diff --git a/arm/Microsoft.Authorization/policyAssignments/deploy.bicep b/arm/Microsoft.Authorization/policyAssignments/deploy.bicep
index 7e5c1b1e83..300be967bf 100644
--- a/arm/Microsoft.Authorization/policyAssignments/deploy.bicep
+++ b/arm/Microsoft.Authorization/policyAssignments/deploy.bicep
@@ -54,6 +54,21 @@ param notScopes array = []
 @sys.description('Optional. Location for all resources.')
 param location string = deployment().location
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 module policyAssignment_mg 'managementGroup/deploy.bicep' = if (empty(subscriptionId) && empty(resourceGroupName)) {
   name: '${uniqueString(deployment().name, location)}-PolicyAssignment-MG-Module'
   scope: managementGroup(managementGroupId)
diff --git a/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep
index 7cfbb78895..eb16c6956a 100644
--- a/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep
+++ b/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep
@@ -53,10 +53,25 @@ var nonComplianceMessage_var = {
   message: !empty(nonComplianceMessage) ? nonComplianceMessage : null
 }
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
 var identity_var = identity == 'SystemAssigned' ? {
   type: identity
 } : null
 
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = {
   name: name
   location: location
diff --git a/arm/Microsoft.Authorization/policyAssignments/managementGroup/readme.md b/arm/Microsoft.Authorization/policyAssignments/managementGroup/readme.md
index 1f527ccc17..3ef12af8bd 100644
--- a/arm/Microsoft.Authorization/policyAssignments/managementGroup/readme.md
+++ b/arm/Microsoft.Authorization/policyAssignments/managementGroup/readme.md
@@ -15,6 +15,7 @@ With this module you can perform policy assignments on a management group level.
 | :-- | :-- | :-- | :-- | :-- |
 | `description` | string |  |  | Optional. This message will be part of response in case of policy violation. |
 | `displayName` | string |  |  | Optional. The display name of the policy assignment. Maximum length is 128 characters. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `enforcementMode` | string | `Default` | `[Default, DoNotEnforce]` | Optional. The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce |
 | `identity` | string | `SystemAssigned` | `[SystemAssigned, None]` | Optional. The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. |
 | `location` | string | `[deployment().location]` |  | Optional. Location for all resources. |
diff --git a/arm/Microsoft.Authorization/policyAssignments/readme.md b/arm/Microsoft.Authorization/policyAssignments/readme.md
index b7cc490356..df7db22640 100644
--- a/arm/Microsoft.Authorization/policyAssignments/readme.md
+++ b/arm/Microsoft.Authorization/policyAssignments/readme.md
@@ -15,6 +15,7 @@ With this module you can perform policy assignments across the management group,
 | :-- | :-- | :-- | :-- | :-- |
 | `description` | string |  |  | Optional. This message will be part of response in case of policy violation. |
 | `displayName` | string |  |  | Optional. The display name of the policy assignment. Maximum length is 128 characters. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `enforcementMode` | string | `Default` | `[Default, DoNotEnforce]` | Optional. The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce |
 | `identity` | string | `SystemAssigned` | `[SystemAssigned, None]` | Optional. The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. |
 | `location` | string | `[deployment().location]` |  | Optional. Location for all resources. |
diff --git a/arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep b/arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep
index d13fbf2e89..9df8ce15ec 100644
--- a/arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep
+++ b/arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep
@@ -53,10 +53,25 @@ var nonComplianceMessage_var = {
 @sys.description('Optional. The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment.')
 param subscriptionId string = subscription().subscriptionId
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
 var identity_var = identity == 'SystemAssigned' ? {
   type: identity
 } : null
 
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = {
   name: name
   location: location
diff --git a/arm/Microsoft.Authorization/policyAssignments/subscription/readme.md b/arm/Microsoft.Authorization/policyAssignments/subscription/readme.md
index 0214edc0c3..d5943d97e5 100644
--- a/arm/Microsoft.Authorization/policyAssignments/subscription/readme.md
+++ b/arm/Microsoft.Authorization/policyAssignments/subscription/readme.md
@@ -15,6 +15,7 @@ With this module you can perform policy assignments on a subscription level.
