatabaseaccountgetproperties) (required) |
-| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
-
-### AnalyticalStorageConfiguration
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| schemaType | Describes the types of schema for analytical storage. | 'FullFidelity'<br />'WellDefined' |
-
-### ApiProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| serverVersion | Describes the ServerVersion of an a MongoDB account. | '3.2'<br />'3.6'<br />'4.0'<br />'4.2'<br />'5.0'<br />'6.0' |
-
-### BackupPolicy
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| migrationState | The object representing the state of the migration between the backup policies. | [BackupPolicyMigrationState](#backuppolicymigrationstate) |
-| type | Set to 'Continuous' for type [ContinuousModeBackupPolicy](#continuousmodebackuppolicy). Set to 'Periodic' for type [PeriodicModeBackupPolicy](#periodicmodebackuppolicy). | 'Continuous'<br />'Periodic' (required) |
-
-### BackupPolicyMigrationState
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| startTime | Time at which the backup policy migration started (ISO-8601 format). | string |
-| status | Describes the status of migration between backup policy types. | 'Completed'<br />'Failed'<br />'InProgress'<br />'Invalid' |
-| targetType | Describes the target backup policy type of the backup policy migration. | 'Continuous'<br />'Periodic' |
-
-### Capability
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| name | Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". | string |
-
-### Capacity
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| totalThroughputLimit | The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. | int <br /><br />Constraints:<br />Min value = -1 |
-
-### Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-### ConsistencyPolicy
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| defaultConsistencyLevel | The default consistency level and configuration settings of the Cosmos DB account. | 'BoundedStaleness'<br />'ConsistentPrefix'<br />'Eventual'<br />'Session'<br />'Strong' (required) |
-| maxIntervalInSeconds | When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int <br /><br />Constraints:<br />Min value = 5<br />Max value = 86400 |
-| maxStalenessPrefix | When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int <br /><br />Constraints:<br />Min value = 1<br />Max value = 2147483647 |
-
-### ContinuousModeBackupPolicy
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| continuousModeProperties | Configuration values for continuous mode backup | [ContinuousModeProperties](#continuousmodeproperties) |
-| type | Describes the mode of backups. | 'Continuous' (required) |
-
-### ContinuousModeProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| tier | Enum to indicate type of Continuous backup mode | 'Continuous30Days'<br />'Continuous7Days' |
-
-### CorsPolicy
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| allowedHeaders | The request headers that the origin domain may specify on the CORS request. | string |
-| allowedMethods | The methods (HTTP request verbs) that the origin domain may use for a CORS request. | string |
-| allowedOrigins | The origin domains that are permitted to make a request against the service via CORS. | string (required) |
-| exposedHeaders | The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. | string |
-| maxAgeInSeconds | The maximum amount time that a browser should cache the preflight OPTIONS request. | int <br /><br />Constraints:<br />Min value = 1<br />Max value = 2147483647 |
-
-### DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| analyticalStorageConfiguration | Analytical storage specific properties. | [AnalyticalStorageConfiguration](#analyticalstorageconfiguration) |
-| apiProperties | API specific properties. Currently, supported only for MongoDB API. | [ApiProperties](#apiproperties) |
-| backupPolicy | The object representing the policy for taking backups on an account. | [BackupPolicy](#backuppolicy) |
-| capabilities | List of Cosmos DB capabilities for the account | [Capability](#capability)[] |
-| capacity | The object that represents all properties related to capacity enforcement on an account. | [Capacity](#capacity) |
-| connectorOffer | The cassandra connector offer type for the Cosmos DB database C* account. | 'Small' |
-| consistencyPolicy | The consistency policy for the Cosmos DB account. | [ConsistencyPolicy](#consistencypolicy) |
-| cors | The CORS policy for the Cosmos DB database account. | [CorsPolicy](#corspolicy)[] |
-| createMode | Enum to indicate the mode of account creation. | 'Default'<br />'Restore' |
-| customerManagedKeyStatus | Indicates the status of the Customer Managed Key feature on the account. In case there are errors, the property provides troubleshooting guidance. | string |
-| databaseAccountOfferType | The offer type for the database | 'Standard' (required) |
-| defaultIdentity | The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. | string |
-| disableKeyBasedMetadataWriteAccess | Disable write operations on metadata resources (databases, containers, throughput) via account keys | bool |
-| disableLocalAuth | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | bool |
-| enableAnalyticalStorage | Flag to indicate whether to enable storage analytics. | bool |
-| enableAutomaticFailover | Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. | bool |
-| enableBurstCapacity | Flag to indicate enabling/disabling of Burst Capacity feature on the account | bool |
-| enableCassandraConnector | Enables the cassandra connector on the Cosmos DB C* account | bool |
-| enableFreeTier | Flag to indicate whether Free Tier is enabled. | bool |
-| enableMultipleWriteLocations | Enables the account to write in multiple locations | bool |
-| enablePartitionMerge | Flag to indicate enabling/disabling of Partition Merge feature on the account | bool |
-| ipRules | List of IpRules. | [IpAddressOrRange](#ipaddressorrange)[] |
-| isVirtualNetworkFilterEnabled | Flag to indicate whether to enable/disable Virtual Network ACL rules. | bool |
-| keyVaultKeyUri | The URI of the key vault | string |
-| locations | An array that contains the georeplication locations enabled for the Cosmos DB account. | [Location](#location)[] (required) |
-| minimalTlsVersion | Indicates the minimum allowed Tls version. The default value is Tls 1.2. Cassandra and Mongo APIs only work with Tls 1.2. | 'Tls'<br />'Tls11'<br />'Tls12' |
-| networkAclBypass | Indicates what services are allowed to bypass firewall checks. | 'AzureServices'<br />'None' |
-| networkAclBypassResourceIds | An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. | string[] |
-| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled'<br />'Enabled'<br />'SecuredByPerimeter' |
-| restoreParameters | Parameters to indicate the information about the restore. | [RestoreParameters](#restoreparameters) |
-| virtualNetworkRules | List of Virtual Network ACL rules configured for the Cosmos DB account. | [VirtualNetworkRule](#virtualnetworkrule)[] |
-
-### DatabaseRestoreResource
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| collectionNames | The names of the collections available for restore. | string[] |
-| databaseName | The name of the database available for restore. | string |
-
-### GremlinDatabaseRestoreResource
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| databaseName | The name of the gremlin database available for restore. | string |
-| graphNames | The names of the graphs available for restore. | string[] |
-
-### IpAddressOrRange
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| ipAddressOrRange | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. | string |
-
-### Location
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| failoverPriority | The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. | int <br /><br />Constraints:<br />Min value = 0 |
-| isZoneRedundant | Flag to indicate whether or not this region is an AvailabilityZone region | bool |
-| locationName | The name of the region. | string |
-
-### ManagedServiceIdentity
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| type | The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. | 'None'<br />'SystemAssigned'<br />'SystemAssigned,UserAssigned'<br />'UserAssigned' |
-| userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | [ManagedServiceIdentityUserAssignedIdentities](#managedserviceidentityuserassignedidentities) |
-
-### ManagedServiceIdentityUserAssignedIdentities
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-### PeriodicModeBackupPolicy
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| periodicModeProperties | Configuration values for periodic mode backup | [PeriodicModeProperties](#periodicmodeproperties) |
-| type | Describes the mode of backups. | 'Periodic' (required) |
-
-### PeriodicModeProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| backupIntervalInMinutes | An integer representing the interval in minutes between two backups | int <br /><br />Constraints:<br />Min value = 0 |
-| backupRetentionIntervalInHours | An integer representing the time (in hours) that each backup is retained | int <br /><br />Constraints:<br />Min value = 0 |
-| backupStorageRedundancy | Enum to indicate type of backup residency | 'Geo'<br />'Local'<br />'Zone' |
-
-### RestoreParameters
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| databasesToRestore | List of specific databases available for restore. | [DatabaseRestoreResource](#databaserestoreresource)[] |
-| gremlinDatabasesToRestore | List of specific gremlin databases available for restore. | [GremlinDatabaseRestoreResource](#gremlindatabaserestoreresource)[] |
-| restoreMode | Describes the mode of the restore. | 'PointInTime' |
-| restoreSource | The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} | string |
-| restoreTimestampInUtc | Time to which the account has to be restored (ISO-8601 format). | string |
-| tablesToRestore | List of specific tables available for restore. | string[] |
-
-### Tags
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-### VirtualNetworkRule
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| id | Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | string |
-| ignoreMissingVNetServiceEndpoint | Create firewall rule before the virtual network has vnet service endpoint enabled. | bool |
-
-## Usage Examples
-### Azure Verified Modules
-
-The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Module | Description |
-> | ----- | ----- |
-> | [Cosmos DB Database Account](https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/document-db/database-account) | AVM Resource Module for Cosmos DB Database Account |
-
-### Azure Quickstart Samples
-
-The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Bicep File | Description |
-> | ----- | ----- |
-> | [Azure Cosmos DB account SQL API with analytical store](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-analytical-store/main.bicep) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container configured with analytical store. |
-> | [Azure Cosmos DB Account with Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/documentdb-webapp/main.bicep) | This template deploys an Azure Cosmos DB account, an App Service Plan, and creates a Web App in the App Service Plan. It also adds two Application settings to the Web App that reference the Azure Cosmos DB account endpoint. This way solutions deployed to the Web App can connect to the Azure Cosmos DB account endpoint using those settings. |
-> | [Create a Cosmos DB account with Microsoft Defender enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/microsoft-defender-cosmosdb-create-account/main.bicep) | Using this ARM template, you can deploy an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled. Microsoft Defender for Azure Cosmos DB is an Azure-native layer of security that detects attempts to exploit databases in your Azure Cosmos DB accounts. Microsoft Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitations of your database through compromised identities or malicious insiders. |
-> | [Create a free-tier Azure Cosmos DB account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-free/main.bicep) | This template creates a free-tier Azure Cosmos DB account for SQL API with a database with shared throughput and container. |
-> | [Create a minimal Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-minimal/main.bicep) | This template creates an Azure Cosmos DB account for the Core (SQL) API while only specifying the minimal required resource properties. |
-> | [Create a Serverless Azure Cosmos DB account for SQL API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-serverless/main.bicep) | This template creates an serverless Azure Cosmos DB account for the Core (SQL) API. |
-> | [Create a zero touch Azure Cosmos account and Azure Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-webapp/main.bicep) | This template creates an Azure Cosmos account, injects the Cosmos DB endpoint and keys into Azure Web App settings, then deploys an ASP MVC web app from GitHub. |
-> | [Create an Azure Cosmos account for MongoDB API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb/main.bicep) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using shared and dedicated throughput with two collections. |
-> | [Create an Azure Cosmos account for MongoDB API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using both shared and dedicated autoscale throughput. |
-> | [Create an Azure Cosmos account for Table API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table/main.bicep) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with provisioned throughput. |
-> | [Create an Azure Cosmos account for Table API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with autoscale throughput. |
-> | [Create an Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra/main.bicep) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with dedicated throughput. |
-> | [Create an Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql/main.bicep) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with throughput with multiple other options. |
-> | [Create an Azure Cosmos DB account for Gremlin API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin/main.bicep) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using dedicated throughput. |
-> | [Create an Azure Cosmos DB account for Gremlin API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using autoscale throughput. |
-> | [Create an Azure Cosmos DB account in multiple regions](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-multi-region-account/main.bicep) | This template creates an Azure Cosmos DB account for any database API type with a primary and secondary region with choice of consistency level and failover type. |
-> | [Create an Azure Cosmos DB account SQL API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-autoscale/main.bicep) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with autoscale throughput with multiple other options. |
-> | [Create an Azure Cosmos DB Account with a private endpoint](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-private-endpoint/main.bicep) | This template will create a Cosmos account, a virtual network and a private endpoint exposing the Cosmos account to the virtual network. |
-> | [Create an Azure Cosmos DB SQL Account with data plane RBAC](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-rbac/main.bicep) | This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an AAD identity. |
-> | [Create an Azure CosmosDB Account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-account/main.bicep) | This ARM template is intented to create a CosmosDB Account quickly with the minimal required values |
-> | [Create autoscale Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with autoscale throughput. |
-> | [Create Azure Cosmos DB Core (SQL) API stored procedures](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-container-sprocs/main.bicep) | This template creates an Azure Cosmos DB account for Core (SQL) API and a container with a stored procedure, trigger and user defined function. |
-> | [Creates a Dapr microservices app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-blob/main.bicep) | Create a Dapr microservices app using Container Apps. |
-> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus/main.bicep) | Create a Dapr pub-sub servicebus app using Container Apps. |
-> | [Deploy Azure Data Explorer DB with Cosmos DB connection](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.kusto/kusto-cosmos-db/main.bicep) | Deploy Azure Data Explorer DB with Cosmos DB connection. |
-
-
-::: zone-end
-
-::: zone pivot="deployment-language-arm-template"
-
-## ARM template resource definition
-
-The databaseAccounts resource type can be deployed with operations that target: 
-
-* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/templates/deploy-to-resource-group)
-
-For a list of changed properties in each API version, see [change log](~/microsoft.documentdb/change-log/databaseaccounts.md).
-
-## Resource format
-
-To create a Microsoft.DocumentDB/databaseAccounts resource, add the following JSON to your template.
-
-```json
-{
-  "type": "Microsoft.DocumentDB/databaseAccounts",
-  "apiVersion": "2024-05-15",
-  "name": "string",
-  "identity": {
-    "type": "string",
-    "userAssignedIdentities": {
-      "{customized property}": {
-      }
-    }
-  },
-  "kind": "string",
-  "location": "string",
-  "properties": {
-    "analyticalStorageConfiguration": {
-      "schemaType": "string"
-    },
-    "apiProperties": {
-      "serverVersion": "string"
-    },
-    "backupPolicy": {
-      "migrationState": {
-        "startTime": "string",
-        "status": "string",
-        "targetType": "string"
-      },
-      "type": "string"
-      // For remaining properties, see BackupPolicy objects
-    },
-    "capabilities": [
-      {
-        "name": "string"
-      }
-    ],
-    "capacity": {
-      "totalThroughputLimit": "int"
-    },
-    "connectorOffer": "string",
-    "consistencyPolicy": {
-      "defaultConsistencyLevel": "string",
-      "maxIntervalInSeconds": "int",
-      "maxStalenessPrefix": "int"
-    },
-    "cors": [
-      {
-        "allowedHeaders": "string",
-        "allowedMethods": "string",
-        "allowedOrigins": "string",
-        "exposedHeaders": "string",
-        "maxAgeInSeconds": "int"
-      }
-    ],
-    "createMode": "string",
-    "customerManagedKeyStatus": "string",
-    "databaseAccountOfferType": "Standard",
-    "defaultIdentity": "string",
-    "disableKeyBasedMetadataWriteAccess": "bool",
-    "disableLocalAuth": "bool",
-    "enableAnalyticalStorage": "bool",
-    "enableAutomaticFailover": "bool",
-    "enableBurstCapacity": "bool",
-    "enableCassandraConnector": "bool",
-    "enableFreeTier": "bool",
-    "enableMultipleWriteLocations": "bool",
-    "enablePartitionMerge": "bool",
-    "ipRules": [
-      {
-        "ipAddressOrRange": "string"
-      }
-    ],
-    "isVirtualNetworkFilterEnabled": "bool",
-    "keyVaultKeyUri": "string",
-    "locations": [
-      {
-        "failoverPriority": "int",
-        "isZoneRedundant": "bool",
-        "locationName": "string"
-      }
-    ],
-    "minimalTlsVersion": "string",
-    "networkAclBypass": "string",
-    "networkAclBypassResourceIds": [ "string" ],
-    "publicNetworkAccess": "string",
-    "restoreParameters": {
-      "databasesToRestore": [
-        {
-          "collectionNames": [ "string" ],
-          "databaseName": "string"
-        }
-      ],
-      "gremlinDatabasesToRestore": [
-        {
-          "databaseName": "string",
-          "graphNames": [ "string" ]
-        }
-      ],
-      "restoreMode": "string",
-      "restoreSource": "string",
-      "restoreTimestampInUtc": "string",
-      "tablesToRestore": [ "string" ]
-    },
-    "virtualNetworkRules": [
-      {
-        "id": "string",
-        "ignoreMissingVNetServiceEndpoint": "bool"
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: 'West Europe'
       }
     ]
-  },
-  "tags": {
-    "{customized property}": "string"
+    networkAclBypass: 'None'
+    networkAclBypassResourceIds: []
+    publicNetworkAccess: 'Enabled'
+    virtualNetworkRules: []
   }
-}
-```
-### BackupPolicy objects
-
-Set the **type** property to specify the type of object.
