diff --git a/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json b/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json
index dba5d3d6f5..0b1cd0d25b 100644
--- a/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json
+++ b/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json
@@ -11,6 +11,12 @@
         "publicIPAddressId": {
             "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<<namePrefix>>-az-pip-x-bas"
         },
+        "skuType": {
+            "value": "Standard"
+        },
+        "scaleUnits": {
+            "value": 4
+        },
         "roleAssignments": {
             "value": [
                 {
diff --git a/arm/Microsoft.Network/bastionHosts/deploy.bicep b/arm/Microsoft.Network/bastionHosts/deploy.bicep
index 3c1547cc30..5d1c0fc0d1 100644
--- a/arm/Microsoft.Network/bastionHosts/deploy.bicep
+++ b/arm/Microsoft.Network/bastionHosts/deploy.bicep
@@ -38,6 +38,16 @@ param diagnosticEventHubName string = ''
 @description('Optional. Specify the type of lock.')
 param lock string = 'NotSpecified'
 
+@allowed([
+  'Basic'
+  'Standard'
+])
+@description('Optional. The SKU of this Bastion Host.')
+param skuType string = 'Basic'
+
+@description('Optional. The scale units for the Bastion Host resource.')
+param scaleUnits int = 2
+
 @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'')
 param roleAssignments array = []
 
@@ -64,6 +74,8 @@ var diagnosticsLogs = [for log in logsToEnable: {
   }
 }]
 
+var scaleUnits_var = skuType == 'Basic' ? 2 : scaleUnits
+
 module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) {
   name: 'pid-${cuaId}'
   params: {}
@@ -112,7 +124,11 @@ resource azureBastion 'Microsoft.Network/bastionHosts@2021-05-01' = {
   name: name
   location: location
   tags: tags
+  sku: {
+    name: skuType
+  }
   properties: {
+    scaleUnits: scaleUnits_var
     ipConfigurations: [
       {
         name: 'IpConf'
diff --git a/arm/Microsoft.Network/bastionHosts/readme.md b/arm/Microsoft.Network/bastionHosts/readme.md
index 80f42cf38a..8fadb1f285 100644
--- a/arm/Microsoft.Network/bastionHosts/readme.md
+++ b/arm/Microsoft.Network/bastionHosts/readme.md
@@ -29,6 +29,8 @@ This module deploys a bastion host.
 | `publicIPAddressId` | string |  |  | Optional. Specifies the resource ID of the existing public IP to be leveraged by Azure Bastion. |
 | `publicIPAddressObject` | object | `{object}` |  | Optional. Specifies the properties of the public IP to create and be used by Azure Bastion. If it's not provided and publicIPAddressId is empty, a '-pip' suffix will be appended to the Bastion's name. |
 | `roleAssignments` | array | `[]` |  | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' |
+| `scaleUnits` | int | `2` |  | Optional. The scale units for the Bastion Host resource. |
+| `skuType` | string | `Basic` | `[Basic, Standard]` | Optional. The SKU of this Bastion Host. |
 | `tags` | object | `{object}` |  | Optional. Tags of the resource. |
 | `vNetId` | string |  |  | Required. Shared services Virtual Network resource identifier |