Azure-Samples · segraef · Feb 28, 2025 · Mar 2, 2025 · Mar 2, 2025 · Apr 3, 2025
diff --git a/infra-as-code/bicep/keyvault.bicep b/infra-as-code/bicep/keyvault.bicep
@@ -30,24 +30,24 @@ resource keyVault 'Microsoft.KeyVault/vaults@2024-11-01' = {
  name: 'standard'
  }
  networkAcls: {
- defaultAction: 'Allow' // Production readiness change: This sample uses identity as the perimeter. Production scenarios should layer in network perimeter control as well.
- bypass: 'AzureServices' // Required for AppGW communication if firewall is enabled in the future.
+ defaultAction: 'Allow'  // Production readiness change: This sample uses identity as the perimeter. Production scenarios should layer in network perimeter control as well.
+ bypass: 'AzureServices'  // Required for AppGW communication if firewall is enabled in the future.
  ipRules: []
  virtualNetworkRules: []
  }
 
  tenantId: subscription().tenantId
 
- enableRbacAuthorization: true // Using RBAC
- enabledForDeployment: true // VMs can retrieve certificates
- enabledForTemplateDeployment: true // ARM can retrieve values
- accessPolicies: [] // Using RBAC
- publicNetworkAccess: 'Enabled' // Production readiness change: This sample uses identity as the perimeter. Production scenarios should layer in network perimeter control as well.
+ enableRbacAuthorization: true  // Using RBAC
+ enabledForDeployment: true  // VMs can retrieve certificates
+ enabledForTemplateDeployment: true  // ARM can retrieve values
+ accessPolicies: []  // Using RBAC
+ publicNetworkAccess: 'Enabled'  // Production readiness change: This sample uses identity as the perimeter. Production scenarios should layer in network perimeter control as well.
  enabledForDiskEncryption: false
 
  enableSoftDelete: true
  softDeleteRetentionInDays: 7
- createMode: 'default' // Creating or updating the key vault (not recovering)
+ createMode: 'default'  // Creating or updating the key vault (not recovering)
  }
 }
 

diff --git a/infra-as-code/bicep/machinelearning.bicep b/infra-as-code/bicep/machinelearning.bicep
@@ -128,7 +128,6 @@ resource blobStorageContributorForUserRoleAssignment 'Microsoft.Authorization/ro
  principalId: yourPrincipalId // Production readiness change: Users shouldn't be using the Prompt flow developer portal in production, so this role
  // assignment would only be needed in pre-production environments. In pre-production, use conditions on this assignment
  // to restrict access to just the blob containers used by the project.
-
  }
 }
 
@@ -173,19 +172,17 @@ resource aiHub 'Microsoft.MachineLearningServices/workspaces@2025-01-01-preview'
  allowRoleAssignmentOnRG: false // Require role assignments at the resource level.
  v1LegacyMode: false
  workspaceHubConfig: {
- defaultWorkspaceResourceGroup: resourceGroup().id  // Setting this to the same resource group as the workspace
+ defaultWorkspaceResourceGroup: resourceGroup().id // Setting this to the same resource group as the workspace
  }
-
  // Default settings for projects
  storageAccount: aiStudioStorageAccount.id
  containerRegistry: containerRegistry.id
- systemDatastoresAuthMode: 'identity'
- enableSoftwareBillOfMaterials: true
  enableDataIsolation: true
  keyVault: keyVault.id
- applicationInsights: applicationInsights.id
  hbiWorkspace: false
- imageBuildCompute: null
+ applicationInsights: applicationInsights.id
+ systemDatastoresAuthMode: 'Identity'
+ enableSoftwareBillOfMaterials: true
  }
 
  resource azureAiServicesConnection 'connections' = {
@@ -475,7 +472,6 @@ resource chatProjectDiagSettings 'Microsoft.Insights/diagnosticSettings@2021-05-
  }
 }
 
-
 @description('Azure Diagnostics: AI Foundry chat project -> endpoint')
 resource chatProjectEndpointDiagSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
  name: 'default'

diff --git a/infra-as-code/bicep/webapp.bicep b/infra-as-code/bicep/webapp.bicep
@@ -24,7 +24,7 @@ resource logWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' exis
 }
 
 // Built-in Azure RBAC role that is applied to a Key Vault to grant secrets content read permissions.
-resource keyVaultSecretsUserRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
+resource keyVaultSecretsUserRole 'Microsoft.Authorization/roleDefinitions@2022-05-01-preview' existing = {
  name: '4633458b-17de-408a-b874-0445c86b69e6'
  scope: subscription()
 }
@@ -64,7 +64,7 @@ module appServiceSecretsUserRoleAssignmentModule './modules/keyvaultRoleAssignme
 }
 
 // App service plan
-resource appServicePlan 'Microsoft.Web/serverfarms@2023-12-01' = {
+resource appServicePlan 'Microsoft.Web/serverfarms@2024-04-01' = {
  name: 'asp-${appName}${uniqueString(resourceGroup().id)}'
  location: location
  sku: {
@@ -79,7 +79,7 @@ resource appServicePlan 'Microsoft.Web/serverfarms@2023-12-01' = {
 }
 
 // Web App
-resource webApp 'Microsoft.Web/sites@2023-12-01' = {
+resource webApp 'Microsoft.Web/sites@2024-04-01' = {
  name: appName
  location: location
  kind: 'app'
@@ -110,7 +110,7 @@ resource webApp 'Microsoft.Web/sites@2023-12-01' = {
 }
 
 // App Settings
-resource appsettings 'Microsoft.Web/sites/config@2022-09-01' = {
+resource appsettings 'Microsoft.Web/sites/config@2024-04-01' = {
  name: 'appsettings'
  parent: webApp
  properties: {