-
-For **Continuous**, use:
-
-```json
-{
-  "continuousModeProperties": {
-    "tier": "string"
-  },
-  "type": "Continuous"
-}
-```
-
-For **Periodic**, use:
-
-```json
-{
-  "periodicModeProperties": {
-    "backupIntervalInMinutes": "int",
-    "backupRetentionIntervalInHours": "int",
-    "backupStorageRedundancy": "string"
-  },
-  "type": "Periodic"
-}
-```
-
-## Property Values
-### Microsoft.DocumentDB/databaseAccounts
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| apiVersion | The api version | '2024-05-15' |
-| identity | Identity for the resource. | [ManagedServiceIdentity](#managedserviceidentity-1) |
-| kind | Indicates the type of database account. This can only be set at database account creation. | 'GlobalDocumentDB'<br />'MongoDB'<br />'Parse' |
-| location | The location of the resource group to which the resource belongs. | string |
-| name | The resource name | string <br /><br />Constraints:<br />Min length = 3<br />Max length = 50<br />Pattern = `^[a-z0-9]+(-[a-z0-9]+)*` (required) |
-| properties | Properties to create and update Azure Cosmos DB database accounts. | [DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties](#databaseaccountcreateupdatepropertiesordatabaseaccountgetproperties-1) (required) |
-| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
-| type | The resource type | 'Microsoft.DocumentDB/databaseAccounts' |
-
-### AnalyticalStorageConfiguration
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| schemaType | Describes the types of schema for analytical storage. | 'FullFidelity'<br />'WellDefined' |
-
-### ApiProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| serverVersion | Describes the ServerVersion of an a MongoDB account. | '3.2'<br />'3.6'<br />'4.0'<br />'4.2'<br />'5.0'<br />'6.0' |
-
-### BackupPolicy
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| migrationState | The object representing the state of the migration between the backup policies. | [BackupPolicyMigrationState](#backuppolicymigrationstate-1) |
-| type | Set to 'Continuous' for type [ContinuousModeBackupPolicy](#continuousmodebackuppolicy-1). Set to 'Periodic' for type [PeriodicModeBackupPolicy](#periodicmodebackuppolicy-1). | 'Continuous'<br />'Periodic' (required) |
-
-### BackupPolicyMigrationState
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| startTime | Time at which the backup policy migration started (ISO-8601 format). | string |
-| status | Describes the status of migration between backup policy types. | 'Completed'<br />'Failed'<br />'InProgress'<br />'Invalid' |
-| targetType | Describes the target backup policy type of the backup policy migration. | 'Continuous'<br />'Periodic' |
-
-### Capability
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| name | Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". | string |
-
-### Capacity
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| totalThroughputLimit | The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. | int <br /><br />Constraints:<br />Min value = -1 |
-
-### Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-### ConsistencyPolicy
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| defaultConsistencyLevel | The default consistency level and configuration settings of the Cosmos DB account. | 'BoundedStaleness'<br />'ConsistentPrefix'<br />'Eventual'<br />'Session'<br />'Strong' (required) |
-| maxIntervalInSeconds | When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int <br /><br />Constraints:<br />Min value = 5<br />Max value = 86400 |
-| maxStalenessPrefix | When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int <br /><br />Constraints:<br />Min value = 1<br />Max value = 2147483647 |
-
-### ContinuousModeBackupPolicy
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| continuousModeProperties | Configuration values for continuous mode backup | [ContinuousModeProperties](#continuousmodeproperties-1) |
-| type | Describes the mode of backups. | 'Continuous' (required) |
-
-### ContinuousModeProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| tier | Enum to indicate type of Continuous backup mode | 'Continuous30Days'<br />'Continuous7Days' |
-
-### CorsPolicy
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| allowedHeaders | The request headers that the origin domain may specify on the CORS request. | string |
-| allowedMethods | The methods (HTTP request verbs) that the origin domain may use for a CORS request. | string |
-| allowedOrigins | The origin domains that are permitted to make a request against the service via CORS. | string (required) |
-| exposedHeaders | The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. | string |
-| maxAgeInSeconds | The maximum amount time that a browser should cache the preflight OPTIONS request. | int <br /><br />Constraints:<br />Min value = 1<br />Max value = 2147483647 |
-
-### DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| analyticalStorageConfiguration | Analytical storage specific properties. | [AnalyticalStorageConfiguration](#analyticalstorageconfiguration-1) |
-| apiProperties | API specific properties. Currently, supported only for MongoDB API. | [ApiProperties](#apiproperties-1) |
-| backupPolicy | The object representing the policy for taking backups on an account. | [BackupPolicy](#backuppolicy-1) |
-| capabilities | List of Cosmos DB capabilities for the account | [Capability](#capability-1)[] |
-| capacity | The object that represents all properties related to capacity enforcement on an account. | [Capacity](#capacity-1) |
-| connectorOffer | The cassandra connector offer type for the Cosmos DB database C* account. | 'Small' |
-| consistencyPolicy | The consistency policy for the Cosmos DB account. | [ConsistencyPolicy](#consistencypolicy-1) |
-| cors | The CORS policy for the Cosmos DB database account. | [CorsPolicy](#corspolicy-1)[] |
-| createMode | Enum to indicate the mode of account creation. | 'Default'<br />'Restore' |
-| customerManagedKeyStatus | Indicates the status of the Customer Managed Key feature on the account. In case there are errors, the property provides troubleshooting guidance. | string |
-| databaseAccountOfferType | The offer type for the database | 'Standard' (required) |
-| defaultIdentity | The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. | string |
-| disableKeyBasedMetadataWriteAccess | Disable write operations on metadata resources (databases, containers, throughput) via account keys | bool |
-| disableLocalAuth | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | bool |
-| enableAnalyticalStorage | Flag to indicate whether to enable storage analytics. | bool |
-| enableAutomaticFailover | Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. | bool |
-| enableBurstCapacity | Flag to indicate enabling/disabling of Burst Capacity feature on the account | bool |
-| enableCassandraConnector | Enables the cassandra connector on the Cosmos DB C* account | bool |
-| enableFreeTier | Flag to indicate whether Free Tier is enabled. | bool |
-| enableMultipleWriteLocations | Enables the account to write in multiple locations | bool |
-| enablePartitionMerge | Flag to indicate enabling/disabling of Partition Merge feature on the account | bool |
-| ipRules | List of IpRules. | [IpAddressOrRange](#ipaddressorrange-1)[] |
-| isVirtualNetworkFilterEnabled | Flag to indicate whether to enable/disable Virtual Network ACL rules. | bool |
-| keyVaultKeyUri | The URI of the key vault | string |
-| locations | An array that contains the georeplication locations enabled for the Cosmos DB account. | [Location](#location-1)[] (required) |
-| minimalTlsVersion | Indicates the minimum allowed Tls version. The default value is Tls 1.2. Cassandra and Mongo APIs only work with Tls 1.2. | 'Tls'<br />'Tls11'<br />'Tls12' |
-| networkAclBypass | Indicates what services are allowed to bypass firewall checks. | 'AzureServices'<br />'None' |
-| networkAclBypassResourceIds | An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. | string[] |
-| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled'<br />'Enabled'<br />'SecuredByPerimeter' |
-| restoreParameters | Parameters to indicate the information about the restore. | [RestoreParameters](#restoreparameters-1) |
-| virtualNetworkRules | List of Virtual Network ACL rules configured for the Cosmos DB account. | [VirtualNetworkRule](#virtualnetworkrule-1)[] |
-
-### DatabaseRestoreResource
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| collectionNames | The names of the collections available for restore. | string[] |
-| databaseName | The name of the database available for restore. | string |
-
-### GremlinDatabaseRestoreResource
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| databaseName | The name of the gremlin database available for restore. | string |
-| graphNames | The names of the graphs available for restore. | string[] |
-
-### IpAddressOrRange
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| ipAddressOrRange | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. | string |
-
-### Location
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| failoverPriority | The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. | int <br /><br />Constraints:<br />Min value = 0 |
-| isZoneRedundant | Flag to indicate whether or not this region is an AvailabilityZone region | bool |
-| locationName | The name of the region. | string |
-
-### ManagedServiceIdentity
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| type | The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. | 'None'<br />'SystemAssigned'<br />'SystemAssigned,UserAssigned'<br />'UserAssigned' |
-| userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | [ManagedServiceIdentityUserAssignedIdentities](#managedserviceidentityuserassignedidentities-1) |
-
-### ManagedServiceIdentityUserAssignedIdentities
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-### PeriodicModeBackupPolicy
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| periodicModeProperties | Configuration values for periodic mode backup | [PeriodicModeProperties](#periodicmodeproperties-1) |
-| type | Describes the mode of backups. | 'Periodic' (required) |
-
-### PeriodicModeProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| backupIntervalInMinutes | An integer representing the interval in minutes between two backups | int <br /><br />Constraints:<br />Min value = 0 |
-| backupRetentionIntervalInHours | An integer representing the time (in hours) that each backup is retained | int <br /><br />Constraints:<br />Min value = 0 |
-| backupStorageRedundancy | Enum to indicate type of backup residency | 'Geo'<br />'Local'<br />'Zone' |
-
-### RestoreParameters
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| databasesToRestore | List of specific databases available for restore. | [DatabaseRestoreResource](#databaserestoreresource-1)[] |
-| gremlinDatabasesToRestore | List of specific gremlin databases available for restore. | [GremlinDatabaseRestoreResource](#gremlindatabaserestoreresource-1)[] |
-| restoreMode | Describes the mode of the restore. | 'PointInTime' |
-| restoreSource | The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} | string |
-| restoreTimestampInUtc | Time to which the account has to be restored (ISO-8601 format). | string |
-| tablesToRestore | List of specific tables available for restore. | string[] |
-
-### Tags
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-### VirtualNetworkRule
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| id | Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | string |
-| ignoreMissingVNetServiceEndpoint | Create firewall rule before the virtual network has vnet service endpoint enabled. | bool |
-
-## Usage Examples
-### Azure Quickstart Templates
-
-The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Template | Description |
-> | ----- | ----- |
-> | [Azure Cosmos DB account SQL API with analytical store](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-analytical-store)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-analytical-store%2Fazuredeploy.json) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container configured with analytical store. |
-> | [Azure Cosmos DB Account with Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/documentdb-webapp)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Fdocumentdb-webapp%2Fazuredeploy.json) | This template deploys an Azure Cosmos DB account, an App Service Plan, and creates a Web App in the App Service Plan. It also adds two Application settings to the Web App that reference the Azure Cosmos DB account endpoint. This way solutions deployed to the Web App can connect to the Azure Cosmos DB account endpoint using those settings. |
-> | [CI/CD using Jenkins on Azure Container Service (AKS)](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/jenkins/jenkins-cicd-container)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Fjenkins%2Fjenkins-cicd-container%2Fazuredeploy.json) | Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment. |
-> | [Create a Cosmos DB account with Microsoft Defender enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/microsoft-defender-cosmosdb-create-account)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fmicrosoft-defender-cosmosdb-create-account%2Fazuredeploy.json) | Using this ARM template, you can deploy an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled. Microsoft Defender for Azure Cosmos DB is an Azure-native layer of security that detects attempts to exploit databases in your Azure Cosmos DB accounts. Microsoft Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitations of your database through compromised identities or malicious insiders. |
-> | [Create a free-tier Azure Cosmos DB account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-free)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-free%2Fazuredeploy.json) | This template creates a free-tier Azure Cosmos DB account for SQL API with a database with shared throughput and container. |
-> | [Create a minimal Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-minimal)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-minimal%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for the Core (SQL) API while only specifying the minimal required resource properties. |
-> | [Create a Serverless Azure Cosmos DB account for SQL API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-serverless)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-serverless%2Fazuredeploy.json) | This template creates an serverless Azure Cosmos DB account for the Core (SQL) API. |
-> | [Create a zero touch Azure Cosmos account and Azure Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-webapp)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-webapp%2Fazuredeploy.json) | This template creates an Azure Cosmos account, injects the Cosmos DB endpoint and keys into Azure Web App settings, then deploys an ASP MVC web app from GitHub. |
-> | [Create an Azure Cosmos account for MongoDB API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-mongodb%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using shared and dedicated throughput with two collections. |
-> | [Create an Azure Cosmos account for MongoDB API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb-autoscale)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-mongodb-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using both shared and dedicated autoscale throughput. |
-> | [Create an Azure Cosmos account for Table API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-table%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with provisioned throughput. |
-> | [Create an Azure Cosmos account for Table API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table-autoscale)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-table-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with autoscale throughput. |
-> | [Create an Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-cassandra%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with dedicated throughput. |
-> | [Create an Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql%2Fazuredeploy.json) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with throughput with multiple other options. |
-> | [Create an Azure Cosmos DB account for Gremlin API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-gremlin%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using dedicated throughput. |
-> | [Create an Azure Cosmos DB account for Gremlin API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin-autoscale)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-gremlin-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using autoscale throughput. |
-> | [Create an Azure Cosmos DB account in multiple regions](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-multi-region-account)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-create-multi-region-account%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for any database API type with a primary and secondary region with choice of consistency level and failover type. |
-> | [Create an Azure Cosmos DB account SQL API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-autoscale)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with autoscale throughput with multiple other options. |
-> | [Create an Azure Cosmos DB Account with a private endpoint](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-private-endpoint)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-private-endpoint%2Fazuredeploy.json) | This template will create a Cosmos account, a virtual network and a private endpoint exposing the Cosmos account to the virtual network. |
-> | [Create an Azure Cosmos DB SQL Account with data plane RBAC](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-rbac)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-rbac%2Fazuredeploy.json) | This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an AAD identity. |
-> | [Create an Azure CosmosDB Account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-account)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-create-account%2Fazuredeploy.json) | This ARM template is intented to create a CosmosDB Account quickly with the minimal required values |
-> | [Create autoscale Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra-autoscale)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-cassandra-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with autoscale throughput. |
-> | [Create Azure Cosmos DB Core (SQL) API stored procedures](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-container-sprocs)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-container-sprocs%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Core (SQL) API and a container with a stored procedure, trigger and user defined function. |
-> | [Create Azure Cosmos with SQL API and multiple containers](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-multiple-containers)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-multiple-containers%2Fazuredeploy.json) | The template creates a Cosmos container with a SQL API and allows adding mulitple containers. |
-> | [Creates a Dapr microservices app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-blob)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.app%2Fcontainer-app-dapr-blob%2Fazuredeploy.json) | Create a Dapr microservices app using Container Apps. |
-> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.app%2Fcontainer-app-dapr-pubsub-servicebus%2Fazuredeploy.json) | Create a Dapr pub-sub servicebus app using Container Apps. |
-> | [Deploy Azure Data Explorer DB with Cosmos DB connection](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.kusto/kusto-cosmos-db)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.kusto%2Fkusto-cosmos-db%2Fazuredeploy.json) | Deploy Azure Data Explorer DB with Cosmos DB connection. |
-> | [Web App with a SQL Database, Azure Cosmos DB, Azure Search](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/web-app-sql-docdb-search)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fweb-app-sql-docdb-search%2Fazuredeploy.json) | This template provisions a Web App, a SQL Database, Azure Cosmos DB, Azure Search and Application Insights.  |
-
-
-::: zone-end
-
-::: zone pivot="deployment-language-terraform"
-
-## Terraform (AzAPI provider) resource definition
-
-The databaseAccounts resource type can be deployed with operations that target: 
-
-* **Resource groups**
-
-For a list of changed properties in each API version, see [change log](~/microsoft.documentdb/change-log/databaseaccounts.md).
-
-## Resource format
-
-To create a Microsoft.DocumentDB/databaseAccounts resource, add the following Terraform to your template.
-
-```terraform
-resource "azapi_resource" "symbolicname" {
-  type = "Microsoft.DocumentDB/databaseAccounts@2024-05-15"
-  name = "string"
-  parent_id = "string"
-  identity {
-    type = "string"
-    identity_ids = [
-      "string"
-    ]
-  }
-  location = "string"
-  tags = {
-    {customized property} = "string"
-  }
-  body = {
-    kind = "string"
-    properties = {
-      analyticalStorageConfiguration = {
-        schemaType = "string"
-      }
-      apiProperties = {
-        serverVersion = "string"
-      }
-      backupPolicy = {
-        migrationState = {
-          startTime = "string"
-          status = "string"
-          targetType = "string"
-        }
-        type = "string"
-        // For remaining properties, see BackupPolicy objects
-      }
-      capabilities = [
-        {
-          name = "string"
-        }
-      ]
-      capacity = {
-        totalThroughputLimit = int
-      }
-      connectorOffer = "string"
-      consistencyPolicy = {
-        defaultConsistencyLevel = "string"
-        maxIntervalInSeconds = int
-        maxStalenessPrefix = int
-      }
-      cors = [
-        {
-          allowedHeaders = "string"
-          allowedMethods = "string"
-          allowedOrigins = "string"
-          exposedHeaders = "string"
-          maxAgeInSeconds = int
-        }
-      ]
-      createMode = "string"
-      customerManagedKeyStatus = "string"
-      databaseAccountOfferType = "Standard"
-      defaultIdentity = "string"
-      disableKeyBasedMetadataWriteAccess = bool
-      disableLocalAuth = bool
-      enableAnalyticalStorage = bool
-      enableAutomaticFailover = bool
-      enableBurstCapacity = bool
-      enableCassandraConnector = bool
-      enableFreeTier = bool
-      enableMultipleWriteLocations = bool
-      enablePartitionMerge = bool
-      ipRules = [
-        {
-          ipAddressOrRange = "string"
-        }
-      ]
-      isVirtualNetworkFilterEnabled = bool
-      keyVaultKeyUri = "string"
-      locations = [
-        {
-          failoverPriority = int
-          isZoneRedundant = bool
-          locationName = "string"
-        }
-      ]
-      minimalTlsVersion = "string"
-      networkAclBypass = "string"
-      networkAclBypassResourceIds = [
-        "string"
-      ]
-      publicNetworkAccess = "string"
-      restoreParameters = {
-        databasesToRestore = [
-          {
-            collectionNames = [
-              "string"
-            ]
-            databaseName = "string"
-          }
-        ]
-        gremlinDatabasesToRestore = [
-          {
-            databaseName = "string"
-            graphNames = [
-              "string"
-            ]
-          }
-        ]
-        restoreMode = "string"
-        restoreSource = "string"
-        restoreTimestampInUtc = "string"
-        tablesToRestore = [
-          "string"
-        ]
-      }
-      virtualNetworkRules = [
-        {
-          id = "string"
-          ignoreMissingVNetServiceEndpoint = bool
-        }
-      ]
-    }
-  }
-}
-```
-### BackupPolicy objects
-
-Set the **type** property to specify the type of object.
-
-For **Continuous**, use:
-
-```terraform
-{
-  continuousModeProperties = {
-    tier = "string"
-  }
-  type = "Continuous"
-}
-```
-
-For **Periodic**, use:
-
-```terraform
-{
-  periodicModeProperties = {
-    backupIntervalInMinutes = int
-    backupRetentionIntervalInHours = int
-    backupStorageRedundancy = "string"
-  }
-  type = "Periodic"
-}
-```
-
-## Property Values
-### Microsoft.DocumentDB/databaseAccounts
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| identity | Identity for the resource. | [ManagedServiceIdentity](#managedserviceidentity-2) |
-| kind | Indicates the type of database account. This can only be set at database account creation. | 'GlobalDocumentDB'<br />'MongoDB'<br />'Parse' |
-| location | The location of the resource group to which the resource belongs. | string |
-| name | The resource name | string <br /><br />Constraints:<br />Min length = 3<br />Max length = 50<br />Pattern = `^[a-z0-9]+(-[a-z0-9]+)*` (required) |
-| properties | Properties to create and update Azure Cosmos DB database accounts. | [DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties](#databaseaccountcreateupdatepropertiesordatabaseaccountgetproperties-2) (required) |
-| tags | Resource tags | Dictionary of tag names and values. |
-| type | The resource type | "Microsoft.DocumentDB/databaseAccounts@2024-05-15" |
-
-### AnalyticalStorageConfiguration
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| schemaType | Describes the types of schema for analytical storage. | 'FullFidelity'<br />'WellDefined' |
-
-### ApiProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| serverVersion | Describes the ServerVersion of an a MongoDB account. | '3.2'<br />'3.6'<br />'4.0'<br />'4.2'<br />'5.0'<br />'6.0' |
-
-### BackupPolicy
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| migrationState | The object representing the state of the migration between the backup policies. | [BackupPolicyMigrationState](#backuppolicymigrationstate-2) |
-| type | Set to 'Continuous' for type [ContinuousModeBackupPolicy](#continuousmodebackuppolicy-2). Set to 'Periodic' for type [PeriodicModeBackupPolicy](#periodicmodebackuppolicy-2). | 'Continuous'<br />'Periodic' (required) |
-
-### BackupPolicyMigrationState
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| startTime | Time at which the backup policy migration started (ISO-8601 format). | string |
-| status | Describes the status of migration between backup policy types. | 'Completed'<br />'Failed'<br />'InProgress'<br />'Invalid' |
-| targetType | Describes the target backup policy type of the backup policy migration. | 'Continuous'<br />'Periodic' |
-
-### Capability
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| name | Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". | string |
-
-### Capacity
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| totalThroughputLimit | The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. | int <br /><br />Constraints:<br />Min value = -1 |
-
-### Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-### ConsistencyPolicy
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| defaultConsistencyLevel | The default consistency level and configuration settings of the Cosmos DB account. | 'BoundedStaleness'<br />'ConsistentPrefix'<br />'Eventual'<br />'Session'<br />'Strong' (required) |
-| maxIntervalInSeconds | When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int <br /><br />Constraints:<br />Min value = 5<br />Max value = 86400 |
-| maxStalenessPrefix | When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int <br /><br />Constraints:<br />Min value = 1<br />Max value = 2147483647 |
-
-### ContinuousModeBackupPolicy
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| continuousModeProperties | Configuration values for continuous mode backup | [ContinuousModeProperties](#continuousmodeproperties-2) |
-| type | Describes the mode of backups. | 'Continuous' (required) |
-
-### ContinuousModeProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| tier | Enum to indicate type of Continuous backup mode | 'Continuous30Days'<br />'Continuous7Days' |
-
-### CorsPolicy
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| allowedHeaders | The request headers that the origin domain may specify on the CORS request. | string |
-| allowedMethods | The methods (HTTP request verbs) that the origin domain may use for a CORS request. | string |
-| allowedOrigins | The origin domains that are permitted to make a request against the service via CORS. | string (required) |
-| exposedHeaders | The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. | string |
-| maxAgeInSeconds | The maximum amount time that a browser should cache the preflight OPTIONS request. | int <br /><br />Constraints:<br />Min value = 1<br />Max value = 2147483647 |
-
-### DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| analyticalStorageConfiguration | Analytical storage specific properties. | [AnalyticalStorageConfiguration](#analyticalstorageconfiguration-2) |
-| apiProperties | API specific properties. Currently, supported only for MongoDB API. | [ApiProperties](#apiproperties-2) |
-| backupPolicy | The object representing the policy for taking backups on an account. | [BackupPolicy](#backuppolicy-2) |
-| capabilities | List of Cosmos DB capabilities for the account | [Capability](#capability-2)[] |
-| capacity | The object that represents all properties related to capacity enforcement on an account. | [Capacity](#capacity-2) |
-| connectorOffer | The cassandra connector offer type for the Cosmos DB database C* account. | 'Small' |
-| consistencyPolicy | The consistency policy for the Cosmos DB account. | [ConsistencyPolicy](#consistencypolicy-2) |
-| cors | The CORS policy for the Cosmos DB database account. | [CorsPolicy](#corspolicy-2)[] |
-| createMode | Enum to indicate the mode of account creation. | 'Default'<br />'Restore' |
-| customerManagedKeyStatus | Indicates the status of the Customer Managed Key feature on the account. In case there are errors, the property provides troubleshooting guidance. | string |
-| databaseAccountOfferType | The offer type for the database | 'Standard' (required) |
-| defaultIdentity | The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. | string |
-| disableKeyBasedMetadataWriteAccess | Disable write operations on metadata resources (databases, containers, throughput) via account keys | bool |
-| disableLocalAuth | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | bool |
-| enableAnalyticalStorage | Flag to indicate whether to enable storage analytics. | bool |
-| enableAutomaticFailover | Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. | bool |
-| enableBurstCapacity | Flag to indicate enabling/disabling of Burst Capacity feature on the account | bool |
-| enableCassandraConnector | Enables the cassandra connector on the Cosmos DB C* account | bool |
-| enableFreeTier | Flag to indicate whether Free Tier is enabled. | bool |
-| enableMultipleWriteLocations | Enables the account to write in multiple locations | bool |
-| enablePartitionMerge | Flag to indicate enabling/disabling of Partition Merge feature on the account | bool |
-| ipRules | List of IpRules. | [IpAddressOrRange](#ipaddressorrange-2)[] |
-| isVirtualNetworkFilterEnabled | Flag to indicate whether to enable/disable Virtual Network ACL rules. | bool |
-| keyVaultKeyUri | The URI of the key vault | string |
-| locations | An array that contains the georeplication locations enabled for the Cosmos DB account. | [Location](#location-2)[] (required) |
-| minimalTlsVersion | Indicates the minimum allowed Tls version. The default value is Tls 1.2. Cassandra and Mongo APIs only work with Tls 1.2. | 'Tls'<br />'Tls11'<br />'Tls12' |
-| networkAclBypass | Indicates what services are allowed to bypass firewall checks. | 'AzureServices'<br />'None' |
-| networkAclBypassResourceIds | An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. | string[] |
-| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled'<br />'Enabled'<br />'SecuredByPerimeter' |
-| restoreParameters | Parameters to indicate the information about the restore. | [RestoreParameters](#restoreparameters-2) |
-| virtualNetworkRules | List of Virtual Network ACL rules configured for the Cosmos DB account. | [VirtualNetworkRule](#virtualnetworkrule-2)[] |
-
-### DatabaseRestoreResource
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| collectionNames | The names of the collections available for restore. | string[] |
-| databaseName | The name of the database available for restore. | string |
-
-### GremlinDatabaseRestoreResource
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| databaseName | The name of the gremlin database available for restore. | string |
-| graphNames | The names of the graphs available for restore. | string[] |
-
-### IpAddressOrRange
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| ipAddressOrRange | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. | string |
-
-### Location
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| failoverPriority | The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. | int <br /><br />Constraints:<br />Min value = 0 |
-| isZoneRedundant | Flag to indicate whether or not this region is an AvailabilityZone region | bool |
-| locationName | The name of the region. | string |
-
-### ManagedServiceIdentity
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| type | The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. | 'None'<br />'SystemAssigned'<br />'SystemAssigned,UserAssigned'<br />'UserAssigned' |
-| userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | [ManagedServiceIdentityUserAssignedIdentities](#managedserviceidentityuserassignedidentities-2) |
-
-### ManagedServiceIdentityUserAssignedIdentities
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-### PeriodicModeBackupPolicy
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| periodicModeProperties | Configuration values for periodic mode backup | [PeriodicModeProperties](#periodicmodeproperties-2) |
-| type | Describes the mode of backups. | 'Periodic' (required) |
-
-### PeriodicModeProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| backupIntervalInMinutes | An integer representing the interval in minutes between two backups | int <br /><br />Constraints:<br />Min value = 0 |
-| backupRetentionIntervalInHours | An integer representing the time (in hours) that each backup is retained | int <br /><br />Constraints:<br />Min value = 0 |
-| backupStorageRedundancy | Enum to indicate type of backup residency | 'Geo'<br />'Local'<br />'Zone' |
-
-### RestoreParameters
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| databasesToRestore | List of specific databases available for restore. | [DatabaseRestoreResource](#databaserestoreresource-2)[] |
-| gremlinDatabasesToRestore | List of specific gremlin databases available for restore. | [GremlinDatabaseRestoreResource](#gremlindatabaserestoreresource-2)[] |
-| restoreMode | Describes the mode of the restore. | 'PointInTime' |
-| restoreSource | The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} | string |
-| restoreTimestampInUtc | Time to which the account has to be restored (ISO-8601 format). | string |
-| tablesToRestore | List of specific tables available for restore. | string[] |
-
-### Tags
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-### VirtualNetworkRule
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| id | Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | string |
-| ignoreMissingVNetServiceEndpoint | Create firewall rule before the virtual network has vnet service endpoint enabled. | bool |
-
-## Usage Examples
-### Terraform Samples
-
-A basic example of deploying CosmosDB (formally DocumentDB) Account.
