diff --git a/arm/Microsoft.KeyVault/vaults/.bicep/nested_rbac.bicep b/arm/Microsoft.KeyVault/vaults/.bicep/nested_rbac.bicep
index 2af08d0837..3645c21d12 100644
--- a/arm/Microsoft.KeyVault/vaults/.bicep/nested_rbac.bicep
+++ b/arm/Microsoft.KeyVault/vaults/.bicep/nested_rbac.bicep
@@ -6,15 +6,15 @@ var builtInRoleNames = {
   'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
   'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
   'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
-  'Key Vault Administrator (preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483')
-  'Key Vault Certificates Officer (preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4417e6f-fecd-4de8-b567-7b0420556985')
+  'Key Vault Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483')
+  'Key Vault Certificates Officer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4417e6f-fecd-4de8-b567-7b0420556985')
   'Key Vault Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f25e0fa2-a7c8-4377-a976-54943a77a395')
-  'Key Vault Crypto Officer (preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '14b46e9e-c2b7-41b4-b07b-48a6ebf60603')
-  'Key Vault Crypto Service Encryption User (preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')
-  'Key Vault Crypto User (preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424')
-  'Key Vault Reader (preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21090545-7ca7-4776-b22c-e363652d74d2')
-  'Key Vault Secrets Officer (preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b86a8fe4-44ce-4948-aee5-eccb2c155cd7')
-  'Key Vault Secrets User (preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4633458b-17de-408a-b874-0445c86b69e6')
+  'Key Vault Crypto Officer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '14b46e9e-c2b7-41b4-b07b-48a6ebf60603')
+  'Key Vault Crypto Service Encryption User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')
+  'Key Vault Crypto User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424')
+  'Key Vault Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21090545-7ca7-4776-b22c-e363652d74d2')
+  'Key Vault Secrets Officer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b86a8fe4-44ce-4948-aee5-eccb2c155cd7')
+  'Key Vault Secrets User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4633458b-17de-408a-b874-0445c86b69e6')
   'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
   'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
@@ -25,8 +25,6 @@ var builtInRoleNames = {
   'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
   'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')
   'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
-  'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2')
-  'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2')
 }
 
 resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
diff --git a/arm/Microsoft.KeyVault/vaults/deploy.bicep b/arm/Microsoft.KeyVault/vaults/deploy.bicep
index 3a492ec5ee..700f78f8d8 100644
--- a/arm/Microsoft.KeyVault/vaults/deploy.bicep
+++ b/arm/Microsoft.KeyVault/vaults/deploy.bicep
@@ -142,15 +142,15 @@ var diagnosticsMetrics = [for metric in metricsToEnable: {
 var maxNameLength = 24
 var uniquenameUntrim = uniqueString('Key Vault${baseTime}')
 var uniquename = (length(uniquenameUntrim) > maxNameLength ? substring(uniquenameUntrim, 0, maxNameLength) : uniquenameUntrim)
-var name_var = empty(name) ? uniquename : name
+var name_var = !empty(name) ? name : uniquename
 var virtualNetworkRules = [for networkrule in ((contains(networkAcls, 'virtualNetworkRules')) ? networkAcls.virtualNetworkRules : []): {
   id: '${vNetId}/subnets/${networkrule.subnet}'
 }]
 var networkAcls_var = {
-  bypass: (empty(networkAcls) ? null : networkAcls.bypass)
-  defaultAction: (empty(networkAcls) ? null : networkAcls.defaultAction)
-  virtualNetworkRules: (empty(networkAcls) ? null : virtualNetworkRules)
-  ipRules: (empty(networkAcls) ? null : ((length(networkAcls.ipRules) == 0) ? [] : networkAcls.ipRules))
+  bypass: !empty(networkAcls) ? networkAcls.bypass : null
+  defaultAction: !empty(networkAcls) ? networkAcls.defaultAction : null
+  virtualNetworkRules: !empty(networkAcls) ? virtualNetworkRules : null
+  ipRules: (!empty(networkAcls) && length(networkAcls.ipRules) != 0) ? networkAcls.ipRules : null
 }
 
 var formattedAccessPolicies = [for accessPolicy in accessPolicies: {
@@ -179,14 +179,14 @@ resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' = {
     softDeleteRetentionInDays: softDeleteRetentionInDays
     enableRbacAuthorization: enableRbacAuthorization
     createMode: createMode
-    enablePurgeProtection: ((!enablePurgeProtection) ? null : enablePurgeProtection)
+    enablePurgeProtection: enablePurgeProtection ? enablePurgeProtection : null
     tenantId: subscription().tenantId
     accessPolicies: formattedAccessPolicies
     sku: {
       name: vaultSku
       family: 'A'
     }
-    networkAcls: (empty(networkAcls) ? null : networkAcls_var)
+    networkAcls: !empty(networkAcls) ? networkAcls_var : null
   }
 }
 
@@ -194,7 +194,7 @@ resource keyVault_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock !=
   name: '${keyVault.name}-${lock}-lock'
   properties: {
     level: lock
-    notes: (lock == 'CanNotDelete') ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.'
+    notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.'
   }
   scope: keyVault
 }
@@ -256,7 +256,7 @@ module keyVault_privateEndpoints '.bicep/nested_privateEndpoint.bicep' = [for (p
   name: '${uniqueString(deployment().name, location)}-KeyVault-PrivateEndpoint-${index}'
   params: {
     privateEndpointResourceId: keyVault.id
-    privateEndpointVnetLocation: (empty(privateEndpoints) ? 'dummy' : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)
+    privateEndpointVnetLocation: empty(privateEndpoints) ? 'dummy' : reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location
     privateEndpointObj: privateEndpoint
     tags: tags
   }
diff --git a/arm/Microsoft.KeyVault/vaults/keys/deploy.bicep b/arm/Microsoft.KeyVault/vaults/keys/deploy.bicep
index 4f4a215167..eb07e8dd66 100644
--- a/arm/Microsoft.KeyVault/vaults/keys/deploy.bicep
+++ b/arm/Microsoft.KeyVault/vaults/keys/deploy.bicep
@@ -71,12 +71,12 @@ resource key 'Microsoft.KeyVault/vaults/keys@2019-09-01' = {
   properties: {
     attributes: {
       enabled: attributesEnabled
-      exp: !(attributesExp == -1) ? attributesExp : null
-      nbf: !(attributesNbf == -1) ? attributesNbf : null
+      exp: attributesExp != -1 ? attributesExp : null
+      nbf: attributesNbf != -1 ? attributesNbf : null
     }
     curveName: curveName
     keyOps: keyOps
-    keySize: !(keySize == -1) ? keySize : null
+    keySize: keySize != -1 ? keySize : null
     kty: kty
   }
 }
diff --git a/arm/Microsoft.KeyVault/vaults/secrets/deploy.bicep b/arm/Microsoft.KeyVault/vaults/secrets/deploy.bicep
index 88ab876bbf..8b9cac8c1b 100644
--- a/arm/Microsoft.KeyVault/vaults/secrets/deploy.bicep
+++ b/arm/Microsoft.KeyVault/vaults/secrets/deploy.bicep
@@ -47,8 +47,8 @@ resource secret 'Microsoft.KeyVault/vaults/secrets@2019-09-01' = {
     contentType: contentType
     attributes: {
       enabled: attributesEnabled
-      exp: !(attributesExp == -1) ? attributesExp : null
-      nbf: !(attributesNbf == -1) ? attributesNbf : null
+      exp: attributesExp != -1 ? attributesExp : null
+      nbf: attributesNbf != -1 ? attributesNbf : null
     }
     value: value
   }