Module virtual-desktop

virtualDesktop

Property	Value	Description
general (required)	general
hostPools (required)	hostPool[]
workspaces (required)	workspace[]
imageGallery	imageGallery
storageAccounts	storageAccount[]

imageGallery

Property	Value	Description
naming	naming
isSoftDeleteEnabled	bool	Contains information about the soft deletion policy of the gallery.
images	galleryImage[]	Images in the gallery.

roleassignments

Property	Value	Description
principalId (required)	string	The principal ID.

hostPool

Property	Value	Description
naming (required)	naming
resourceGroupName (required)	string	Name of the resource group where the hostpool will be located.
hostPoolType (required)	'BYODesktop' 'Personal' 'Pooled'	HostPool type for desktop.
managementType (required)	'Automated' 'Standard'	The type of management for this hostpool, Automated or Standard. (default: Automated)
loadBalancerType (required)	'BreadthFirst' 'DepthFirst' 'Persistent'	The type of the load balancer.
preferredAppGroupType (required)	'Desktop' 'None' 'RailApplications'	The type of preferred application group type, default to Desktop Application Group.
maxSessionLimit (required)	int	The max session limit of HostPool.
startVMOnConnect	bool	The flag to turn on/off StartVMOnConnect feature.
scalingPlan	scalingPlan	The scaling plan of HostPool.
validationEnvironment	bool	Is validation environment?
customRdpProperty	string	Custom rdp property of HostPool.
publicNetworkAccess	'Disabled' 'Enabled' 'EnabledForClientsOnly' 'EnabledForSessionHostsOnly'	Enabled allows this resource to be accessed from both public and private networks, Disabled allows this resource to only be accessed via private endpoints.
applicationGroups (required)	applicationGroup[]	List of application groups.
sessionHostConfigurations	sessionHostConfigurations	Session host configurations properties.
sessionHostManagementProperties	sessionHostManagementProperties	Detailed properties for SessionHostManagement.

schedules

Property	Value	Description
name	string	Name of the ScalingPlanPooledSchedule.
daysOfWeek	Array containing any of: 'Friday' 'Monday' 'Saturday' 'Sunday' 'Thursday' 'Tuesday' 'Wednesday'	Set of days of the week on which this schedule is active.
rampUpLoadBalancingAlgorithm	'BreadthFirst' 'DepthFirst'	Load balancing algorithm for ramp up period.
rampUpMinimumHostsPct	int	Minimum host percentage for ramp up period.
rampUpCapacityThresholdPct	int	Capacity threshold for ramp up period.
peakLoadBalancingAlgorithm	'BreadthFirst' 'DepthFirst'	Load balancing algorithm for peak period.
rampDownLoadBalancingAlgorithm	'BreadthFirst' 'DepthFirst'	Load balancing algorithm for ramp down period.
rampDownMinimumHostsPct	int	Minimum host percentage for ramp down period.
rampDownCapacityThresholdPct	int	Capacity threshold for ramp down period.
rampDownForceLogoffUsers	bool	Should users be logged off forcefully from hosts.
rampDownWaitTimeMinutes	int	Number of minutes to wait to stop hosts during ramp down period.
rampDownNotificationMessage	string	Notification message for users during ramp down period.
rampDownStopHostsWhen	'ZeroActiveSessions' 'ZeroSessions'	Specifies when to stop hosts during ramp down period.
offPeakLoadBalancingAlgorithm	'BreadthFirst' 'DepthFirst'	Load balancing algorithm for off-peak period.
rampUpStartTime	Time	Starting time for ramp up period.
peakStartTime	Time	Starting time for peak period.
rampDownStartTime	Time	Starting time for ramp down period.
offPeakStartTime	Time	Starting time for off-peak period.

scalingPlan

Property	Value	Description
name (required)	string	The scaling plan name.
timeZone (required)	string	Timezone of the scaling plan.
exclusionTag	string	Exclusion tag for scaling plan.
scalingPlanEnabled (required)	bool	Is the scaling plan enabled for this hostpool?
description	string	Description of scaling plan.
schedules	schedules[]	List of Pooled ScalingSchedule definitions.

bootDiagnosticsInfo

Property	Value	Description
storageUri (required)	string	Uri of the storage account to use for placing the console output and screenshot. If storageUri is not specified while enabling boot diagnostics, managed storage will be used

domainCredentials

Property	Value	Description
usernameKeyVaultSecretUri (required)	string	The uri to access the secret that the username is stored in.
passwordKeyVaultSecretUri (required)	string	The uri to access the secret that the password is stored in.

activeDirectoryInfo

Property	Value	Description
domainCredentials (required)	domainCredentials	Credentials needed to create the virtual machine.
domainName	string	The domain a virtual machine connected to a hostpool will join.
ouPath (required)	string	The organizational unit(OU) path.

azureActiveDirectoryInfo

Property	Value	Description
mdmProviderGuid (required)	string	The Mobile Device Management(MDM) guid.