-
-```terraform
-terraform {
-  required_providers {
-    azapi = {
-      source = "Azure/azapi"
-    }
-  }
-}
-
-provider "azapi" {
-  skip_provider_registration = false
-}
-
-variable "resource_name" {
-  type    = string
-  default = "acctest0001"
-}
-
-variable "location" {
-  type    = string
-  default = "westeurope"
-}
-
-resource "azapi_resource" "resourceGroup" {
-  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
-  name     = var.resource_name
-  location = var.location
-}
-
-resource "azapi_resource" "databaseAccount" {
-  type      = "Microsoft.DocumentDB/databaseAccounts@2021-10-15"
-  parent_id = azapi_resource.resourceGroup.id
-  name      = var.resource_name
-  location  = var.location
-  body = {
-    kind = "GlobalDocumentDB"
-    properties = {
-      capabilities = [
-      ]
-      consistencyPolicy = {
-        defaultConsistencyLevel = "BoundedStaleness"
-        maxIntervalInSeconds    = 10
-        maxStalenessPrefix      = 200
-      }
-      databaseAccountOfferType           = "Standard"
-      defaultIdentity                    = "FirstPartyIdentity"
-      disableKeyBasedMetadataWriteAccess = false
-      disableLocalAuth                   = false
-      enableAnalyticalStorage            = false
-      enableAutomaticFailover            = false
-      enableFreeTier                     = false
-      enableMultipleWriteLocations       = false
-      ipRules = [
-      ]
-      isVirtualNetworkFilterEnabled = false
-      locations = [
-        {
-          failoverPriority = 0
-          isZoneRedundant  = false
-          locationName     = "West Europe"
-        },
-      ]
-      networkAclBypass = "None"
-      networkAclBypassResourceIds = [
-      ]
-      publicNetworkAccess = "Enabled"
-      virtualNetworkRules = [
-      ]
-    }
-  }
-  schema_validation_enabled = false
-  response_export_values    = ["*"]
-}
-```
-
-::: zone-end
+}
+```
+### Azure Verified Modules
+
+The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Module | Description |
+> | ----- | ----- |
+> | [Cosmos DB Database Account](https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/document-db/database-account) | AVM Resource Module for Cosmos DB Database Account |
+
+### Azure Quickstart Samples
+
+The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Bicep File | Description |
+> | ----- | ----- |
+> | [Azure Cosmos DB account SQL API with analytical store](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-analytical-store/main.bicep) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container configured with analytical store. |
+> | [Azure Cosmos DB Account with Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/documentdb-webapp/main.bicep) | This template deploys an Azure Cosmos DB account, an App Service Plan, and creates a Web App in the App Service Plan. It also adds two Application settings to the Web App that reference the Azure Cosmos DB account endpoint. This way solutions deployed to the Web App can connect to the Azure Cosmos DB account endpoint using those settings. |
+> | [Create a Cosmos DB account with Microsoft Defender enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/microsoft-defender-cosmosdb-create-account/main.bicep) | Using this ARM template, you can deploy an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled. Microsoft Defender for Azure Cosmos DB is an Azure-native layer of security that detects attempts to exploit databases in your Azure Cosmos DB accounts. Microsoft Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitations of your database through compromised identities or malicious insiders. |
+> | [Create a free-tier Azure Cosmos DB account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-free/main.bicep) | This template creates a free-tier Azure Cosmos DB account for SQL API with a database with shared throughput and container. |
+> | [Create a minimal Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-minimal/main.bicep) | This template creates an Azure Cosmos DB account for the Core (SQL) API while only specifying the minimal required resource properties. |
+> | [Create a Serverless Azure Cosmos DB account for SQL API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-serverless/main.bicep) | This template creates an serverless Azure Cosmos DB account for the Core (SQL) API. |
+> | [Create a zero touch Azure Cosmos account and Azure Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-webapp/main.bicep) | This template creates an Azure Cosmos account, injects the Cosmos DB endpoint and keys into Azure Web App settings, then deploys an ASP MVC web app from GitHub. |
+> | [Create an Azure Cosmos account for MongoDB API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb/main.bicep) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using shared and dedicated throughput with two collections. |
+> | [Create an Azure Cosmos account for MongoDB API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using both shared and dedicated autoscale throughput. |
+> | [Create an Azure Cosmos account for Table API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table/main.bicep) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with provisioned throughput. |
+> | [Create an Azure Cosmos account for Table API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with autoscale throughput. |
+> | [Create an Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra/main.bicep) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with dedicated throughput. |
+> | [Create an Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql/main.bicep) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with throughput with multiple other options. |
+> | [Create an Azure Cosmos DB account for Gremlin API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin/main.bicep) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using dedicated throughput. |
+> | [Create an Azure Cosmos DB account for Gremlin API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using autoscale throughput. |
+> | [Create an Azure Cosmos DB account in multiple regions](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-multi-region-account/main.bicep) | This template creates an Azure Cosmos DB account for any database API type with a primary and secondary region with choice of consistency level and failover type. |
+> | [Create an Azure Cosmos DB account SQL API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-autoscale/main.bicep) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with autoscale throughput with multiple other options. |
+> | [Create an Azure Cosmos DB Account with a private endpoint](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-private-endpoint/main.bicep) | This template will create a Cosmos account, a virtual network and a private endpoint exposing the Cosmos account to the virtual network. |
+> | [Create an Azure Cosmos DB SQL Account with data plane RBAC](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-rbac/main.bicep) | This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an AAD identity. |
+> | [Create an Azure CosmosDB Account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-account/main.bicep) | This ARM template is intented to create a CosmosDB Account quickly with the minimal required values |
+> | [Create autoscale Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra-autoscale/main.bicep) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with autoscale throughput. |
+> | [Create Azure Cosmos DB Core (SQL) API stored procedures](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-container-sprocs/main.bicep) | This template creates an Azure Cosmos DB account for Core (SQL) API and a container with a stored procedure, trigger and user defined function. |
+> | [Creates a Dapr microservices app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-blob/main.bicep) | Create a Dapr microservices app using Container Apps. |
+> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus/main.bicep) | Create a Dapr pub-sub servicebus app using Container Apps. |
+> | [Deploy Azure Data Explorer DB with Cosmos DB connection](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.kusto/kusto-cosmos-db/main.bicep) | Deploy Azure Data Explorer DB with Cosmos DB connection. |
+
+
+::: zone-end
+
+::: zone pivot="deployment-language-arm-template"
+
+## ARM template resource definition
+
+The databaseAccounts resource type can be deployed with operations that target: 
+
+* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/templates/deploy-to-resource-group)
+
+For a list of changed properties in each API version, see [change log](~/microsoft.documentdb/change-log/databaseaccounts.md).
+
+## Resource format
+
+To create a Microsoft.DocumentDB/databaseAccounts resource, add the following JSON to your template.
+
+```json
+{
+  "type": "Microsoft.DocumentDB/databaseAccounts",
+  "apiVersion": "2024-05-15",
+  "name": "string",
+  "identity": {
+    "type": "string",
+    "userAssignedIdentities": {
+      "{customized property}": {
+      }
+    }
+  },
+  "kind": "string",
+  "location": "string",
+  "properties": {
+    "analyticalStorageConfiguration": {
+      "schemaType": "string"
+    },
+    "apiProperties": {
+      "serverVersion": "string"
+    },
+    "backupPolicy": {
+      "migrationState": {
+        "startTime": "string",
+        "status": "string",
+        "targetType": "string"
+      },
+      "type": "string"
+      // For remaining properties, see BackupPolicy objects
+    },
+    "capabilities": [
+      {
+        "name": "string"
+      }
+    ],
+    "capacity": {
+      "totalThroughputLimit": "int"
+    },
+    "connectorOffer": "string",
+    "consistencyPolicy": {
+      "defaultConsistencyLevel": "string",
+      "maxIntervalInSeconds": "int",
+      "maxStalenessPrefix": "int"
+    },
+    "cors": [
+      {
+        "allowedHeaders": "string",
+        "allowedMethods": "string",
+        "allowedOrigins": "string",
+        "exposedHeaders": "string",
+        "maxAgeInSeconds": "int"
+      }
+    ],
+    "createMode": "string",
+    "customerManagedKeyStatus": "string",
+    "databaseAccountOfferType": "Standard",
+    "defaultIdentity": "string",
+    "disableKeyBasedMetadataWriteAccess": "bool",
+    "disableLocalAuth": "bool",
+    "enableAnalyticalStorage": "bool",
+    "enableAutomaticFailover": "bool",
+    "enableBurstCapacity": "bool",
+    "enableCassandraConnector": "bool",
+    "enableFreeTier": "bool",
+    "enableMultipleWriteLocations": "bool",
+    "enablePartitionMerge": "bool",
+    "ipRules": [
+      {
+        "ipAddressOrRange": "string"
+      }
+    ],
+    "isVirtualNetworkFilterEnabled": "bool",
+    "keyVaultKeyUri": "string",
+    "locations": [
+      {
+        "failoverPriority": "int",
+        "isZoneRedundant": "bool",
+        "locationName": "string"
+      }
+    ],
+    "minimalTlsVersion": "string",
+    "networkAclBypass": "string",
+    "networkAclBypassResourceIds": [ "string" ],
+    "publicNetworkAccess": "string",
+    "restoreParameters": {
+      "databasesToRestore": [
+        {
+          "collectionNames": [ "string" ],
+          "databaseName": "string"
+        }
+      ],
+      "gremlinDatabasesToRestore": [
+        {
+          "databaseName": "string",
+          "graphNames": [ "string" ]
+        }
+      ],
+      "restoreMode": "string",
+      "restoreSource": "string",
+      "restoreTimestampInUtc": "string",
+      "tablesToRestore": [ "string" ]
+    },
+    "virtualNetworkRules": [
+      {
+        "id": "string",
+        "ignoreMissingVNetServiceEndpoint": "bool"
+      }
+    ]
+  },
+  "tags": {
+    "{customized property}": "string"
+  }
+}
+```
+### BackupPolicy objects
+
+Set the **type** property to specify the type of object.
+
+For **Continuous**, use:
+
+```json
+{
+  "continuousModeProperties": {
+    "tier": "string"
+  },
+  "type": "Continuous"
+}
+```
+
+For **Periodic**, use:
+
+```json
+{
+  "periodicModeProperties": {
+    "backupIntervalInMinutes": "int",
+    "backupRetentionIntervalInHours": "int",
+    "backupStorageRedundancy": "string"
+  },
+  "type": "Periodic"
+}
+```
+
+## Property Values
+### Microsoft.DocumentDB/databaseAccounts
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| apiVersion | The api version | '2024-05-15' |
+| identity | Identity for the resource. | [ManagedServiceIdentity](#managedserviceidentity-1) |
+| kind | Indicates the type of database account. This can only be set at database account creation. | 'GlobalDocumentDB'<br />'MongoDB'<br />'Parse' |
+| location | The location of the resource group to which the resource belongs. | string |
+| name | The resource name | string <br /><br />Constraints:<br />Min length = 3<br />Max length = 50<br />Pattern = `^[a-z0-9]+(-[a-z0-9]+)*` (required) |
+| properties | Properties to create and update Azure Cosmos DB database accounts. | [DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties](#databaseaccountcreateupdatepropertiesordatabaseaccountgetproperties-1) (required) |
+| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
+| type | The resource type | 'Microsoft.DocumentDB/databaseAccounts' |
+
+### AnalyticalStorageConfiguration
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| schemaType | Describes the types of schema for analytical storage. | 'FullFidelity'<br />'WellDefined' |
+
+### ApiProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| serverVersion | Describes the ServerVersion of an a MongoDB account. | '3.2'<br />'3.6'<br />'4.0'<br />'4.2'<br />'5.0'<br />'6.0' |
+
+### BackupPolicy
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| migrationState | The object representing the state of the migration between the backup policies. | [BackupPolicyMigrationState](#backuppolicymigrationstate-1) |
+| type | Set to 'Continuous' for type [ContinuousModeBackupPolicy](#continuousmodebackuppolicy-1). Set to 'Periodic' for type [PeriodicModeBackupPolicy](#periodicmodebackuppolicy-1). | 'Continuous'<br />'Periodic' (required) |
+
+### BackupPolicyMigrationState
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| startTime | Time at which the backup policy migration started (ISO-8601 format). | string |
+| status | Describes the status of migration between backup policy types. | 'Completed'<br />'Failed'<br />'InProgress'<br />'Invalid' |
+| targetType | Describes the target backup policy type of the backup policy migration. | 'Continuous'<br />'Periodic' |
+
+### Capability
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| name | Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". | string |
+
+### Capacity
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| totalThroughputLimit | The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. | int <br /><br />Constraints:<br />Min value = -1 |
+
+### Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+### ConsistencyPolicy
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| defaultConsistencyLevel | The default consistency level and configuration settings of the Cosmos DB account. | 'BoundedStaleness'<br />'ConsistentPrefix'<br />'Eventual'<br />'Session'<br />'Strong' (required) |
+| maxIntervalInSeconds | When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int <br /><br />Constraints:<br />Min value = 5<br />Max value = 86400 |
+| maxStalenessPrefix | When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int <br /><br />Constraints:<br />Min value = 1<br />Max value = 2147483647 |
+
+### ContinuousModeBackupPolicy
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| continuousModeProperties | Configuration values for continuous mode backup | [ContinuousModeProperties](#continuousmodeproperties-1) |
+| type | Describes the mode of backups. | 'Continuous' (required) |
+
+### ContinuousModeProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| tier | Enum to indicate type of Continuous backup mode | 'Continuous30Days'<br />'Continuous7Days' |
+
+### CorsPolicy
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| allowedHeaders | The request headers that the origin domain may specify on the CORS request. | string |
+| allowedMethods | The methods (HTTP request verbs) that the origin domain may use for a CORS request. | string |
+| allowedOrigins | The origin domains that are permitted to make a request against the service via CORS. | string (required) |
+| exposedHeaders | The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. | string |
+| maxAgeInSeconds | The maximum amount time that a browser should cache the preflight OPTIONS request. | int <br /><br />Constraints:<br />Min value = 1<br />Max value = 2147483647 |
+
+### DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| analyticalStorageConfiguration | Analytical storage specific properties. | [AnalyticalStorageConfiguration](#analyticalstorageconfiguration-1) |
+| apiProperties | API specific properties. Currently, supported only for MongoDB API. | [ApiProperties](#apiproperties-1) |
+| backupPolicy | The object representing the policy for taking backups on an account. | [BackupPolicy](#backuppolicy-1) |
+| capabilities | List of Cosmos DB capabilities for the account | [Capability](#capability-1)[] |
+| capacity | The object that represents all properties related to capacity enforcement on an account. | [Capacity](#capacity-1) |
+| connectorOffer | The cassandra connector offer type for the Cosmos DB database C* account. | 'Small' |
+| consistencyPolicy | The consistency policy for the Cosmos DB account. | [ConsistencyPolicy](#consistencypolicy-1) |
+| cors | The CORS policy for the Cosmos DB database account. | [CorsPolicy](#corspolicy-1)[] |
+| createMode | Enum to indicate the mode of account creation. | 'Default'<br />'Restore' |
+| customerManagedKeyStatus | Indicates the status of the Customer Managed Key feature on the account. In case there are errors, the property provides troubleshooting guidance. | string |
+| databaseAccountOfferType | The offer type for the database | 'Standard' (required) |
+| defaultIdentity | The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. | string |
+| disableKeyBasedMetadataWriteAccess | Disable write operations on metadata resources (databases, containers, throughput) via account keys | bool |
+| disableLocalAuth | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | bool |
+| enableAnalyticalStorage | Flag to indicate whether to enable storage analytics. | bool |
+| enableAutomaticFailover | Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. | bool |
+| enableBurstCapacity | Flag to indicate enabling/disabling of Burst Capacity feature on the account | bool |
+| enableCassandraConnector | Enables the cassandra connector on the Cosmos DB C* account | bool |
+| enableFreeTier | Flag to indicate whether Free Tier is enabled. | bool |
+| enableMultipleWriteLocations | Enables the account to write in multiple locations | bool |
+| enablePartitionMerge | Flag to indicate enabling/disabling of Partition Merge feature on the account | bool |
+| ipRules | List of IpRules. | [IpAddressOrRange](#ipaddressorrange-1)[] |
+| isVirtualNetworkFilterEnabled | Flag to indicate whether to enable/disable Virtual Network ACL rules. | bool |
+| keyVaultKeyUri | The URI of the key vault | string |
+| locations | An array that contains the georeplication locations enabled for the Cosmos DB account. | [Location](#location-1)[] (required) |
+| minimalTlsVersion | Indicates the minimum allowed Tls version. The default value is Tls 1.2. Cassandra and Mongo APIs only work with Tls 1.2. | 'Tls'<br />'Tls11'<br />'Tls12' |
+| networkAclBypass | Indicates what services are allowed to bypass firewall checks. | 'AzureServices'<br />'None' |
+| networkAclBypassResourceIds | An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. | string[] |
+| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled'<br />'Enabled'<br />'SecuredByPerimeter' |
+| restoreParameters | Parameters to indicate the information about the restore. | [RestoreParameters](#restoreparameters-1) |
+| virtualNetworkRules | List of Virtual Network ACL rules configured for the Cosmos DB account. | [VirtualNetworkRule](#virtualnetworkrule-1)[] |
+
+### DatabaseRestoreResource
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| collectionNames | The names of the collections available for restore. | string[] |
+| databaseName | The name of the database available for restore. | string |
+
+### GremlinDatabaseRestoreResource
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| databaseName | The name of the gremlin database available for restore. | string |
+| graphNames | The names of the graphs available for restore. | string[] |
+
+### IpAddressOrRange
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| ipAddressOrRange | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. | string |
+
+### Location
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| failoverPriority | The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. | int <br /><br />Constraints:<br />Min value = 0 |
+| isZoneRedundant | Flag to indicate whether or not this region is an AvailabilityZone region | bool |
+| locationName | The name of the region. | string |
+
+### ManagedServiceIdentity
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| type | The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. | 'None'<br />'SystemAssigned'<br />'SystemAssigned,UserAssigned'<br />'UserAssigned' |
+| userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | [ManagedServiceIdentityUserAssignedIdentities](#managedserviceidentityuserassignedidentities-1) |
+
+### ManagedServiceIdentityUserAssignedIdentities
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+### PeriodicModeBackupPolicy
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| periodicModeProperties | Configuration values for periodic mode backup | [PeriodicModeProperties](#periodicmodeproperties-1) |
+| type | Describes the mode of backups. | 'Periodic' (required) |
+
+### PeriodicModeProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| backupIntervalInMinutes | An integer representing the interval in minutes between two backups | int <br /><br />Constraints:<br />Min value = 0 |
+| backupRetentionIntervalInHours | An integer representing the time (in hours) that each backup is retained | int <br /><br />Constraints:<br />Min value = 0 |
+| backupStorageRedundancy | Enum to indicate type of backup residency | 'Geo'<br />'Local'<br />'Zone' |
+
+### RestoreParameters
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| databasesToRestore | List of specific databases available for restore. | [DatabaseRestoreResource](#databaserestoreresource-1)[] |
+| gremlinDatabasesToRestore | List of specific gremlin databases available for restore. | [GremlinDatabaseRestoreResource](#gremlindatabaserestoreresource-1)[] |
+| restoreMode | Describes the mode of the restore. | 'PointInTime' |
+| restoreSource | The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} | string |
+| restoreTimestampInUtc | Time to which the account has to be restored (ISO-8601 format). | string |
+| tablesToRestore | List of specific tables available for restore. | string[] |
+
+### Tags
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+### VirtualNetworkRule
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| id | Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | string |
+| ignoreMissingVNetServiceEndpoint | Create firewall rule before the virtual network has vnet service endpoint enabled. | bool |
+
+## Usage Examples
+### Azure Quickstart Templates
+
+The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Template | Description |
+> | ----- | ----- |
+> | [Azure Cosmos DB account SQL API with analytical store](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-analytical-store)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-analytical-store%2Fazuredeploy.json) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container configured with analytical store. |
+> | [Azure Cosmos DB Account with Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/documentdb-webapp)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Fdocumentdb-webapp%2Fazuredeploy.json) | This template deploys an Azure Cosmos DB account, an App Service Plan, and creates a Web App in the App Service Plan. It also adds two Application settings to the Web App that reference the Azure Cosmos DB account endpoint. This way solutions deployed to the Web App can connect to the Azure Cosmos DB account endpoint using those settings. |
+> | [CI/CD using Jenkins on Azure Container Service (AKS)](https://github.com/Azure/azure-quickstart-templates/tree/master/application-workloads/jenkins/jenkins-cicd-container)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fapplication-workloads%2Fjenkins%2Fjenkins-cicd-container%2Fazuredeploy.json) | Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment. |
+> | [Create a Cosmos DB account with Microsoft Defender enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/microsoft-defender-cosmosdb-create-account)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fmicrosoft-defender-cosmosdb-create-account%2Fazuredeploy.json) | Using this ARM template, you can deploy an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled. Microsoft Defender for Azure Cosmos DB is an Azure-native layer of security that detects attempts to exploit databases in your Azure Cosmos DB accounts. Microsoft Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitations of your database through compromised identities or malicious insiders. |
+> | [Create a free-tier Azure Cosmos DB account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-free)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-free%2Fazuredeploy.json) | This template creates a free-tier Azure Cosmos DB account for SQL API with a database with shared throughput and container. |
+> | [Create a minimal Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-minimal)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-minimal%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for the Core (SQL) API while only specifying the minimal required resource properties. |
+> | [Create a Serverless Azure Cosmos DB account for SQL API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-serverless)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-serverless%2Fazuredeploy.json) | This template creates an serverless Azure Cosmos DB account for the Core (SQL) API. |
+> | [Create a zero touch Azure Cosmos account and Azure Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-webapp)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-webapp%2Fazuredeploy.json) | This template creates an Azure Cosmos account, injects the Cosmos DB endpoint and keys into Azure Web App settings, then deploys an ASP MVC web app from GitHub. |
+> | [Create an Azure Cosmos account for MongoDB API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-mongodb%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using shared and dedicated throughput with two collections. |
+> | [Create an Azure Cosmos account for MongoDB API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-mongodb-autoscale)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-mongodb-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using both shared and dedicated autoscale throughput. |
+> | [Create an Azure Cosmos account for Table API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-table%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with provisioned throughput. |
+> | [Create an Azure Cosmos account for Table API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-table-autoscale)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-table-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Table API in two regions and a single table with autoscale throughput. |
+> | [Create an Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-cassandra%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with dedicated throughput. |
+> | [Create an Azure Cosmos DB account for Core (SQL) API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql%2Fazuredeploy.json) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with throughput with multiple other options. |
+> | [Create an Azure Cosmos DB account for Gremlin API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-gremlin%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using dedicated throughput. |
+> | [Create an Azure Cosmos DB account for Gremlin API autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-gremlin-autoscale)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-gremlin-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using autoscale throughput. |
+> | [Create an Azure Cosmos DB account in multiple regions](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-multi-region-account)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-create-multi-region-account%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for any database API type with a primary and secondary region with choice of consistency level and failover type. |
+> | [Create an Azure Cosmos DB account SQL API with autoscale](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-autoscale)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos account for Core (SQL) API with a database and container with autoscale throughput with multiple other options. |
+> | [Create an Azure Cosmos DB Account with a private endpoint](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-private-endpoint)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-private-endpoint%2Fazuredeploy.json) | This template will create a Cosmos account, a virtual network and a private endpoint exposing the Cosmos account to the virtual network. |
+> | [Create an Azure Cosmos DB SQL Account with data plane RBAC](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-rbac)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-rbac%2Fazuredeploy.json) | This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an AAD identity. |
+> | [Create an Azure CosmosDB Account](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-create-account)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-create-account%2Fazuredeploy.json) | This ARM template is intented to create a CosmosDB Account quickly with the minimal required values |
+> | [Create autoscale Azure Cosmos DB account for Cassandra API](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-cassandra-autoscale)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-cassandra-autoscale%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with autoscale throughput. |
+> | [Create Azure Cosmos DB Core (SQL) API stored procedures](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-container-sprocs)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-container-sprocs%2Fazuredeploy.json) | This template creates an Azure Cosmos DB account for Core (SQL) API and a container with a stored procedure, trigger and user defined function. |
+> | [Create Azure Cosmos with SQL API and multiple containers](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.documentdb/cosmosdb-sql-multiple-containers)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.documentdb%2Fcosmosdb-sql-multiple-containers%2Fazuredeploy.json) | The template creates a Cosmos container with a SQL API and allows adding mulitple containers. |
+> | [Creates a Dapr microservices app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-blob)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.app%2Fcontainer-app-dapr-blob%2Fazuredeploy.json) | Create a Dapr microservices app using Container Apps. |
+> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.app%2Fcontainer-app-dapr-pubsub-servicebus%2Fazuredeploy.json) | Create a Dapr pub-sub servicebus app using Container Apps. |
+> | [Deploy Azure Data Explorer DB with Cosmos DB connection](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.kusto/kusto-cosmos-db)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.kusto%2Fkusto-cosmos-db%2Fazuredeploy.json) | Deploy Azure Data Explorer DB with Cosmos DB connection. |
+> | [Web App with a SQL Database, Azure Cosmos DB, Azure Search](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/web-app-sql-docdb-search)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fweb-app-sql-docdb-search%2Fazuredeploy.json) | This template provisions a Web App, a SQL Database, Azure Cosmos DB, Azure Search and Application Insights.  |
+
+
+::: zone-end
+
+::: zone pivot="deployment-language-terraform"
+
+## Terraform (AzAPI provider) resource definition
+
+The databaseAccounts resource type can be deployed with operations that target: 
+
+* **Resource groups**
+
+For a list of changed properties in each API version, see [change log](~/microsoft.documentdb/change-log/databaseaccounts.md).
