{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.41.2.15936",
      "templateHash": "16078624466917332233"
    },
    "contentVersion": "1.0.1",
    "templateId": "5b1fc864-72b7-4e12-bc0a-8d6a2fe98cb4",
    "description": "This template deploys a Windows Virtual Machine (or Virtual Machine Scale Set) for administration of enclave and workload resources. Configuration includes optional availability sets, custom images, and integration with Azure Monitor.",
    "prerequisites": {
      "required": [
        "Enclave must be in Maintenance Mode and the user running the template must be an enclave Maintenance Mode principal.",
        "Data Collection Endpoint and Data Collection Rule (see workload service catalog Common Dependencies quickstart).",
        "User Assigned Managed Identity with \"Key Vault Crypto Service Encryption User\" access on Key Vault and Key (see workload service catalog Common Dependencies quickstart).",
        "Disk Encryption Set for OS Disk (see workload service catalog Common Dependencies quickstart)."
      ]
    }
  },
  "parameters": {
    "vmSku": {
      "type": "string",
      "defaultValue": "Standard_D4s_v3",
      "metadata": {
        "displayName": "Size",
        "required": true,
        "tabGroup": "Basic",
        "description": "Select the virtual machine size to support the workload that you want to run. The size that you choose then determines factors such as processing power, memory, and storage capacity. Azure offers a wide variety of sizes to support many types of uses. Azure charges an hourly price based on the Virtual Machine's size and operating system.\n[Learn more about Virtual Machine sizes](https://learn.microsoft.com/en-gb/azure/virtual-machines/sizes/overview)"
      }
    },
    "vmName": {
      "type": "string",
      "metadata": {
        "displayName": "Virtual machine name",
        "required": true,
        "tabGroup": "Basic",
        "validations": [
          {
            "message": "VM name cannot be only numbers",
            "regex": "^(?=.*[a-zA-Z]).+$"
          },
          {
            "message": "VM name must be between 1 and 15 characters long",
            "regex": "^.{1,15}$"
          },
          {
            "message": "VM name can contain only letters, numbers, and hyphens",
            "regex": "^[a-zA-Z0-9-]*$"
          }
        ],
        "description": "Virtual machines in Azure have two distinct names: virtual machine name used as the Azure resource identifier and guest host name. When you create a Virtual Machine in the portal, the same name is used for both the virtual machine name and the host name. The virtual machine name cannot be changed after the Virtual Machine is created. You can change the host name when you log into the virtual machine."
      }
    },
    "adminUserName": {
      "type": "string",
      "metadata": {
        "displayName": "Admin username",
        "required": true,
        "tabGroup": "Basic",
        "validation": {
          "regex": "^(?!admin$)[a-zA-Z0-9_]{1,20}$",
          "message": "Username must be 1 to 20 characters long and cannot be 'admin'"
        },
        "description": "The administrator username for the Virtual Machine"
      }
    },
    "adminPassword": {
      "type": "securestring",
      "metadata": {
        "displayName": "Admin password",
        "required": true,
        "tabGroup": "Basic",
        "validation": {
          "regex": "^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[@$!%*?&])[A-Za-z\\d\\W]{12,}$",
          "message": "Password must be at least 12 characters long and include at least one uppercase letter, one lowercase letter, one number, and one special character (@$!%*?&)."
        },
        "description": "Administrator password for accessing the virtual machine."
      }
    },
    "useVmss": {
      "type": "bool",
      "defaultValue": false,
      "metadata": {
        "displayName": "Deploy as Virtual Machine Scale Set",
        "required": true,
        "tabGroup": "Advanced",
        "description": "Azure virtual machine scale sets let you create and manage a group of load balanced Virtual Machines. The number of Virtual Machine instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications, and allow you to centrally manage, configure, and update a large number of Virtual Machines.\n[Learn more about virtual machine scale sets](https://learn.microsoft.com/en-gb/azure/virtual-machine-scale-sets/overview)"
      }
    },
    "useCustomImage": {
      "type": "bool",
      "defaultValue": false,
      "metadata": {
        "displayName": "Use custom image",
        "required": false,
        "tabGroup": "Advanced",
        "description": "Whether to use a custom image you define."
      }
    },
    "customImageId": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "displayName": "Image ID",
        "required": false,
        "tabGroup": "Advanced",
        "description": "Resource URL of the custom image."
      }
    },
    "osDiskCaching": {
      "type": "string",
      "defaultValue": "ReadWrite",
      "allowedValues": [
        "None",
        "ReadOnly",
        "ReadWrite"
      ],
      "metadata": {
        "displayName": "OS disk caching",
        "required": false,
        "tabGroup": "Advanced",
        "description": "Specifies the caching option for OS disk (e.g., None, ReadOnly, ReadWrite)"
      }
    },
    "imagePublisher": {
      "type": "string",
      "defaultValue": "MicrosoftWindowsServer",
      "metadata": {
        "displayName": "Image publisher",
        "required": true,
        "tabGroup": "Advanced",
        "description": "The publisher of the Windows Virtual Machine. Common options include: \"MicrosoftWindowsServer\", \"MicrosoftWindowsDesktop\"."
      }
    },
    "imageOffer": {
      "type": "string",
      "defaultValue": "WindowsServer",
      "metadata": {
        "displayName": "Image offer",
        "required": true,
        "tabGroup": "Advanced",
        "description": "The offer of the Windows Virtual Machine. Common options include: \"WindowsServer\", \"Windows-11\"."
      }
    },
    "imageSku": {
      "type": "string",
      "defaultValue": "2022-Datacenter",
      "metadata": {
        "displayName": "Image SKU",
        "required": true,
        "tabGroup": "Advanced",
        "description": "The SKU of the Windows Virtual Machine. Common options include: \"2022-Datacenter\", \"win11-22h2-avd\"."
      }
    },
    "imageVersion": {
      "type": "string",
      "defaultValue": "latest",
      "metadata": {
        "displayName": "Image version",
        "required": true,
        "tabGroup": "Advanced",
        "description": "The version of the Windows Virtual Machine. It defaults to \"latest\"."
      }
    },
    "networkingRgName": {
      "type": "string",
      "metadata": {
        "displayName": "Virtual network resource group",
        "required": true,
        "tabGroup": "Advanced",
        "vadlidations": [
          {
            "regex": "^[a-zA-Z0-9_().-]{1,89}[^.\\s]$",
            "message": "Invalid Resource Group name. Ensure it is 1-90 characters long, does not end with a period, and does not include spaces."
          }
        ],
        "description": "The name of the resource group containing the Virtual Network that the Virtual Machine will attach to"
      }
    },
    "virtualNetworkName": {
      "type": "string",
      "metadata": {
        "displayName": "Virtual network",
        "required": true,
        "tabGroup": "Advanced",
        "description": "The name of the Virtual Network that the Virtual Machine will attach to"
      }
    },
    "privateIpAddress": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "displayName": "Private IP",
        "required": false,
        "tabGroup": "Advanced",
        "validations": [
          {
            "regex": "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
            "message": "Invalid IP address. Ensure it is in the format xxx.xxx.xxx.xxx."
          }
        ],
        "hidden": true,
        "description": "Specify the privateIpAddress for the NIC."
      }
    },
    "enableIPForwarding": {
      "type": "bool",
      "defaultValue": false,
      "metadata": {
        "displayName": "Enable IP Forwarding",
        "required": false,
        "tabGroup": "Advanced",
        "hidden": true,
        "description": "Specify to enable IP forwarding for the NIC."
      }
    },
    "enableAcceleratedNetworking": {
      "type": "bool",
      "defaultValue": true,
      "metadata": {
        "displayName": "Enable Accelerated Networking",
        "required": false,
        "tabGroup": "Advanced",
        "hidden": true,
        "description": "Specify to enable accelerated networking for the NIC."
      }
    },
    "loadBalancerBackendAddressPoolsId": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "displayName": "Select a load balancer",
        "required": false,
        "tabGroup": "Advanced",
        "hidden": true,
        "description": "Specify the load balancer backend address pools Id for the NIC."
      }
    },
    "useAvailabilitySet": {
      "type": "bool",
      "defaultValue": false,
      "metadata": {
        "displayName": "Use Availability Set",
        "required": false,
        "tabGroup": "Advanced",
        "description": "An Availability Set is a logical grouping capability for isolating Virtual Machine resources from each other when they're deployed. Azure makes sure that the Virtual Machines you place within an Availability Set run across multiple physical servers, compute racks, storage units, and network switches. If a hardware or software failure happens, only a subset of your Virtual Machines are impacted and your overall solution stays operational. Availability Sets are essential for building reliable cloud solutions.\n[Learn more about Availability Sets](https://learn.microsoft.com/en-gb/azure/virtual-machines/availability)"
      }
    },
    "createNewAvailabilitySet": {
      "type": "bool",
      "defaultValue": false,
      "metadata": {
        "displayName": "Create New Availability Set",
        "required": false,
        "tabGroup": "Advanced",
        "description": "Whether to create a new Availability Set."
      }
    },
    "availabilitySetName": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "displayName": "Availability set name",
        "required": false,
        "tabGroup": "Advanced",
        "description": "The name of the availability set"
      }
    },
    "faultDomainCount": {
      "type": "int",
      "defaultValue": 2,
      "metadata": {
        "displayName": "Availability set fault domain count",
        "required": false,
        "tabGroup": "Advanced",
        "description": "Virtual machines in the same fault domain share a common power source and physical network switch.(Values 1-3)"
      },
      "minValue": 1,
      "maxValue": 3
    },
    "updateDomainCount": {
      "type": "int",
      "defaultValue": 5,
      "metadata": {
        "displayName": "Availability set update domain count",
        "required": false,
        "tabGroup": "Advanced",
        "description": "Virtual machines in the same update domain will be restarted together during planned maintenance. Azure never restarts more than one update domain at a time.(Values 1-20)"
      },
      "minValue": 1,
      "maxValue": 20
    },
    "skuName": {
      "type": "string",
      "defaultValue": "Aligned",
      "allowedValues": [
        "Aligned",
        "Classic"
      ],
      "metadata": {
        "displayName": "Availability set sku name.",
        "required": false,
        "tabGroup": "Advanced",
        "description": "Availability set sku name. (e.g., Aligned, Classic)"
      }
    },
    "vmOsDiskVolumeSize": {
      "type": "int",
      "defaultValue": 512,
      "metadata": {
        "displayName": "OS disk size",
        "required": false,
        "tabGroup": "Advanced",
        "description": "OS disk size for Virtual Machine in GB."