 | :-- | :-- | :-- | :-- | :-- |
 | `description` | string |  |  | Optional. This message will be part of response in case of policy violation. |
 | `displayName` | string |  |  | Optional. The display name of the policy assignment. Maximum length is 128 characters. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `enforcementMode` | string | `Default` | `[Default, DoNotEnforce]` | Optional. The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce |
 | `identity` | string | `SystemAssigned` | `[SystemAssigned, None]` | Optional. The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. |
 | `location` | string | `[deployment().location]` |  | Optional. Location for all resources. |
diff --git a/arm/Microsoft.Authorization/policyDefinitions/deploy.bicep b/arm/Microsoft.Authorization/policyDefinitions/deploy.bicep
index 198a9be60f..1aefba8da0 100644
--- a/arm/Microsoft.Authorization/policyDefinitions/deploy.bicep
+++ b/arm/Microsoft.Authorization/policyDefinitions/deploy.bicep
@@ -39,6 +39,21 @@ param subscriptionId string = ''
 @sys.description('Optional. Location for all resources.')
 param location string = deployment().location
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 module policyDefinition_mg 'managementGroup/deploy.bicep' = if (empty(subscriptionId)) {
   name: '${uniqueString(deployment().name, location)}-PolicyDefinition-MG-Module'
   scope: managementGroup(managementGroupId)
diff --git a/arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep
index 2e0046ff26..5771bc0b23 100644
--- a/arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep
+++ b/arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep
@@ -33,6 +33,21 @@ param policyRule object
 @sys.description('Optional. The group ID of the Management Group. If not provided, will use the current scope for deployment.')
 param managementGroupId string = managementGroup().name
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 resource policyDefinition 'Microsoft.Authorization/policyDefinitions@2021-06-01' = {
   name: name
   properties: {
diff --git a/arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md b/arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md
index ba5d7fe803..bfe2719bc8 100644
--- a/arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md
+++ b/arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md
@@ -14,6 +14,7 @@ With this module you can create policy definitions on a management group level.
 | :-- | :-- | :-- | :-- | :-- |
 | `description` | string |  |  | Optional. The policy definition description. |
 | `displayName` | string |  |  | Optional. The display name of the policy definition. Maximum length is 128 characters. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `managementGroupId` | string | `[managementGroup().name]` |  | Optional. The group ID of the Management Group. If not provided, will use the current scope for deployment. |
 | `metadata` | object | `{object}` |  | Optional. The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
 | `mode` | string | `All` | `[All, Indexed, Microsoft.KeyVault.Data, Microsoft.ContainerService.Data, Microsoft.Kubernetes.Data]` | Optional. The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. |
diff --git a/arm/Microsoft.Authorization/policyDefinitions/readme.md b/arm/Microsoft.Authorization/policyDefinitions/readme.md
index 5190891a52..336f86aef8 100644
--- a/arm/Microsoft.Authorization/policyDefinitions/readme.md
+++ b/arm/Microsoft.Authorization/policyDefinitions/readme.md
@@ -14,6 +14,7 @@ With this module you can create policy definitions across the management group o
 | :-- | :-- | :-- | :-- | :-- |
 | `description` | string |  |  | Optional. The policy definition description. |
 | `displayName` | string |  |  | Optional. The display name of the policy definition. Maximum length is 128 characters. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `location` | string | `[deployment().location]` |  | Optional. Location for all resources. |
 | `managementGroupId` | string | `[managementGroup().name]` |  | Optional. The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. |
 | `metadata` | object | `{object}` |  | Optional. The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
diff --git a/arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep b/arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep
index b99c23225c..f7f14a96d8 100644
--- a/arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep
+++ b/arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep
@@ -33,6 +33,21 @@ param policyRule object
 @sys.description('Optional. The subscription ID of the subscription')
 param subscriptionId string = subscription().subscriptionId
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 resource policyDefinition 'Microsoft.Authorization/policyDefinitions@2021-06-01' = {
   name: name
   properties: {
diff --git a/arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md b/arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md
index 4f47add459..90de7e498b 100644
--- a/arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md
+++ b/arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md
@@ -14,6 +14,7 @@ With this module you can create policy definitions on a subscription level.