domainInfo

Property	Value	Description
joinType (required)	'ActiveDirectory' 'AzureActiveDirectory'	The type of domain join done by the virtual machine.
activeDirectoryInfo	activeDirectoryInfo	Active directory info. Only one should be populated based on the join type.
azureActiveDirectoryInfo	azureActiveDirectoryInfo	Azure active directory info. Only one should be populated based on the join type.

customInfo

Property	Value	Description
resourceId (required)	string	The resource id of the custom image.

marketplaceInfo

Property	Value	Description
exactVersion (required)	string	The exact version of the image.
offer (required)	string	The offer of the image.
publisher (required)	string	The publisher of the image.
sku (required)	string	The sku of the image.

imageInfo

Property	Value	Description
customInfo	customInfo	The values to uniquely identify a custom image. Only one should be populated based on the image type.
marketplaceInfo	marketplaceInfo	The values to uniquely identify a marketplace image. Only one should be populated based on the image type.
type (required)	'Custom' 'Marketplace'	The type of image session hosts use in the hostpool.

networkInfo

Property	Value	Description
subnetId (required)	string	The resource ID of the subnet.

securityInfo

Property	Value	Description
secureBootEnabled	bool	Whether to use secureBoot on the virtual machine.
type	'ConfidentialVM' 'Standard' 'TrustedLaunch'	The security type used by virtual machine in hostpool session host. (Default: Standard)
vTpmEnabled	bool	Whether to use vTPM on the virtual machine.

vmAdminCredentials

Property	Value	Description
usernameKeyVaultSecretUri (required)	string	The uri to access the secret that the username is stored in.
passwordKeyVaultSecretUri (required)	string	The uri to access the secret that the password is stored in.

sessionHostConfigurations

Property	Value	Description
availabilityZones	int[]	Value for availability zones to be used by the session host. Should be from [1,2,3].
bootDiagnosticsInfo	bootDiagnosticsInfo	Boot Diagnostics information.
diskInfo (required)	'Premium_LRS' 'StandardSSD_LRS' 'Standard_LRS'	The disk type used by virtual machine in hostpool session host.
domainInfo (required)	domainInfo	Domain configurations of session hosts.
friendlyName	string	Friendly name to describe this version of the SessionHostConfiguration.
imageInfo (required)	imageInfo	Image configurations of HostPool.
networkInfo (required)	networkInfo	Network information.
securityInfo	securityInfo	Security information.
vmAdminCredentials (required)	vmAdminCredentials	Local Admin credentials for session hosts.
vmLocation	string	The Location for the session host to be created in. It will default to the location of the hostpool if not provided.
vmNamePrefix (required)	string	The prefix that should be associated with session host names.
vmResourceGroup	string	The ResourceGroup for the session hosts to be created in. It will default to the ResourceGroup of the hostpool if not provided.
vmSizeId (required)	string	The id of the size of a virtual machine connected to a hostpool. Example: `Standard_D2as_v6`.

update

Property	Value	Description
deleteOriginalVm	bool	Whether not to save original disk. False by default.
logOffDelayMinutes (required)	int	Grace period before logging off users in minutes.
logOffMessage	string	Log off message sent to user for logoff. Default value is an empty string.
maxVmsRemoved (required)	int	The maximum number of virtual machines to be removed during hostpool update.

sessionHostManagementProperties

Property	Value	Description
scheduledDateTimeZone (required)	string	Time zone for sessionHostManagement operations as defined in /dotnet/api/system.timezoneinfo.findsystemtimezonebyid. Must be set if `useLocalTime` is true.
update (required)	update	Parameters for a hostpool update.

applicationGroup

Property	Value	Description
applicationGroupType (required)	'Desktop' 'RemoteApp'	Resource Type of ApplicationGroup.
friendlyName (required)	string	Friendly name of ApplicationGroup.
applications	application[]	A list of applications.
roleassignments	roleassignments[]	Role assignments for the application group. (the role definition id is hardcoded to `Desktop Virtualization User`)

application

Property	Value	Description
applicationType	'InBuilt' 'MsixApplication'	Resource Type of Application.
commandLineArguments	string	Command Line Arguments for Application.
commandLineSetting (required)	'Allow' 'DoNotAllow' 'Require'	Specifies whether this published application can be launched with command line arguments provided by the client, command line arguments specified at publish time, or no command line arguments at all.
description	string	Description of Application.
filePath	string	Specifies a path for the executable file for the application.
friendlyName (required)	string	Friendly name of Application.
iconIndex	int	Index of the icon.
iconPath	string	Path to icon.
msixPackageApplicationId	string	Specifies the package application Id for MSIX applications.
msixPackageFamilyName	string	Specifies the package family name for MSIX applications.
showInPortal	bool	Specifies whether to show the RemoteApp program in the RD Web Access server.