      }
    },
    "userAssignedIdentityObject": {
      "type": "object",
      "metadata": {
        "displayName": "User Managed Identity",
        "required": true,
        "tabGroup": "Basic",
        "description": "The user assigned identity used to access key in a key vault."
      }
    },
    "vmOsDiskEncryptionSetName": {
      "type": "object",
      "metadata": {
        "displayName": "OS Disk Encryption Set Name",
        "required": true,
        "tabGroup": "Basic",
        "description": "Name of the disk encryption set."
      }
    },
    "instanceCount": {
      "type": "int",
      "defaultValue": 1,
      "metadata": {
        "displayName": "Initial instance count",
        "required": false,
        "tabGroup": "Advanced",
        "description": "The initial number of virtual machines deployed in this scale set (0-1000)"
      }
    },
    "maxInstanceCount": {
      "type": "int",
      "defaultValue": 5,
      "metadata": {
        "displayName": "Maximum instance limit",
        "required": false,
        "tabGroup": "Advanced",
        "description": "The maximum count of instance you want this to scale up to."
      }
    },
    "minInstanceCount": {
      "type": "int",
      "defaultValue": 1,
      "metadata": {
        "displayName": "Minimum instance limit",
        "required": false,
        "tabGroup": "Advanced",
        "description": "The minimum count of instance you want this to scale down to."
      }
    },
    "scaleOutThreshold": {
      "type": "int",
      "defaultValue": 70,
      "metadata": {
        "displayName": "Scale Out CPU threshold greater than",
        "required": false,
        "tabGroup": "Advanced",
        "description": "The CPU usage percentage threshold for triggering the scale out autoscale rule"
      }
    },
    "scaleInThreshold": {
      "type": "int",
      "defaultValue": 30,
      "metadata": {
        "displayName": "Scale In CPU threshold less than",
        "required": false,
        "tabGroup": "Advanced",
        "description": "The CPU usage percentage threshold for triggering the scale in autoscale rule."
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "hidden": true
      }
    },
    "tags": {
      "type": "object",
      "defaultValue": {},
      "metadata": {
        "displayName": "Tags",
        "required": false,
        "tabGroup": "Tags",
        "description": "Tags to be applied to resources"
      }
    },
    "DCEResourceGroupName": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "displayName": "Data Collection Endpoint Resource Group",
        "required": true,
        "tabGroup": "Basics",
        "description": "The Name of the Resource Group for the Data Collection Endpoint and the Data Collection Rule for Azure Monitor"
      }
    },
    "DCEName": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "displayName": "Data Collection Endpoint",
        "required": true,
        "tabGroup": "Basics",
        "description": "The Name of Data Collection Endpoint for Azure Monitor"
      }
    },
    "DCRName": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "displayName": "Data Collection Rule",
        "required": true,
        "tabGroup": "Basics",
        "description": "The Name of Data Collection Rule for Azure Monitor"
      }
    },
    "currentDateTime": {
      "type": "string",
      "defaultValue": "[utcNow()]",
      "metadata": {
        "hidden": true
      }
    },
    "enableTelemetry": {
      "type": "bool",
      "defaultValue": true,
      "metadata": {
        "description": "Optional. Enable/Disable usage telemetry for module."
      }
    }
  },
  "variables": {
    "vmssName": "[parameters('vmName')]",
    "windowsVmTags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]",
    "vmNameTags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines/extensions'), parameters('tags')['Microsoft.Compute/virtualMachines/extensions'], createObject())]",
    "networkInterfaceTags": "[if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject())]",
    "availabilitySetTags": "[if(contains(parameters('tags'), 'Microsoft.Compute/availabilitySets'), parameters('tags')['Microsoft.Compute/availabilitySets'], createObject())]",
    "vmssTags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachineScaleSets'), parameters('tags')['Microsoft.Compute/virtualMachineScaleSets'], createObject())]",
    "autoScaleTags": "[if(contains(parameters('tags'), 'Microsoft.Insights/autoscaleSettings'), parameters('tags')['Microsoft.Insights/autoscaleSettings'], createObject())]",
    "defaultTag": {
      "deployedByServiceCatalog": "[parameters('currentDateTime')]"
    },
    "subnetName": "AzureManagementSubnet",
    "availabilitySetName_v": "avs-avm",
    "dataCollectionEndpointId": "[resourceId(subscription().subscriptionId, parameters('DCEResourceGroupName'), 'Microsoft.Insights/dataCollectionEndpoints', parameters('DCEName'))]",
    "dataCollectionRuleId": "[resourceId(subscription().subscriptionId, parameters('DCEResourceGroupName'), 'Microsoft.Insights/dataCollectionRules', parameters('DCRName'))]"
  },
  "resources": [
    {
      "condition": "[equals(parameters('useVmss'), false())]",
      "type": "Microsoft.Resources/deployments",
      "apiVersion": "2025-04-01",
      "name": "[parameters('vmName')]",
      "properties": {
        "expressionEvaluationOptions": {
          "scope": "inner"
        },
        "mode": "Incremental",
        "parameters": {
          "vmSize": {
            "value": "[parameters('vmSku')]"
          },
          "vmName": {
            "value": "[parameters('vmName')]"
          },
          "adminUserName": {
            "value": "[parameters('adminUserName')]"
          },
          "adminPassword": {
            "value": "[parameters('adminPassword')]"
          },
          "imageId": "[if(equals(parameters('useCustomImage'), true()), createObject('value', parameters('customImageId')), createObject('value', ''))]",
          "osDiskCaching": {
            "value": "[parameters('osDiskCaching')]"
          },
          "imagePublisher": {
            "value": "[parameters('imagePublisher')]"
          },
          "imageOffer": {
            "value": "[parameters('imageOffer')]"
          },
          "imageSku": {
            "value": "[parameters('imageSku')]"
          },
          "imageVersion": {
            "value": "[parameters('imageVersion')]"
          },
          "privateIpAddress": {
            "value": "[parameters('privateIpAddress')]"
          },
          "enableIPForwarding": {
            "value": "[parameters('enableIPForwarding')]"
          },
          "enableAcceleratedNetworking": {
            "value": "[parameters('enableAcceleratedNetworking')]"
          },
          "loadBalancerBackendAddressPoolsId": {
            "value": "[parameters('loadBalancerBackendAddressPoolsId')]"
          },
          "availabilitySetName": "[if(equals(parameters('availabilitySetName'), ''), createObject('value', variables('availabilitySetName_v')), createObject('value', parameters('availabilitySetName')))]",
          "vmOsDiskVolumeSize": {
            "value": "[parameters('vmOsDiskVolumeSize')]"
          },
          "vmOsDiskEncryptionSetName": {
            "value": "[parameters('vmOsDiskEncryptionSetName').name]"
          },
          "vmOsDiskEncryptionSetResourceGroupName": {
            "value": "[first(skip(split(parameters('vmOsDiskEncryptionSetName').id, '/'), 4))]"
          },
          "networkInterfaceTags": {
            "value": "[union(variables('defaultTag'), variables('networkInterfaceTags'))]"
          },
          "vmTags": {
            "value": "[union(variables('defaultTag'), variables('windowsVmTags'))]"
          },
          "vmNameTags": {
            "value": "[union(variables('defaultTag'), variables('vmNameTags'))]"
          },
          "subnetId": {
            "value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('networkingRgName')), 'Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[0], split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[1])]"
          },
          "location": {
            "value": "[parameters('location')]"
          },
          "useAvailabilitySet": {
            "value": "[parameters('useAvailabilitySet')]"
          },
          "createNewAvailabilitySet": {
            "value": "[parameters('createNewAvailabilitySet')]"
          },
          "faultDomainCount": {
            "value": "[parameters('faultDomainCount')]"
          },
          "updateDomainCount": {
            "value": "[parameters('updateDomainCount')]"
          },
          "skuName": {
            "value": "[parameters('skuName')]"
          },
          "availabilitySetTags": {
            "value": "[union(variables('defaultTag'), variables('availabilitySetTags'))]"
          },
          "dataCollectionEndpointId": {
            "value": "[variables('dataCollectionEndpointId')]"
          },
          "dataCollectionRuleId": {
            "value": "[variables('dataCollectionRuleId')]"
          },
          "userAssignedManagedIdentityName": {
            "value": "[parameters('userAssignedIdentityObject').name]"
          },
          "userAssignedManagedIdentityResourceGroupName": {
            "value": "[split(parameters('userAssignedIdentityObject').id, '/')[4]]"
          }
        },
        "template": {
          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "metadata": {
            "_generator": {
              "name": "bicep",
              "version": "0.41.2.15936",
              "templateHash": "15034029792407278451"
            }
          },
          "parameters": {
            "location": {
              "type": "string",
              "defaultValue": "[resourceGroup().location]",
              "metadata": {
                "description": "Specify a location for the resources."
              }
            },
            "vmName": {
              "type": "string",
              "metadata": {
                "description": "Specify the name of the Virtual Machine."
              }
            },
            "imageId": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the compute gallery resource ID of the custom image."
              }
            },
            "imageOffer": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the offer of the Virtual Machine image."
              }
            },
            "imagePublisher": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the publisher of the Virtual Machine image."
              }
            },
            "imageSku": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the SKU of the Virtual Machine image."
              }
            },
            "imageVersion": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the version of the image for the Virtual Machine."
              }
            },
            "vmSize": {
              "type": "string",
              "metadata": {
                "description": "Specify a size of the Virtual Machine."
              }
            },
            "adminUserName": {
              "type": "securestring",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the administrator username for the Virtual Machine."
              }
            },
            "adminPassword": {
              "type": "securestring",
              "metadata": {
                "description": "Specify the password for the admin user on the Virtual Machine."
              }
            },
            "useAvailabilitySet": {
              "type": "bool",
              "defaultValue": false,
              "metadata": {
                "description": "Use Availability Set."
              }
            },
            "createNewAvailabilitySet": {
              "type": "bool",
              "defaultValue": false,
              "metadata": {
                "description": "Create New Availability Set."
              }
            },
            "availabilitySetName": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "(Optional) Availability set name."
              }
            },
            "faultDomainCount": {
              "type": "int",
              "defaultValue": 2,
              "metadata": {
                "description": "Availability set fault domain count."