 | :-- | :-- | :-- | :-- | :-- |
 | `description` | string |  |  | Optional. The policy definition description. |
 | `displayName` | string |  |  | Optional. The display name of the policy definition. Maximum length is 128 characters. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `metadata` | object | `{object}` |  | Optional. The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
 | `mode` | string | `All` | `[All, Indexed, Microsoft.KeyVault.Data, Microsoft.ContainerService.Data, Microsoft.Kubernetes.Data]` | Optional. The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. |
 | `name` | string |  |  | Required. Specifies the name of the policy definition. Maximum length is 64 characters. |
diff --git a/arm/Microsoft.Authorization/policyExemptions/deploy.bicep b/arm/Microsoft.Authorization/policyExemptions/deploy.bicep
index 5f89ad16f7..0ab2370f2a 100644
--- a/arm/Microsoft.Authorization/policyExemptions/deploy.bicep
+++ b/arm/Microsoft.Authorization/policyExemptions/deploy.bicep
@@ -42,6 +42,21 @@ param resourceGroupName string = ''
 @sys.description('Optional. Location for all resources.')
 param location string = deployment().location
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 module policyExemption_mg 'managementGroup/deploy.bicep' = if (empty(subscriptionId) && empty(resourceGroupName)) {
   name: '${uniqueString(deployment().name, location)}-PolicyExemption-MG-Module'
   scope: managementGroup(managementGroupId)
diff --git a/arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep
index c1f1169e93..d87a8d0718 100644
--- a/arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep
+++ b/arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep
@@ -33,6 +33,21 @@ param expiresOn string = ''
 @sys.description('Optional. The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment.')
 param managementGroupId string = managementGroup().name
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 resource policyExemption 'Microsoft.Authorization/policyExemptions@2020-07-01-preview' = {
   name: name
   properties: {
diff --git a/arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md b/arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md
index 3ac4570161..2650c770fa 100644
--- a/arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md
+++ b/arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md
@@ -14,6 +14,7 @@ With this module you can create policy exemptions on a management group level.
 | :-- | :-- | :-- | :-- | :-- |
 | `description` | string |  |  | Optional. The description of the policy exemption. |
 | `displayName` | string |  |  | Optional. The display name of the policy assignment. Maximum length is 128 characters. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `exemptionCategory` | string | `Mitigated` | `[Mitigated, Waiver]` | Optional. The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated |
 | `expiresOn` | string |  |  | Optional. The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z  |
 | `managementGroupId` | string | `[managementGroup().name]` |  | Optional. The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment. |
diff --git a/arm/Microsoft.Authorization/policyExemptions/readme.md b/arm/Microsoft.Authorization/policyExemptions/readme.md
index 6936706c51..57be93ea6d 100644
--- a/arm/Microsoft.Authorization/policyExemptions/readme.md
+++ b/arm/Microsoft.Authorization/policyExemptions/readme.md
@@ -14,6 +14,7 @@ With this module you can create policy exemptions across the management group, s
 | :-- | :-- | :-- | :-- | :-- |
 | `description` | string |  |  | Optional. The description of the policy exemption. |
 | `displayName` | string |  |  | Optional. The display name of the policy exemption. Maximum length is 128 characters. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `exemptionCategory` | string | `Mitigated` | `[Mitigated, Waiver]` | Optional. The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated |
 | `expiresOn` | string |  |  | Optional. The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z  |
 | `location` | string | `[deployment().location]` |  | Optional. Location for all resources. |
diff --git a/arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep b/arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep
index 9d8678ebb4..2fec3817f7 100644
--- a/arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep
+++ b/arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep
@@ -33,6 +33,21 @@ param expiresOn string = ''
 @sys.description('Optional. The subscription ID of the subscription to be exempted from the policy assignment. If not provided, will use the current scope for deployment.')