workspace

Property	Value	Description
naming	naming
resourceGroupName (required)	string	Name of the resource group where the workspace will be located.
friendlyName (required)	string	Friendly name of the workspace.
hostPoolApplicationGroupIndexes (required)	applicationGroupIndex[]	List of application groups.

applicationGroupIndex

Time

Property	Value	Description
hour (required)	int	The hour of the day.
minute (required)	int	The minute of the hour.

galleryDataDiskImage

Property	Value	Description
hostCaching	'None' 'ReadOnly' 'ReadWrite'	The host caching of the disk. Valid values are None, ReadOnly, and ReadWrite
lun (required)	int	This property specifies the logical unit number of the data disk. This value is used to identify data disks within the Virtual Machine and therefore must be unique for each data disk attached to the Virtual Machine.
source (required)	source	The source for the disk image.

source

Property	Value	Description
communityGalleryImageId (required)	string	The resource Id of the source Community Gallery Image. Only required when using Community Gallery Image as a source.
id (required)	string	The id of the gallery artifact version source. Can specify a disk uri, snapshot uri, user image or storage account resource.

galleryImageFeature

Property	Value	Description
name (required)	string	The name of the gallery image feature.
value (required)	string	The value of the gallery image feature.

galleryImageVersion

Property	Value	Description
name (required)	string	The resource name. Valid characters: Numbers and periods. (Each segment is converted to an int32. So each segment has a max value of 2,147,483,647.)
publishingProfile	publishingProfile	The publishing profile of a gallery image Version.
safetyProfile	safetyProfile	This is the safety profile of the Gallery Image Version.
storageProfile (required)	storageProfile	This is the storage profile of a Gallery Image Version.

publishingProfile

Property	Value	Description
endOfLifeDate	string	The end of life date of the gallery image version. This property can be used for decommissioning purposes. This property is updatable.
excludeFromLatest	bool	If set to true, Virtual Machines deployed from the latest version of the Image Definition wont use this Image Version.
replicaCount	int	The number of replicas of the Image Version to be created per region. This property would take effect for a region when regionalReplicaCount is not specified. This property is updatable.
replicationMode	'Full' 'Shallow'	Optional parameter which specifies the mode to be used for replication. This property is not updatable.
storageAccountType	'Premium_LRS' 'Standard_LRS' 'Standard_ZRS'	Specifies the storage account type to be used to store the image. This property is not updatable.
targetExtendedLocations	galleryTargetExtendedLocation[]	The target extended locations where the Image Version is going to be replicated to. This property is updatable.
targetRegions (required)	galleryVersionTargetRegion[]	The target regions where the Image Version is going to be replicated to. This property is updatable.

safetyProfile

Property	Value	Description
allowDeletionOfReplicatedLocations (required)	bool	Indicates whether or not removing this Gallery Image Version from replicated regions is allowed.

osDiskImage

Property	Value	Description
hostCaching (required)	'None' 'ReadOnly' 'ReadWrite'	The host caching of the disk. Valid values are None, ReadOnly, and ReadWrite
source (required)	source	The source for the disk image.

storageProfile

Property	Value	Description
dataDiskImages	galleryDataDiskImage[]	A list of data disk images.
osDiskImage (required)	osDiskImage	This is the OS disk image.
source	source	The source of the gallery artifact version.

galleryImageVersionDataDiskImageEncryption

Property	Value	Description
diskEncryptionSetId	string	A relative URI containing the resource ID of the disk encryption set.
lun (required)	int	This property specifies the logical unit number of the data disk. This value is used to identify data disks within the Virtual Machine and therefore must be unique for each data disk attached to the Virtual Machine.

galleryImageVersionTargetOsDiskImage

Property	Value	Description
diskEncryptionSetId (required)	string	A relative URI containing the resource ID of the disk encryption set.
securityProfile (required)	securityProfile	This property specifies the security profile of an OS disk image.

securityProfile

Property	Value	Description
confidentialVMEncryptionType (required)	'EncryptedVMGuestStateOnlyWithPmk' 'EncryptedWithCmk' 'EncryptedWithPmk'	confidential VM encryption types
secureVMDiskEncryptionSetId (required)	string	secure VM disk encryption set id

galleryTargetExtendedLocation

Property	Value	Description
encryption	encryption	Optional. Allows users to provide customer managed keys for encrypting the OS and data disks in the gallery artifact.
extendedLocation (required)	extendedLocation	The name of the extended location.
extendedLocationReplicaCount (required)	int	The number of replicas of the Image Version to be created per extended location. This property is updatable.
name (required)	string	The name of the region.
storageAccountType (required)	'Premium_LRS' 'StandardSSD_LRS' 'Standard_LRS' 'Standard_ZRS'	Specifies the storage account type to be used to store the image. This property is not updatable.

encryption

Property	Value	Description
dataDiskImages	galleryImageVersionDataDiskImageEncryption[]	A list of encryption specifications for data disk images.
osDiskImage (required)	galleryImageVersionTargetOsDiskImage	Contains encryption settings for an OS disk image.