              }
            },
            "updateDomainCount": {
              "type": "int",
              "defaultValue": 5,
              "metadata": {
                "description": "Availability set update domain count."
              }
            },
            "skuName": {
              "type": "string",
              "defaultValue": "Aligned",
              "metadata": {
                "description": "Availability set sku name."
              }
            },
            "dataDiskName": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "(Optional) Name of data disk for Virtual Machine."
              }
            },
            "dataDiskSize": {
              "type": "int",
              "defaultValue": 4095,
              "metadata": {
                "description": "(Optional) Data disk size for Virtual Machine."
              }
            },
            "vmOsDiskVolumeSize": {
              "type": "int",
              "defaultValue": 512,
              "metadata": {
                "description": "(Optional) OS disk size for Virtual Machine."
              }
            },
            "vmOsDiskEncryptionSetName": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Name of the disk encryption set."
              }
            },
            "vmOsDiskEncryptionSetResourceGroupName": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Resource group name the disk encryption set is in."
              }
            },
            "dataDiskCreateOption": {
              "type": "string",
              "defaultValue": "attach",
              "metadata": {
                "description": "(Optional) Specify the data disk creation option."
              }
            },
            "dataDiskCaching": {
              "type": "string",
              "defaultValue": "ReadOnly",
              "metadata": {
                "description": "(Optional) Specify the data disk caching."
              }
            },
            "osDiskCaching": {
              "type": "string",
              "defaultValue": "ReadWrite",
              "metadata": {
                "description": "OS disk caching option"
              }
            },
            "privateIpAddress": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the privateIpAddress for the NIC."
              }
            },
            "enableIPForwarding": {
              "type": "bool",
              "defaultValue": true,
              "metadata": {
                "description": "Specify to enable IP forwarding for the NIC."
              }
            },
            "enableAcceleratedNetworking": {
              "type": "bool",
              "defaultValue": true,
              "metadata": {
                "description": "Specify to enable accelerated networking for the NIC."
              }
            },
            "networkInterfaceTags": {
              "type": "object",
              "defaultValue": {},
              "metadata": {
                "description": "Add tagging to the NIC."
              }
            },
            "vmTags": {
              "type": "object",
              "defaultValue": {},
              "metadata": {
                "description": "Add tagging to the Virtual Machine."
              }
            },
            "vmNameTags": {
              "type": "object",
              "defaultValue": {},
              "metadata": {
                "description": "Add tagging to the Virtual Machine name."
              }
            },
            "availabilitySetTags": {
              "type": "object",
              "defaultValue": {},
              "metadata": {
                "description": "Add tagging to the Availability Set."
              }
            },
            "loadBalancerBackendAddressPoolsId": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the load balancer backend address pools Id for the NIC."
              }
            },
            "subnetId": {
              "type": "string",
              "metadata": {
                "description": "Specify the subnetId for the NIC."
              }
            },
            "userAssignedManagedIdentityName": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the user assigned managed identity name."
              }
            },
            "userAssignedManagedIdentityResourceGroupName": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the user assigned managed identity resource group name."
              }
            },
            "dataCollectionEndpointId": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the Data Collection Endpoint ID."
              }
            },
            "dataCollectionRuleId": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the Data Collection Rule ID."
              }
            }
          },
          "resources": [
            {
              "type": "Microsoft.Compute/virtualMachines/extensions",
              "apiVersion": "2021-04-01",
              "name": "[format('{0}/{1}', parameters('vmName'), 'AADLoginExtension')]",
              "location": "[parameters('location')]",
              "tags": "[parameters('vmNameTags')]",
              "properties": {
                "publisher": "Microsoft.Azure.ActiveDirectory",
                "type": "AADLoginForWindows",
                "typeHandlerVersion": "1.0",
                "autoUpgradeMinorVersion": true,
                "enableAutomaticUpgrade": true
              },
              "dependsOn": [
                "[resourceId('Microsoft.Resources/deployments', format('windows-vm-machine-{0}', parameters('vmName')))]"
              ]
            },
            {
              "type": "Microsoft.Insights/dataCollectionRuleAssociations",
              "apiVersion": "2023-03-11",
              "scope": "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]",
              "name": "configurationAccessRule",
              "properties": {
                "dataCollectionRuleId": "[parameters('dataCollectionRuleId')]"
              },
              "dependsOn": [
                "[resourceId('Microsoft.Resources/deployments', format('windows-vm-extensions-{0}', parameters('vmName')))]",
                "[resourceId('Microsoft.Resources/deployments', format('windows-vm-machine-{0}', parameters('vmName')))]"
              ]
            },
            {
              "type": "Microsoft.Insights/dataCollectionRuleAssociations",
              "apiVersion": "2023-03-11",
              "scope": "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]",
              "name": "configurationAccessEndpoint",
              "properties": {
                "dataCollectionEndpointId": "[parameters('dataCollectionEndpointId')]"
              },
              "dependsOn": [
                "[resourceId('Microsoft.Resources/deployments', format('windows-vm-extensions-{0}', parameters('vmName')))]",
                "[resourceId('Microsoft.Resources/deployments', format('windows-vm-machine-{0}', parameters('vmName')))]"
              ]
            },
            {
              "condition": "[and(parameters('useAvailabilitySet'), parameters('createNewAvailabilitySet'))]",
              "type": "Microsoft.Resources/deployments",
              "apiVersion": "2025-04-01",
              "name": "[parameters('availabilitySetName')]",
              "properties": {
                "expressionEvaluationOptions": {
                  "scope": "inner"
                },
                "mode": "Incremental",
                "parameters": {
                  "tags": {
                    "value": "[parameters('availabilitySetTags')]"
                  },
                  "location": {
                    "value": "[parameters('location')]"
                  },
                  "availabilitySetName": {
                    "value": "[parameters('availabilitySetName')]"
                  },
                  "faultDomainCount": {
                    "value": "[parameters('faultDomainCount')]"
                  },
                  "updateDomainCount": {
                    "value": "[parameters('updateDomainCount')]"
                  },
                  "skuName": {
                    "value": "[parameters('skuName')]"
                  }
                },
                "template": {
                  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                  "contentVersion": "1.0.0.0",
                  "metadata": {
                    "_generator": {
                      "name": "bicep",
                      "version": "0.41.2.15936",
                      "templateHash": "18173416768010323992"
                    }
                  },
                  "parameters": {
                    "location": {
                      "type": "string",
                      "defaultValue": "[resourceGroup().location]",
                      "metadata": {
                        "description": "Specify a location for the resources."
                      }
                    },
                    "availabilitySetName": {
                      "type": "string",
                      "metadata": {
                        "description": "Specify the name of the availability set."
                      }
                    },
                    "faultDomainCount": {
                      "type": "int",
                      "defaultValue": 2,
                      "metadata": {
                        "description": "Specify the number of fault domains."
                      }
                    },
                    "updateDomainCount": {
                      "type": "int",
                      "defaultValue": 5,
                      "metadata": {
                        "description": "Specify the number of update domains."
                      }
                    },
                    "skuName": {
                      "type": "string",
                      "defaultValue": "Aligned",
                      "metadata": {
                        "description": "Specify the SKU of the availability set."
                      }
                    },
                    "tags": {
                      "type": "object",
                      "defaultValue": {},
                      "metadata": {
                        "description": "Add tagging to the Availability Set."
                      }
                    }
                  },
                  "resources": [
                    {
                      "type": "Microsoft.Compute/availabilitySets",
                      "apiVersion": "2021-03-01",
                      "name": "[parameters('availabilitySetName')]",
                      "location": "[parameters('location')]",
                      "tags": "[parameters('tags')]",
                      "sku": {
                        "name": "[parameters('skuName')]"
                      },
                      "properties": {
                        "platformFaultDomainCount": "[parameters('faultDomainCount')]",
                        "platformUpdateDomainCount": "[parameters('updateDomainCount')]"
                      }
                    }
                  ],
                  "outputs": {
                    "availabilitySetId": {
                      "type": "string",
                      "value": "[resourceId('Microsoft.Compute/availabilitySets', parameters('availabilitySetName'))]"
                    }
                  }
                }
              }
            },
            {
              "type": "Microsoft.Resources/deployments",
              "apiVersion": "2025-04-01",
              "name": "[format('windows-vm-nic-{0}', parameters('vmName'))]",
              "properties": {
                "expressionEvaluationOptions": {
                  "scope": "inner"
                },
                "mode": "Incremental",
                "parameters": {
                  "tags": {
                    "value": "[parameters('networkInterfaceTags')]"
                  },
                  "location": {
                    "value": "[parameters('location')]"
                  },
                  "nicName": {
                    "value": "[parameters('vmName')]"
                  },
                  "subnetId": {
                    "value": "[parameters('subnetId')]"
                  },
                  "includeNsg": {
                    "value": false
                  },
                  "privateIpAddress": {
                    "value": "[parameters('privateIpAddress')]"
                  },
                  "enableIPForwarding": {
                    "value": "[parameters('enableIPForwarding')]"
                  },
                  "enableAcceleratedNetworking": {
                    "value": "[parameters('enableAcceleratedNetworking')]"
                  },
                  "loadBalancerBackendAddressPoolsId": {
                    "value": "[parameters('loadBalancerBackendAddressPoolsId')]"
                  }
                },
                "template": {
                  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                  "contentVersion": "1.0.0.0",
                  "metadata": {
                    "_generator": {
                      "name": "bicep",
                      "version": "0.41.2.15936",
                      "templateHash": "9959434841872273499"
                    }
                  },
                  "parameters": {
                    "location": {
                      "type": "string",
                      "defaultValue": "[resourceGroup().location]",
                      "metadata": {
                        "description": "Specify a location for the resources."
                      }
                    },
                    "subnetId": {
                      "type": "string",
                      "metadata": {
                        "description": "Specify the subnetId for the NIC."
                      }
                    },
                    "privateIpAddress": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the privateIpAddress for the NIC."
                      }
                    },
                    "nicName": {
                      "type": "string",
                      "metadata": {
                        "description": "Specify the Name for the NIC."
                      }
                    },
                    "dnsServers": {
                      "type": "array",
                      "defaultValue": [],
                      "metadata": {
                        "description": "Specify the DNS Server IP Addresses for the NIC."
                      }
                    },
                    "pipId": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the public IP for the NIC."