+
+## Resource format
+
+To create a Microsoft.DocumentDB/databaseAccounts resource, add the following Terraform to your template.
+
+```terraform
+resource "azapi_resource" "symbolicname" {
+  type = "Microsoft.DocumentDB/databaseAccounts@2024-05-15"
+  name = "string"
+  parent_id = "string"
+  identity {
+    type = "string"
+    identity_ids = [
+      "string"
+    ]
+  }
+  location = "string"
+  tags = {
+    {customized property} = "string"
+  }
+  body = {
+    kind = "string"
+    properties = {
+      analyticalStorageConfiguration = {
+        schemaType = "string"
+      }
+      apiProperties = {
+        serverVersion = "string"
+      }
+      backupPolicy = {
+        migrationState = {
+          startTime = "string"
+          status = "string"
+          targetType = "string"
+        }
+        type = "string"
+        // For remaining properties, see BackupPolicy objects
+      }
+      capabilities = [
+        {
+          name = "string"
+        }
+      ]
+      capacity = {
+        totalThroughputLimit = int
+      }
+      connectorOffer = "string"
+      consistencyPolicy = {
+        defaultConsistencyLevel = "string"
+        maxIntervalInSeconds = int
+        maxStalenessPrefix = int
+      }
+      cors = [
+        {
+          allowedHeaders = "string"
+          allowedMethods = "string"
+          allowedOrigins = "string"
+          exposedHeaders = "string"
+          maxAgeInSeconds = int
+        }
+      ]
+      createMode = "string"
+      customerManagedKeyStatus = "string"
+      databaseAccountOfferType = "Standard"
+      defaultIdentity = "string"
+      disableKeyBasedMetadataWriteAccess = bool
+      disableLocalAuth = bool
+      enableAnalyticalStorage = bool
+      enableAutomaticFailover = bool
+      enableBurstCapacity = bool
+      enableCassandraConnector = bool
+      enableFreeTier = bool
+      enableMultipleWriteLocations = bool
+      enablePartitionMerge = bool
+      ipRules = [
+        {
+          ipAddressOrRange = "string"
+        }
+      ]
+      isVirtualNetworkFilterEnabled = bool
+      keyVaultKeyUri = "string"
+      locations = [
+        {
+          failoverPriority = int
+          isZoneRedundant = bool
+          locationName = "string"
+        }
+      ]
+      minimalTlsVersion = "string"
+      networkAclBypass = "string"
+      networkAclBypassResourceIds = [
+        "string"
+      ]
+      publicNetworkAccess = "string"
+      restoreParameters = {
+        databasesToRestore = [
+          {
+            collectionNames = [
+              "string"
+            ]
+            databaseName = "string"
+          }
+        ]
+        gremlinDatabasesToRestore = [
+          {
+            databaseName = "string"
+            graphNames = [
+              "string"
+            ]
+          }
+        ]
+        restoreMode = "string"
+        restoreSource = "string"
+        restoreTimestampInUtc = "string"
+        tablesToRestore = [
+          "string"
+        ]
+      }
+      virtualNetworkRules = [
+        {
+          id = "string"
+          ignoreMissingVNetServiceEndpoint = bool
+        }
+      ]
+    }
+  }
+}
+```
+### BackupPolicy objects
+
+Set the **type** property to specify the type of object.
+
+For **Continuous**, use:
+
+```terraform
+{
+  continuousModeProperties = {
+    tier = "string"
+  }
+  type = "Continuous"
+}
+```
+
+For **Periodic**, use:
+
+```terraform
+{
+  periodicModeProperties = {
+    backupIntervalInMinutes = int
+    backupRetentionIntervalInHours = int
+    backupStorageRedundancy = "string"
+  }
+  type = "Periodic"
+}
+```
+
+## Property Values
+### Microsoft.DocumentDB/databaseAccounts
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| identity | Identity for the resource. | [ManagedServiceIdentity](#managedserviceidentity-2) |
+| kind | Indicates the type of database account. This can only be set at database account creation. | 'GlobalDocumentDB'<br />'MongoDB'<br />'Parse' |
+| location | The location of the resource group to which the resource belongs. | string |
+| name | The resource name | string <br /><br />Constraints:<br />Min length = 3<br />Max length = 50<br />Pattern = `^[a-z0-9]+(-[a-z0-9]+)*` (required) |
+| properties | Properties to create and update Azure Cosmos DB database accounts. | [DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties](#databaseaccountcreateupdatepropertiesordatabaseaccountgetproperties-2) (required) |
+| tags | Resource tags | Dictionary of tag names and values. |
+| type | The resource type | "Microsoft.DocumentDB/databaseAccounts@2024-05-15" |
+
+### AnalyticalStorageConfiguration
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| schemaType | Describes the types of schema for analytical storage. | 'FullFidelity'<br />'WellDefined' |
+
+### ApiProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| serverVersion | Describes the ServerVersion of an a MongoDB account. | '3.2'<br />'3.6'<br />'4.0'<br />'4.2'<br />'5.0'<br />'6.0' |
+
+### BackupPolicy
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| migrationState | The object representing the state of the migration between the backup policies. | [BackupPolicyMigrationState](#backuppolicymigrationstate-2) |
+| type | Set to 'Continuous' for type [ContinuousModeBackupPolicy](#continuousmodebackuppolicy-2). Set to 'Periodic' for type [PeriodicModeBackupPolicy](#periodicmodebackuppolicy-2). | 'Continuous'<br />'Periodic' (required) |
+
+### BackupPolicyMigrationState
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| startTime | Time at which the backup policy migration started (ISO-8601 format). | string |
+| status | Describes the status of migration between backup policy types. | 'Completed'<br />'Failed'<br />'InProgress'<br />'Invalid' |
+| targetType | Describes the target backup policy type of the backup policy migration. | 'Continuous'<br />'Periodic' |
+
+### Capability
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| name | Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". | string |
+
+### Capacity
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| totalThroughputLimit | The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. | int <br /><br />Constraints:<br />Min value = -1 |
+
+### Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+### ConsistencyPolicy
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| defaultConsistencyLevel | The default consistency level and configuration settings of the Cosmos DB account. | 'BoundedStaleness'<br />'ConsistentPrefix'<br />'Eventual'<br />'Session'<br />'Strong' (required) |
+| maxIntervalInSeconds | When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int <br /><br />Constraints:<br />Min value = 5<br />Max value = 86400 |
+| maxStalenessPrefix | When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int <br /><br />Constraints:<br />Min value = 1<br />Max value = 2147483647 |
+
+### ContinuousModeBackupPolicy
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| continuousModeProperties | Configuration values for continuous mode backup | [ContinuousModeProperties](#continuousmodeproperties-2) |
+| type | Describes the mode of backups. | 'Continuous' (required) |
+
+### ContinuousModeProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| tier | Enum to indicate type of Continuous backup mode | 'Continuous30Days'<br />'Continuous7Days' |
+
+### CorsPolicy
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| allowedHeaders | The request headers that the origin domain may specify on the CORS request. | string |
+| allowedMethods | The methods (HTTP request verbs) that the origin domain may use for a CORS request. | string |
+| allowedOrigins | The origin domains that are permitted to make a request against the service via CORS. | string (required) |
+| exposedHeaders | The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. | string |
+| maxAgeInSeconds | The maximum amount time that a browser should cache the preflight OPTIONS request. | int <br /><br />Constraints:<br />Min value = 1<br />Max value = 2147483647 |
+
+### DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| analyticalStorageConfiguration | Analytical storage specific properties. | [AnalyticalStorageConfiguration](#analyticalstorageconfiguration-2) |
+| apiProperties | API specific properties. Currently, supported only for MongoDB API. | [ApiProperties](#apiproperties-2) |
+| backupPolicy | The object representing the policy for taking backups on an account. | [BackupPolicy](#backuppolicy-2) |
+| capabilities | List of Cosmos DB capabilities for the account | [Capability](#capability-2)[] |
+| capacity | The object that represents all properties related to capacity enforcement on an account. | [Capacity](#capacity-2) |
+| connectorOffer | The cassandra connector offer type for the Cosmos DB database C* account. | 'Small' |
+| consistencyPolicy | The consistency policy for the Cosmos DB account. | [ConsistencyPolicy](#consistencypolicy-2) |
+| cors | The CORS policy for the Cosmos DB database account. | [CorsPolicy](#corspolicy-2)[] |
+| createMode | Enum to indicate the mode of account creation. | 'Default'<br />'Restore' |
+| customerManagedKeyStatus | Indicates the status of the Customer Managed Key feature on the account. In case there are errors, the property provides troubleshooting guidance. | string |
+| databaseAccountOfferType | The offer type for the database | 'Standard' (required) |
+| defaultIdentity | The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. | string |
+| disableKeyBasedMetadataWriteAccess | Disable write operations on metadata resources (databases, containers, throughput) via account keys | bool |
+| disableLocalAuth | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | bool |
+| enableAnalyticalStorage | Flag to indicate whether to enable storage analytics. | bool |
+| enableAutomaticFailover | Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. | bool |
+| enableBurstCapacity | Flag to indicate enabling/disabling of Burst Capacity feature on the account | bool |
+| enableCassandraConnector | Enables the cassandra connector on the Cosmos DB C* account | bool |
+| enableFreeTier | Flag to indicate whether Free Tier is enabled. | bool |
+| enableMultipleWriteLocations | Enables the account to write in multiple locations | bool |
+| enablePartitionMerge | Flag to indicate enabling/disabling of Partition Merge feature on the account | bool |
+| ipRules | List of IpRules. | [IpAddressOrRange](#ipaddressorrange-2)[] |
+| isVirtualNetworkFilterEnabled | Flag to indicate whether to enable/disable Virtual Network ACL rules. | bool |
+| keyVaultKeyUri | The URI of the key vault | string |
+| locations | An array that contains the georeplication locations enabled for the Cosmos DB account. | [Location](#location-2)[] (required) |
+| minimalTlsVersion | Indicates the minimum allowed Tls version. The default value is Tls 1.2. Cassandra and Mongo APIs only work with Tls 1.2. | 'Tls'<br />'Tls11'<br />'Tls12' |
+| networkAclBypass | Indicates what services are allowed to bypass firewall checks. | 'AzureServices'<br />'None' |
+| networkAclBypassResourceIds | An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. | string[] |
+| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled'<br />'Enabled'<br />'SecuredByPerimeter' |
+| restoreParameters | Parameters to indicate the information about the restore. | [RestoreParameters](#restoreparameters-2) |
+| virtualNetworkRules | List of Virtual Network ACL rules configured for the Cosmos DB account. | [VirtualNetworkRule](#virtualnetworkrule-2)[] |
+
+### DatabaseRestoreResource
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| collectionNames | The names of the collections available for restore. | string[] |
+| databaseName | The name of the database available for restore. | string |
+
+### GremlinDatabaseRestoreResource
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| databaseName | The name of the gremlin database available for restore. | string |
+| graphNames | The names of the graphs available for restore. | string[] |
+
+### IpAddressOrRange
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| ipAddressOrRange | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. | string |
+
+### Location
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| failoverPriority | The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. | int <br /><br />Constraints:<br />Min value = 0 |
+| isZoneRedundant | Flag to indicate whether or not this region is an AvailabilityZone region | bool |
+| locationName | The name of the region. | string |
+
+### ManagedServiceIdentity
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| type | The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. | 'None'<br />'SystemAssigned'<br />'SystemAssigned,UserAssigned'<br />'UserAssigned' |
+| userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | [ManagedServiceIdentityUserAssignedIdentities](#managedserviceidentityuserassignedidentities-2) |
+
+### ManagedServiceIdentityUserAssignedIdentities
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+### PeriodicModeBackupPolicy
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| periodicModeProperties | Configuration values for periodic mode backup | [PeriodicModeProperties](#periodicmodeproperties-2) |
+| type | Describes the mode of backups. | 'Periodic' (required) |
+
+### PeriodicModeProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| backupIntervalInMinutes | An integer representing the interval in minutes between two backups | int <br /><br />Constraints:<br />Min value = 0 |
+| backupRetentionIntervalInHours | An integer representing the time (in hours) that each backup is retained | int <br /><br />Constraints:<br />Min value = 0 |
+| backupStorageRedundancy | Enum to indicate type of backup residency | 'Geo'<br />'Local'<br />'Zone' |
+
+### RestoreParameters
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| databasesToRestore | List of specific databases available for restore. | [DatabaseRestoreResource](#databaserestoreresource-2)[] |
+| gremlinDatabasesToRestore | List of specific gremlin databases available for restore. | [GremlinDatabaseRestoreResource](#gremlindatabaserestoreresource-2)[] |
+| restoreMode | Describes the mode of the restore. | 'PointInTime' |
+| restoreSource | The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} | string |
+| restoreTimestampInUtc | Time to which the account has to be restored (ISO-8601 format). | string |
+| tablesToRestore | List of specific tables available for restore. | string[] |
+
+### Tags
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+### VirtualNetworkRule
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| id | Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | string |
+| ignoreMissingVNetServiceEndpoint | Create firewall rule before the virtual network has vnet service endpoint enabled. | bool |
+
+## Usage Examples
+### Terraform Samples
+
+A basic example of deploying CosmosDB (formally DocumentDB) Account.
+
+```terraform
+terraform {
+  required_providers {
+    azapi = {
+      source = "Azure/azapi"
+    }
+  }
+}
+
+provider "azapi" {
+  skip_provider_registration = false
+}
+
+variable "resource_name" {
+  type    = string
+  default = "acctest0001"
+}
+
+variable "location" {
+  type    = string
+  default = "westeurope"
+}
+
+resource "azapi_resource" "resourceGroup" {
+  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
+  name     = var.resource_name
+  location = var.location
+}
+
+resource "azapi_resource" "databaseAccount" {
+  type      = "Microsoft.DocumentDB/databaseAccounts@2021-10-15"
+  parent_id = azapi_resource.resourceGroup.id
+  name      = var.resource_name
+  location  = var.location
+  body = {
+    kind = "GlobalDocumentDB"
+    properties = {
+      capabilities = [
+      ]
+      consistencyPolicy = {
+        defaultConsistencyLevel = "BoundedStaleness"
+        maxIntervalInSeconds    = 10
+        maxStalenessPrefix      = 200
+      }
+      databaseAccountOfferType           = "Standard"
+      defaultIdentity                    = "FirstPartyIdentity"
+      disableKeyBasedMetadataWriteAccess = false
+      disableLocalAuth                   = false
+      enableAnalyticalStorage            = false
+      enableAutomaticFailover            = false
+      enableFreeTier                     = false
+      enableMultipleWriteLocations       = false
+      ipRules = [
+      ]
+      isVirtualNetworkFilterEnabled = false
+      locations = [
+        {
+          failoverPriority = 0
+          isZoneRedundant  = false
+          locationName     = "West Europe"
+        },
+      ]
+      networkAclBypass = "None"
+      networkAclBypassResourceIds = [
+      ]
+      publicNetworkAccess = "Enabled"
+      virtualNetworkRules = [
+      ]
+    }
+  }
+  schema_validation_enabled = false
+  response_export_values    = ["*"]
+}
+```
+
+::: zone-end
diff --git a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.keyvault/2023-07-01/vaults.md b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.keyvault/2023-07-01/vaults.md
index 97dcde90..a9035a7e 100644
--- a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.keyvault/2023-07-01/vaults.md
+++ b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.keyvault/2023-07-01/vaults.md
@@ -1,736 +1,782 @@
----
-title: Microsoft.KeyVault/vaults 2023-07-01
-description: Azure Microsoft.KeyVault/vaults syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2023-07-01
-zone_pivot_groups: deployment-languages-reference
-ms.service: azure-resource-manager
-ms.topic: reference
----
-# Microsoft.KeyVault vaults 2023-07-01
-
-> [!div class="op_single_selector" title1="API Versions:"]
-> - [Latest](../vaults.md)
-> - [2025-05-01](../2025-05-01/vaults.md)
-> - [2024-12-01-preview](../2024-12-01-preview/vaults.md)
-> - [2024-11-01](../2024-11-01/vaults.md)
-> - [2024-04-01-preview](../2024-04-01-preview/vaults.md)
-> - [2023-07-01](../2023-07-01/vaults.md)
-> - [2023-02-01](../2023-02-01/vaults.md)
-> - [2022-11-01](../2022-11-01/vaults.md)
-> - [2022-07-01](../2022-07-01/vaults.md)
-> - [2022-02-01-preview](../2022-02-01-preview/vaults.md)
-> - [2021-11-01-preview](../2021-11-01-preview/vaults.md)
-> - [2021-10-01](../2021-10-01/vaults.md)
-> - [2021-06-01-preview](../2021-06-01-preview/vaults.md)
-> - [2021-04-01-preview](../2021-04-01-preview/vaults.md)
-> - [2020-04-01-preview](../2020-04-01-preview/vaults.md)
-> - [2019-09-01](../2019-09-01/vaults.md)
-> - [2018-02-14](../2018-02-14/vaults.md)
-> - [2018-02-14-preview](../2018-02-14-preview/vaults.md)
-> - [2016-10-01](../2016-10-01/vaults.md)
-> - [2015-06-01](../2015-06-01/vaults.md)
-
-## Remarks
-
+---
+title: Microsoft.KeyVault/vaults 2023-07-01
+description: Azure Microsoft.KeyVault/vaults syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2023-07-01
+zone_pivot_groups: deployment-languages-reference
+ms.service: azure-resource-manager
+ms.topic: reference
+---
+# Microsoft.KeyVault vaults 2023-07-01
+
+> [!div class="op_single_selector" title1="API Versions:"]
+> - [Latest](../vaults.md)
+> - [2025-05-01](../2025-05-01/vaults.md)
+> - [2024-12-01-preview](../2024-12-01-preview/vaults.md)
+> - [2024-11-01](../2024-11-01/vaults.md)
+> - [2024-04-01-preview](../2024-04-01-preview/vaults.md)
+> - [2023-07-01](../2023-07-01/vaults.md)
+> - [2023-02-01](../2023-02-01/vaults.md)
+> - [2022-11-01](../2022-11-01/vaults.md)
+> - [2022-07-01](../2022-07-01/vaults.md)
+> - [2022-02-01-preview](../2022-02-01-preview/vaults.md)
+> - [2021-11-01-preview](../2021-11-01-preview/vaults.md)
+> - [2021-10-01](../2021-10-01/vaults.md)
+> - [2021-06-01-preview](../2021-06-01-preview/vaults.md)
+> - [2021-04-01-preview](../2021-04-01-preview/vaults.md)
+> - [2020-04-01-preview](../2020-04-01-preview/vaults.md)
+> - [2019-09-01](../2019-09-01/vaults.md)
+> - [2018-02-14](../2018-02-14/vaults.md)
+> - [2018-02-14-preview](../2018-02-14-preview/vaults.md)
+> - [2016-10-01](../2016-10-01/vaults.md)
+> - [2015-06-01](../2015-06-01/vaults.md)
+
+## Remarks
+
 For guidance on using key vaults for secure values, see [Manage secrets by using Bicep](/azure/azure-resource-manager/bicep/scenarios-secrets).
 
 For a quickstart on creating a secret, see [Quickstart: Set and retrieve a secret from Azure Key Vault using an ARM template](/azure/key-vault/secrets/quick-create-template).
 
-For a quickstart on creating a key, see [Quickstart: Create an Azure key vault and a key by using ARM template](/azure/key-vault/keys/quick-create-template).
-
-
-::: zone pivot="deployment-language-bicep"
-
-## Bicep resource definition
-
-The vaults resource type can be deployed with operations that target: 
-
-* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-resource-group)
-
-For a list of changed properties in each API version, see [change log](~/microsoft.keyvault/change-log/vaults.md).
-
-## Resource format
-
-To create a Microsoft.KeyVault/vaults resource, add the following Bicep to your template.
-
-```bicep
-resource symbolicname 'Microsoft.KeyVault/vaults@2023-07-01' = {
-  location: 'string'
-  name: 'string'
+For a quickstart on creating a key, see [Quickstart: Create an Azure key vault and a key by using ARM template](/azure/key-vault/keys/quick-create-template).
+
+
+::: zone pivot="deployment-language-bicep"
+
+## Bicep resource definition
+
+The vaults resource type can be deployed with operations that target: 
+
+* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/bicep/deploy-to-resource-group)
+
+For a list of changed properties in each API version, see [change log](~/microsoft.keyvault/change-log/vaults.md).
+
+## Resource format
+
+To create a Microsoft.KeyVault/vaults resource, add the following Bicep to your template.