 param subscriptionId string = subscription().subscriptionId
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 resource policyExemption 'Microsoft.Authorization/policyExemptions@2020-07-01-preview' = {
   name: name
   properties: {
diff --git a/arm/Microsoft.Authorization/policyExemptions/subscription/readme.md b/arm/Microsoft.Authorization/policyExemptions/subscription/readme.md
index 111d447838..dd60c9e262 100644
--- a/arm/Microsoft.Authorization/policyExemptions/subscription/readme.md
+++ b/arm/Microsoft.Authorization/policyExemptions/subscription/readme.md
@@ -14,6 +14,7 @@ With this module you can create policy exemptions on a subscription level.
 | :-- | :-- | :-- | :-- | :-- |
 | `description` | string |  |  | Optional. The description of the policy exemption. |
 | `displayName` | string |  |  | Optional. The display name of the policy exemption. Maximum length is 128 characters. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `exemptionCategory` | string | `Mitigated` | `[Mitigated, Waiver]` | Optional. The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated |
 | `expiresOn` | string |  |  | Optional. The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z  |
 | `metadata` | object | `{object}` |  | Optional. The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
diff --git a/arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep b/arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep
index 7aef6f5258..063a7b5d90 100644
--- a/arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep
+++ b/arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep
@@ -32,6 +32,21 @@ param parameters object = {}
 @sys.description('Optional. Location for all resources.')
 param location string = deployment().location
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 module policySetDefinition_mg 'managementGroup/deploy.bicep' = if (empty(subscriptionId)) {
   name: '${uniqueString(deployment().name, location)}-PolicySetDefinition-MG-Module'
   scope: managementGroup(managementGroupId)
diff --git a/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep
index 192012e44d..d735154b5d 100644
--- a/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep
+++ b/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep
@@ -26,6 +26,21 @@ param policyDefinitionGroups array = []
 @sys.description('Optional. The Set Definition (Initiative) parameters that can be used in policy definition references.')
 param parameters object = {}
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 resource policySetDefinition 'Microsoft.Authorization/policySetDefinitions@2021-06-01' = {
   name: name
   properties: {
diff --git a/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md b/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md
index 17ed1856b0..e0368addc0 100644
--- a/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md
+++ b/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md
@@ -14,6 +14,7 @@ With this module you can create policy set definitions on a management group lev
 | :-- | :-- | :-- | :-- | :-- |
 | `description` | string |  |  | Optional. The description name of the Set Definition (Initiative) |
 | `displayName` | string |  |  | Optional. The display name of the Set Definition (Initiative). Maximum length is 128 characters. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `managementGroupId` | string | `[managementGroup().name]` |  | Optional. The group ID of the Management Group. If not provided, will use the current scope for deployment. |
 | `metadata` | object | `{object}` |  | Optional. The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
 | `name` | string |  |  | Required. Specifies the name of the policy Set Definition (Initiative). Maximum length is 24 characters for management group scope. |
diff --git a/arm/Microsoft.Authorization/policySetDefinitions/readme.md b/arm/Microsoft.Authorization/policySetDefinitions/readme.md
index f2f27209c0..0ac4730310 100644
--- a/arm/Microsoft.Authorization/policySetDefinitions/readme.md
+++ b/arm/Microsoft.Authorization/policySetDefinitions/readme.md
@@ -14,6 +14,7 @@ With this module you can create policy set definitions across the management gro
 | :-- | :-- | :-- | :-- | :-- |
 | `description` | string |  |  | Optional. The description name of the Set Definition (Initiative) |
 | `displayName` | string |  |  | Optional. The display name of the Set Definition (Initiative). Maximum length is 128 characters. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `location` | string | `[deployment().location]` |  | Optional. Location for all resources. |
 | `managementGroupId` | string | `[managementGroup().name]` |  | Optional. The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. |
 | `metadata` | object | `{object}` |  | Optional. The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
diff --git a/arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep b/arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep
index 236bc90c5c..b35c20f3fd 100644
--- a/arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep
+++ b/arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep
@@ -26,6 +26,21 @@ param policyDefinitionGroups array = []
 @sys.description('Optional. The Set Definition (Initiative) parameters that can be used in policy definition references.')