                      }
                    },
                    "includeNsg": {
                      "type": "bool",
                      "defaultValue": true,
                      "metadata": {
                        "description": "Specify to include Nsg for the NIC."
                      }
                    },
                    "enableIPForwarding": {
                      "type": "bool",
                      "defaultValue": true,
                      "metadata": {
                        "description": "Specify to enable IP forwarding for the NIC."
                      }
                    },
                    "enableAcceleratedNetworking": {
                      "type": "bool",
                      "defaultValue": true,
                      "metadata": {
                        "description": "Specify to enable accelerated networking for the NIC."
                      }
                    },
                    "tags": {
                      "type": "object",
                      "defaultValue": {},
                      "metadata": {
                        "description": "Add tagging to the NIC."
                      }
                    },
                    "loadBalancerBackendAddressPoolsId": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the load balancer backend address pools Id for the NIC."
                      }
                    },
                    "additionalIps": {
                      "type": "array",
                      "defaultValue": [],
                      "metadata": {
                        "description": "Specify any additional IP configurations."
                      }
                    }
                  },
                  "variables": {
                    "copy": [
                      {
                        "name": "secondaryIpConfigs",
                        "count": "[length(parameters('additionalIps'))]",
                        "input": {
                          "name": "[parameters('additionalIps')[copyIndex('secondaryIpConfigs')].name]",
                          "primary": false,
                          "privateIPAllocationMethod": "Static",
                          "privateIPAddress": "[parameters('additionalIps')[copyIndex('secondaryIpConfigs')].privateIpAddress]",
                          "subnet": {
                            "id": "[parameters('subnetId')]"
                          },
                          "publicIPAddress": "[if(and(contains(parameters('additionalIps')[copyIndex('secondaryIpConfigs')], 'pipId'), not(empty(parameters('additionalIps')[copyIndex('secondaryIpConfigs')].pipId))), createObject('id', parameters('additionalIps')[copyIndex('secondaryIpConfigs')].pipId), null())]",
                          "loadBalancerBackendAddressPools": null
                        }
                      }
                    ],
                    "$fxv#0": "{\r\n    \"seperator\":          \"-\",\r\n    \"bastion\":            \"bastion\",\r\n    \"bootstrapper\":       \"bootstrapper\",\r\n    \"certpki\":            \"certpki\",\r\n    \"connection\":         \"connection\",\r\n    \"csr\":                \"csr\",\r\n    \"datadisk\":           \"datadisk\",\r\n    \"dataDisk\":           \"datadisk\",\r\n    \"dc\":                 \"dc\",\r\n    \"ddos\":               \"ddos\",\r\n    \"deployment\":         \"deployment\",\r\n    \"dfs\":                \"dfs\",\r\n    \"diagnostics\":        \"diag\",\r\n    \"diagstorageaccount\": \"diagsa\",\r\n    \"diskEncryptionSet\":  \"des\",\r\n    \"firewall\":           \"firewall\",\r\n    \"firewallPolicy\":     \"firewall-policy\",\r\n    \"gateway\":            \"gateway\",\r\n    \"hub\":                \"vwan-hub\",\r\n    \"ilb\":                \"ilb\",\r\n    \"ipConfig\":           \"ipconfig\",\r\n    \"kv\":                 \"kv\",\r\n    \"logAnalytics\":       \"loga\",\r\n    \"nic\":                \"nic\",\r\n    \"nsg\":                \"nsg\",\r\n    \"osDisk\":             \"osdisk\",\r\n    \"peering\":            \"peering\",\r\n    \"pip\":                \"pip\",\r\n    \"privateEndpoint\":    \"pe\",\r\n    \"resourceGroup\":      \"rg\",\r\n    \"routeTable\":         \"rt\",\r\n    \"storageaccount\":     \"sa\",\r\n    \"subnet\":             \"snet\",\r\n    \"vm\":                 \"vm\",\r\n    \"vmss\":               \"vmss\",\r\n    \"vnet\":               \"vnet\",\r\n    \"vpn\":                \"vpn\",\r\n    \"vpnLink\":            \"vpnlink\",\r\n    \"vwan\":               \"vwan\",\r\n    \"wsus\":               \"wsus\"\r\n}",
                    "postfixes": "[json(variables('$fxv#0'))]",
                    "primaryIpConfig": [
                      {
                        "name": "[format('{0}-{1}-default', parameters('nicName'), variables('postfixes').ipConfig)]",
                        "primary": true,
                        "privateIPAllocationMethod": "[if(not(empty(parameters('privateIpAddress'))), 'Static', 'Dynamic')]",
                        "privateIPAddress": "[if(not(empty(parameters('privateIpAddress'))), parameters('privateIpAddress'), null())]",
                        "subnet": {
                          "id": "[parameters('subnetId')]"
                        },
                        "publicIPAddress": "[if(not(empty(parameters('pipId'))), createObject('id', parameters('pipId')), null())]",
                        "loadBalancerBackendAddressPools": "[if(not(empty(parameters('loadBalancerBackendAddressPoolsId'))), createArray(createObject('id', parameters('loadBalancerBackendAddressPoolsId'))), null())]"
                      }
                    ],
                    "ipConfigs": "[concat(variables('primaryIpConfig'), variables('secondaryIpConfigs'))]"
                  },
                  "resources": [
                    {
                      "condition": "[parameters('includeNsg')]",
                      "type": "Microsoft.Network/networkSecurityGroups",
                      "apiVersion": "2022-09-01",
                      "name": "[toLower(format('{0}-{1}', parameters('nicName'), variables('postfixes').nsg))]",
                      "tags": "[parameters('tags')]",
                      "location": "[parameters('location')]",
                      "properties": {}
                    },
                    {
                      "type": "Microsoft.Network/networkInterfaces",
                      "apiVersion": "2022-09-01",
                      "name": "[toLower(format('{0}-{1}', parameters('nicName'), variables('postfixes').nic))]",
                      "tags": "[parameters('tags')]",
                      "location": "[parameters('location')]",
                      "properties": {
                        "copy": [
                          {
                            "name": "ipConfigurations",
                            "count": "[length(variables('ipConfigs'))]",
                            "input": {
                              "name": "[variables('ipConfigs')[copyIndex('ipConfigurations')].name]",
                              "properties": {
                                "privateIPAllocationMethod": "[variables('ipConfigs')[copyIndex('ipConfigurations')].privateIPAllocationMethod]",
                                "privateIPAddress": "[variables('ipConfigs')[copyIndex('ipConfigurations')].privateIPAddress]",
                                "subnet": "[variables('ipConfigs')[copyIndex('ipConfigurations')].subnet]",
                                "primary": "[variables('ipConfigs')[copyIndex('ipConfigurations')].primary]",
                                "privateIPAddressVersion": "IPv4",
                                "publicIPAddress": "[variables('ipConfigs')[copyIndex('ipConfigurations')].publicIPAddress]",
                                "loadBalancerBackendAddressPools": "[variables('ipConfigs')[copyIndex('ipConfigurations')].loadBalancerBackendAddressPools]"
                              }
                            }
                          }
                        ],
                        "networkSecurityGroup": "[if(parameters('includeNsg'), createObject('id', resourceId('Microsoft.Network/networkSecurityGroups', toLower(format('{0}-{1}', parameters('nicName'), variables('postfixes').nsg)))), null())]",
                        "dnsSettings": {
                          "dnsServers": "[parameters('dnsServers')]"
                        },
                        "enableIPForwarding": "[parameters('enableIPForwarding')]",
                        "enableAcceleratedNetworking": "[parameters('enableAcceleratedNetworking')]"
                      },
                      "dependsOn": [
                        "[resourceId('Microsoft.Network/networkSecurityGroups', toLower(format('{0}-{1}', parameters('nicName'), variables('postfixes').nsg)))]"
                      ]
                    }
                  ],
                  "outputs": {
                    "ipAddress": {
                      "type": "string",
                      "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', toLower(format('{0}-{1}', parameters('nicName'), variables('postfixes').nic))), '2022-09-01').ipConfigurations[0].properties.privateIPAddress]"
                    },
                    "nic": {
                      "type": "object",
                      "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', toLower(format('{0}-{1}', parameters('nicName'), variables('postfixes').nic))), '2022-09-01', 'full')]"
                    },
                    "nicName": {
                      "type": "string",
                      "value": "[toLower(format('{0}-{1}', parameters('nicName'), variables('postfixes').nic))]"
                    },
                    "nicId": {
                      "type": "string",
                      "value": "[resourceId('Microsoft.Network/networkInterfaces', toLower(format('{0}-{1}', parameters('nicName'), variables('postfixes').nic)))]"
                    },
                    "nsg": {
                      "type": "object",
                      "value": "[if(parameters('includeNsg'), reference(resourceId('Microsoft.Network/networkSecurityGroups', toLower(format('{0}-{1}', parameters('nicName'), variables('postfixes').nsg))), '2022-09-01', 'full'), createObject())]"
                    },
                    "nsgName": {
                      "type": "string",
                      "value": "[if(parameters('includeNsg'), toLower(format('{0}-{1}', parameters('nicName'), variables('postfixes').nsg)), '')]"
                    },
                    "nsgId": {
                      "type": "string",
                      "value": "[if(parameters('includeNsg'), resourceId('Microsoft.Network/networkSecurityGroups', toLower(format('{0}-{1}', parameters('nicName'), variables('postfixes').nsg))), '')]"
                    }
                  }
                }
              }
            },
            {
              "type": "Microsoft.Resources/deployments",
              "apiVersion": "2025-04-01",
              "name": "[format('windows-vm-machine-{0}', parameters('vmName'))]",
              "properties": {
                "expressionEvaluationOptions": {
                  "scope": "inner"
                },
                "mode": "Incremental",
                "parameters": {
                  "location": {
                    "value": "[parameters('location')]"
                  },
                  "vmName": {
                    "value": "[parameters('vmName')]"
                  },
                  "imageId": {
                    "value": "[parameters('imageId')]"
                  },
                  "imageSku": {
                    "value": "[parameters('imageSku')]"
                  },
                  "adminUserName": {
                    "value": "[parameters('adminUserName')]"
                  },
                  "adminPassword": {
                    "value": "[parameters('adminPassword')]"
                  },
                  "imagePublisher": {
                    "value": "[parameters('imagePublisher')]"
                  },
                  "vmSize": {
                    "value": "[parameters('vmSize')]"
                  },
                  "dataDisks": {
                    "value": []
                  },
                  "dataDiskName": {
                    "value": "[parameters('dataDiskName')]"
                  },
                  "dataDiskSize": {
                    "value": "[parameters('dataDiskSize')]"
                  },
                  "vmOsDiskVolumeSize": {
                    "value": "[parameters('vmOsDiskVolumeSize')]"
                  },
                  "vmOsDiskEncryptionSetName": {
                    "value": "[parameters('vmOsDiskEncryptionSetName')]"
                  },
                  "vmOsDiskEncryptionSetResourceGroupName": {
                    "value": "[parameters('vmOsDiskEncryptionSetResourceGroupName')]"
                  },
                  "dataDiskCreateOption": {
                    "value": "[parameters('dataDiskCreateOption')]"
                  },
                  "dataDiskCaching": {
                    "value": "[parameters('dataDiskCaching')]"
                  },
                  "networkInterfaces": {
                    "value": [
                      {
                        "id": "[reference(resourceId('Microsoft.Resources/deployments', format('windows-vm-nic-{0}', parameters('vmName'))), '2025-04-01').outputs.nicId.value]",
                        "properties": {
                          "primary": true
                        }
                      }
                    ]
                  },
                  "imageOffer": {
                    "value": "[parameters('imageOffer')]"
                  },
                  "imageVersion": {
                    "value": "[parameters('imageVersion')]"
                  },
                  "availabilitySetName": "[if(equals(parameters('useAvailabilitySet'), true()), createObject('value', parameters('availabilitySetName')), createObject('value', ''))]",
                  "tags": {
                    "value": "[parameters('vmTags')]"
                  },
                  "osDiskCaching": {
                    "value": "[parameters('osDiskCaching')]"
                  }
                },
                "template": {
                  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                  "contentVersion": "1.0.0.0",
                  "metadata": {
                    "_generator": {
                      "name": "bicep",
                      "version": "0.41.2.15936",
                      "templateHash": "4251463215115324331"
                    }
                  },
                  "parameters": {
                    "location": {
                      "type": "string",
                      "defaultValue": "[resourceGroup().location]",
                      "metadata": {
                        "description": "Specify a location for the resources."