extendedLocation

Property	Value	Description
name (required)	string
type (required)	'EdgeZone' 'Unknown'	It is type of the extended location.

galleryVersionTargetRegion

Property	Value	Description
encryption	encryption	Optional. Allows users to provide customer managed keys for encrypting the OS and data disks in the gallery artifact.
excludeFromLatest	bool	Contains the flag setting to hide an image when users specify version=latest
name (required)	string	The name of the region.
regionalReplicaCount (required)	int	The number of replicas of the Image Version to be created per region. This property is updatable.
storageAccountType (required)	'Premium_LRS' 'Standard_LRS' 'Standard_ZRS'	Specifies the storage account type to be used to store the image. This property is not updatable.

privateLink

Property	Value	Description
pepNaming	naming	Name of the private endpoint
nicNaming	naming	Name of the network interface of the private endpoint
privateLinkNaming	naming	Name of the private link connection
subnets (required)	subnets[]	Id of the subnets and optionally the name of the resourcegroup in which the private endpoint should be created
dnsZoneIds (required)	string[]	List of DNS zone ids that need to be linked

subnets

Property	Value	Description
resourceGroupName	string	Resourcegroup (default: resourcegroup defined here => resourceGroup of pep resource => resourceGroup of subnet)
id (required)	string	Id of the subnet
location	string	Location if Vnet is in different location

resourceLock

Property	Value	Description
name	string	Character limit: 1-90. Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period.
level (required)	'CanNotDelete' 'ReadOnly'	The level of the lock. Possible values are: CanNotDelete and ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. Read-Only locks must be commented to be able to deploy again
notes	string	Notes about the lock. Maximum of 512 characters.
owners	resourceLockOwner[]	The owners of the lock

resourceLockOwner

Property	Value	Description
applicationId (required)	string	The application ID of the lock owner.

roleAssignment

Property	Value	Description
principalId (required)	string	The principal ID
roleDefinitionId (required)	string	The role definition ID, data file can be used for this
condition	string	Condition on the role assignment
conditionVersion	string	Version of the condition. Currently the only accepted value is "2.0"
delegatedManagedIdentityResourceId	string	Id of the delegated managed identity resource
description	string	Description of role assignment

directoryServiceOptions

Set the directoryServiceOption property to specify the type of object.

For AD, use:

Property	Value	Description
directoryServiceOption (required)	'AD'	Indicates the directory service used. Note that this enum may be extended in the future.
accountType	'Computer' 'User'	Specifies the Active Directory account type for Azure Storage.
azureStorageSid	string	Specifies the security identifier (SID) for Azure Storage.
domainGuid (required)	string	Specifies the domain GUID.
domainName (required)	string	Specifies the primary domain that the AD DNS server is authoritative for.
domainSid	string	Specifies the security identifier (SID).
forestName	string	Specifies the Active Directory forest to get.
netBiosDomainName	string	Specifies the NetBIOS domain name.
samAccountName	string	Specifies the Active Directory SAMAccountName for Azure Storage.

Set the directoryServiceOption property to specify the type of object.

For AADKERB, use:

Property	Value	Description
directoryServiceOption (required)	'AADKERB'	Indicates the directory service used. Note that this enum may be extended in the future.
domainGuid (required)	string	Specifies the domain GUID.
domainName (required)	string	Specifies the primary domain that the AD DNS server is authoritative for.

Set the directoryServiceOption property to specify the type of object.

For AADDS, use:

Property	Value	Description
directoryServiceOption (required)	'AADDS'	Indicates the directory service used. Note that this enum may be extended in the future.
domainGuid (required)	string	Specifies the domain GUID.
domainName (required)	string	Specifies the primary domain that the AD DNS server is authoritative for.

storageAccountBlobServices

Property	Value	Description
changeFeed	changeFeed	The blob service properties for change feed events.
containerDeleteRetentionPolicy	containerDeleteRetentionPolicy	The blob service properties for container soft delete.
defaultServiceVersion	string	DefaultServiceVersion indicates the default version to use for requests to the Blob service if an incoming request’s version is not specified. Possible values include version 2008-10-27 and all more recent versions.
deleteRetentionPolicy	deleteRetentionPolicy	The blob service properties for blob soft delete.
isVersioningEnabled	bool	Versioning is enabled if set to true.
lastAccessTimeTrackingPolicy	lastAccessTimeTrackingPolicy	The blob service property to configure last access time based tracking policy.
restorePolicy	restorePolicy	The blob service properties for blob restore policy.
cors	cors	Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service.

changeFeed

Property	Value	Description
enabled (required)	bool	Indicates whether change feed event logging is enabled for the Blob service.
retentionInDays (required)	int	Indicates the duration of changeFeed retention in days. A null value indicates an infinite retention of the change feed.