 param parameters object = {}
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 resource policySetDefinition 'Microsoft.Authorization/policySetDefinitions@2021-06-01' = {
   name: name
   properties: {
diff --git a/arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md b/arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md
index 11a83a542b..9cae11577f 100644
--- a/arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md
+++ b/arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md
@@ -14,6 +14,7 @@ With this module you can create policy set definitions on a subscription level.
 | :-- | :-- | :-- | :-- | :-- |
 | `description` | string |  |  | Optional. The description name of the Set Definition (Initiative) |
 | `displayName` | string |  |  | Optional. The display name of the Set Definition (Initiative). Maximum length is 128 characters. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `metadata` | object | `{object}` |  | Optional. The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. |
 | `name` | string |  |  | Required. Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. |
 | `parameters` | object | `{object}` |  | Optional. The Set Definition (Initiative) parameters that can be used in policy definition references. |
diff --git a/arm/Microsoft.Authorization/roleAssignments/deploy.bicep b/arm/Microsoft.Authorization/roleAssignments/deploy.bicep
index 01a069ea86..c8146cecba 100644
--- a/arm/Microsoft.Authorization/roleAssignments/deploy.bicep
+++ b/arm/Microsoft.Authorization/roleAssignments/deploy.bicep
@@ -44,6 +44,21 @@ param conditionVersion string = '2.0'
 ])
 param principalType string = ''
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 module roleAssignment_mg 'managementGroup/deploy.bicep' = if (empty(subscriptionId) && empty(resourceGroupName)) {
   name: '${uniqueString(deployment().name, location)}-RoleAssignment-MG-Module'
   scope: managementGroup(managementGroupId)
diff --git a/arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep
index 1bc2e4ce88..0ccf2e8137 100644
--- a/arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep
+++ b/arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep
@@ -35,6 +35,9 @@ param conditionVersion string = '2.0'
 ])
 param principalType string = ''
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
 var builtInRoleNames_var = {
   'AcrPush': '/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec'
   'API Management Service Contributor': '/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c'
@@ -321,6 +324,18 @@ var builtInRoleNames_var = {
 
 var roleDefinitionId_var = (contains(builtInRoleNames_var, roleDefinitionIdOrName) ? builtInRoleNames_var[roleDefinitionIdOrName] : roleDefinitionIdOrName)
 
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = {
   name: guid(managementGroupId, roleDefinitionId_var, principalId)
   properties: {
diff --git a/arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md b/arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md
index 10e98eb01b..10c47b32e9 100644
--- a/arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md
+++ b/arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md
@@ -16,6 +16,7 @@ With this module you can perform role assignments on a management group level
 | `conditionVersion` | string | `2.0` | `[2.0]` | Optional. Version of the condition. Currently accepted value is "2.0" |
 | `delegatedManagedIdentityResourceId` | string |  |  | Optional. ID of the delegated managed identity resource |
 | `description` | string |  |  | Optional. Description of role assignment |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `managementGroupId` | string | `[managementGroup().name]` |  | Optional. Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. |
 | `principalId` | string |  |  | Required. The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity) |
 | `principalType` | string |  | `[ServicePrincipal, Group, User, ForeignGroup, Device, ]` | Optional. The principal type of the assigned principal ID. |
diff --git a/arm/Microsoft.Authorization/roleAssignments/readme.md b/arm/Microsoft.Authorization/roleAssignments/readme.md
index bbfb50fcc2..9bb90f1017 100644
--- a/arm/Microsoft.Authorization/roleAssignments/readme.md
+++ b/arm/Microsoft.Authorization/roleAssignments/readme.md