                      }
                    },
                    "vmName": {
                      "type": "string",
                      "metadata": {
                        "description": "Specify the name of the VM."
                      }
                    },
                    "imageId": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the compute gallery resource ID of the custom image."
                      }
                    },
                    "imageOffer": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the offer of the VM image."
                      }
                    },
                    "imagePublisher": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the publisher of the VM image."
                      }
                    },
                    "imageSku": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the SKU of the VM image."
                      }
                    },
                    "imageVersion": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the version of the image for the VM."
                      }
                    },
                    "vmSize": {
                      "type": "string",
                      "metadata": {
                        "description": "Specify a size of the VM."
                      }
                    },
                    "adminUserName": {
                      "type": "securestring",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the administrator username for the VM."
                      }
                    },
                    "adminPassword": {
                      "type": "securestring",
                      "metadata": {
                        "description": "Specify the password for the admin user on the VM."
                      }
                    },
                    "networkInterfaces": {
                      "type": "array",
                      "metadata": {
                        "description": "Specify the network interfaces."
                      }
                    },
                    "vmDiagnosticsStorageAccountResourceGroupName": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the storage account for diagnostic data resource group name."
                      }
                    },
                    "vmDiagnosticsStorageAccountName": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the storage account for diagnostic data."
                      }
                    },
                    "availabilitySetName": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "(Optional) Availability set name."
                      }
                    },
                    "dataDisks": {
                      "type": "array",
                      "defaultValue": [],
                      "metadata": {
                        "description": "(Optional) Predefined list of Data disks."
                      }
                    },
                    "dataDiskName": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "(Optional) Name of data disk for VM."
                      }
                    },
                    "dataDiskSize": {
                      "type": "int",
                      "defaultValue": 4095,
                      "metadata": {
                        "description": "(Optional) Data disk size for VM."
                      }
                    },
                    "vmOsDiskVolumeSize": {
                      "type": "int",
                      "defaultValue": 512,
                      "metadata": {
                        "description": "(Optional) OS disk size for VM."
                      }
                    },
                    "vmOsDiskEncryptionSetName": {
                      "type": "string",
                      "metadata": {
                        "description": "Name of the disk encryption set."
                      }
                    },
                    "vmOsDiskEncryptionSetResourceGroupName": {
                      "type": "string",
                      "metadata": {
                        "description": "Resource group name the disk encryption set is in."
                      }
                    },
                    "dataDiskCreateOption": {
                      "type": "string",
                      "defaultValue": "attach",
                      "metadata": {
                        "description": "(Optional) Specify the data disk creation option."
                      }
                    },
                    "dataDiskCaching": {
                      "type": "string",
                      "defaultValue": "ReadOnly",
                      "metadata": {
                        "description": "(Optional) Specify the data disk caching."
                      }
                    },
                    "osDiskName": {
                      "type": "string",
                      "defaultValue": "[format('{0}-osdisk', parameters('vmName'))]",
                      "metadata": {
                        "description": "(Optional) Name of OS disk for VM."
                      }
                    },
                    "diskStorageAccountType": {
                      "type": "string",
                      "defaultValue": "Premium_LRS",
                      "allowedValues": [
                        "Premium_LRS",
                        "Premium_ZRS",
                        "StandardSSD_LRS",
                        "StandardSSD_ZRS",
                        "Standard_LRS"
                      ],
                      "metadata": {
                        "description": "Specify the storage account type for the managed disk."
                      }
                    },
                    "includeAzSecPackExclusionTags": {
                      "type": "bool",
                      "defaultValue": false,
                      "metadata": {
                        "description": "(Optional) Specify whether to include AzSecPack install exclusion tags"
                      }
                    },
                    "tags": {
                      "type": "object",
                      "defaultValue": {},
                      "metadata": {
                        "description": "Specify the tags"
                      }
                    },
                    "osDiskCaching": {
                      "type": "string",
                      "defaultValue": "ReadWrite",
                      "metadata": {
                        "description": "OS disk caching option"
                      }
                    }
                  },
                  "variables": {
                    "azSecPackExcludeTags": {},
                    "_tags": "[if(equals(parameters('includeAzSecPackExclusionTags'), true()), union(parameters('tags'), variables('azSecPackExcludeTags')), parameters('tags'))]",
                    "managedDisk": {
                      "id": "[resourceId('Microsoft.Compute/disks', parameters('dataDiskName'))]",
                      "storageAccountType": "[parameters('diskStorageAccountType')]"
                    },
                    "storageAccountId": "[if(and(not(empty(parameters('vmDiagnosticsStorageAccountResourceGroupName'))), not(empty(parameters('vmDiagnosticsStorageAccountName')))), resourceId(parameters('vmDiagnosticsStorageAccountResourceGroupName'), 'Microsoft.Storage/storageAccounts', parameters('vmDiagnosticsStorageAccountName')), '')]",
                    "storageApiVersion": "2019-06-01",
                    "availabilitySet": {
                      "id": "[resourceId('Microsoft.Compute/availabilitySets', parameters('availabilitySetName'))]"
                    },
                    "dataDisk": [
                      {
                        "name": "[parameters('dataDiskName')]",
                        "lun": 0,
                        "createOption": "[parameters('dataDiskCreateOption')]",
                        "caching": "[parameters('dataDiskCaching')]",
                        "diskSizeGB": "[parameters('dataDiskSize')]",
                        "managedDisk": "[if(equals(parameters('dataDiskCreateOption'), 'Empty'), null(), variables('managedDisk'))]",
                        "writeAcceleratorEnabled": "false"
                      }
                    ]
                  },
                  "resources": [
                    {
                      "type": "Microsoft.Compute/virtualMachines",
                      "apiVersion": "2019-07-01",
                      "name": "[parameters('vmName')]",
                      "tags": "[variables('_tags')]",
                      "location": "[parameters('location')]",
                      "identity": {
                        "type": "SystemAssigned"
                      },
                      "properties": {
                        "hardwareProfile": {
                          "vmSize": "[parameters('vmSize')]"
                        },
                        "storageProfile": {
                          "imageReference": "[if(not(empty(parameters('imageId'))), createObject('id', parameters('imageId')), createObject('publisher', parameters('imagePublisher'), 'offer', parameters('imageOffer'), 'sku', parameters('imageSku'), 'version', parameters('imageVersion')))]",
                          "osDisk": {
                            "osType": "Windows",
                            "name": "[parameters('osDiskName')]",
                            "createOption": "FromImage",
                            "caching": "[parameters('osDiskCaching')]",
                            "managedDisk": {
                              "storageAccountType": "[parameters('diskStorageAccountType')]",
                              "diskEncryptionSet": {
                                "id": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('vmOsDiskEncryptionSetResourceGroupName')), 'Microsoft.Compute/diskEncryptionSets', parameters('vmOsDiskEncryptionSetName'))]"
                              }
                            },
                            "diskSizeGB": "[parameters('vmOsDiskVolumeSize')]"
                          },
                          "dataDisks": "[if(not(empty(parameters('dataDisks'))), parameters('dataDisks'), if(not(equals(parameters('dataDiskName'), '')), variables('dataDisk'), null()))]"
                        },
                        "osProfile": {
                          "computerName": "[parameters('vmName')]",
                          "adminUsername": "[parameters('adminUserName')]",
                          "adminPassword": "[parameters('adminPassword')]",
                          "secrets": []
                        },
                        "networkProfile": {
                          "networkInterfaces": "[parameters('networkInterfaces')]"
                        },
                        "availabilitySet": "[if(equals(parameters('availabilitySetName'), ''), null(), variables('availabilitySet'))]",
                        "diagnosticsProfile": "[if(and(not(empty(parameters('vmDiagnosticsStorageAccountResourceGroupName'))), not(empty(parameters('vmDiagnosticsStorageAccountName')))), createObject('bootDiagnostics', createObject('enabled', true(), 'storageUri', reference(variables('storageAccountId'), variables('storageApiVersion')).primaryEndpoints.blob)), null())]"
                      }
                    }
                  ],
                  "outputs": {
                    "vm": {
                      "type": "object",
                      "value": "[reference(resourceId('Microsoft.Compute/virtualMachines', parameters('vmName')), '2019-07-01', 'full')]"
                    },
                    "vmName": {
                      "type": "string",
                      "value": "[parameters('vmName')]"
                    },
                    "vmId": {
                      "type": "string",
                      "value": "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
                    },
                    "principalId": {
                      "type": "string",
                      "value": "[reference(resourceId('Microsoft.Compute/virtualMachines', parameters('vmName')), '2019-07-01', 'full').identity.principalId]"
                    }
                  }
                }
              },
              "dependsOn": [
                "[resourceId('Microsoft.Resources/deployments', format('windows-vm-nic-{0}', parameters('vmName')))]"