containerDeleteRetentionPolicy

Property	Value	Description
allowPermanentDelete (required)	bool	This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property only applies to blob service and does not apply to containers or file share.
days (required)	int	Indicates the number of days that the deleted item should be retained
enabled (required)	bool	Indicates whether `DeleteRetentionPolicy` is enabled.

deleteRetentionPolicy

Property	Value	Description
allowPermanentDelete (required)	bool	This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used blob restore policy. This property only applies to blob service and does not apply to containers or file share.
days (required)	int	Indicates the number of days that the deleted item should be retained.
enabled (required)	bool	Indicates whether `DeleteRetentionPolicy` is enabled.

lastAccessTimeTrackingPolicy

Property	Value	Description
enable (required)	bool	When set to true last access time based tracking is enabled.

restorePolicy

Property	Value	Description
days (required)	int	how long this blob can be restored. It should be great than zero and less than `DeleteRetentionPolicy.days`.
enabled (required)	bool	Blob restore is enabled if set to true.

corsRules

Property	Value	Description
allowedHeaders (required)	string[]	Required if CorsRule element is present. A list of headers allowed to be part of the cross-origin request.
allowedMethods (required)	Array containing any of: 'CONNECT' 'DELETE' 'GET' 'HEAD' 'MERGE' 'OPTIONS' 'PATCH' 'POST' 'PUT' 'TRACE'	Required if CorsRule element is present. A list of HTTP methods that are allowed to be executed by the origin.
allowedOrigins (required)	string[]	Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains
exposedHeaders (required)	string[]	Required if CorsRule element is present. A list of response headers to expose to CORS clients.
maxAgeInSeconds (required)	int	Required if CorsRule element is present. The number of seconds that the client/browser should cache a preflight response.

cors

Property	Value	Description
corsRules (required)	corsRules[]	The List of CORS rules. You can include up to five CorsRule elements in the request.

storageAccountContainer

Property	Value	Description
name (required)	string	The resource name.
defaultEncryptionScope	string	Default the container to use specified encryption scope for all writes.
denyEncryptionScopeOverride	bool	Block override of encryption scope from the container default.
enableNfsV3AllSquash	bool	Enable NFSv3 all squash on blob container.
enableNfsV3RootSquash	bool	Enable NFSv3 root squash on blob container.
immutableStorageWithVersioning	immutableStorageWithVersioning	The object level immutability property of the container. The property is immutable and can only be set to true at the container creation time. Existing containers must undergo a migration process.
metadata	object	A name-value pair to associate with the container as metadata.
publicAccess	'Blob' 'Container' 'None'	Specifies whether data in the container may be accessed publicly and the level of access. (default: None)

immutableStorageWithVersioning

Property	Value	Description
enabled	bool	A boolean flag which enables account-level immutability. All the containers under such an account have object-level immutability enabled by default.
immutabilityPolicy	immutabilityPolicy	Specifies the default account-level immutability policy which is inherited and applied to objects that do not possess an explicit immutability policy at the object level. The object-level immutability policy has higher precedence than the container-level immutability policy, which has a higher precedence than the account-level immutability policy.

storageAccountFileServices

Property	Value	Description
protocolSettings	protocolSettings	Protocol settings for file service.
shareDeleteRetentionPolicy	shareDeleteRetentionPolicy	The file service properties for share soft delete.

multichannel

Property	Value	Description
enabled	bool	Indicates whether multichannel is enabled

smb

Property	Value	Description
authenticationMethods	'Kerberos' 'NTLMv2'	SMB authentication methods supported by server. Valid values are NTLMv2, Kerberos.
channelEncryption	'AES-128-CCM' 'AES-128-GCM' 'AES-256-GCM'	SMB channel encryption supported by server. Valid values are AES-128-CCM, AES-128-GCM, AES-256-GCM.
kerberosTicketEncryption	'AES-256' 'RC4-HMAC'	Kerberos ticket encryption supported by server. Valid values are RC4-HMAC, AES-256.
multichannel	multichannel	Multichannel setting. Applies to Premium FileStorage only.
versions	'SMB2.1' 'SMB3.0' 'SMB3.1.1'	SMB protocol versions supported by server

protocolSettings

Property	Value	Description
smb	smb	Setting for SMB protocol.

shareDeleteRetentionPolicy

Property	Value	Description
allowPermanentDelete	bool	This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used blob restore policy. This property only applies to blob service and does not apply to containers or file share.
days	int	Indicates the number of days that the deleted item should be retained.
enabled	bool	Indicates whether DeleteRetentionPolicy is enabled.

storageAccountQueue

Property	Value	Description
name (required)	string	The resource name.
properties	properties	Queue resource properties.

properties

Property	Value	Description
id	string	Unique-64-character-value of the stored access policy.

