Bicep Module Documentation
← Back to Overview
Module synapse-workspace
synapseWorkspace
| Property | Value | Description |
|---|---|---|
| general (required) | general | |
| identity | identity | |
| azureADOnlyAuthentication | bool | Enable or Disable AzureADOnlyAuthentication on All Workspace subresource |
| initialWorkspaceAdminObjectId | string | AAD object ID of initial workspace admin |
| defaultDataLakeStorage (required) | defaultDataLakeStorage | Workspace default data lake storage account details |
| encryptionCmk | encryptionCmk | The encryption details of the workspace |
| managedResourceGroupName | string | Workspace managed resource group. The resource group name uniquely identifies the resource group within the user subscriptionId. |
| managedVirtualNetwork | string | Setting this to "default" will ensure that all compute for this workspace is in a virtual network managed on behalf of the user. |
| managedVirtualNetworkSettings | managedVirtualNetworkSettings | Managed Virtual Network Settings |
| publicNetworkAccess | 'Disabled' 'Enabled' |
Enable or Disable public network access to workspace (default: Enabled) |
| purviewResourceId | string | Purview Resource ID |
| sqlAdministratorLogin | string | Login for workspace SQL active directory administrator |
| sqlAdministratorLoginPassword | string | SQL administrator login password |
| trustedServiceBypassEnabled | bool | Is trustedServiceBypassEnabled for the workspace |
| computeSubnetId | string | Subnet ID used for computes in workspace |
| workspaceRepositoryConfiguration | workspaceRepositoryConfiguration | Git integration settings |
| privateLinkSql | privateLink | Settings for the private endpoint and private link for this resource |
| privateLinkSqlOnDemand | privateLink | |
| privateLinkDev | privateLink |
identity
| Property | Value | Description |
|---|---|---|
| type | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' |
The types of identities associated with this resource. (default: none) |
| userAssignedIdentities | string[] | Resource IDs of User Assigned Identities to associate with this resource |
defaultDataLakeStorage
| Property | Value | Description |
|---|---|---|
| createManagedPrivateEndpoint | bool | Create managed private endpoint to this storage account or not |
| filesystem (required) | string | Filesystem name |
| resourceId (required) | string | ARM resource Id of this storage account |
kekIdentity
| Property | Value | Description |
|---|---|---|
| userAssignedIdentity (required) | string | User assigned identity resource Id |
| useSystemAssignedIdentity (required) | bool | Boolean specifying whether to use system assigned identity or not |
key
| Property | Value | Description |
|---|---|---|
| keyVaultUrl (required) | string | Workspace Key sub-resource key vault url |
| name (required) | string | Workspace Key sub-resource name |
encryptionCmk
| Property | Value | Description |
|---|---|---|
| kekIdentity (required) | kekIdentity | Key encryption key |
| key (required) | key | The key object of the workspace |
managedVirtualNetworkSettings
| Property | Value | Description |
|---|---|---|
| allowedAadTenantIdsForLinking (required) | string[] | Allowed Aad Tenant Ids For Linking |
| linkedAccessCheckOnTargetResource (required) | bool | Linked Access Check On Target Resource |
| preventDataExfiltration (required) | bool | Prevent Data Exfiltration |
workspaceRepositoryConfiguration
| Property | Value | Description |
|---|---|---|
| accountName (required) | string | Account name |
| collaborationBranch (required) | string | Collaboration branch |
| hostName (required) | string | GitHub Enterprise host name. For example: https://github.mydomain.com |
| lastCommitId (required) | string | The last commit ID |
| projectName (required) | string | VSTS project name |
| repositoryName (required) | string | Repository name |
| rootFolder (required) | string | Root folder to use in the repository |
| tenantId (required) | string | The VSTS tenant ID |
| type (required) | string | Type of workspace repositoryID configuration. Example WorkspaceVSTSConfiguration, WorkspaceGitHubConfiguration |
naming
| Property | Value | Description |
|---|---|---|
| forceFunctionAsFullName | bool | Use the function value as the full name of the resource |