              ]
            },
            {
              "type": "Microsoft.Resources/deployments",
              "apiVersion": "2025-04-01",
              "name": "[format('windows-vm-extensions-{0}', parameters('vmName'))]",
              "properties": {
                "expressionEvaluationOptions": {
                  "scope": "inner"
                },
                "mode": "Incremental",
                "parameters": {
                  "vmName": {
                    "value": "[parameters('vmName')]"
                  },
                  "vmType": {
                    "value": "windows"
                  },
                  "userAssignedManagedIdentityId": {
                    "value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('userAssignedManagedIdentityResourceGroupName')), 'Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedManagedIdentityName'))]"
                  },
                  "location": {
                    "value": "[parameters('location')]"
                  },
                  "tags": {
                    "value": "[parameters('vmNameTags')]"
                  }
                },
                "template": {
                  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                  "contentVersion": "1.0.0.0",
                  "metadata": {
                    "_generator": {
                      "name": "bicep",
                      "version": "0.41.2.15936",
                      "templateHash": "12123014756953895594"
                    }
                  },
                  "parameters": {
                    "vmName": {
                      "type": "string",
                      "metadata": {
                        "description": "The name of the virtual machine"
                      }
                    },
                    "userAssignedManagedIdentityId": {
                      "type": "string",
                      "metadata": {
                        "description": "The User Assigned Managed Identity ID"
                      }
                    },
                    "location": {
                      "type": "string",
                      "defaultValue": "[resourceGroup().location]",
                      "metadata": {
                        "description": "Location"
                      }
                    },
                    "tags": {
                      "type": "object",
                      "defaultValue": {},
                      "metadata": {
                        "description": "Tags"
                      }
                    },
                    "vmType": {
                      "type": "string",
                      "defaultValue": "windows",
                      "allowedValues": [
                        "linux",
                        "windows"
                      ],
                      "metadata": {
                        "description": "Switch value determining what type of VM these extensions are for"
                      }
                    }
                  },
                  "variables": {
                    "vmTypeString": "[if(equals(parameters('vmType'), 'windows'), 'Windows', 'Linux')]"
                  },
                  "resources": [
                    {
                      "type": "Microsoft.Compute/virtualMachines/extensions",
                      "apiVersion": "2021-04-01",
                      "name": "[format('{0}/DependencyAgent{1}', parameters('vmName'), variables('vmTypeString'))]",
                      "location": "[parameters('location')]",
                      "tags": "[parameters('tags')]",
                      "properties": {
                        "publisher": "Microsoft.Azure.Monitoring.DependencyAgent",
                        "type": "[format('DependencyAgent{0}', variables('vmTypeString'))]",
                        "typeHandlerVersion": "9.5",
                        "autoUpgradeMinorVersion": true,
                        "enableAutomaticUpgrade": true
                      }
                    },
                    {
                      "type": "Microsoft.Compute/virtualMachines/extensions",
                      "apiVersion": "2021-04-01",
                      "name": "[format('{0}/AMAExtension', parameters('vmName'))]",
                      "location": "[parameters('location')]",
                      "tags": "[parameters('tags')]",
                      "properties": {
                        "publisher": "Microsoft.Azure.Monitor",
                        "type": "[if(equals(parameters('vmType'), 'windows'), 'AzureMonitorWindowsAgent', 'AzureMonitorLinuxAgent')]",
                        "typeHandlerVersion": "[if(equals(parameters('vmType'), 'windows'), '1.0', '1.21')]",
                        "autoUpgradeMinorVersion": true,
                        "enableAutomaticUpgrade": true,
                        "settings": {
                          "authentication": {
                            "managedIdentity": {
                              "identifier-name": "mi_res_id",
                              "identifier-value": "[parameters('userAssignedManagedIdentityId')]"
                            }
                          }
                        }
                      },
                      "dependsOn": [
                        "[resourceId('Microsoft.Compute/virtualMachines/extensions', split(format('{0}/DependencyAgent{1}', parameters('vmName'), variables('vmTypeString')), '/')[0], split(format('{0}/DependencyAgent{1}', parameters('vmName'), variables('vmTypeString')), '/')[1])]"
                      ]
                    },
                    {
                      "type": "Microsoft.Compute/virtualMachines/extensions",
                      "apiVersion": "2021-04-01",
                      "name": "[format('{0}/AzurePolicyfor{1}', parameters('vmName'), variables('vmTypeString'))]",
                      "location": "[parameters('location')]",
                      "tags": "[parameters('tags')]",
                      "properties": {
                        "publisher": "Microsoft.GuestConfiguration",
                        "type": "[format('Configurationfor{0}', variables('vmTypeString'))]",
                        "typeHandlerVersion": "1.0",
                        "autoUpgradeMinorVersion": true,
                        "enableAutomaticUpgrade": true
                      },
                      "dependsOn": [
                        "[resourceId('Microsoft.Compute/virtualMachines/extensions', split(format('{0}/AMAExtension', parameters('vmName')), '/')[0], split(format('{0}/AMAExtension', parameters('vmName')), '/')[1])]"
                      ]
                    },
                    {
                      "type": "Microsoft.Compute/virtualMachines/extensions",
                      "apiVersion": "2020-06-01",
                      "name": "[format('{0}/Microsoft.Azure.NetworkWatcher', parameters('vmName'))]",
                      "location": "[parameters('location')]",
                      "tags": "[parameters('tags')]",
                      "properties": {
                        "publisher": "Microsoft.Azure.NetworkWatcher",
                        "type": "[format('NetworkWatcherAgent{0}', variables('vmTypeString'))]",
                        "typeHandlerVersion": "1.4",
                        "autoUpgradeMinorVersion": true,
                        "enableAutomaticUpgrade": true
                      },
                      "dependsOn": [
                        "[resourceId('Microsoft.Compute/virtualMachines/extensions', split(format('{0}/AzurePolicyfor{1}', parameters('vmName'), variables('vmTypeString')), '/')[0], split(format('{0}/AzurePolicyfor{1}', parameters('vmName'), variables('vmTypeString')), '/')[1])]"
                      ]
                    }
                  ]
                }
              },
              "dependsOn": [
                "[resourceId('Microsoft.Resources/deployments', format('windows-vm-machine-{0}', parameters('vmName')))]"
              ]
            }
          ],
          "outputs": {
            "vmName": {
              "type": "string",
              "value": "[parameters('vmName')]"
            },
            "vmId": {
              "type": "string",
              "value": "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
            }
          }
        }
      }
    },
    {
      "condition": "[equals(parameters('useVmss'), true())]",
      "type": "Microsoft.Resources/deployments",
      "apiVersion": "2025-04-01",
      "name": "[variables('vmssName')]",
      "properties": {
        "expressionEvaluationOptions": {
          "scope": "inner"
        },
        "mode": "Incremental",
        "parameters": {
          "vmName": {
            "value": "[parameters('vmName')]"
          },
          "location": {
            "value": "[parameters('location')]"
          },
          "vmssTags": {
            "value": "[union(variables('defaultTag'), variables('vmssTags'))]"
          },
          "autoScaleTags": {
            "value": "[union(variables('defaultTag'), variables('autoScaleTags'))]"
          },
          "imageId": "[if(equals(parameters('useCustomImage'), true()), createObject('value', parameters('customImageId')), createObject('value', ''))]",
          "imageOffer": {
            "value": "[parameters('imageOffer')]"
          },
          "imagePublisher": {
            "value": "[parameters('imagePublisher')]"
          },
          "imageSku": {
            "value": "[parameters('imageSku')]"
          },
          "imageVersion": {
            "value": "[parameters('imageVersion')]"
          },
          "vmSize": {
            "value": "[parameters('vmSku')]"
          },
          "adminUserName": {
            "value": "[parameters('adminUserName')]"
          },
          "adminPassword": {
            "value": "[parameters('adminPassword')]"
          },
          "vmOsDiskVolumeSize": {
            "value": "[parameters('vmOsDiskVolumeSize')]"
          },
          "vmOsDiskEncryptionSetName": {
            "value": "[parameters('vmOsDiskEncryptionSetName').name]"
          },
          "vmOsDiskEncryptionSetResourceGroupName": {
            "value": "[first(skip(split(parameters('vmOsDiskEncryptionSetName').id, '/'), 4))]"
          },
          "osDiskCaching": {
            "value": "[parameters('osDiskCaching')]"
          },
          "subnetId": {
            "value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('networkingRgName')), 'Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[0], split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[1])]"
          },
          "instanceCount": {
            "value": "[parameters('instanceCount')]"
          },
          "maxInstanceCount": {
            "value": "[parameters('maxInstanceCount')]"
          },
          "minInstanceCount": {
            "value": "[parameters('minInstanceCount')]"
          },
          "scaleInThreshold": {
            "value": "[parameters('scaleInThreshold')]"
          },
          "scaleOutThreshold": {
            "value": "[parameters('scaleOutThreshold')]"
          },
          "enableIPForwarding": {
            "value": "[parameters('enableIPForwarding')]"
          },
          "enableAcceleratedNetworking": {
            "value": "[parameters('enableAcceleratedNetworking')]"
          },
          "dataCollectionEndpointId": {
            "value": "[variables('dataCollectionEndpointId')]"
          },
          "dataCollectionRuleId": {
            "value": "[variables('dataCollectionRuleId')]"
          },
          "userAssignedManagedIdentityName": {
            "value": "[parameters('userAssignedIdentityObject').name]"
          },
          "userAssignedManagedIdentityResourceGroupName": {
            "value": "[split(parameters('userAssignedIdentityObject').id, '/')[4]]"
          }
        },
        "template": {
          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "metadata": {
            "_generator": {
              "name": "bicep",
              "version": "0.41.2.15936",
              "templateHash": "12408625999875286847"
            }
          },
          "parameters": {
            "location": {
              "type": "string",
              "defaultValue": "[resourceGroup().location]",
              "metadata": {
                "description": "Specify a location for the resources."