@@ -16,6 +16,7 @@ This module deploys Role Assignments across the management group, subscription o
 | `conditionVersion` | string | `2.0` | `[2.0]` | Optional. Version of the condition. Currently accepted value is "2.0" |
 | `delegatedManagedIdentityResourceId` | string |  |  | Optional. ID of the delegated managed identity resource |
 | `description` | string |  |  | Optional. Description of role assignment |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `location` | string | `[deployment().location]` |  | Optional. Location for all resources. |
 | `managementGroupId` | string | `[managementGroup().name]` |  | Optional. Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. |
 | `principalId` | string |  |  | Required. The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity) |
diff --git a/arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep b/arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep
index bf5f0fcd9b..b5600f9379 100644
--- a/arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep
+++ b/arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep
@@ -35,6 +35,9 @@ param conditionVersion string = '2.0'
 ])
 param principalType string = ''
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
 var builtInRoleNames_var = {
   'AcrPush': '/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec'
   'API Management Service Contributor': '/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c'
@@ -319,6 +322,18 @@ var builtInRoleNames_var = {
   'Azure Maps Contributor': '/providers/Microsoft.Authorization/roleDefinitions/dba33070-676a-4fb0-87fa-064dc56ff7fb'
 }
 
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 var roleDefinitionId_var = (contains(builtInRoleNames_var, roleDefinitionIdOrName) ? builtInRoleNames_var[roleDefinitionIdOrName] : roleDefinitionIdOrName)
 
 resource roleAssignment 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = {
diff --git a/arm/Microsoft.Authorization/roleAssignments/subscription/readme.md b/arm/Microsoft.Authorization/roleAssignments/subscription/readme.md
index 54917e3356..c85644fcfd 100644
--- a/arm/Microsoft.Authorization/roleAssignments/subscription/readme.md
+++ b/arm/Microsoft.Authorization/roleAssignments/subscription/readme.md
@@ -16,6 +16,7 @@ With this module you can perform role assignments on a subscription level
 | `conditionVersion` | string | `2.0` | `[2.0]` | Optional. Version of the condition. Currently accepted value is "2.0" |
 | `delegatedManagedIdentityResourceId` | string |  |  | Optional. ID of the delegated managed identity resource |
 | `description` | string |  |  | Optional. Description of role assignment |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `principalId` | string |  |  | Required. The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity) |
 | `principalType` | string |  | `[ServicePrincipal, Group, User, ForeignGroup, Device, ]` | Optional. The principal type of the assigned principal ID. |
 | `roleDefinitionIdOrName` | string |  |  | Required. You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' |
diff --git a/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep b/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep
index 2fed913ce9..1bf3c34402 100644
--- a/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep
+++ b/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep
@@ -33,6 +33,21 @@ param location string = deployment().location
 @sys.description('Optional. Role definition assignable scopes. If not provided, will use the current scope provided.')
 param assignableScopes array = []
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 module roleDefinition_mg 'managementGroup/deploy.bicep' = if (empty(subscriptionId) && empty(resourceGroupName)) {
   name: '${uniqueString(deployment().name, location)}-RoleDefinition-MG-Module'
   scope: managementGroup(managementGroupId)
diff --git a/arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep
index b915817aa6..4d5bb27077 100644
--- a/arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep
+++ b/arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep
@@ -18,6 +18,21 @@ param managementGroupId string = managementGroup().name
 @sys.description('Optional. Role definition assignable scopes. If not provided, will use the current scope provided.')