+
+```bicep
+resource symbolicname 'Microsoft.KeyVault/vaults@2023-07-01' = {
+  location: 'string'
+  name: 'string'
+  properties: {
+    accessPolicies: [
+      {
+        applicationId: 'string'
+        objectId: 'string'
+        permissions: {
+          certificates: [
+            'string'
+          ]
+          keys: [
+            'string'
+          ]
+          secrets: [
+            'string'
+          ]
+          storage: [
+            'string'
+          ]
+        }
+        tenantId: 'string'
+      }
+    ]
+    createMode: 'string'
+    enabledForDeployment: bool
+    enabledForDiskEncryption: bool
+    enabledForTemplateDeployment: bool
+    enablePurgeProtection: bool
+    enableRbacAuthorization: bool
+    enableSoftDelete: bool
+    networkAcls: {
+      bypass: 'string'
+      defaultAction: 'string'
+      ipRules: [
+        {
+          value: 'string'
+        }
+      ]
+      virtualNetworkRules: [
+        {
+          id: 'string'
+          ignoreMissingVnetServiceEndpoint: bool
+        }
+      ]
+    }
+    provisioningState: 'string'
+    publicNetworkAccess: 'string'
+    sku: {
+      family: 'string'
+      name: 'string'
+    }
+    softDeleteRetentionInDays: int
+    tenantId: 'string'
+    vaultUri: 'string'
+  }
+  tags: {
+    {customized property}: 'string'
+  }
+}
+```
+## Property Values
+### Microsoft.KeyVault/vaults
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| location | The supported Azure location where the key vault should be created. | string (required) |
+| name | The resource name | string <br /><br />Constraints:<br />Pattern = `^[a-zA-Z0-9-]{3,24}$` (required) |
+| properties | Properties of the vault | [VaultProperties](#vaultproperties) (required) |
+| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
+
+### AccessPolicyEntry
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| applicationId | Application ID of the client making request on behalf of a principal | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` |
+| objectId | The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. | string (required) |
+| permissions | Permissions the identity has for keys, secrets and certificates. | [Permissions](#permissions) (required) |
+| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) |
+
+### IPRule
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| value | An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). | string (required) |
+
+### NetworkRuleSet
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| bypass | Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'.  If not specified the default is 'AzureServices'. | 'AzureServices'<br />'None' |
+| defaultAction | The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. | 'Allow'<br />'Deny' |
+| ipRules | The list of IP address rules. | [IPRule](#iprule)[] |
+| virtualNetworkRules | The list of virtual network rules. | [VirtualNetworkRule](#virtualnetworkrule)[] |
+
+### Permissions
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| certificates | Permissions to certificates | String array containing any of:<br />'all'<br />'backup'<br />'create'<br />'delete'<br />'deleteissuers'<br />'get'<br />'getissuers'<br />'import'<br />'list'<br />'listissuers'<br />'managecontacts'<br />'manageissuers'<br />'purge'<br />'recover'<br />'restore'<br />'setissuers'<br />'update' |
+| keys | Permissions to keys | String array containing any of:<br />'all'<br />'backup'<br />'create'<br />'decrypt'<br />'delete'<br />'encrypt'<br />'get'<br />'getrotationpolicy'<br />'import'<br />'list'<br />'purge'<br />'recover'<br />'release'<br />'restore'<br />'rotate'<br />'setrotationpolicy'<br />'sign'<br />'unwrapKey'<br />'update'<br />'verify'<br />'wrapKey' |
+| secrets | Permissions to secrets | String array containing any of:<br />'all'<br />'backup'<br />'delete'<br />'get'<br />'list'<br />'purge'<br />'recover'<br />'restore'<br />'set' |
+| storage | Permissions to storage accounts | String array containing any of:<br />'all'<br />'backup'<br />'delete'<br />'deletesas'<br />'get'<br />'getsas'<br />'list'<br />'listsas'<br />'purge'<br />'recover'<br />'regeneratekey'<br />'restore'<br />'set'<br />'setsas'<br />'update' |
+
+### Sku
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| family | SKU family name | 'A' (required) |
+| name | SKU name to specify whether the key vault is a standard vault or a premium vault. | 'premium'<br />'standard' (required) |
+
+### VaultCreateOrUpdateParametersTags
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+### VaultProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| accessPolicies | An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. | [AccessPolicyEntry](#accesspolicyentry)[] |
+| createMode | The vault's create mode to indicate whether the vault need to be recovered or not. | 'default'<br />'recover' |
+| enabledForDeployment | Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool |
+| enabledForDiskEncryption | Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool |
+| enabledForTemplateDeployment | Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool |
+| enablePurgeProtection | Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. | bool |
+| enableRbacAuthorization | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be  ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. | bool |
+| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. | bool |
+| networkAcls | Rules governing the accessibility of the key vault from specific network locations. | [NetworkRuleSet](#networkruleset) |
+| provisioningState | Provisioning state of the vault. | 'RegisteringDns'<br />'Succeeded' |
+| publicNetworkAccess | Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. | string |
+| sku | SKU details | [Sku](#sku) (required) |
+| softDeleteRetentionInDays | softDelete data retention days. It accepts &gt;=7 and &lt;=90. | int |
+| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) |
+| vaultUri | The URI of the vault for performing operations on keys and secrets. | string |
+
+### VirtualNetworkRule
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| id | Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. | string (required) |
+| ignoreMissingVnetServiceEndpoint | Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. | bool |
+
+## Usage Examples
+### Bicep Samples
+
+A basic example of deploying Key Vault.
+
+```bicep
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource vault 'Microsoft.KeyVault/vaults@2021-10-01' = {
+  name: resourceName
+  location: location
   properties: {
     accessPolicies: [
       {
-        applicationId: 'string'
-        objectId: 'string'
+        objectId: deployer().objectId
         permissions: {
           certificates: [
-            'string'
+            'ManageContacts'
           ]
           keys: [
-            'string'
+            'Create'
           ]
           secrets: [
-            'string'
-          ]
-          storage: [
-            'string'
+            'Set'
           ]
+          storage: []
         }
-        tenantId: 'string'
+        tenantId: deployer().tenantId
       }
     ]
-    createMode: 'string'
-    enabledForDeployment: bool
-    enabledForDiskEncryption: bool
-    enabledForTemplateDeployment: bool
-    enablePurgeProtection: bool
-    enableRbacAuthorization: bool
-    enableSoftDelete: bool
-    networkAcls: {
-      bypass: 'string'
-      defaultAction: 'string'
-      ipRules: [
-        {
-          value: 'string'
-        }
-      ]
-      virtualNetworkRules: [
-        {
-          id: 'string'
-          ignoreMissingVnetServiceEndpoint: bool
-        }
-      ]
-    }
-    provisioningState: 'string'
-    publicNetworkAccess: 'string'
+    createMode: 'default'
+    enableRbacAuthorization: false
+    enableSoftDelete: true
+    enabledForDeployment: false
+    enabledForDiskEncryption: false
+    enabledForTemplateDeployment: false
+    publicNetworkAccess: 'Enabled'
     sku: {
-      family: 'string'
-      name: 'string'
+      family: 'A'
+      name: 'standard'
     }
-    softDeleteRetentionInDays: int
-    tenantId: 'string'
-    vaultUri: 'string'
-  }
-  tags: {
-    {customized property}: 'string'
+    softDeleteRetentionInDays: 7
+    tenantId: deployer().tenantId
   }
-}
-```
-## Property Values
-### Microsoft.KeyVault/vaults
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| location | The supported Azure location where the key vault should be created. | string (required) |
-| name | The resource name | string <br /><br />Constraints:<br />Pattern = `^[a-zA-Z0-9-]{3,24}$` (required) |
-| properties | Properties of the vault | [VaultProperties](#vaultproperties) (required) |
-| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
-
-### AccessPolicyEntry
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| applicationId | Application ID of the client making request on behalf of a principal | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` |
-| objectId | The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. | string (required) |
-| permissions | Permissions the identity has for keys, secrets and certificates. | [Permissions](#permissions) (required) |
-| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) |
-
-### IPRule
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| value | An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). | string (required) |
-
-### NetworkRuleSet
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| bypass | Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'.  If not specified the default is 'AzureServices'. | 'AzureServices'<br />'None' |
-| defaultAction | The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. | 'Allow'<br />'Deny' |
-| ipRules | The list of IP address rules. | [IPRule](#iprule)[] |
-| virtualNetworkRules | The list of virtual network rules. | [VirtualNetworkRule](#virtualnetworkrule)[] |
-
-### Permissions
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| certificates | Permissions to certificates | String array containing any of:<br />'all'<br />'backup'<br />'create'<br />'delete'<br />'deleteissuers'<br />'get'<br />'getissuers'<br />'import'<br />'list'<br />'listissuers'<br />'managecontacts'<br />'manageissuers'<br />'purge'<br />'recover'<br />'restore'<br />'setissuers'<br />'update' |
-| keys | Permissions to keys | String array containing any of:<br />'all'<br />'backup'<br />'create'<br />'decrypt'<br />'delete'<br />'encrypt'<br />'get'<br />'getrotationpolicy'<br />'import'<br />'list'<br />'purge'<br />'recover'<br />'release'<br />'restore'<br />'rotate'<br />'setrotationpolicy'<br />'sign'<br />'unwrapKey'<br />'update'<br />'verify'<br />'wrapKey' |
-| secrets | Permissions to secrets | String array containing any of:<br />'all'<br />'backup'<br />'delete'<br />'get'<br />'list'<br />'purge'<br />'recover'<br />'restore'<br />'set' |
-| storage | Permissions to storage accounts | String array containing any of:<br />'all'<br />'backup'<br />'delete'<br />'deletesas'<br />'get'<br />'getsas'<br />'list'<br />'listsas'<br />'purge'<br />'recover'<br />'regeneratekey'<br />'restore'<br />'set'<br />'setsas'<br />'update' |
-
-### Sku
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| family | SKU family name | 'A' (required) |
-| name | SKU name to specify whether the key vault is a standard vault or a premium vault. | 'premium'<br />'standard' (required) |
-
-### VaultCreateOrUpdateParametersTags
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-### VaultProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| accessPolicies | An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. | [AccessPolicyEntry](#accesspolicyentry)[] |
-| createMode | The vault's create mode to indicate whether the vault need to be recovered or not. | 'default'<br />'recover' |
-| enabledForDeployment | Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool |
-| enabledForDiskEncryption | Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool |
-| enabledForTemplateDeployment | Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool |
-| enablePurgeProtection | Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. | bool |
-| enableRbacAuthorization | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be  ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. | bool |
-| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. | bool |
-| networkAcls | Rules governing the accessibility of the key vault from specific network locations. | [NetworkRuleSet](#networkruleset) |
-| provisioningState | Provisioning state of the vault. | 'RegisteringDns'<br />'Succeeded' |
-| publicNetworkAccess | Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. | string |
-| sku | SKU details | [Sku](#sku) (required) |
-| softDeleteRetentionInDays | softDelete data retention days. It accepts &gt;=7 and &lt;=90. | int |
-| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) |
-| vaultUri | The URI of the vault for performing operations on keys and secrets. | string |
-
-### VirtualNetworkRule
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| id | Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. | string (required) |
-| ignoreMissingVnetServiceEndpoint | Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. | bool |
-
-## Usage Examples
-### Azure Verified Modules
-
-The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Module | Description |
-> | ----- | ----- |
-> | [Key Vault](https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/key-vault/vault) | AVM Resource Module for Key Vault |
-
-### Azure Quickstart Samples
-
-The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Bicep File | Description |
-> | ----- | ----- |
-> | [AKS Cluster with a NAT Gateway and an Application Gateway](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/aks-nat-agic/main.bicep) | This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
-> | [AKS cluster with the Application Gateway Ingress Controller](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/aks-application-gateway-ingress-controller/main.bicep) | This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
-> | [Application Gateway with internal API Management and Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep) | Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. |
-> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-basics/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
-> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-cmk/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
-> | [Azure AI Foundry Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-network-restricted/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
-> | [Azure AI Foundry with Microsoft Entra ID Authentication](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-entraid-passthrough/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage. |
-> | [Azure AI Studio basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aistudio-cmk-service-side-encryption/main.bicep) | This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
-> | [Azure AI Studio Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-network-restricted/main.bicep) | This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
-> | [Azure Function app and an HTTP-triggered function](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/function-http-trigger/main.bicep) | This example deploys an Azure Function app and an HTTP-triggered function inline in the template. It also deploys a Key Vault and populates a secret with the function app's host key. |
-> | [Azure Machine Learning end-to-end secure setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure/main.bicep) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
-> | [Azure Machine Learning end-to-end secure setup (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure-v1-legacy-mode/main.bicep) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
-> | [Azure Storage Account Encryption with customer-managed key](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.storage/storage-blob-encryption-with-cmk/main.bicep) | This template deploys a Storage Account with a customer-managed key for encryption that's generated and placed inside a Key Vault. |
-> | [Basic Agent Setup Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/basic-agent-identity/main.bicep) | This set of templates demonstrates how to set up Azure AI Agent Service with the basic setup using managed identity authetication for the AI Service/AOAI connection. Agents use multi-tenant search and storage resources fully managed by Microsoft. You won’t have visibility or control over these underlying Azure resources. |
-> | [Create a Key Vault and a list of secrets](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-secret-create/main.bicep) | This template creates a Key Vault and a list of secrets within the key vault as passed along with the parameters |
-> | [Create a network security perimeter](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/network-security-perimeter-create/main.bicep) | This template creates a network security perimeter and it's associated resource for protecting an Azure key vault. |
-> | [Create an AKS compute target with a Private IP address](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-private-ip/main.bicep) | This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. |
-> | [Create an API Management service with SSL from KeyVault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.apimanagement/api-management-key-vault-create/main.bicep) | This template deploys an API Management service configured with User Assigned Identity. It uses this identity to fetch SSL certificate from KeyVault and keeps it updated by checking every 4 hours. |
-> | [Create an Azure Key Vault and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create/main.bicep) | This template creates an Azure Key Vault and a secret. |
-> | [Create an Azure Key Vault with RBAC and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create-rbac/main.bicep) | This template creates an Azure Key Vault and a secret. Instead of relying on access policies, it leverages Azure RBAC to manage authorization on secrets |
-> | [Create an Azure Machine Learning service workspace](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning. |
-> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk-service-side-encryption/main.bicep) | This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys. |
-> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key. |
-> | [Create an Azure Machine Learning service workspace (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet-v1-legacy-mode/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
-> | [Create an Azure Machine Learning service workspace (vnet)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
-> | [Create Application Gateway with Certificates](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.resources/deployment-script-azcli-agw-certificates/main.bicep) | This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. |
-> | [Create Key Vault with logging enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-with-logging-create/main.bicep) | This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources. |
-> | [Create key vault, managed identity, and role assignment](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-managed-identity-role-assignment/main.bicep) | This template creates a key vault, managed identity, and role assignment. |
-> | [Creates a Cross-tenant Private Endpoint resource](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/private-endpoint/main.bicep) | This template allows you to create Priavate Endpoint resource within the same or cross-tenant environment and add dns zone configuration. |
-> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus/main.bicep) | Create a Dapr pub-sub servicebus app using Container Apps. |
-> | [Deploy Secure AI Foundry with a managed virtual network](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-networking-aoao/main.bicep) | This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions. |
-> | [Deploy the Sports Analytics on Azure Architecture](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/sports-analytics-architecture/main.bicep) | Creates an Azure storage account with ADLS Gen 2 enabled, an Azure Data Factory instance with linked services for the storage account (an the Azure SQL Database if deployed), and an Azure Databricks instance. The AAD identity for the user deploying the template and the managed identity for the ADF instance will be granted the Storage Blob Data Contributor role on the storage account. There are also options to deploy an Azure Key Vault instance, an Azure SQL Database, and an Azure Event Hub (for streaming use cases). When an Azure Key Vault is deployed, the data factory managed identity and the AAD identity for the user deploying the template will be granted the Key Vault Secrets User role. |
-> | [FinOps hub](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.costmanagement/finops-hub/main.bicep) | This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory. |
-> | [Network Secured Agent with User Managed Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/network-secured-agent/main.bicep) | This set of templates demonstrates how to set up Azure AI Agent Service with virtual network isolation using User Managed Identity authetication for the AI Service/AOAI connection and private network links to connect the agent to your secure data. |
-> | [Standard Agent Setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/standard-agent/main.bicep) | This set of templates demonstrates how to set up Azure AI Agent Service with the standard setup, meaning with managed identity authentication for project/hub connections and public internet access enabled. Agents use customer-owned, single-tenant search and storage resources. With this setup, you have full control and visibility over these resources, but you will incur costs based on your usage. |
-> | [Testing environment for Azure Firewall Premium](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/azurefirewall-premium/main.bicep) | This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering |
-
-
-::: zone-end
-
-::: zone pivot="deployment-language-arm-template"
-
-## ARM template resource definition
-
-The vaults resource type can be deployed with operations that target: 
-
-* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/templates/deploy-to-resource-group)
-
-For a list of changed properties in each API version, see [change log](~/microsoft.keyvault/change-log/vaults.md).
-
-## Resource format
-
-To create a Microsoft.KeyVault/vaults resource, add the following JSON to your template.
-
-```json
-{
-  "type": "Microsoft.KeyVault/vaults",
-  "apiVersion": "2023-07-01",
-  "name": "string",
-  "location": "string",
-  "properties": {
-    "accessPolicies": [
-      {
-        "applicationId": "string",
-        "objectId": "string",
-        "permissions": {
-          "certificates": [ "string" ],
-          "keys": [ "string" ],
-          "secrets": [ "string" ],
-          "storage": [ "string" ]
-        },
-        "tenantId": "string"
-      }
-    ],
-    "createMode": "string",
-    "enabledForDeployment": "bool",
-    "enabledForDiskEncryption": "bool",
-    "enabledForTemplateDeployment": "bool",
-    "enablePurgeProtection": "bool",
-    "enableRbacAuthorization": "bool",
-    "enableSoftDelete": "bool",
-    "networkAcls": {
-      "bypass": "string",
-      "defaultAction": "string",
-      "ipRules": [
-        {
-          "value": "string"
-        }
-      ],
-      "virtualNetworkRules": [
-        {
-          "id": "string",
-          "ignoreMissingVnetServiceEndpoint": "bool"
-        }
-      ]
-    },
-    "provisioningState": "string",
-    "publicNetworkAccess": "string",
-    "sku": {
-      "family": "string",
-      "name": "string"
-    },
-    "softDeleteRetentionInDays": "int",
-    "tenantId": "string",
-    "vaultUri": "string"
-  },
-  "tags": {
-    "{customized property}": "string"
-  }
-}
-```
-## Property Values
-### Microsoft.KeyVault/vaults
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| apiVersion | The api version | '2023-07-01' |
-| location | The supported Azure location where the key vault should be created. | string (required) |
-| name | The resource name | string <br /><br />Constraints:<br />Pattern = `^[a-zA-Z0-9-]{3,24}$` (required) |
-| properties | Properties of the vault | [VaultProperties](#vaultproperties-1) (required) |
-| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
-| type | The resource type | 'Microsoft.KeyVault/vaults' |
-
-### AccessPolicyEntry
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| applicationId | Application ID of the client making request on behalf of a principal | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` |
-| objectId | The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. | string (required) |
-| permissions | Permissions the identity has for keys, secrets and certificates. | [Permissions](#permissions-1) (required) |
-| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) |
-
-### IPRule
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| value | An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). | string (required) |
-
-### NetworkRuleSet
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| bypass | Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'.  If not specified the default is 'AzureServices'. | 'AzureServices'<br />'None' |
-| defaultAction | The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. | 'Allow'<br />'Deny' |
-| ipRules | The list of IP address rules. | [IPRule](#iprule-1)[] |
-| virtualNetworkRules | The list of virtual network rules. | [VirtualNetworkRule](#virtualnetworkrule-1)[] |
-
-### Permissions
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| certificates | Permissions to certificates | String array containing any of:<br />'all'<br />'backup'<br />'create'<br />'delete'<br />'deleteissuers'<br />'get'<br />'getissuers'<br />'import'<br />'list'<br />'listissuers'<br />'managecontacts'<br />'manageissuers'<br />'purge'<br />'recover'<br />'restore'<br />'setissuers'<br />'update' |
-| keys | Permissions to keys | String array containing any of:<br />'all'<br />'backup'<br />'create'<br />'decrypt'<br />'delete'<br />'encrypt'<br />'get'<br />'getrotationpolicy'<br />'import'<br />'list'<br />'purge'<br />'recover'<br />'release'<br />'restore'<br />'rotate'<br />'setrotationpolicy'<br />'sign'<br />'unwrapKey'<br />'update'<br />'verify'<br />'wrapKey' |
-| secrets | Permissions to secrets | String array containing any of:<br />'all'<br />'backup'<br />'delete'<br />'get'<br />'list'<br />'purge'<br />'recover'<br />'restore'<br />'set' |
-| storage | Permissions to storage accounts | String array containing any of:<br />'all'<br />'backup'<br />'delete'<br />'deletesas'<br />'get'<br />'getsas'<br />'list'<br />'listsas'<br />'purge'<br />'recover'<br />'regeneratekey'<br />'restore'<br />'set'<br />'setsas'<br />'update' |
-
-### Sku
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| family | SKU family name | 'A' (required) |
-| name | SKU name to specify whether the key vault is a standard vault or a premium vault. | 'premium'<br />'standard' (required) |
-
-### VaultCreateOrUpdateParametersTags
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-### VaultProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| accessPolicies | An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. | [AccessPolicyEntry](#accesspolicyentry-1)[] |
-| createMode | The vault's create mode to indicate whether the vault need to be recovered or not. | 'default'<br />'recover' |
-| enabledForDeployment | Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool |
-| enabledForDiskEncryption | Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool |
-| enabledForTemplateDeployment | Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool |
-| enablePurgeProtection | Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. | bool |
-| enableRbacAuthorization | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be  ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. | bool |
-| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. | bool |
-| networkAcls | Rules governing the accessibility of the key vault from specific network locations. | [NetworkRuleSet](#networkruleset-1) |
-| provisioningState | Provisioning state of the vault. | 'RegisteringDns'<br />'Succeeded' |
-| publicNetworkAccess | Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. | string |
-| sku | SKU details | [Sku](#sku-1) (required) |
-| softDeleteRetentionInDays | softDelete data retention days. It accepts &gt;=7 and &lt;=90. | int |
-| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) |
-| vaultUri | The URI of the vault for performing operations on keys and secrets. | string |
-
-### VirtualNetworkRule
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| id | Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. | string (required) |
-| ignoreMissingVnetServiceEndpoint | Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. | bool |
-
-## Usage Examples
-### Azure Quickstart Templates
-
-The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Template | Description |
-> | ----- | ----- |
-> | [AKS Cluster with a NAT Gateway and an Application Gateway](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/aks-nat-agic)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Faks-nat-agic%2Fazuredeploy.json) | This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
-> | [AKS cluster with the Application Gateway Ingress Controller](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/aks-application-gateway-ingress-controller)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Faks-application-gateway-ingress-controller%2Fazuredeploy.json) | This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
-> | [App Service Environment with Azure SQL backend](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/asev2-appservice-sql-vpngw)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Fasev2-appservice-sql-vpngw%2Fazuredeploy.json) | This template creates an App Service Environment with an Azure SQL backend along with private endpoints along with associated resources typically used in an private/isolated environment. |
-> | [Application Gateway with internal API Management and Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Fprivate-webapp-with-app-gateway-and-apim%2Fazuredeploy.json) | Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. |
-> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-basics)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-basics%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
-> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-cmk)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-cmk%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
-> | [Azure AI Foundry Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-network-restricted)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-network-restricted%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
-> | [Azure AI Foundry with Microsoft Entra ID Authentication](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-entraid-passthrough)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-entraid-passthrough%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage. |
-> | [Azure AI Studio basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aistudio-cmk-service-side-encryption)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faistudio-cmk-service-side-encryption%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
-> | [Azure AI Studio Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-network-restricted)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-network-restricted%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