              }
            },
            "vmName": {
              "type": "string",
              "metadata": {
                "description": "Specify the name of the Virtual Machine."
              }
            },
            "vmSize": {
              "type": "string",
              "metadata": {
                "description": "Specify a size of the Virtual Machine."
              }
            },
            "enableIPForwarding": {
              "type": "bool",
              "defaultValue": true,
              "metadata": {
                "description": "Specify to enable IP forwarding for the NIC."
              }
            },
            "enableAcceleratedNetworking": {
              "type": "bool",
              "defaultValue": true,
              "metadata": {
                "description": "Specify to enable accelerated networking for the NIC."
              }
            },
            "subnetId": {
              "type": "string",
              "metadata": {
                "description": "Specify the subnetId for the NIC."
              }
            },
            "vmssTags": {
              "type": "object",
              "defaultValue": {},
              "metadata": {
                "description": "Add tagging to the VMSS."
              }
            },
            "autoScaleTags": {
              "type": "object",
              "defaultValue": {},
              "metadata": {
                "description": "Add tagging to the AutoScale."
              }
            },
            "instanceCount": {
              "type": "int",
              "defaultValue": 1,
              "metadata": {
                "description": "Specify the initial number of Virtual Machine instances."
              }
            },
            "maxInstanceCount": {
              "type": "int",
              "defaultValue": 5,
              "metadata": {
                "description": "Specify the maximum number of Virtual Machine instances."
              }
            },
            "minInstanceCount": {
              "type": "int",
              "defaultValue": 1,
              "metadata": {
                "description": "Specify the minimum number of Virtual Machine instances."
              }
            },
            "imageId": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the compute gallery resource ID of the custom image."
              }
            },
            "imageOffer": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the offer of the Virtual Machine image."
              }
            },
            "imagePublisher": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the publisher of the Virtual Machine image."
              }
            },
            "imageSku": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the SKU of the Virtual Machine image."
              }
            },
            "imageVersion": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the version of the image for the Virtual Machine."
              }
            },
            "vmOsDiskVolumeSize": {
              "type": "int",
              "defaultValue": 512,
              "metadata": {
                "description": "(Optional) OS disk size for Virtual Machine."
              }
            },
            "vmOsDiskEncryptionSetName": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Name of the disk encryption set."
              }
            },
            "vmOsDiskEncryptionSetResourceGroupName": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Resource group name the disk encryption set is in."
              }
            },
            "adminUserName": {
              "type": "securestring",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the administrator username for the Virtual Machine."
              }
            },
            "adminPassword": {
              "type": "securestring",
              "metadata": {
                "description": "Specify the password for the admin user on the Virtual Machine."
              }
            },
            "scaleOutThreshold": {
              "type": "int",
              "defaultValue": 70,
              "metadata": {
                "description": "Specify the threshold for scaling out."
              }
            },
            "scaleInThreshold": {
              "type": "int",
              "defaultValue": 30,
              "metadata": {
                "description": "Specify the threshold for scaling in."
              }
            },
            "osDiskCaching": {
              "type": "string",
              "defaultValue": "ReadWrite",
              "metadata": {
                "description": "OS disk caching option"
              }
            },
            "userAssignedManagedIdentityName": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the user assigned managed identity name."
              }
            },
            "userAssignedManagedIdentityResourceGroupName": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the user assigned managed identity resource group name."
              }
            },
            "dataCollectionEndpointId": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the Data Collection Endpoint ID."
              }
            },
            "dataCollectionRuleId": {
              "type": "string",
              "defaultValue": "",
              "metadata": {
                "description": "Specify the Data Collection Rule ID."
              }
            },
            "vmType": {
              "type": "string",
              "defaultValue": "windows",
              "allowedValues": [
                "linux",
                "windows"
              ],
              "metadata": {
                "description": "Switch value determining what type of Virtual Machine these extensions are for"
              }
            }
          },
          "variables": {
            "extensions": [
              {
                "name": "AADLoginExtension",
                "properties": {
                  "publisher": "Microsoft.Azure.ActiveDirectory",
                  "type": "AADLoginForWindows",
                  "typeHandlerVersion": "1.0",
                  "autoUpgradeMinorVersion": true
                }
              },
              {
                "name": "AMALoginExtension",
                "properties": {
                  "publisher": "Microsoft.Azure.Monitor",
                  "type": "[if(equals(parameters('vmType'), 'windows'), 'AzureMonitorWindowsAgent', 'AzureMonitorLinuxAgent')]",
                  "typeHandlerVersion": "[if(equals(parameters('vmType'), 'windows'), '1.0', '1.21')]",
                  "autoUpgradeMinorVersion": true,
                  "enableAutomaticUpgrade": true,
                  "settings": {
                    "authentication": {
                      "managedIdentity": {
                        "identifier-name": "mi_res_id",
                        "identifier-value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('userAssignedManagedIdentityResourceGroupName')), 'Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedManagedIdentityName'))]"
                      }
                    }
                  }
                }
              }
            ],
            "networkInterface": [
              {
                "name": "[format('wvmss-nic-{0}', parameters('vmName'))]",
                "properties": {
                  "primary": true,
                  "ipConfigurations": [
                    {
                      "name": "[format('wvmss-nic-{0}-ipconf', parameters('vmName'))]",
                      "properties": {
                        "primary": true,
                        "privateIPAddressVersion": "IPv4",
                        "subnet": {
                          "id": "[parameters('subnetId')]"
                        }
                      }
                    }
                  ],
                  "enableIPForwarding": "[parameters('enableIPForwarding')]",
                  "enableAcceleratedNetworking": "[parameters('enableAcceleratedNetworking')]"
                }
              }
            ]
          },
          "resources": [
            {
              "type": "Microsoft.Insights/dataCollectionRuleAssociations",
              "apiVersion": "2023-03-11",
              "scope": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmName'))]",
              "name": "configurationAccessRule",
              "properties": {
                "dataCollectionRuleId": "[parameters('dataCollectionRuleId')]"
              },
              "dependsOn": [
                "[resourceId('Microsoft.Resources/deployments', format('windows-vmss-{0}', parameters('vmName')))]"
              ]
            },
            {
              "type": "Microsoft.Insights/dataCollectionRuleAssociations",
              "apiVersion": "2023-03-11",
              "scope": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmName'))]",
              "name": "configurationAccessEndpoint",
              "properties": {
                "dataCollectionEndpointId": "[parameters('dataCollectionEndpointId')]"
              },
              "dependsOn": [
                "[resourceId('Microsoft.Resources/deployments', format('windows-vmss-{0}', parameters('vmName')))]"
              ]
            },
            {
              "type": "Microsoft.Resources/deployments",
              "apiVersion": "2025-04-01",
              "name": "[format('windows-vmss-{0}', parameters('vmName'))]",
              "properties": {
                "expressionEvaluationOptions": {
                  "scope": "inner"
                },
                "mode": "Incremental",
                "parameters": {
                  "location": {
                    "value": "[parameters('location')]"
                  },
                  "vmssName": {
                    "value": "[parameters('vmName')]"
                  },
                  "tags": {
                    "value": "[parameters('vmssTags')]"
                  },
                  "autoScaleTags": {
                    "value": "[parameters('autoScaleTags')]"
                  },
                  "imageId": {
                    "value": "[parameters('imageId')]"
                  },
                  "imageOffer": {
                    "value": "[parameters('imageOffer')]"
                  },
                  "imagePublisher": {
                    "value": "[parameters('imagePublisher')]"
                  },
                  "imageSku": {
                    "value": "[parameters('imageSku')]"
                  },
                  "imageVersion": {
                    "value": "[parameters('imageVersion')]"
                  },
                  "vmssSku": {
                    "value": "[parameters('vmSize')]"
                  },
                  "adminUserName": {
                    "value": "[parameters('adminUserName')]"
                  },
                  "adminPassword": {
                    "value": "[parameters('adminPassword')]"
                  },
                  "vmOsDiskVolumeSize": {
                    "value": "[parameters('vmOsDiskVolumeSize')]"
                  },
                  "vmOsDiskEncryptionSetName": {
                    "value": "[parameters('vmOsDiskEncryptionSetName')]"
                  },
                  "vmOsDiskEncryptionSetResourceGroupName": {
                    "value": "[parameters('vmOsDiskEncryptionSetResourceGroupName')]"
                  },
                  "osDiskCaching": {
                    "value": "[parameters('osDiskCaching')]"
                  },
                  "networkInterfaces": {
                    "value": "[variables('networkInterface')]"
                  },
                  "instanceCount": {
                    "value": "[parameters('instanceCount')]"
                  },
                  "maxInstanceCount": {
                    "value": "[parameters('maxInstanceCount')]"
                  },
                  "minInstanceCount": {
                    "value": "[parameters('minInstanceCount')]"
                  },
                  "scaleOutThreshold": {
                    "value": "[parameters('scaleOutThreshold')]"
                  },
                  "scaleInThreshold": {
                    "value": "[parameters('scaleInThreshold')]"
                  },
                  "extensions": {
                    "value": "[variables('extensions')]"
                  },
                  "deployAsAdminVM": {
                    "value": true
                  }
                },
                "template": {
                  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                  "contentVersion": "1.0.0.0",
                  "metadata": {
                    "_generator": {
                      "name": "bicep",
                      "version": "0.41.2.15936",
                      "templateHash": "15099498138709658038"
                    }
                  },
                  "parameters": {
                    "vmssName": {
                      "type": "string",
                      "metadata": {
                        "description": "Virtual Machine Scale Set Name"
                      }
                    },
                    "location": {
                      "type": "string",
                      "defaultValue": "[resourceGroup().location]",
                      "metadata": {
                        "description": "Specify a location for the resources."
                      }
                    },
                    "tags": {
                      "type": "object",
                      "defaultValue": {},
                      "metadata": {
                        "description": "Add tagging to the VMSS."
                      }
                    },
                    "autoScaleTags": {
                      "type": "object",
                      "defaultValue": {},
                      "metadata": {
                        "description": "Add tagging to the AutoScale."
                      }
                    },
                    "instanceCount": {
                      "type": "int",
                      "defaultValue": 1,
                      "metadata": {
                        "description": "Specify the initial number of vm instance."
                      }
                    },
                    "maxInstanceCount": {
                      "type": "int",
                      "defaultValue": 5,
                      "metadata": {
                        "description": "Specify the maximum number of vm instance."