storageAccountShare

Property	Value	Description
name (required)	string	share name:Lowercase letters, numbers, and hyphens. Can't start or end with hyphen. Can't use consecutive hyphens.
accessTier	'Cool' 'Hot' 'Premium' 'TransactionOptimized'	Access tier for specific share. GpV2 account can choose between TransactionOptimized, Hot, and Cool. FileStorage account can choose Premium. (default: TransactionOptimized)
enabledProtocols	'NFS' 'SMB'	The authentication protocol that is used for the file share. Can only be specified when creating a share.
metadata	object	A name-value pair to associate with the share as metadata.
rootSquash	'AllSquash' 'NoRootSquash' 'RootSquash'	The property is for NFS share only. (default: NoRootSquash)
shareQuota (required)	int	The provisioned size of the share, in gibibytes. Must be greater than 0, and less than or equal to 5TB (5120). For Large File Shares, the maximum size is 102400. For file shares created under Files Provisioned v2 account type, please refer to the GetFileServiceUsage API response for the minimum and maximum allowed provisioned storage size.
signedIdentifiers	storageAccountSignedIdentifiers[]	List of stored access policies specified on the share.

storageAccountSignedIdentifiers

Property	Value	Description
accessPolicy (required)	accessPolicy	Access policy
id (required)	string	An unique identifier of the stored access policy.

accessPolicy

Property	Value	Description
expiryTime (required)	string	Expiry time of the access policy
permission (required)	string	List of abbreviated permissions.
startTime (required)	string	Start time of the access policy.

storageAccountTable

Property	Value	Description
name (required)	string	The resource name.
properties	properties	Queue resource properties.

galleryImage

Property	Value	Description
function (required)	string	Function of the resource [can be app, db, security,...]
architecture	'Arm64' 'x64'	The architecture of the image. Applicable to OS disks only. (default: x64)
description (required)	string	The description of this gallery image definition resource. This property is updatable.
disallowed	disallowed	Describes the disallowed disk types.
eula	string	The Eula agreement for the gallery image definition.
features	galleryImageFeature[]	A list of gallery image features.
hyperVGeneration (required)	'V1' 'V2'	The hypervisor generation of the Virtual Machine. Applicable to OS disks only.
identifier (required)	identifier	This is the gallery image definition identifier.
osState	'Generalized' 'Specialized'	This property allows the user to specify whether the virtual machines created under this image are Generalized or Specialized. (default: generalized)
osType	'Linux' 'Windows'	This property allows you to specify the type of the OS that is included in the disk when creating a VM from a managed image. (default: windows)
privacyStatementUri	string	The privacy statement uri.
purchasePlan	purchasePlan	Describes the gallery image definition purchase plan. This is used by marketplace images.
recommended	recommended	The properties describe the recommended machine configuration for this Image Definition. These properties are updatable.
releaseNoteUri	string	The release note uri.
versions	galleryImageVersion[]	Image versions

disallowed

Property	Value	Description
diskTypes (required)	string[]	A list of disk types.

identifier

Property	Value	Description
offer (required)	string	The name of the gallery image definition offer.
publisher (required)	string	The name of the gallery image definition publisher.
sku (required)	string	The name of the gallery image definition SKU.

purchasePlan

Property	Value	Description
name (required)	string	The plan ID.
product (required)	string	The product ID.
publisher (required)	string	The publisher ID.

memory

Property	Value	Description
min (required)	int
max (required)	int

vCPUs

Property	Value	Description
min (required)	int
max (required)	int

general

Property	Value	Description
tags	object	Tags of the resource [hashtable]
location (required)	string	Location of the resource
naming (required)	naming	Naming module of the resource
resourceGroupName (required)	string	Name of the resource group where the resource should be located
sharedNaming (required)	naming	Reference to the default naming
roleAssignments	roleAssignment[]	Role assignments on the resource
resourceLocks	resourceLock[]	Resource Locks on the resource

naming

Property	Value	Description
forceFunctionAsFullName	bool	Use the function value as the full name of the resource
abbreviation	string	Override the abbreviation of this resource with this parameter
environment	string	The resource environment (for example: dev, tst, acc, prd)
location	string	The resource location (for example: weu, we, westeurope)
customer	string	The name of the customer
delimiter	string	The delimiter between resources (default: -)
nameFormat	Array containing any of: 'abbreviation' 'customer' 'environment' 'function' 'location' 'param1' 'param2' 'param3' 'useCaseName'	The order of the array defines the order of elements in the naming scheme
param1	string	Extra parameter self defined
param2	string	Extra parameter self defined
param3	string	Extra parameter self defined
function (required)	string	Function of the resource [can be app, db, security,...]
useCaseName	string	Name of the use case [can be hub, spoke,...]
suffix	string	Suffix for the resource, if empty non will be appended, otherwise will be added to the end [can be index, ...]
forceDefaultNaming	bool	Force the CAF naming instead of default company naming