| abbreviation | string | Override the abbreviation of this resource with this parameter |
| environment | string | The resource environment (for example: dev, tst, acc, prd) |
| location | string | The resource location (for example: weu, we, westeurope) |
| customer | string | The name of the customer |
| delimiter | string | The delimiter between resources (default: -) |
| nameFormat | Array containing any of: 'abbreviation' 'customer' 'environment' 'function' 'location' 'param1' 'param2' 'param3' 'useCaseName' |
The order of the array defines the order of elements in the naming scheme |
| param1 | string | Extra parameter self defined |
| param2 | string | Extra parameter self defined |
| param3 | string | Extra parameter self defined |
| function (required) | string | Function of the resource [can be app, db, security,...] |
| useCaseName | string | Name of the use case [can be hub, spoke,...] |
| suffix | string | Suffix for the resource, if empty non will be appended, otherwise will be added to the end [can be index, ...] |
| forceDefaultNaming | bool | Force the CAF naming instead of default company naming |
resourceLock
| Property | Value | Description |
|---|---|---|
| name | string | Character limit: 1-90. Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
| level (required) | 'CanNotDelete' 'ReadOnly' |
The level of the lock. Possible values are: CanNotDelete and ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. Read-Only locks must be commented to be able to deploy again |
| notes | string | Notes about the lock. Maximum of 512 characters. |
| owners | resourceLockOwner[] | The owners of the lock |
resourceLockOwner
| Property | Value | Description |
|---|---|---|
| applicationId (required) | string | The application ID of the lock owner. |
roleAssignment
| Property | Value | Description |
|---|---|---|
| principalId (required) | string | The principal ID |
| roleDefinitionId (required) | string | The role definition ID, data file can be used for this |
| condition | string | Condition on the role assignment |
| conditionVersion | string | Version of the condition. Currently the only accepted value is "2.0" |
| delegatedManagedIdentityResourceId | string | Id of the delegated managed identity resource |
| description | string | Description of role assignment |
general
| Property | Value | Description |
|---|---|---|
| tags | object | Tags of the resource [hashtable] |
| location (required) | string | Location of the resource |
| naming (required) | naming | Naming module of the resource |
| resourceGroupName (required) | string | Name of the resource group where the resource should be located |
| sharedNaming (required) | naming | Reference to the default naming |
| roleAssignments | roleAssignment[] | Role assignments on the resource |
| resourceLocks | resourceLock[] | Resource Locks on the resource |
privateLink
| Property | Value | Description |
|---|---|---|
| pepNaming | naming | Name of the private endpoint |
| nicNaming | naming | Name of the network interface of the private endpoint |
| privateLinkNaming | naming | Name of the private link connection |
| subnets (required) | subnets[] | Id of the subnets and optionally the name of the resourcegroup in which the private endpoint should be created |
| dnsZoneIds (required) | string[] | List of DNS zone ids that need to be linked |
subnets
| Property | Value | Description |
|---|---|---|
| resourceGroupName | string | Resourcegroup (default: resourcegroup defined here => resourceGroup of pep resource => resourceGroup of subnet) |
| id (required) | string | Id of the subnet |
| location | string | Location if Vnet is in different location |
Changelog
5.1.2 (2025-09-24)
Bug Fixes
- remove deployment name + cleanup
5.1.1 (2025-04-11)
Bug Fixes
- naming connected resources when forceFunctionAsFullName or forceDefaultNaming is true
5.1.0 (2025-03-26)
Features
- add resourceName output
5.0.0 (2025-03-17)
⚠ BREAKING CHANGES
- remove role-assignment principalType parameter
Features
- remove role-assignment principalType parameter
4.0.0 (2025-01-03)
⚠ BREAKING CHANGES
- use new toObject function for UserAssignedIdentities. Only breaking when using managed identities.
Features
- use new toObject function for UserAssignedIdentities. Only breaking when using managed identities.