-> | [Azure Function app and an HTTP-triggered function](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/function-http-trigger)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Ffunction-http-trigger%2Fazuredeploy.json) | This example deploys an Azure Function app and an HTTP-triggered function inline in the template. It also deploys a Key Vault and populates a secret with the function app's host key. |
-> | [Azure Machine Learning end-to-end secure setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-end-to-end-secure%2Fazuredeploy.json) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
-> | [Azure Machine Learning end-to-end secure setup (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure-v1-legacy-mode)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-end-to-end-secure-v1-legacy-mode%2Fazuredeploy.json) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
-> | [Azure Machine Learning Workspace](https://github.com/Azure/azure-quickstart-templates/tree/master/modules/machine-learning-workspace/0.9)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fmodules%2Fmachine-learning-workspace%2F0.9%2Fazuredeploy.json) | This template creates a new Azure Machine Learning Workspace, along with an encrypted Storage Account, KeyVault and Applications Insights Logging |
-> | [Azure Storage Account Encryption with customer-managed key](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.storage/storage-blob-encryption-with-cmk)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.storage%2Fstorage-blob-encryption-with-cmk%2Fazuredeploy.json) | This template deploys a Storage Account with a customer-managed key for encryption that's generated and placed inside a Key Vault. |
-> | [Basic Agent Setup Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/basic-agent-identity)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azure-ai-agent-service%2Fbasic-agent-identity%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Agent Service with the basic setup using managed identity authetication for the AI Service/AOAI connection. Agents use multi-tenant search and storage resources fully managed by Microsoft. You won’t have visibility or control over these underlying Azure resources. |
-> | [Connect to a Key Vault via private endpoint](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-private-endpoint)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-private-endpoint%2Fazuredeploy.json) | This sample shows how to use configure a virtual network and private DNS zone to access Key Vault via private endpoint. |
-> | [Create a Key Vault and a list of secrets](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-secret-create)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-secret-create%2Fazuredeploy.json) | This template creates a Key Vault and a list of secrets within the key vault as passed along with the parameters |
-> | [Create a KeyVault](https://github.com/Azure/azure-quickstart-templates/tree/master/modules/Microsoft.KeyVault/vaults/1.0)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fmodules%2FMicrosoft.KeyVault%2Fvaults%2F1.0%2Fazuredeploy.json) | This module creates a KeyVault resource with apiVersion 2019-09-01. |
-> | [Create a network security perimeter](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/network-security-perimeter-create)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fnetwork-security-perimeter-create%2Fazuredeploy.json) | This template creates a network security perimeter and it's associated resource for protecting an Azure key vault. |
-> | [Create a new encrypted windows vm from gallery image](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-create-new-vm-gallery-image)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-create-new-vm-gallery-image%2Fazuredeploy.json) | This template creates a new encrypted windows vm using the server 2k12 gallery image. |
-> | [Create a Private AKS Cluster with a Public DNS Zone](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/private-aks-cluster-with-public-dns-zone)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fprivate-aks-cluster-with-public-dns-zone%2Fazuredeploy.json) | This sample shows how to a deploy a private AKS cluster with a Public DNS Zone. |
-> | [Create AML workspace with multiple Datasets & Datastores](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-dataset-create-workspace-multiple-dataset-datastore)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-dataset-create-workspace-multiple-dataset-datastore%2Fazuredeploy.json) | This template creates Azure Machine Learning workspace with multiple datasets & datastores. |
-> | [Create an AKS compute target with a Private IP address](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-private-ip)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-private-ip%2Fazuredeploy.json) | This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. |
-> | [Create an API Management service with SSL from KeyVault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.apimanagement/api-management-key-vault-create)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.apimanagement%2Fapi-management-key-vault-create%2Fazuredeploy.json) | This template deploys an API Management service configured with User Assigned Identity. It uses this identity to fetch SSL certificate from KeyVault and keeps it updated by checking every 4 hours. |
-> | [Create an Application Gateway V2 with Key Vault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/application-gateway-key-vault-create)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fapplication-gateway-key-vault-create%2Fazuredeploy.json) | This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway. |
-> | [Create an Azure Key Vault and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-create%2Fazuredeploy.json) | This template creates an Azure Key Vault and a secret. |
-> | [Create an Azure Key Vault with RBAC and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create-rbac)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-create-rbac%2Fazuredeploy.json) | This template creates an Azure Key Vault and a secret. Instead of relying on access policies, it leverages Azure RBAC to manage authorization on secrets |
-> | [Create an Azure Machine Learning service workspace](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning. |
-> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk-service-side-encryption)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-cmk-service-side-encryption%2Fazuredeploy.json) | This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys. |
-> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-cmk%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key. |
-> | [Create an Azure Machine Learning service workspace (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet-v1-legacy-mode)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-vnet-v1-legacy-mode%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
-> | [Create an Azure Machine Learning service workspace (vnet)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-vnet%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
-> | [Create and encrypt a new Windows VMSS with jumpbox](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-vmss-windows-jumpbox)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-vmss-windows-jumpbox%2Fazuredeploy.json) | This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of serveral Windows versions. This template also deploys a jumpbox with a public IP address in the same virtual network. You can connect to the jumpbox via this public IP address, then connect from there to VMs in the scale set via private IP addresses.This template enables encryption on the VM Scale Set of Windows VMs. |
-> | [Create Application Gateway with Certificates](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.resources/deployment-script-azcli-agw-certificates)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.resources%2Fdeployment-script-azcli-agw-certificates%2Fazuredeploy.json) | This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. |
-> | [Create Key Vault with logging enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-with-logging-create)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-with-logging-create%2Fazuredeploy.json) | This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources. |
-> | [Create key vault, managed identity, and role assignment](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-managed-identity-role-assignment)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-managed-identity-role-assignment%2Fazuredeploy.json) | This template creates a key vault, managed identity, and role assignment. |
-> | [Create new encrypted managed disks win-vm from gallery image](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-create-new-vm-gallery-image-managed-disks)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-create-new-vm-gallery-image-managed-disks%2Fazuredeploy.json) | This template creates a new encrypted managed disks windows vm using the server 2k12 gallery image. |
-> | [Creates a Cross-tenant Private Endpoint resource](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/private-endpoint)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fprivate-endpoint%2Fazuredeploy.json) | This template allows you to create Priavate Endpoint resource within the same or cross-tenant environment and add dns zone configuration. |
-> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.app%2Fcontainer-app-dapr-pubsub-servicebus%2Fazuredeploy.json) | Create a Dapr pub-sub servicebus app using Container Apps. |
-> | [Deploy Secure AI Foundry with a managed virtual network](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-networking-aoao)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-networking-aoao%2Fazuredeploy.json) | This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions. |
-> | [Deploy the Sports Analytics on Azure Architecture](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/sports-analytics-architecture)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fsports-analytics-architecture%2Fazuredeploy.json) | Creates an Azure storage account with ADLS Gen 2 enabled, an Azure Data Factory instance with linked services for the storage account (an the Azure SQL Database if deployed), and an Azure Databricks instance. The AAD identity for the user deploying the template and the managed identity for the ADF instance will be granted the Storage Blob Data Contributor role on the storage account. There are also options to deploy an Azure Key Vault instance, an Azure SQL Database, and an Azure Event Hub (for streaming use cases). When an Azure Key Vault is deployed, the data factory managed identity and the AAD identity for the user deploying the template will be granted the Key Vault Secrets User role. |
-> | [Enable encryption on a running Windows VM](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-running-windows-vm)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-running-windows-vm%2Fazuredeploy.json) | This template enables encryption on a running windows vm. |
-> | [FinOps hub](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.costmanagement/finops-hub)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.costmanagement%2Ffinops-hub%2Fazuredeploy.json) | This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory. |
-> | [Network Secured Agent with User Managed Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/network-secured-agent)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azure-ai-agent-service%2Fnetwork-secured-agent%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Agent Service with virtual network isolation using User Managed Identity authetication for the AI Service/AOAI connection and private network links to connect the agent to your secure data. |
-> | [Standard Agent Setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/standard-agent)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azure-ai-agent-service%2Fstandard-agent%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Agent Service with the standard setup, meaning with managed identity authentication for project/hub connections and public internet access enabled. Agents use customer-owned, single-tenant search and storage resources. With this setup, you have full control and visibility over these resources, but you will incur costs based on your usage. |
-> | [Testing environment for Azure Firewall Premium](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/azurefirewall-premium)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fazurefirewall-premium%2Fazuredeploy.json) | This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering |
-> | [This template encrypts a running Windows VMSS](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-running-vmss-windows)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-running-vmss-windows%2Fazuredeploy.json) | This template enables encryption on a running Windows VM Scale Set |
-
-
-::: zone-end
-
-::: zone pivot="deployment-language-terraform"
-
-## Terraform (AzAPI provider) resource definition
-
-The vaults resource type can be deployed with operations that target: 
-
-* **Resource groups**
-
-For a list of changed properties in each API version, see [change log](~/microsoft.keyvault/change-log/vaults.md).
-
-## Resource format
-
-To create a Microsoft.KeyVault/vaults resource, add the following Terraform to your template.
-
-```terraform
-resource "azapi_resource" "symbolicname" {
-  type = "Microsoft.KeyVault/vaults@2023-07-01"
-  name = "string"
-  parent_id = "string"
-  location = "string"
-  tags = {
-    {customized property} = "string"
-  }
-  body = {
-    properties = {
-      accessPolicies = [
-        {
-          applicationId = "string"
-          objectId = "string"
-          permissions = {
-            certificates = [
-              "string"
-            ]
-            keys = [
-              "string"
-            ]
-            secrets = [
-              "string"
-            ]
-            storage = [
-              "string"
-            ]
-          }
-          tenantId = "string"
-        }
-      ]
-      createMode = "string"
-      enabledForDeployment = bool
-      enabledForDiskEncryption = bool
-      enabledForTemplateDeployment = bool
-      enablePurgeProtection = bool
-      enableRbacAuthorization = bool
-      enableSoftDelete = bool
-      networkAcls = {
-        bypass = "string"
-        defaultAction = "string"
-        ipRules = [
-          {
-            value = "string"
-          }
-        ]
-        virtualNetworkRules = [
-          {
-            id = "string"
-            ignoreMissingVnetServiceEndpoint = bool
-          }
-        ]
-      }
-      provisioningState = "string"
-      publicNetworkAccess = "string"
-      sku = {
-        family = "string"
-        name = "string"
-      }
-      softDeleteRetentionInDays = int
-      tenantId = "string"
-      vaultUri = "string"
-    }
-  }
-}
-```
-## Property Values
-### Microsoft.KeyVault/vaults
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| location | The supported Azure location where the key vault should be created. | string (required) |
-| name | The resource name | string <br /><br />Constraints:<br />Pattern = `^[a-zA-Z0-9-]{3,24}$` (required) |
-| properties | Properties of the vault | [VaultProperties](#vaultproperties-2) (required) |
-| tags | Resource tags | Dictionary of tag names and values. |
-| type | The resource type | "Microsoft.KeyVault/vaults@2023-07-01" |
-
-### AccessPolicyEntry
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| applicationId | Application ID of the client making request on behalf of a principal | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` |
-| objectId | The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. | string (required) |
-| permissions | Permissions the identity has for keys, secrets and certificates. | [Permissions](#permissions-2) (required) |
-| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) |
-
-### IPRule
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| value | An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). | string (required) |
-
-### NetworkRuleSet
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| bypass | Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'.  If not specified the default is 'AzureServices'. | 'AzureServices'<br />'None' |
-| defaultAction | The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. | 'Allow'<br />'Deny' |
-| ipRules | The list of IP address rules. | [IPRule](#iprule-2)[] |
-| virtualNetworkRules | The list of virtual network rules. | [VirtualNetworkRule](#virtualnetworkrule-2)[] |
-
-### Permissions
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| certificates | Permissions to certificates | String array containing any of:<br />'all'<br />'backup'<br />'create'<br />'delete'<br />'deleteissuers'<br />'get'<br />'getissuers'<br />'import'<br />'list'<br />'listissuers'<br />'managecontacts'<br />'manageissuers'<br />'purge'<br />'recover'<br />'restore'<br />'setissuers'<br />'update' |
-| keys | Permissions to keys | String array containing any of:<br />'all'<br />'backup'<br />'create'<br />'decrypt'<br />'delete'<br />'encrypt'<br />'get'<br />'getrotationpolicy'<br />'import'<br />'list'<br />'purge'<br />'recover'<br />'release'<br />'restore'<br />'rotate'<br />'setrotationpolicy'<br />'sign'<br />'unwrapKey'<br />'update'<br />'verify'<br />'wrapKey' |
-| secrets | Permissions to secrets | String array containing any of:<br />'all'<br />'backup'<br />'delete'<br />'get'<br />'list'<br />'purge'<br />'recover'<br />'restore'<br />'set' |
-| storage | Permissions to storage accounts | String array containing any of:<br />'all'<br />'backup'<br />'delete'<br />'deletesas'<br />'get'<br />'getsas'<br />'list'<br />'listsas'<br />'purge'<br />'recover'<br />'regeneratekey'<br />'restore'<br />'set'<br />'setsas'<br />'update' |
-
-### Sku
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| family | SKU family name | 'A' (required) |
-| name | SKU name to specify whether the key vault is a standard vault or a premium vault. | 'premium'<br />'standard' (required) |
-
-### VaultCreateOrUpdateParametersTags
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-### VaultProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| accessPolicies | An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. | [AccessPolicyEntry](#accesspolicyentry-2)[] |
-| createMode | The vault's create mode to indicate whether the vault need to be recovered or not. | 'default'<br />'recover' |
-| enabledForDeployment | Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool |
-| enabledForDiskEncryption | Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool |
-| enabledForTemplateDeployment | Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool |
-| enablePurgeProtection | Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. | bool |
-| enableRbacAuthorization | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be  ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. | bool |
-| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. | bool |
-| networkAcls | Rules governing the accessibility of the key vault from specific network locations. | [NetworkRuleSet](#networkruleset-2) |
-| provisioningState | Provisioning state of the vault. | 'RegisteringDns'<br />'Succeeded' |
-| publicNetworkAccess | Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. | string |
-| sku | SKU details | [Sku](#sku-2) (required) |
-| softDeleteRetentionInDays | softDelete data retention days. It accepts &gt;=7 and &lt;=90. | int |
-| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) |
-| vaultUri | The URI of the vault for performing operations on keys and secrets. | string |
-
-### VirtualNetworkRule
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| id | Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. | string (required) |
-| ignoreMissingVnetServiceEndpoint | Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. | bool |
-
-## Usage Examples
-### Terraform Samples
-
-A basic example of deploying Key Vault.
-
-```terraform
-terraform {
-  required_providers {
-    azapi = {
-      source = "Azure/azapi"
-    }
-    azurerm = {
-      source = "hashicorp/azurerm"
-    }
-  }
-}
-
-provider "azurerm" {
-  features {
-  }
-}
-
-provider "azapi" {
-  skip_provider_registration = false
-}
-
-variable "resource_name" {
-  type    = string
-  default = "acctest0001"
-}
-
-variable "location" {
-  type    = string
-  default = "westeurope"
-}
-
-data "azurerm_client_config" "current" {
-}
-
-resource "azapi_resource" "resourceGroup" {
-  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
-  name     = var.resource_name
-  location = var.location
-}
-
-resource "azapi_resource" "vault" {
-  type      = "Microsoft.KeyVault/vaults@2021-10-01"
-  parent_id = azapi_resource.resourceGroup.id
-  name      = var.resource_name
-  location  = var.location
-  body = {
-    properties = {
-      accessPolicies = [
-        {
-          objectId = data.azurerm_client_config.current.object_id
-          permissions = {
-            certificates = [
-              "ManageContacts",
-            ]
-            keys = [
-              "Create",
-            ]
-            secrets = [
-              "Set",
-            ]
-            storage = [
-            ]
-          }
-          tenantId = data.azurerm_client_config.current.tenant_id
-        },
-      ]
-      createMode                   = "default"
-      enableRbacAuthorization      = false
-      enableSoftDelete             = true
-      enabledForDeployment         = false
-      enabledForDiskEncryption     = false
-      enabledForTemplateDeployment = false
-      publicNetworkAccess          = "Enabled"
-      sku = {
-        family = "A"
-        name   = "standard"
-      }
-      softDeleteRetentionInDays = 7
-      tenantId                  = data.azurerm_client_config.current.tenant_id
-    }
-  }
-  schema_validation_enabled = false
-  response_export_values    = ["*"]
-}
-```
-### Azure Verified Modules
-
-The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Module | Description |
-> | ----- | ----- |
-> | [Key Vault](https://github.com/Azure/terraform-azurerm-avm-res-keyvault-vault) | AVM Resource Module for Key Vault |
-
-
-::: zone-end
+}
+```
+### Azure Verified Modules
+
+The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Module | Description |
+> | ----- | ----- |
+> | [Key Vault](https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/key-vault/vault) | AVM Resource Module for Key Vault |
+
+### Azure Quickstart Samples
+
+The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Bicep File | Description |
+> | ----- | ----- |
+> | [AKS Cluster with a NAT Gateway and an Application Gateway](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/aks-nat-agic/main.bicep) | This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
+> | [AKS cluster with the Application Gateway Ingress Controller](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/aks-application-gateway-ingress-controller/main.bicep) | This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
+> | [Application Gateway with internal API Management and Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim/main.bicep) | Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. |
+> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-basics/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
+> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-cmk/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
+> | [Azure AI Foundry Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-network-restricted/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
+> | [Azure AI Foundry with Microsoft Entra ID Authentication](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-entraid-passthrough/main.bicep) | This set of templates demonstrates how to set up Azure AI Foundry with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage. |
+> | [Azure AI Studio basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aistudio-cmk-service-side-encryption/main.bicep) | This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
+> | [Azure AI Studio Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-network-restricted/main.bicep) | This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
+> | [Azure Function app and an HTTP-triggered function](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/function-http-trigger/main.bicep) | This example deploys an Azure Function app and an HTTP-triggered function inline in the template. It also deploys a Key Vault and populates a secret with the function app's host key. |
+> | [Azure Machine Learning end-to-end secure setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure/main.bicep) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
+> | [Azure Machine Learning end-to-end secure setup (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure-v1-legacy-mode/main.bicep) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
+> | [Azure Storage Account Encryption with customer-managed key](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.storage/storage-blob-encryption-with-cmk/main.bicep) | This template deploys a Storage Account with a customer-managed key for encryption that's generated and placed inside a Key Vault. |
+> | [Basic Agent Setup Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/basic-agent-identity/main.bicep) | This set of templates demonstrates how to set up Azure AI Agent Service with the basic setup using managed identity authetication for the AI Service/AOAI connection. Agents use multi-tenant search and storage resources fully managed by Microsoft. You won’t have visibility or control over these underlying Azure resources. |
+> | [Create a Key Vault and a list of secrets](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-secret-create/main.bicep) | This template creates a Key Vault and a list of secrets within the key vault as passed along with the parameters |
+> | [Create a network security perimeter](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/network-security-perimeter-create/main.bicep) | This template creates a network security perimeter and it's associated resource for protecting an Azure key vault. |
+> | [Create an AKS compute target with a Private IP address](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-private-ip/main.bicep) | This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. |
+> | [Create an API Management service with SSL from KeyVault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.apimanagement/api-management-key-vault-create/main.bicep) | This template deploys an API Management service configured with User Assigned Identity. It uses this identity to fetch SSL certificate from KeyVault and keeps it updated by checking every 4 hours. |
+> | [Create an Azure Key Vault and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create/main.bicep) | This template creates an Azure Key Vault and a secret. |
+> | [Create an Azure Key Vault with RBAC and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create-rbac/main.bicep) | This template creates an Azure Key Vault and a secret. Instead of relying on access policies, it leverages Azure RBAC to manage authorization on secrets |
+> | [Create an Azure Machine Learning service workspace](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning. |
+> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk-service-side-encryption/main.bicep) | This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys. |
+> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key. |
+> | [Create an Azure Machine Learning service workspace (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet-v1-legacy-mode/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
+> | [Create an Azure Machine Learning service workspace (vnet)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet/main.bicep) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
+> | [Create Application Gateway with Certificates](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.resources/deployment-script-azcli-agw-certificates/main.bicep) | This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. |
+> | [Create Key Vault with logging enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-with-logging-create/main.bicep) | This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources. |
+> | [Create key vault, managed identity, and role assignment](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-managed-identity-role-assignment/main.bicep) | This template creates a key vault, managed identity, and role assignment. |
+> | [Creates a Cross-tenant Private Endpoint resource](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/private-endpoint/main.bicep) | This template allows you to create Priavate Endpoint resource within the same or cross-tenant environment and add dns zone configuration. |
+> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus/main.bicep) | Create a Dapr pub-sub servicebus app using Container Apps. |
+> | [Deploy Secure AI Foundry with a managed virtual network](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-networking-aoao/main.bicep) | This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions. |
+> | [Deploy the Sports Analytics on Azure Architecture](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/sports-analytics-architecture/main.bicep) | Creates an Azure storage account with ADLS Gen 2 enabled, an Azure Data Factory instance with linked services for the storage account (an the Azure SQL Database if deployed), and an Azure Databricks instance. The AAD identity for the user deploying the template and the managed identity for the ADF instance will be granted the Storage Blob Data Contributor role on the storage account. There are also options to deploy an Azure Key Vault instance, an Azure SQL Database, and an Azure Event Hub (for streaming use cases). When an Azure Key Vault is deployed, the data factory managed identity and the AAD identity for the user deploying the template will be granted the Key Vault Secrets User role. |
+> | [FinOps hub](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.costmanagement/finops-hub/main.bicep) | This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory. |
+> | [Network Secured Agent with User Managed Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/network-secured-agent/main.bicep) | This set of templates demonstrates how to set up Azure AI Agent Service with virtual network isolation using User Managed Identity authetication for the AI Service/AOAI connection and private network links to connect the agent to your secure data. |
+> | [Standard Agent Setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/standard-agent/main.bicep) | This set of templates demonstrates how to set up Azure AI Agent Service with the standard setup, meaning with managed identity authentication for project/hub connections and public internet access enabled. Agents use customer-owned, single-tenant search and storage resources. With this setup, you have full control and visibility over these resources, but you will incur costs based on your usage. |
+> | [Testing environment for Azure Firewall Premium](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/azurefirewall-premium/main.bicep) | This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering |
+
+
+::: zone-end
+
+::: zone pivot="deployment-language-arm-template"
+
+## ARM template resource definition
+
+The vaults resource type can be deployed with operations that target: 
+
+* **Resource groups** - See [resource group deployment commands](/azure/azure-resource-manager/templates/deploy-to-resource-group)
+
+For a list of changed properties in each API version, see [change log](~/microsoft.keyvault/change-log/vaults.md).
+
+## Resource format
+
+To create a Microsoft.KeyVault/vaults resource, add the following JSON to your template.