storageAccount

Property	Value	Description
general (required)	general
privateLinkBlob	privateLink	Settings for the private endpoint and private link for Blob services.
privateLinkTable	privateLink	Settings for the private endpoint and private link for Table services.
privateLinkQueue	privateLink	Settings for the private endpoint and private link for Queue services.
privateLinkFile	privateLink	Settings for the private endpoint and private link for File services.
privateLinkWeb	privateLink	Settings for the private endpoint and private link for Web services.
sku (required)	'Premium_LRS' 'Premium_ZRS' 'Standard_GRS' 'Standard_GZRS' 'Standard_LRS' 'Standard_RAGRS' 'Standard_RAGZRS' 'Standard_ZRS'	The SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType.
kind (required)	'BlobStorage' 'BlockBlobStorage' 'FileStorage' 'Storage' 'StorageV2'	Indicates the type of storage account. (default: FileStorage)
managedIdentityType	'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned'	Type of managed identity associated with this resource. (default: SystemAssigned)
managedIdentityId	string	User assigned managed identity ID to access other resources.
accessTier	'Cold' 'Cool' 'Hot' 'Premium'	Required for storage accounts where `kind: 'BlobStorage'`. The access tier is used for billing. The `Premium` access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type.
allowBlobPublicAccess	bool	Allow or disallow public access to all blobs or containers in the storage account. (default: false)
allowCrossTenantReplication	bool	Allow or disallow cross AAD tenant object replication. Set this property to true for new or existing accounts only if object replication policies will involve storage accounts in different AAD tenants. (default: false)
allowedCopyScope	string	Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.
allowSharedKeyAccess	bool	Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). (default: true)
azureFilesIdentityBasedAuthentication	azureFilesIdentityBasedAuthentication	Provides the identity based authentication settings for Azure Files.
customDomain	customDomain	User domain assigned to the storage account. Name is the CNAME source. Only one custom domain is supported per storage account at this time. To clear the existing custom domain, use an empty string for the custom domain name property.
defaultToOAuthAuthentication	bool	A boolean flag which indicates whether the default authentication is OAuth or not. (default: false)
dnsEndpointType	'AzureDnsZone' 'Standard'	Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription. (default: Standard)
encryption	object	Encryption settings to be used for server-side encryption for the storage account.
requireInfrastructureEncryption	bool	A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
services	services	List of services which support encryption.
immutableStorageWithVersioning	immutableStorageWithVersioning	The property is immutable and can only be set to true at the account creation time. When set to true, it enables object level immutability for all the new containers in the account by default.
isHnsEnabled	bool	Account HierarchicalNamespace enabled if sets to true.
isLocalUserEnabled	bool	Enables local users feature, if set to true.
isNfsV3Enabled	bool	NFS 3.0 protocol support enabled if set to true.
isSftpEnabled	bool	Enables Secure File Transfer Protocol, if set to true.
largeFileSharesState	'Disabled' 'Enabled'	Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.
minimumTlsVersion	'TLS1_0' 'TLS1_1' 'TLS1_2'	Set the minimum TLS version to be permitted on requests to storage. (default: 'TLS1_0')
networkAcls	networkAcls	Network rule set
publicNetworkAccess	'Disabled' 'Enabled'	Allow, disallow, or let Network Security Perimeter configuration to evaluate public network access to Storage Account. Value is optional but if passed in, must be `Enabled`, `Disabled` or `SecuredByPerimeter`. (default: Enabled)
routingPreference	routingPreference	Maintains information about the network routing choice opted by the user for data transfer.
sasPolicy	sasPolicy	SasPolicy assigned to the storage account.
supportsHttpsTrafficOnly	bool	Allows https traffic only to storage service if sets to true. (default: true)
fileServices	storageAccountFileServices
blobServices	storageAccountBlobServices
fileShare	storageAccountShare[]
storageAccountContainer	storageAccountContainer[]
queueServices	storageAccountQueue[]
tableServices	storageAccountTable[]

azureFilesIdentityBasedAuthentication

Property	Value	Description
activeDirectoryProperties	directoryServiceOptions	Required if directoryServiceOptions are AD, optional if they are AADKERB.
defaultSharePermission	'None' 'StorageFileDataSmbShareContributor' 'StorageFileDataSmbShareElevatedContributor' 'StorageFileDataSmbShareReader'	Default share permission for users using Kerberos authentication if RBAC role is not assigned. (default: None)
directoryServiceOptions (required)	'AADDS' 'AADKERB' 'AD' 'None'	Indicates the directory service used. Note that this enum may be extended in the future. (Default: None)

customDomain

Property	Value	Description
name (required)	string	Gets or sets the custom domain name assigned to the storage account. Name is the CNAME source.
useSubDomainName	bool	Indicates whether indirect CName validation is enabled. This should only be set on updates. (default: false)

blob

Property	Value	Description
enabled	bool	A boolean indicating whether or not the service encrypts the data as it is stored. (default: true)
keyType (required)	'Account' 'Service'	Encryption key type to be used for the encryption service. Account key type implies that an account-scoped encryption key will be used. Service key type implies that a default service key is used.