                      }
                    },
                    "minInstanceCount": {
                      "type": "int",
                      "defaultValue": 1,
                      "metadata": {
                        "description": "Specify the minimum number of vm instance."
                      }
                    },
                    "vmssSku": {
                      "type": "string",
                      "metadata": {
                        "description": "Specify a size of the VM."
                      }
                    },
                    "imageId": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the compute gallery resource ID of the custom image."
                      }
                    },
                    "imageOffer": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the offer of the VM image."
                      }
                    },
                    "imagePublisher": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the publisher of the VM image."
                      }
                    },
                    "imageSku": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the SKU of the VM image."
                      }
                    },
                    "imageVersion": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the version of the image for the VM."
                      }
                    },
                    "vmOsDiskVolumeSize": {
                      "type": "int",
                      "defaultValue": 512,
                      "metadata": {
                        "description": "(Optional) OS disk size for VM."
                      }
                    },
                    "vmOsDiskEncryptionSetName": {
                      "type": "string",
                      "metadata": {
                        "description": "Name of the disk encryption set."
                      }
                    },
                    "vmOsDiskEncryptionSetResourceGroupName": {
                      "type": "string",
                      "metadata": {
                        "description": "Resource group name the disk encryption set is in."
                      }
                    },
                    "adminUserName": {
                      "type": "securestring",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the administrator username for the VM."
                      }
                    },
                    "adminPassword": {
                      "type": "securestring",
                      "metadata": {
                        "description": "Specify the password for the admin user on the VM."
                      }
                    },
                    "networkInterfaces": {
                      "type": "array",
                      "metadata": {
                        "description": "Specify the network interfaces."
                      }
                    },
                    "diskStorageAccountType": {
                      "type": "string",
                      "defaultValue": "Premium_LRS",
                      "allowedValues": [
                        "Premium_LRS",
                        "Premium_ZRS",
                        "StandardSSD_LRS",
                        "StandardSSD_ZRS",
                        "Standard_LRS"
                      ],
                      "metadata": {
                        "description": "Specify the storage account type for the managed disk."
                      }
                    },
                    "scaleOutThreshold": {
                      "type": "int",
                      "defaultValue": 70,
                      "metadata": {
                        "description": "Specify the threshold for scaling out."
                      }
                    },
                    "scaleInThreshold": {
                      "type": "int",
                      "defaultValue": 30,
                      "metadata": {
                        "description": "Specify the threshold for scaling in."
                      }
                    },
                    "osDiskCaching": {
                      "type": "string",
                      "defaultValue": "ReadWrite",
                      "metadata": {
                        "description": "OS disk caching option"
                      }
                    },
                    "extensions": {
                      "type": "array",
                      "defaultValue": [],
                      "metadata": {
                        "description": "Specify the extensions."
                      }
                    },
                    "vmDiagnosticsStorageAccountResourceGroupName": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the storage account for diagnostic data resource group name."
                      }
                    },
                    "vmDiagnosticsStorageAccountName": {
                      "type": "string",
                      "defaultValue": "",
                      "metadata": {
                        "description": "Specify the storage account for diagnostic data."
                      }
                    },
                    "deployAsAdminVM": {
                      "type": "bool",
                      "defaultValue": false,
                      "metadata": {
                        "description": "Flag to create admin VM"
                      }
                    }
                  },
                  "variables": {
                    "storageAccountId": "[if(and(not(empty(parameters('vmDiagnosticsStorageAccountResourceGroupName'))), not(empty(parameters('vmDiagnosticsStorageAccountName')))), resourceId(parameters('vmDiagnosticsStorageAccountResourceGroupName'), 'Microsoft.Storage/storageAccounts', parameters('vmDiagnosticsStorageAccountName')), '')]",
                    "storageApiVersion": "2019-06-01"
                  },
                  "resources": [
                    {
                      "type": "Microsoft.Compute/virtualMachineScaleSets",
                      "apiVersion": "2021-07-01",
                      "name": "[parameters('vmssName')]",
                      "location": "[parameters('location')]",
                      "tags": "[parameters('tags')]",
                      "sku": {
                        "capacity": "[parameters('instanceCount')]",
                        "name": "[parameters('vmssSku')]",
                        "tier": "Standard"
                      },
                      "properties": {
                        "overprovision": false,
                        "upgradePolicy": {
                          "mode": "Automatic"
                        },
                        "virtualMachineProfile": {
                          "storageProfile": {
                            "imageReference": "[if(not(empty(parameters('imageId'))), createObject('id', parameters('imageId')), createObject('publisher', parameters('imagePublisher'), 'offer', parameters('imageOffer'), 'sku', parameters('imageSku'), 'version', parameters('imageVersion')))]",
                            "osDisk": {
                              "osType": "Windows",
                              "createOption": "FromImage",
                              "caching": "[parameters('osDiskCaching')]",
                              "managedDisk": {
                                "storageAccountType": "[parameters('diskStorageAccountType')]",
                                "diskEncryptionSet": "[if(equals(parameters('deployAsAdminVM'), false()), createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('vmOsDiskEncryptionSetResourceGroupName')), 'Microsoft.Compute/diskEncryptionSets', parameters('vmOsDiskEncryptionSetName'))), null())]"
                              },
                              "diskSizeGB": "[parameters('vmOsDiskVolumeSize')]"
                            }
                          },
                          "osProfile": {
                            "computerNamePrefix": "[parameters('vmssName')]",
                            "adminUsername": "[parameters('adminUserName')]",
                            "adminPassword": "[parameters('adminPassword')]",
                            "secrets": []
                          },
                          "networkProfile": {
                            "networkInterfaceConfigurations": "[parameters('networkInterfaces')]"
                          },
                          "diagnosticsProfile": "[if(and(not(empty(parameters('vmDiagnosticsStorageAccountResourceGroupName'))), not(empty(parameters('vmDiagnosticsStorageAccountName')))), createObject('bootDiagnostics', createObject('enabled', true(), 'storageUri', reference(variables('storageAccountId'), variables('storageApiVersion')).primaryEndpoints.blob)), null())]",
                          "extensionProfile": {
                            "extensions": "[parameters('extensions')]"
                          }
                        }
                      }
                    },
                    {
                      "type": "Microsoft.Insights/autoscalesettings",
                      "apiVersion": "2022-10-01",
                      "name": "[format('{0}-autoscale', parameters('vmssName'))]",
                      "location": "[parameters('location')]",
                      "tags": "[parameters('autoScaleTags')]",
                      "properties": {
                        "profiles": [
                          {
                            "name": "autoscaleProfile",
                            "capacity": {
                              "default": "[string(parameters('instanceCount'))]",
                              "maximum": "[string(parameters('maxInstanceCount'))]",
                              "minimum": "[string(parameters('minInstanceCount'))]"
                            },
                            "rules": [
                              {
                                "metricTrigger": {
                                  "metricName": "Percentage CPU",
                                  "metricResourceUri": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmssName'))]",
                                  "operator": "GreaterThan",
                                  "statistic": "Average",
                                  "threshold": "[parameters('scaleOutThreshold')]",
                                  "timeAggregation": "Average",
                                  "timeGrain": "PT1M",
                                  "timeWindow": "PT5M"
                                },
                                "scaleAction": {
                                  "direction": "Increase",
                                  "type": "ChangeCount",
                                  "value": "1",
                                  "cooldown": "PT5M"
                                }
                              },
                              {
                                "metricTrigger": {
                                  "metricName": "Percentage CPU",
                                  "metricResourceUri": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmssName'))]",
                                  "operator": "LessThan",
                                  "statistic": "Average",
                                  "threshold": "[parameters('scaleInThreshold')]",
                                  "timeAggregation": "Average",
                                  "timeGrain": "PT1M",
                                  "timeWindow": "PT5M"
                                },
                                "scaleAction": {
                                  "direction": "Decrease",
                                  "type": "ChangeCount",
                                  "value": "1",
                                  "cooldown": "PT5M"
                                }
                              }
                            ]
                          }
                        ],
                        "enabled": true,
                        "targetResourceUri": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmssName'))]"
                      },
                      "dependsOn": [
                        "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmssName'))]"
                      ]
                    }
                  ],
                  "outputs": {
                    "vmss": {
                      "type": "object",
                      "value": "[reference(resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmssName')), '2021-07-01', 'full')]"
                    },
                    "vmssName": {
                      "type": "string",
                      "value": "[parameters('vmssName')]"
                    },
                    "vmssId": {
                      "type": "string",
                      "value": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmssName'))]"
                    }
                  }
                }
              }
            }
          ]
        }
      }
    },
    {
      "condition": "[parameters('enableTelemetry')]",
      "type": "Microsoft.Resources/deployments",
      "apiVersion": "2025-04-01",
      "name": "adminVMTelemetry",
      "properties": {
        "expressionEvaluationOptions": {
          "scope": "inner"
        },
        "mode": "Incremental",
        "parameters": {
          "enableTelemetry": {
            "value": "[parameters('enableTelemetry')]"
          },
          "templateId": {
            "value": "5b1fc864-72b7-4e12-bc0a-8d6a2fe98cb4"
          },
          "name": {
            "value": "[format('ve.sc.5b1fc864-72b7-4e12-bc0a-8d6a2fe98cb4.ver{0}', deployment().properties.template.contentVersion)]"
          }
        },
        "template": {
          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "metadata": {
            "_generator": {
              "name": "bicep",
              "version": "0.41.2.15936",
              "templateHash": "17122352755371015786"
            }
          },
          "parameters": {
            "enableTelemetry": {
              "type": "bool"
            },
            "name": {
              "type": "string"
            },
            "templateId": {
              "type": "string",
              "defaultValue": ""
            }
          },
          "resources": [
            {
              "condition": "[parameters('enableTelemetry')]",
              "type": "Microsoft.Resources/deployments",
              "apiVersion": "2024-03-01",
              "name": "[parameters('name')]",
              "properties": {
                "mode": "Incremental",
                "template": {
                  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                  "contentVersion": "1.0.0.0",
                  "resources": [],
                  "outputs": {
                    "telemetry": {
                      "type": "String",
                      "value": ""
                    },
                    "templateId": {
                      "type": "String",
                      "value": "[parameters('templateId')]"
                    }
                  }
                }
              }
            }
          ]
        }
      }
    }
  ]
}