+
+```json
+{
+  "type": "Microsoft.KeyVault/vaults",
+  "apiVersion": "2023-07-01",
+  "name": "string",
+  "location": "string",
+  "properties": {
+    "accessPolicies": [
+      {
+        "applicationId": "string",
+        "objectId": "string",
+        "permissions": {
+          "certificates": [ "string" ],
+          "keys": [ "string" ],
+          "secrets": [ "string" ],
+          "storage": [ "string" ]
+        },
+        "tenantId": "string"
+      }
+    ],
+    "createMode": "string",
+    "enabledForDeployment": "bool",
+    "enabledForDiskEncryption": "bool",
+    "enabledForTemplateDeployment": "bool",
+    "enablePurgeProtection": "bool",
+    "enableRbacAuthorization": "bool",
+    "enableSoftDelete": "bool",
+    "networkAcls": {
+      "bypass": "string",
+      "defaultAction": "string",
+      "ipRules": [
+        {
+          "value": "string"
+        }
+      ],
+      "virtualNetworkRules": [
+        {
+          "id": "string",
+          "ignoreMissingVnetServiceEndpoint": "bool"
+        }
+      ]
+    },
+    "provisioningState": "string",
+    "publicNetworkAccess": "string",
+    "sku": {
+      "family": "string",
+      "name": "string"
+    },
+    "softDeleteRetentionInDays": "int",
+    "tenantId": "string",
+    "vaultUri": "string"
+  },
+  "tags": {
+    "{customized property}": "string"
+  }
+}
+```
+## Property Values
+### Microsoft.KeyVault/vaults
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| apiVersion | The api version | '2023-07-01' |
+| location | The supported Azure location where the key vault should be created. | string (required) |
+| name | The resource name | string <br /><br />Constraints:<br />Pattern = `^[a-zA-Z0-9-]{3,24}$` (required) |
+| properties | Properties of the vault | [VaultProperties](#vaultproperties-1) (required) |
+| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
+| type | The resource type | 'Microsoft.KeyVault/vaults' |
+
+### AccessPolicyEntry
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| applicationId | Application ID of the client making request on behalf of a principal | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` |
+| objectId | The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. | string (required) |
+| permissions | Permissions the identity has for keys, secrets and certificates. | [Permissions](#permissions-1) (required) |
+| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) |
+
+### IPRule
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| value | An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). | string (required) |
+
+### NetworkRuleSet
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| bypass | Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'.  If not specified the default is 'AzureServices'. | 'AzureServices'<br />'None' |
+| defaultAction | The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. | 'Allow'<br />'Deny' |
+| ipRules | The list of IP address rules. | [IPRule](#iprule-1)[] |
+| virtualNetworkRules | The list of virtual network rules. | [VirtualNetworkRule](#virtualnetworkrule-1)[] |
+
+### Permissions
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| certificates | Permissions to certificates | String array containing any of:<br />'all'<br />'backup'<br />'create'<br />'delete'<br />'deleteissuers'<br />'get'<br />'getissuers'<br />'import'<br />'list'<br />'listissuers'<br />'managecontacts'<br />'manageissuers'<br />'purge'<br />'recover'<br />'restore'<br />'setissuers'<br />'update' |
+| keys | Permissions to keys | String array containing any of:<br />'all'<br />'backup'<br />'create'<br />'decrypt'<br />'delete'<br />'encrypt'<br />'get'<br />'getrotationpolicy'<br />'import'<br />'list'<br />'purge'<br />'recover'<br />'release'<br />'restore'<br />'rotate'<br />'setrotationpolicy'<br />'sign'<br />'unwrapKey'<br />'update'<br />'verify'<br />'wrapKey' |
+| secrets | Permissions to secrets | String array containing any of:<br />'all'<br />'backup'<br />'delete'<br />'get'<br />'list'<br />'purge'<br />'recover'<br />'restore'<br />'set' |
+| storage | Permissions to storage accounts | String array containing any of:<br />'all'<br />'backup'<br />'delete'<br />'deletesas'<br />'get'<br />'getsas'<br />'list'<br />'listsas'<br />'purge'<br />'recover'<br />'regeneratekey'<br />'restore'<br />'set'<br />'setsas'<br />'update' |
+
+### Sku
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| family | SKU family name | 'A' (required) |
+| name | SKU name to specify whether the key vault is a standard vault or a premium vault. | 'premium'<br />'standard' (required) |
+
+### VaultCreateOrUpdateParametersTags
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+### VaultProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| accessPolicies | An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. | [AccessPolicyEntry](#accesspolicyentry-1)[] |
+| createMode | The vault's create mode to indicate whether the vault need to be recovered or not. | 'default'<br />'recover' |
+| enabledForDeployment | Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool |
+| enabledForDiskEncryption | Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool |
+| enabledForTemplateDeployment | Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool |
+| enablePurgeProtection | Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. | bool |
+| enableRbacAuthorization | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be  ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. | bool |
+| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. | bool |
+| networkAcls | Rules governing the accessibility of the key vault from specific network locations. | [NetworkRuleSet](#networkruleset-1) |
+| provisioningState | Provisioning state of the vault. | 'RegisteringDns'<br />'Succeeded' |
+| publicNetworkAccess | Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. | string |
+| sku | SKU details | [Sku](#sku-1) (required) |
+| softDeleteRetentionInDays | softDelete data retention days. It accepts &gt;=7 and &lt;=90. | int |
+| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) |
+| vaultUri | The URI of the vault for performing operations on keys and secrets. | string |
+
+### VirtualNetworkRule
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| id | Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. | string (required) |
+| ignoreMissingVnetServiceEndpoint | Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. | bool |
+
+## Usage Examples
+### Azure Quickstart Templates
+
+The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Template | Description |
+> | ----- | ----- |
+> | [AKS Cluster with a NAT Gateway and an Application Gateway](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/aks-nat-agic)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Faks-nat-agic%2Fazuredeploy.json) | This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
+> | [AKS cluster with the Application Gateway Ingress Controller](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/aks-application-gateway-ingress-controller)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Faks-application-gateway-ingress-controller%2Fazuredeploy.json) | This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
+> | [App Service Environment with Azure SQL backend](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/asev2-appservice-sql-vpngw)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Fasev2-appservice-sql-vpngw%2Fazuredeploy.json) | This template creates an App Service Environment with an Azure SQL backend along with private endpoints along with associated resources typically used in an private/isolated environment. |
+> | [Application Gateway with internal API Management and Web App](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/private-webapp-with-app-gateway-and-apim)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Fprivate-webapp-with-app-gateway-and-apim%2Fazuredeploy.json) | Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. |
+> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-basics)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-basics%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
+> | [Azure AI Foundry basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-cmk)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-cmk%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
+> | [Azure AI Foundry Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-network-restricted)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-network-restricted%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
+> | [Azure AI Foundry with Microsoft Entra ID Authentication](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-entraid-passthrough)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-entraid-passthrough%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Foundry with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage. |
+> | [Azure AI Studio basic setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aistudio-cmk-service-side-encryption)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faistudio-cmk-service-side-encryption%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
+> | [Azure AI Studio Network Restricted](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-network-restricted)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-network-restricted%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
+> | [Azure Function app and an HTTP-triggered function](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/function-http-trigger)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.web%2Ffunction-http-trigger%2Fazuredeploy.json) | This example deploys an Azure Function app and an HTTP-triggered function inline in the template. It also deploys a Key Vault and populates a secret with the function app's host key. |
+> | [Azure Machine Learning end-to-end secure setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-end-to-end-secure%2Fazuredeploy.json) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
+> | [Azure Machine Learning end-to-end secure setup (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-end-to-end-secure-v1-legacy-mode)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-end-to-end-secure-v1-legacy-mode%2Fazuredeploy.json) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
+> | [Azure Machine Learning Workspace](https://github.com/Azure/azure-quickstart-templates/tree/master/modules/machine-learning-workspace/0.9)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fmodules%2Fmachine-learning-workspace%2F0.9%2Fazuredeploy.json) | This template creates a new Azure Machine Learning Workspace, along with an encrypted Storage Account, KeyVault and Applications Insights Logging |
+> | [Azure Storage Account Encryption with customer-managed key](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.storage/storage-blob-encryption-with-cmk)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.storage%2Fstorage-blob-encryption-with-cmk%2Fazuredeploy.json) | This template deploys a Storage Account with a customer-managed key for encryption that's generated and placed inside a Key Vault. |
+> | [Basic Agent Setup Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/basic-agent-identity)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azure-ai-agent-service%2Fbasic-agent-identity%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Agent Service with the basic setup using managed identity authetication for the AI Service/AOAI connection. Agents use multi-tenant search and storage resources fully managed by Microsoft. You won’t have visibility or control over these underlying Azure resources. |
+> | [Connect to a Key Vault via private endpoint](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-private-endpoint)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-private-endpoint%2Fazuredeploy.json) | This sample shows how to use configure a virtual network and private DNS zone to access Key Vault via private endpoint. |
+> | [Create a Key Vault and a list of secrets](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-secret-create)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-secret-create%2Fazuredeploy.json) | This template creates a Key Vault and a list of secrets within the key vault as passed along with the parameters |
+> | [Create a KeyVault](https://github.com/Azure/azure-quickstart-templates/tree/master/modules/Microsoft.KeyVault/vaults/1.0)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fmodules%2FMicrosoft.KeyVault%2Fvaults%2F1.0%2Fazuredeploy.json) | This module creates a KeyVault resource with apiVersion 2019-09-01. |
+> | [Create a network security perimeter](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/network-security-perimeter-create)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fnetwork-security-perimeter-create%2Fazuredeploy.json) | This template creates a network security perimeter and it's associated resource for protecting an Azure key vault. |
+> | [Create a new encrypted windows vm from gallery image](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-create-new-vm-gallery-image)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-create-new-vm-gallery-image%2Fazuredeploy.json) | This template creates a new encrypted windows vm using the server 2k12 gallery image. |
+> | [Create a Private AKS Cluster with a Public DNS Zone](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/private-aks-cluster-with-public-dns-zone)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fprivate-aks-cluster-with-public-dns-zone%2Fazuredeploy.json) | This sample shows how to a deploy a private AKS cluster with a Public DNS Zone. |
+> | [Create AML workspace with multiple Datasets & Datastores](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-dataset-create-workspace-multiple-dataset-datastore)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-dataset-create-workspace-multiple-dataset-datastore%2Fazuredeploy.json) | This template creates Azure Machine Learning workspace with multiple datasets & datastores. |
+> | [Create an AKS compute target with a Private IP address](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-private-ip)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-private-ip%2Fazuredeploy.json) | This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. |
+> | [Create an API Management service with SSL from KeyVault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.apimanagement/api-management-key-vault-create)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.apimanagement%2Fapi-management-key-vault-create%2Fazuredeploy.json) | This template deploys an API Management service configured with User Assigned Identity. It uses this identity to fetch SSL certificate from KeyVault and keeps it updated by checking every 4 hours. |
+> | [Create an Application Gateway V2 with Key Vault](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/application-gateway-key-vault-create)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fapplication-gateway-key-vault-create%2Fazuredeploy.json) | This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway. |
+> | [Create an Azure Key Vault and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-create%2Fazuredeploy.json) | This template creates an Azure Key Vault and a secret. |
+> | [Create an Azure Key Vault with RBAC and a secret](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-create-rbac)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-create-rbac%2Fazuredeploy.json) | This template creates an Azure Key Vault and a secret. Instead of relying on access policies, it leverages Azure RBAC to manage authorization on secrets |
+> | [Create an Azure Machine Learning service workspace](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning. |
+> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk-service-side-encryption)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-cmk-service-side-encryption%2Fazuredeploy.json) | This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys. |
+> | [Create an Azure Machine Learning service workspace (CMK)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-cmk)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-cmk%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key. |
+> | [Create an Azure Machine Learning service workspace (legacy)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet-v1-legacy-mode)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-vnet-v1-legacy-mode%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
+> | [Create an Azure Machine Learning service workspace (vnet)](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/machine-learning-workspace-vnet)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Fmachine-learning-workspace-vnet%2Fazuredeploy.json) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
+> | [Create and encrypt a new Windows VMSS with jumpbox](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-vmss-windows-jumpbox)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-vmss-windows-jumpbox%2Fazuredeploy.json) | This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of serveral Windows versions. This template also deploys a jumpbox with a public IP address in the same virtual network. You can connect to the jumpbox via this public IP address, then connect from there to VMs in the scale set via private IP addresses.This template enables encryption on the VM Scale Set of Windows VMs. |
+> | [Create Application Gateway with Certificates](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.resources/deployment-script-azcli-agw-certificates)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.resources%2Fdeployment-script-azcli-agw-certificates%2Fazuredeploy.json) | This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. |
+> | [Create Key Vault with logging enabled](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-with-logging-create)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-with-logging-create%2Fazuredeploy.json) | This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources. |
+> | [Create key vault, managed identity, and role assignment](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.keyvault/key-vault-managed-identity-role-assignment)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.keyvault%2Fkey-vault-managed-identity-role-assignment%2Fazuredeploy.json) | This template creates a key vault, managed identity, and role assignment. |
+> | [Create new encrypted managed disks win-vm from gallery image](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-create-new-vm-gallery-image-managed-disks)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-create-new-vm-gallery-image-managed-disks%2Fazuredeploy.json) | This template creates a new encrypted managed disks windows vm using the server 2k12 gallery image. |
+> | [Creates a Cross-tenant Private Endpoint resource](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/private-endpoint)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fprivate-endpoint%2Fazuredeploy.json) | This template allows you to create Priavate Endpoint resource within the same or cross-tenant environment and add dns zone configuration. |
+> | [Creates a Dapr pub-sub servicebus app using Container Apps](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.app/container-app-dapr-pubsub-servicebus)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.app%2Fcontainer-app-dapr-pubsub-servicebus%2Fazuredeploy.json) | Create a Dapr pub-sub servicebus app using Container Apps. |
+> | [Deploy Secure AI Foundry with a managed virtual network](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.machinelearningservices/aifoundry-networking-aoao)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.machinelearningservices%2Faifoundry-networking-aoao%2Fazuredeploy.json) | This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions. |
+> | [Deploy the Sports Analytics on Azure Architecture](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/sports-analytics-architecture)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fsports-analytics-architecture%2Fazuredeploy.json) | Creates an Azure storage account with ADLS Gen 2 enabled, an Azure Data Factory instance with linked services for the storage account (an the Azure SQL Database if deployed), and an Azure Databricks instance. The AAD identity for the user deploying the template and the managed identity for the ADF instance will be granted the Storage Blob Data Contributor role on the storage account. There are also options to deploy an Azure Key Vault instance, an Azure SQL Database, and an Azure Event Hub (for streaming use cases). When an Azure Key Vault is deployed, the data factory managed identity and the AAD identity for the user deploying the template will be granted the Key Vault Secrets User role. |
+> | [Enable encryption on a running Windows VM](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-running-windows-vm)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-running-windows-vm%2Fazuredeploy.json) | This template enables encryption on a running windows vm. |
+> | [FinOps hub](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.costmanagement/finops-hub)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.costmanagement%2Ffinops-hub%2Fazuredeploy.json) | This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory. |
+> | [Network Secured Agent with User Managed Identity](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/network-secured-agent)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azure-ai-agent-service%2Fnetwork-secured-agent%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Agent Service with virtual network isolation using User Managed Identity authetication for the AI Service/AOAI connection and private network links to connect the agent to your secure data. |
+> | [Standard Agent Setup](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.azure-ai-agent-service/standard-agent)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.azure-ai-agent-service%2Fstandard-agent%2Fazuredeploy.json) | This set of templates demonstrates how to set up Azure AI Agent Service with the standard setup, meaning with managed identity authentication for project/hub connections and public internet access enabled. Agents use customer-owned, single-tenant search and storage resources. With this setup, you have full control and visibility over these resources, but you will incur costs based on your usage. |
+> | [Testing environment for Azure Firewall Premium](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/azurefirewall-premium)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.network%2Fazurefirewall-premium%2Fazuredeploy.json) | This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering |
+> | [This template encrypts a running Windows VMSS](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/encrypt-running-vmss-windows)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.compute%2Fencrypt-running-vmss-windows%2Fazuredeploy.json) | This template enables encryption on a running Windows VM Scale Set |
+
+
+::: zone-end
+
+::: zone pivot="deployment-language-terraform"
+
+## Terraform (AzAPI provider) resource definition
+
+The vaults resource type can be deployed with operations that target: 
+
+* **Resource groups**
+
+For a list of changed properties in each API version, see [change log](~/microsoft.keyvault/change-log/vaults.md).
+
+## Resource format
+
+To create a Microsoft.KeyVault/vaults resource, add the following Terraform to your template.
+
+```terraform
+resource "azapi_resource" "symbolicname" {
+  type = "Microsoft.KeyVault/vaults@2023-07-01"
+  name = "string"
+  parent_id = "string"
+  location = "string"
+  tags = {
+    {customized property} = "string"
+  }
+  body = {
+    properties = {
+      accessPolicies = [
+        {
+          applicationId = "string"
+          objectId = "string"
+          permissions = {
+            certificates = [
+              "string"
+            ]
+            keys = [
+              "string"
+            ]
+            secrets = [
+              "string"
+            ]
+            storage = [
+              "string"
+            ]
+          }
+          tenantId = "string"
+        }
+      ]
+      createMode = "string"
+      enabledForDeployment = bool
+      enabledForDiskEncryption = bool
+      enabledForTemplateDeployment = bool
+      enablePurgeProtection = bool
+      enableRbacAuthorization = bool
+      enableSoftDelete = bool
+      networkAcls = {
+        bypass = "string"
+        defaultAction = "string"
+        ipRules = [
+          {
+            value = "string"
+          }
+        ]
+        virtualNetworkRules = [
+          {
+            id = "string"
+            ignoreMissingVnetServiceEndpoint = bool
+          }
+        ]
+      }
+      provisioningState = "string"
+      publicNetworkAccess = "string"
+      sku = {
+        family = "string"
+        name = "string"
+      }
+      softDeleteRetentionInDays = int
+      tenantId = "string"
+      vaultUri = "string"
+    }
+  }
+}
+```
+## Property Values
+### Microsoft.KeyVault/vaults
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| location | The supported Azure location where the key vault should be created. | string (required) |
+| name | The resource name | string <br /><br />Constraints:<br />Pattern = `^[a-zA-Z0-9-]{3,24}$` (required) |
+| properties | Properties of the vault | [VaultProperties](#vaultproperties-2) (required) |
+| tags | Resource tags | Dictionary of tag names and values. |
+| type | The resource type | "Microsoft.KeyVault/vaults@2023-07-01" |
+
+### AccessPolicyEntry
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| applicationId | Application ID of the client making request on behalf of a principal | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` |
+| objectId | The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. | string (required) |
+| permissions | Permissions the identity has for keys, secrets and certificates. | [Permissions](#permissions-2) (required) |
+| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) |
+
+### IPRule
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| value | An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78). | string (required) |
+
+### NetworkRuleSet
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| bypass | Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'.  If not specified the default is 'AzureServices'. | 'AzureServices'<br />'None' |
+| defaultAction | The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. | 'Allow'<br />'Deny' |
+| ipRules | The list of IP address rules. | [IPRule](#iprule-2)[] |
+| virtualNetworkRules | The list of virtual network rules. | [VirtualNetworkRule](#virtualnetworkrule-2)[] |
+
+### Permissions
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| certificates | Permissions to certificates | String array containing any of:<br />'all'<br />'backup'<br />'create'<br />'delete'<br />'deleteissuers'<br />'get'<br />'getissuers'<br />'import'<br />'list'<br />'listissuers'<br />'managecontacts'<br />'manageissuers'<br />'purge'<br />'recover'<br />'restore'<br />'setissuers'<br />'update' |
+| keys | Permissions to keys | String array containing any of:<br />'all'<br />'backup'<br />'create'<br />'decrypt'<br />'delete'<br />'encrypt'<br />'get'<br />'getrotationpolicy'<br />'import'<br />'list'<br />'purge'<br />'recover'<br />'release'<br />'restore'<br />'rotate'<br />'setrotationpolicy'<br />'sign'<br />'unwrapKey'<br />'update'<br />'verify'<br />'wrapKey' |
+| secrets | Permissions to secrets | String array containing any of:<br />'all'<br />'backup'<br />'delete'<br />'get'<br />'list'<br />'purge'<br />'recover'<br />'restore'<br />'set' |
+| storage | Permissions to storage accounts | String array containing any of:<br />'all'<br />'backup'<br />'delete'<br />'deletesas'<br />'get'<br />'getsas'<br />'list'<br />'listsas'<br />'purge'<br />'recover'<br />'regeneratekey'<br />'restore'<br />'set'<br />'setsas'<br />'update' |
+
+### Sku
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| family | SKU family name | 'A' (required) |
+| name | SKU name to specify whether the key vault is a standard vault or a premium vault. | 'premium'<br />'standard' (required) |
+
+### VaultCreateOrUpdateParametersTags
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+### VaultProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| accessPolicies | An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required. | [AccessPolicyEntry](#accesspolicyentry-2)[] |
+| createMode | The vault's create mode to indicate whether the vault need to be recovered or not. | 'default'<br />'recover' |
+| enabledForDeployment | Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool |
+| enabledForDiskEncryption | Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool |
+| enabledForTemplateDeployment | Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool |
+| enablePurgeProtection | Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value. | bool |
+| enableRbacAuthorization | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be  ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. | bool |
+| enableSoftDelete | Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false. | bool |
+| networkAcls | Rules governing the accessibility of the key vault from specific network locations. | [NetworkRuleSet](#networkruleset-2) |
+| provisioningState | Provisioning state of the vault. | 'RegisteringDns'<br />'Succeeded' |
+| publicNetworkAccess | Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. | string |
+| sku | SKU details | [Sku](#sku-2) (required) |
+| softDeleteRetentionInDays | softDelete data retention days. It accepts &gt;=7 and &lt;=90. | int |
+| tenantId | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. | string <br /><br />Constraints:<br />Min length = 36<br />Max length = 36<br />Pattern = `^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$` (required) |
+| vaultUri | The URI of the vault for performing operations on keys and secrets. | string |
+
+### VirtualNetworkRule
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| id | Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. | string (required) |
+| ignoreMissingVnetServiceEndpoint | Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. | bool |
+
+## Usage Examples
+### Terraform Samples
+
+A basic example of deploying Key Vault.