file

Property	Value	Description
enabled	bool	A boolean indicating whether or not the service encrypts the data as it is stored. (default: true)
keyType (required)	'Account' 'Service'	Encryption key type to be used for the encryption service. Account key type implies that an account-scoped encryption key will be used. Service key type implies that a default service key is used.

queue

Property	Value	Description
enabled	bool	A boolean indicating whether or not the service encrypts the data as it is stored. (default: true)
keyType (required)	'Account' 'Service'	Encryption key type to be used for the encryption service. Account key type implies that an account-scoped encryption key will be used. Service key type implies that a default service key is used.

table

Property	Value	Description
enabled	bool	A boolean indicating whether or not the service encrypts the data as it is stored. (default: true)
keyType (required)	'Account' 'Service'	Encryption key type to be used for the encryption service. Account key type implies that an account-scoped encryption key will be used. Service key type implies that a default service key is used.

services

Property	Value	Description
blob (required)	blob	The encryption function of the blob storage service.
file (required)	file	The encryption function of the file storage service.
queue (required)	queue	The encryption function of the queue storage service.
table (required)	table	The encryption function of the table storage service.

immutabilityPolicy

Property	Value	Description
allowProtectedAppendWrites	bool	This property can only be changed for disabled and unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted.
immutabilityPeriodSinceCreationInDays (required)	int	The immutability period for the blobs in the container since the policy creation, in days.
state (required)	'Disabled' 'Locked' 'Unlocked'	The ImmutabilityPolicy state defines the mode of the policy. Disabled state disables the policy, Unlocked state allows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites property, Locked state only allows the increase of the immutability retention time. A policy can only be created in a Disabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition to a Locked state which cannot be reverted. (default: Unlocked)

ipRules

Property	Value	Description
action (required)	'Allow'	The action of IP ACL rule. (default: Allow)
value (required)	string	Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.

virtualNetworkRules

Property	Value	Description
id (required)	string	Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}

resourceAccessRules

Property	Value	Description
resourceId (required)	string	Resource Id
tenantId (required)	string	Tenant Id

networkAcls

Property	Value	Description
bypass	'AzureServices' 'None'	Specifies whether traffic is bypassed for AzureServices. (default: None)
defaultAction	'Allow' 'Deny'	Specifies the default action of allow or deny when no other rules match. (default: Deny)
ipRules	ipRules[]	Sets the IP ACL rules.
virtualNetworkRules	virtualNetworkRules[]	Sets the virtual network rules.
resourceAccessRules	resourceAccessRules[]	Sets the resource access rules.

routingPreference

Property	Value	Description
publishInternetEndpoints	bool	A boolean flag which indicates whether internet routing storage endpoints are to be published.
publishMicrosoftEndpoints	bool	A boolean flag which indicates whether microsoft routing storage endpoints are to be published.
routingChoice	'InternetRouting' 'MicrosoftRouting'	Routing Choice defines the kind of network routing opted by the user.

sasPolicy

Property	Value	Description
expirationAction (required)	'Block' 'Log'	The SAS Expiration Action defines the action to be performed when `sasPolicy.sasExpirationPeriod` is violated. The `Log` action can be used for audit purposes and the `Block` action can be used to block and deny the usage of SAS tokens that do not adhere to the sas policy expiration period.
sasExpirationPeriod (required)	string	The SAS expiration period, DD.HH:MM:SS.

Bicep Module Documentation

Module virtual-desktop

virtualDesktop

imageGallery

roleassignments

hostPool

schedules

scalingPlan

bootDiagnosticsInfo

domainCredentials

activeDirectoryInfo

azureActiveDirectoryInfo

domainInfo

customInfo

marketplaceInfo

imageInfo

networkInfo

securityInfo

vmAdminCredentials

sessionHostConfigurations

update

sessionHostManagementProperties

applicationGroup

application

workspace

applicationGroupIndex

Time

galleryDataDiskImage

source

galleryImageFeature

galleryImageVersion

publishingProfile

safetyProfile

osDiskImage

storageProfile

galleryImageVersionDataDiskImageEncryption

galleryImageVersionTargetOsDiskImage

securityProfile

galleryTargetExtendedLocation

encryption

extendedLocation

galleryVersionTargetRegion

privateLink

subnets

resourceLock

resourceLockOwner

roleAssignment

directoryServiceOptions

storageAccountBlobServices

changeFeed

containerDeleteRetentionPolicy

deleteRetentionPolicy

lastAccessTimeTrackingPolicy

restorePolicy

corsRules

cors

storageAccountContainer

immutableStorageWithVersioning

storageAccountFileServices

multichannel

smb

protocolSettings

shareDeleteRetentionPolicy

storageAccountQueue

properties

storageAccountShare

storageAccountSignedIdentifiers

accessPolicy

storageAccountTable

galleryImage

disallowed

identifier

purchasePlan

memory

vCPUs

recommended

general

naming

storageAccount

azureFilesIdentityBasedAuthentication