 param assignableScopes array = []
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 resource roleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
   name: guid(roleName, managementGroupId)
   properties: {
diff --git a/arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md b/arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md
index 50dc65f01f..4f0f28d370 100644
--- a/arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md
+++ b/arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md
@@ -15,6 +15,7 @@ With this module you can create role definitions on a management group level
 | `actions` | array | `[]` |  | Optional. List of allowed actions. |
 | `assignableScopes` | array | `[]` |  | Optional. Role definition assignable scopes. If not provided, will use the current scope provided. |
 | `description` | string |  |  | Optional. Description of the custom RBAC role to be created. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `managementGroupId` | string | `[managementGroup().name]` |  | Optional. The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. |
 | `notActions` | array | `[]` |  | Optional. List of denied actions. |
 | `roleName` | string |  |  | Required. Name of the custom RBAC role to be created. |
diff --git a/arm/Microsoft.Authorization/roleDefinitions/readme.md b/arm/Microsoft.Authorization/roleDefinitions/readme.md
index 5df05a8322..19ce0ecbec 100644
--- a/arm/Microsoft.Authorization/roleDefinitions/readme.md
+++ b/arm/Microsoft.Authorization/roleDefinitions/readme.md
@@ -16,6 +16,7 @@ This module deploys custom RBAC Role Definitions across the management group, su
 | `assignableScopes` | array | `[]` |  | Optional. Role definition assignable scopes. If not provided, will use the current scope provided. |
 | `dataActions` | array | `[]` |  | Optional. List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes |
 | `description` | string |  |  | Optional. Description of the custom RBAC role to be created. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `location` | string | `[deployment().location]` |  | Optional. Location for all resources. |
 | `managementGroupId` | string | `[managementGroup().name]` |  | Optional. The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. |
 | `notActions` | array | `[]` |  | Optional. List of denied actions. |
diff --git a/arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep b/arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep
index abc70bc7f8..be9d4812b2 100644
--- a/arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep
+++ b/arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep
@@ -24,6 +24,21 @@ param subscriptionId string = subscription().subscriptionId
 @sys.description('Optional. Role definition assignable scopes. If not provided, will use the current scope provided.')
 param assignableScopes array = []
 
+@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 resource roleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
   name: guid(roleName, subscriptionId)
   properties: {
diff --git a/arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md b/arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md
index 950830c0cd..cbd393a57d 100644
--- a/arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md
+++ b/arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md
@@ -16,6 +16,7 @@ With this module you can create role definitions on a subscription level
 | `assignableScopes` | array | `[]` |  | Optional. Role definition assignable scopes. If not provided, will use the current scope provided. |
 | `dataActions` | array | `[]` |  | Optional. List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes |
 | `description` | string |  |  | Optional. Description of the custom RBAC role to be created. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `notActions` | array | `[]` |  | Optional. List of denied actions. |
 | `notDataActions` | array | `[]` |  | Optional. List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes |
 | `roleName` | string |  |  | Required. Name of the custom RBAC role to be created. |
diff --git a/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep b/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep
index 71d8eb855c..67b1bd705b 100644
--- a/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep
+++ b/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep
@@ -44,6 +44,9 @@ param logsToEnable array = [
   'ResourceHealth'
 ]
 
+@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
 var diagnosticsLogs = [for log in logsToEnable: {
   category: log
   enabled: true
@@ -53,6 +56,18 @@ var diagnosticsLogs = [for log in logsToEnable: {
   }
 }]
 
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
 resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
   name: name
   properties: {
diff --git a/arm/Microsoft.Insights/diagnosticSettings/readme.md b/arm/Microsoft.Insights/diagnosticSettings/readme.md
index f225ac5394..0d31f3d458 100644
--- a/arm/Microsoft.Insights/diagnosticSettings/readme.md
+++ b/arm/Microsoft.Insights/diagnosticSettings/readme.md
@@ -17,6 +17,7 @@ This module deploys a subscription wide export of the activity log.
 | `diagnosticLogsRetentionInDays` | int | `365` |  | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. |
 | `diagnosticStorageAccountId` | string |  |  | Optional. Resource ID of the diagnostic storage account. |
 | `diagnosticWorkspaceId` | string |  |  | Optional. Resource ID of the diagnostic log analytics workspace. |
+| `enableDefaultTelemetry` | bool | `True` |  | Optional. Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `logsToEnable` | array | `[Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Autoscale, ResourceHealth]` | `[Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Autoscale, ResourceHealth]` | Optional. The name of logs that will be streamed. |
 | `name` | string | `[format('{0}-ActivityLog', uniqueString(subscription().id))]` |  | Optional. Name of the ActivityLog diagnostic settings. |