+
+```terraform
+terraform {
+  required_providers {
+    azapi = {
+      source = "Azure/azapi"
+    }
+    azurerm = {
+      source = "hashicorp/azurerm"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {
+  }
+}
+
+provider "azapi" {
+  skip_provider_registration = false
+}
+
+variable "resource_name" {
+  type    = string
+  default = "acctest0001"
+}
+
+variable "location" {
+  type    = string
+  default = "westeurope"
+}
+
+data "azurerm_client_config" "current" {
+}
+
+resource "azapi_resource" "resourceGroup" {
+  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
+  name     = var.resource_name
+  location = var.location
+}
+
+resource "azapi_resource" "vault" {
+  type      = "Microsoft.KeyVault/vaults@2021-10-01"
+  parent_id = azapi_resource.resourceGroup.id
+  name      = var.resource_name
+  location  = var.location
+  body = {
+    properties = {
+      accessPolicies = [
+        {
+          objectId = data.azurerm_client_config.current.object_id
+          permissions = {
+            certificates = [
+              "ManageContacts",
+            ]
+            keys = [
+              "Create",
+            ]
+            secrets = [
+              "Set",
+            ]
+            storage = [
+            ]
+          }
+          tenantId = data.azurerm_client_config.current.tenant_id
+        },
+      ]
+      createMode                   = "default"
+      enableRbacAuthorization      = false
+      enableSoftDelete             = true
+      enabledForDeployment         = false
+      enabledForDiskEncryption     = false
+      enabledForTemplateDeployment = false
+      publicNetworkAccess          = "Enabled"
+      sku = {
+        family = "A"
+        name   = "standard"
+      }
+      softDeleteRetentionInDays = 7
+      tenantId                  = data.azurerm_client_config.current.tenant_id
+    }
+  }
+  schema_validation_enabled = false
+  response_export_values    = ["*"]
+}
+```
+### Azure Verified Modules
+
+The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Module | Description |
+> | ----- | ----- |
+> | [Key Vault](https://github.com/Azure/terraform-azurerm-avm-res-keyvault-vault) | AVM Resource Module for Key Vault |
+
+
+::: zone-end
diff --git a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.resources/2024-07-01/resourcegroups.md b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.resources/2024-07-01/resourcegroups.md
index c71c68a9..badb785f 100644
--- a/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.resources/2024-07-01/resourcegroups.md
+++ b/src/TemplateRefGenerator.Tests/Files/markdown/microsoft.resources/2024-07-01/resourcegroups.md
@@ -1,93 +1,93 @@
----
-title: Microsoft.Resources/resourceGroups 2024-07-01
-description: Azure Microsoft.Resources/resourceGroups syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2024-07-01
-zone_pivot_groups: deployment-languages-reference
-ms.service: azure-resource-manager
-ms.topic: reference
----
-# Microsoft.Resources resourceGroups 2024-07-01
-
-> [!div class="op_single_selector" title1="API Versions:"]
-> - [Latest](../resourcegroups.md)
-> - [2025-04-01](../2025-04-01/resourcegroups.md)
-> - [2025-03-01](../2025-03-01/resourcegroups.md)
-> - [2024-11-01](../2024-11-01/resourcegroups.md)
-> - [2024-07-01](../2024-07-01/resourcegroups.md)
-> - [2024-03-01](../2024-03-01/resourcegroups.md)
-> - [2023-07-01](../2023-07-01/resourcegroups.md)
-> - [2022-09-01](../2022-09-01/resourcegroups.md)
-> - [2021-04-01](../2021-04-01/resourcegroups.md)
-> - [2021-01-01](../2021-01-01/resourcegroups.md)
-> - [2020-10-01](../2020-10-01/resourcegroups.md)
-> - [2020-08-01](../2020-08-01/resourcegroups.md)
-> - [2020-06-01](../2020-06-01/resourcegroups.md)
-> - [2019-10-01](../2019-10-01/resourcegroups.md)
-> - [2019-08-01](../2019-08-01/resourcegroups.md)
-> - [2019-07-01](../2019-07-01/resourcegroups.md)
-> - [2019-05-10](../2019-05-10/resourcegroups.md)
-> - [2019-05-01](../2019-05-01/resourcegroups.md)
-> - [2019-03-01](../2019-03-01/resourcegroups.md)
-> - [2018-05-01](../2018-05-01/resourcegroups.md)
-> - [2018-02-01](../2018-02-01/resourcegroups.md)
-> - [2017-05-10](../2017-05-10/resourcegroups.md)
-> - [2016-09-01](../2016-09-01/resourcegroups.md)
-> - [2016-07-01](../2016-07-01/resourcegroups.md)
-> - [2016-02-01](../2016-02-01/resourcegroups.md)
-> - [2015-11-01](../2015-11-01/resourcegroups.md)
-
-
-::: zone pivot="deployment-language-bicep"
-
-## Bicep resource definition
-
-The resourceGroups resource type can be deployed with operations that target: 
-
-* **Subscription** - See [subscription deployment commands](/azure/azure-resource-manager/bicep/deploy-to-subscription)
-
-For a list of changed properties in each API version, see [change log](~/microsoft.resources/change-log/resourcegroups.md).
-
-## Resource format
-
-To create a Microsoft.Resources/resourceGroups resource, add the following Bicep to your template.
-
-```bicep
-resource symbolicname 'Microsoft.Resources/resourceGroups@2024-07-01' = {
-  location: 'string'
-  managedBy: 'string'
-  name: 'string'
-  properties: {}
-  tags: {
-    {customized property}: 'string'
-  }
-}
-```
-## Property Values
-### Microsoft.Resources/resourceGroups
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| location | The location of the resource group. It cannot be changed after the resource group has been created. It must be one of the supported Azure locations. | string (required) |
-| managedBy | The ID of the resource that manages this resource group. | string |
-| name | The resource name | string <br /><br />Constraints:<br />Min length = 1<br />Max length = 90<br />Pattern = `^[-\w\._\(\)]+$` (required) |
-| properties | The resource group properties. | [ResourceGroupProperties](#resourcegroupproperties) |
-| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
-
-### ResourceGroupProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-### ResourceGroupTags
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-## Usage Examples
-### Bicep Samples
-
-A basic example of deploying a resource group.
-
-```bicep
+---
+title: Microsoft.Resources/resourceGroups 2024-07-01
+description: Azure Microsoft.Resources/resourceGroups syntax and properties to use in Azure Resource Manager templates for deploying the resource. API version 2024-07-01
+zone_pivot_groups: deployment-languages-reference
+ms.service: azure-resource-manager
+ms.topic: reference
+---
+# Microsoft.Resources resourceGroups 2024-07-01
+
+> [!div class="op_single_selector" title1="API Versions:"]
+> - [Latest](../resourcegroups.md)
+> - [2025-04-01](../2025-04-01/resourcegroups.md)
+> - [2025-03-01](../2025-03-01/resourcegroups.md)
+> - [2024-11-01](../2024-11-01/resourcegroups.md)
+> - [2024-07-01](../2024-07-01/resourcegroups.md)
+> - [2024-03-01](../2024-03-01/resourcegroups.md)
+> - [2023-07-01](../2023-07-01/resourcegroups.md)
+> - [2022-09-01](../2022-09-01/resourcegroups.md)
+> - [2021-04-01](../2021-04-01/resourcegroups.md)
+> - [2021-01-01](../2021-01-01/resourcegroups.md)
+> - [2020-10-01](../2020-10-01/resourcegroups.md)
+> - [2020-08-01](../2020-08-01/resourcegroups.md)
+> - [2020-06-01](../2020-06-01/resourcegroups.md)
+> - [2019-10-01](../2019-10-01/resourcegroups.md)
+> - [2019-08-01](../2019-08-01/resourcegroups.md)
+> - [2019-07-01](../2019-07-01/resourcegroups.md)
+> - [2019-05-10](../2019-05-10/resourcegroups.md)
+> - [2019-05-01](../2019-05-01/resourcegroups.md)
+> - [2019-03-01](../2019-03-01/resourcegroups.md)
+> - [2018-05-01](../2018-05-01/resourcegroups.md)
+> - [2018-02-01](../2018-02-01/resourcegroups.md)
+> - [2017-05-10](../2017-05-10/resourcegroups.md)
+> - [2016-09-01](../2016-09-01/resourcegroups.md)
+> - [2016-07-01](../2016-07-01/resourcegroups.md)
+> - [2016-02-01](../2016-02-01/resourcegroups.md)
+> - [2015-11-01](../2015-11-01/resourcegroups.md)
+
+
+::: zone pivot="deployment-language-bicep"
+
+## Bicep resource definition
+
+The resourceGroups resource type can be deployed with operations that target: 
+
+* **Subscription** - See [subscription deployment commands](/azure/azure-resource-manager/bicep/deploy-to-subscription)
+
+For a list of changed properties in each API version, see [change log](~/microsoft.resources/change-log/resourcegroups.md).
+
+## Resource format
+
+To create a Microsoft.Resources/resourceGroups resource, add the following Bicep to your template.
+
+```bicep
+resource symbolicname 'Microsoft.Resources/resourceGroups@2024-07-01' = {
+  location: 'string'
+  managedBy: 'string'
+  name: 'string'
+  properties: {}
+  tags: {
+    {customized property}: 'string'
+  }
+}
+```
+## Property Values
+### Microsoft.Resources/resourceGroups
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| location | The location of the resource group. It cannot be changed after the resource group has been created. It must be one of the supported Azure locations. | string (required) |
+| managedBy | The ID of the resource that manages this resource group. | string |
+| name | The resource name | string <br /><br />Constraints:<br />Min length = 1<br />Max length = 90<br />Pattern = `^[-\w\._\(\)]+$` (required) |
+| properties | The resource group properties. | [ResourceGroupProperties](#resourcegroupproperties) |
+| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
+
+### ResourceGroupProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+### ResourceGroupTags
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+## Usage Examples
+### Bicep Samples
+
+A basic example of deploying a resource group.
+
+```bicep
 targetScope = 'subscription'
 
 resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
@@ -96,197 +96,210 @@ resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
   tags: {
     environment: 'production'
   }
-}
-```
-### Azure Verified Modules
-
-The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Module | Description |
-> | ----- | ----- |
-> | [Resource Group](https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/resources/resource-group) | AVM Resource Module for Resource Group |
-
-### Azure Quickstart Samples
-
-The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Bicep File | Description |
-> | ----- | ----- |
-> | [ Configure Deployment Environments service](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.devcenter/deployment-environments/main.bicep) | This template provides a way to configure Deployment Environments. |
-> | [Create a new Datadog Organization](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.datadog/datadog/main.bicep) | This template creates a new Datadog - An Azure Native ISV Service resource and a Datadog organization to monitor resources in your subscription. |
-> | [Create a resourceGroup](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-rg/main.bicep) | This template is a subscription level template that will create a resourceGroup.  Currently, this template can be deployed via the Azure Portal. |
-> | [Create a resourceGroup, apply a lock and RBAC](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-rg-lock-role-assignment/main.bicep) | This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId.  Currently, this template cannot be deployed via the Azure Portal. |
-> | [Create a subscription, resourceGroup and storageAccount](https://github.com/Azure/azure-quickstart-templates/tree/master/managementgroup-deployments/create-subscription-resourcegroup/main.bicep) | This template is a management group template that will create a subscription, a resourceGroup and a storageAccount in the same template.  It can be used for an Enterprise Agreement billing mode only.  The official documentation shows modifications needed for other types of accounts. |
-> | [Create an Azure Virtual Network Manager and sample VNETs](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/microsoft.network/virtual-network-manager-connectivity/main.bicep) | This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types. |
-
-
-::: zone-end
-
-::: zone pivot="deployment-language-arm-template"
-
-## ARM template resource definition
-
-The resourceGroups resource type can be deployed with operations that target: 
-
-* **Subscription** - See [subscription deployment commands](/azure/azure-resource-manager/templates/deploy-to-subscription)
-
-For a list of changed properties in each API version, see [change log](~/microsoft.resources/change-log/resourcegroups.md).
-
-## Resource format
-
-To create a Microsoft.Resources/resourceGroups resource, add the following JSON to your template.
-
-```json
-{
-  "type": "Microsoft.Resources/resourceGroups",
-  "apiVersion": "2024-07-01",
-  "name": "string",
-  "location": "string",
-  "managedBy": "string",
-  "properties": {
-  },
-  "tags": {
-    "{customized property}": "string"
-  }
-}
-```
-## Property Values
-### Microsoft.Resources/resourceGroups
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| apiVersion | The api version | '2024-07-01' |
-| location | The location of the resource group. It cannot be changed after the resource group has been created. It must be one of the supported Azure locations. | string (required) |
-| managedBy | The ID of the resource that manages this resource group. | string |
-| name | The resource name | string <br /><br />Constraints:<br />Min length = 1<br />Max length = 90<br />Pattern = `^[-\w\._\(\)]+$` (required) |
-| properties | The resource group properties. | [ResourceGroupProperties](#resourcegroupproperties-1) |
-| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
-| type | The resource type | 'Microsoft.Resources/resourceGroups' |
-
-### ResourceGroupProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-### ResourceGroupTags
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-## Usage Examples
-### Azure Quickstart Templates
-
-The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Template | Description |
-> | ----- | ----- |
-> | [ Configure Deployment Environments service](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.devcenter/deployment-environments)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.devcenter%2Fdeployment-environments%2Fazuredeploy.json) | This template provides a way to configure Deployment Environments. |
-> | [Create a new Datadog Organization](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.datadog/datadog)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.datadog%2Fdatadog%2Fazuredeploy.json) | This template creates a new Datadog - An Azure Native ISV Service resource and a Datadog organization to monitor resources in your subscription. |
-> | [Create a resourceGroup](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-rg)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fcreate-rg%2Fazuredeploy.json) | This template is a subscription level template that will create a resourceGroup.  Currently, this template can be deployed via the Azure Portal. |
-> | [Create a resourceGroup, apply a lock and RBAC](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-rg-lock-role-assignment)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fcreate-rg-lock-role-assignment%2Fazuredeploy.json) | This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId.  Currently, this template cannot be deployed via the Azure Portal. |
-> | [Create a subscription, resourceGroup and storageAccount](https://github.com/Azure/azure-quickstart-templates/tree/master/managementgroup-deployments/create-subscription-resourcegroup)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fmanagementgroup-deployments%2Fcreate-subscription-resourcegroup%2Fazuredeploy.json) | This template is a management group template that will create a subscription, a resourceGroup and a storageAccount in the same template.  It can be used for an Enterprise Agreement billing mode only.  The official documentation shows modifications needed for other types of accounts. |
-> | [Create an Azure Virtual Network Manager and sample VNETs](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/microsoft.network/virtual-network-manager-connectivity)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fmicrosoft.network%2Fvirtual-network-manager-connectivity%2Fazuredeploy.json) | This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types. |
-
-
-::: zone-end
-
-::: zone pivot="deployment-language-terraform"
-
-## Terraform (AzAPI provider) resource definition
-
-The resourceGroups resource type can be deployed with operations that target: 
-
-* **Subscription**
-
-For a list of changed properties in each API version, see [change log](~/microsoft.resources/change-log/resourcegroups.md).
-
-## Resource format
-
-To create a Microsoft.Resources/resourceGroups resource, add the following Terraform to your template.
-
-```terraform
-resource "azapi_resource" "symbolicname" {
-  type = "Microsoft.Resources/resourceGroups@2024-07-01"
-  name = "string"
-  parent_id = "string"
-  location = "string"
-  tags = {
-    {customized property} = "string"
-  }
-  body = {
-    managedBy = "string"
-    properties = {
-    }
-  }
-}
-```
-## Property Values
-### Microsoft.Resources/resourceGroups
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-| location | The location of the resource group. It cannot be changed after the resource group has been created. It must be one of the supported Azure locations. | string (required) |
-| managedBy | The ID of the resource that manages this resource group. | string |
-| name | The resource name | string <br /><br />Constraints:<br />Min length = 1<br />Max length = 90<br />Pattern = `^[-\w\._\(\)]+$` (required) |
-| properties | The resource group properties. | [ResourceGroupProperties](#resourcegroupproperties-2) |
-| tags | Resource tags | Dictionary of tag names and values. |
-| type | The resource type | "Microsoft.Resources/resourceGroups@2024-07-01" |
-
-### ResourceGroupProperties
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-### ResourceGroupTags
-
-| Name | Description | Value |
-| ---- | ----------- | ------------ |
-
-## Usage Examples
-### Terraform Samples
-
-A basic example of deploying Resource Group.
-
-```terraform
-terraform {
-  required_providers {
-    azapi = {
-      source = "Azure/azapi"
-    }
-  }
-}
-
-provider "azapi" {
-  skip_provider_registration = false
-}
-
-variable "resource_name" {
-  type    = string
-  default = "acctest0001"
-}
-
-variable "location" {
-  type    = string
-  default = "westeurope"
-}
-
-resource "azapi_resource" "resourceGroup" {
-  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
-  name     = var.resource_name
-  location = var.location
-}
-```
-### Azure Verified Modules
-
-The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type.
-
-> [!div class="mx-tableFixed"]
-> | Module | Description |
-> | ----- | ----- |
-> | [Resource Group](https://github.com/Azure/terraform-azurerm-avm-res-resources-resourcegroup) | AVM Resource Module for Resource Group |
-
+}
+```
+A basic example of deploying Resource Group.
+
+```bicep
+targetScope = 'subscription'
 
-::: zone-end
+param resourceName string = 'acctest0001'
+param location string = 'westeurope'
+
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2020-06-01' = {
+  name: resourceName
+  location: location
+}
+```
+### Azure Verified Modules
+
+The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Module | Description |
+> | ----- | ----- |
+> | [Resource Group](https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/resources/resource-group) | AVM Resource Module for Resource Group |
+
+### Azure Quickstart Samples
+
+The following [Azure Quickstart templates](https://aka.ms/azqst) contain Bicep samples for deploying this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Bicep File | Description |
+> | ----- | ----- |
+> | [ Configure Deployment Environments service](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.devcenter/deployment-environments/main.bicep) | This template provides a way to configure Deployment Environments. |
+> | [Create a new Datadog Organization](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.datadog/datadog/main.bicep) | This template creates a new Datadog - An Azure Native ISV Service resource and a Datadog organization to monitor resources in your subscription. |
+> | [Create a resourceGroup](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-rg/main.bicep) | This template is a subscription level template that will create a resourceGroup.  Currently, this template can be deployed via the Azure Portal. |
+> | [Create a resourceGroup, apply a lock and RBAC](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-rg-lock-role-assignment/main.bicep) | This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId.  Currently, this template cannot be deployed via the Azure Portal. |
+> | [Create a subscription, resourceGroup and storageAccount](https://github.com/Azure/azure-quickstart-templates/tree/master/managementgroup-deployments/create-subscription-resourcegroup/main.bicep) | This template is a management group template that will create a subscription, a resourceGroup and a storageAccount in the same template.  It can be used for an Enterprise Agreement billing mode only.  The official documentation shows modifications needed for other types of accounts. |
+> | [Create an Azure Virtual Network Manager and sample VNETs](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/microsoft.network/virtual-network-manager-connectivity/main.bicep) | This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types. |
+
+
+::: zone-end
+
+::: zone pivot="deployment-language-arm-template"
+
+## ARM template resource definition
+
+The resourceGroups resource type can be deployed with operations that target: 
+
+* **Subscription** - See [subscription deployment commands](/azure/azure-resource-manager/templates/deploy-to-subscription)
+
+For a list of changed properties in each API version, see [change log](~/microsoft.resources/change-log/resourcegroups.md).
+
+## Resource format
+
+To create a Microsoft.Resources/resourceGroups resource, add the following JSON to your template.
+
+```json
+{
+  "type": "Microsoft.Resources/resourceGroups",
+  "apiVersion": "2024-07-01",
+  "name": "string",
+  "location": "string",
+  "managedBy": "string",
+  "properties": {
+  },
+  "tags": {
+    "{customized property}": "string"
+  }
+}
+```
+## Property Values
+### Microsoft.Resources/resourceGroups
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| apiVersion | The api version | '2024-07-01' |
+| location | The location of the resource group. It cannot be changed after the resource group has been created. It must be one of the supported Azure locations. | string (required) |
+| managedBy | The ID of the resource that manages this resource group. | string |
+| name | The resource name | string <br /><br />Constraints:<br />Min length = 1<br />Max length = 90<br />Pattern = `^[-\w\._\(\)]+$` (required) |
+| properties | The resource group properties. | [ResourceGroupProperties](#resourcegroupproperties-1) |
+| tags | Resource tags | Dictionary of tag names and values. See [Tags in templates](/azure/azure-resource-manager/management/tag-resources#arm-templates) |
+| type | The resource type | 'Microsoft.Resources/resourceGroups' |
+
+### ResourceGroupProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+### ResourceGroupTags
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+## Usage Examples
+### Azure Quickstart Templates
+
+The following [Azure Quickstart templates](https://aka.ms/azqst) deploy this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Template | Description |
+> | ----- | ----- |
+> | [ Configure Deployment Environments service](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.devcenter/deployment-environments)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.devcenter%2Fdeployment-environments%2Fazuredeploy.json) | This template provides a way to configure Deployment Environments. |
+> | [Create a new Datadog Organization](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.datadog/datadog)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fquickstarts%2Fmicrosoft.datadog%2Fdatadog%2Fazuredeploy.json) | This template creates a new Datadog - An Azure Native ISV Service resource and a Datadog organization to monitor resources in your subscription. |
+> | [Create a resourceGroup](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-rg)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fcreate-rg%2Fazuredeploy.json) | This template is a subscription level template that will create a resourceGroup.  Currently, this template can be deployed via the Azure Portal. |
+> | [Create a resourceGroup, apply a lock and RBAC](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/create-rg-lock-role-assignment)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fcreate-rg-lock-role-assignment%2Fazuredeploy.json) | This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId.  Currently, this template cannot be deployed via the Azure Portal. |
+> | [Create a subscription, resourceGroup and storageAccount](https://github.com/Azure/azure-quickstart-templates/tree/master/managementgroup-deployments/create-subscription-resourcegroup)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fmanagementgroup-deployments%2Fcreate-subscription-resourcegroup%2Fazuredeploy.json) | This template is a management group template that will create a subscription, a resourceGroup and a storageAccount in the same template.  It can be used for an Enterprise Agreement billing mode only.  The official documentation shows modifications needed for other types of accounts. |
+> | [Create an Azure Virtual Network Manager and sample VNETs](https://github.com/Azure/azure-quickstart-templates/tree/master/subscription-deployments/microsoft.network/virtual-network-manager-connectivity)<br><br>[![Deploy to Azure](~/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fsubscription-deployments%2Fmicrosoft.network%2Fvirtual-network-manager-connectivity%2Fazuredeploy.json) | This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types. |
+
+
+::: zone-end
+
+::: zone pivot="deployment-language-terraform"
+
+## Terraform (AzAPI provider) resource definition
+
+The resourceGroups resource type can be deployed with operations that target: 
+
+* **Subscription**
+
+For a list of changed properties in each API version, see [change log](~/microsoft.resources/change-log/resourcegroups.md).
+
+## Resource format
+
+To create a Microsoft.Resources/resourceGroups resource, add the following Terraform to your template.
+
+```terraform
+resource "azapi_resource" "symbolicname" {
+  type = "Microsoft.Resources/resourceGroups@2024-07-01"
+  name = "string"
+  parent_id = "string"
+  location = "string"
+  tags = {
+    {customized property} = "string"
+  }
+  body = {
+    managedBy = "string"
+    properties = {
+    }
+  }
+}
+```
+## Property Values
+### Microsoft.Resources/resourceGroups
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+| location | The location of the resource group. It cannot be changed after the resource group has been created. It must be one of the supported Azure locations. | string (required) |
+| managedBy | The ID of the resource that manages this resource group. | string |
+| name | The resource name | string <br /><br />Constraints:<br />Min length = 1<br />Max length = 90<br />Pattern = `^[-\w\._\(\)]+$` (required) |
+| properties | The resource group properties. | [ResourceGroupProperties](#resourcegroupproperties-2) |
+| tags | Resource tags | Dictionary of tag names and values. |
+| type | The resource type | "Microsoft.Resources/resourceGroups@2024-07-01" |
+
+### ResourceGroupProperties
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+### ResourceGroupTags
+
+| Name | Description | Value |
+| ---- | ----------- | ------------ |
+
+## Usage Examples
+### Terraform Samples
+
+A basic example of deploying Resource Group.
+
+```terraform
+terraform {
+  required_providers {
+    azapi = {
+      source = "Azure/azapi"
+    }
+  }
+}
+
+provider "azapi" {
+  skip_provider_registration = false
+}
+
+variable "resource_name" {
+  type    = string
+  default = "acctest0001"
+}
+
+variable "location" {
+  type    = string
+  default = "westeurope"
+}
+
+resource "azapi_resource" "resourceGroup" {
+  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
+  name     = var.resource_name
+  location = var.location
+}
+```
+### Azure Verified Modules
+
+The following [Azure Verified Modules](https://aka.ms/avm) can be used to deploy this resource type.
+
+> [!div class="mx-tableFixed"]
+> | Module | Description |
+> | ----- | ----- |
+> | [Resource Group](https://github.com/Azure/terraform-azurerm-avm-res-resources-resourcegroup) | AVM Resource Module for Resource Group |
+
+
+::: zone-end