From 267ac6810aa8e7455984a54c07048a729a119186 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@outlook.de>
Date: Fri, 6 May 2022 17:47:40 +0200
Subject: [PATCH 1/4] Added sql/servers/vulnerabilityAssessments

fixes #1211
---
 .../vulnerabilityAssessments/deploy.bicep     | 59 +++++++++++++++++++
 .../vulnerabilityAssessments/readme.md        | 41 +++++++++++++
 .../vulnerabilityAssessments/version.json     |  4 ++
 3 files changed, 104 insertions(+)
 create mode 100644 arm/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep
 create mode 100644 arm/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md
 create mode 100644 arm/Microsoft.Sql/servers/vulnerabilityAssessments/version.json

diff --git a/arm/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep b/arm/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep
new file mode 100644
index 0000000000..1a9bf98fa3
--- /dev/null
+++ b/arm/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep
@@ -0,0 +1,59 @@
+@description('Required. The name of the vulnerability assessment')
+param name string
+
+@description('Required. The Name of SQL Server')
+param serverName string
+
+@description('Optional. Recurring scans state.')
+param recurringScansIsEnabled bool = false
+
+@description('Optional. Specifies that the schedule scan notification will be is sent to the subscription administrators.')
+param recurringScansEmailSubscriptionAdmins bool = false
+
+@description('Optional. Specifies an array of email addresses to which the scan notification is sent.')
+param recurringScansEmails array = []
+
+@description('Optional. A blob storage to hold the scan results.')
+param vulnerabilityAssessmentsStorageAccountId string = ''
+
+@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-9319755b-f697-4146-b966-4656e0b46cac-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
+resource server 'Microsoft.Sql/servers@2021-05-01-preview' existing = {
+  name: serverName
+}
+
+resource vulnerabilityAssessment 'Microsoft.Sql/servers/vulnerabilityAssessments@2021-11-01-preview' = {
+  name: name
+  parent: server
+  properties: {
+    storageContainerPath: 'https://${last(split(vulnerabilityAssessmentsStorageAccountId, '/'))}.blob.${environment().suffixes.storage}/vulnerability-assessment/'
+    storageAccountAccessKey: listKeys(vulnerabilityAssessmentsStorageAccountId, '2019-06-01').keys[0].value
+    recurringScans: {
+      isEnabled: recurringScansIsEnabled
+      emailSubscriptionAdmins: recurringScansEmailSubscriptionAdmins
+      emails: recurringScansEmails
+    }
+  }
+}
+
+@description('The name of the deployed vulnerability assessment')
+output name string = vulnerabilityAssessment.name
+
+@description('The resource ID of the deployed vulnerability assessment')
+output resourceId string = vulnerabilityAssessment.id
+
+@description('The resource group of the deployed vulnerability assessment')
+output resourceGroupName string = resourceGroup().name
diff --git a/arm/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md b/arm/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md
new file mode 100644
index 0000000000..f3aeddbc59
--- /dev/null
+++ b/arm/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md
@@ -0,0 +1,41 @@
+# SQL Managed Instance Vulnerability Assessments `[Microsoft.Sql/servers/vulnerabilityAssessments]`
+
+This module deploys a vulnerability assessment for a SQL server.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Sql/servers/vulnerabilityAssessments` | [2021-11-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-11-01-preview/servers/vulnerabilityAssessments) |
+
+## Parameters
+
+**Required parameters**
+| Parameter Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the vulnerability assessment |
+| `serverName` | string | The Name of SQL Server |
+
+**Optional parameters**
+| Parameter Name | Type | Default Value | Description |
+| :-- | :-- | :-- | :-- |
+| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). |
+| `recurringScansEmails` | array | `[]` | Specifies an array of email addresses to which the scan notification is sent. |
+| `recurringScansEmailSubscriptionAdmins` | bool | `False` | Specifies that the schedule scan notification will be is sent to the subscription administrators. |
+| `recurringScansIsEnabled` | bool | `False` | Recurring scans state. |
+| `vulnerabilityAssessmentsStorageAccountId` | string | `''` | A blob storage to hold the scan results. |
+
+
+## Outputs
+
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the deployed vulnerability assessment |
+| `resourceGroupName` | string | The resource group of the deployed vulnerability assessment |
+| `resourceId` | string | The resource ID of the deployed vulnerability assessment |
diff --git a/arm/Microsoft.Sql/servers/vulnerabilityAssessments/version.json b/arm/Microsoft.Sql/servers/vulnerabilityAssessments/version.json
new file mode 100644
index 0000000000..f64f5fbd13
--- /dev/null
+++ b/arm/Microsoft.Sql/servers/vulnerabilityAssessments/version.json
@@ -0,0 +1,4 @@
+{
+  "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
+  "version": "0.5"
+}

From 0e35d28081d7a500bf6cc19eca3f4d528d7f3bcf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@outlook.de>
Date: Fri, 6 May 2022 18:09:18 +0200
Subject: [PATCH 2/4] Added vulnerability Assessments to sql server

---
 .../servers/.parameters/parameters.json       | 161 +++++++++---------
 arm/Microsoft.Sql/servers/deploy.bicep        |  19 +++
 arm/Microsoft.Sql/servers/readme.md           |   2 +
 3 files changed, 105 insertions(+), 77 deletions(-)

diff --git a/arm/Microsoft.Sql/servers/.parameters/parameters.json b/arm/Microsoft.Sql/servers/.parameters/parameters.json
index 2c5e6acb9f..ad3924c53d 100644
--- a/arm/Microsoft.Sql/servers/.parameters/parameters.json
+++ b/arm/Microsoft.Sql/servers/.parameters/parameters.json
@@ -1,83 +1,90 @@
 {
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-sqlsrv-x-001"
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "name": {
+      "value": "<<namePrefix>>-az-sqlsrv-x-001"
+    },
+    "administratorLogin": {
+      "reference": {
+        "keyVault": {
+          "id": "/subscriptions/<<subscriptionId>>/resourceGroups/<<resourceGroupName>>/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
         },
-        "administratorLogin": {
-            "reference": {
-                "keyVault": {
-                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/<<resourceGroupName>>/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-                },
-                "secretName": "administratorLogin"
-            }
+        "secretName": "administratorLogin"
+      }
+    },
+    "administratorLoginPassword": {
+      "reference": {
+        "keyVault": {
+          "id": "/subscriptions/<<subscriptionId>>/resourceGroups/<<resourceGroupName>>/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
         },
-        "administratorLoginPassword": {
-            "reference": {
-                "keyVault": {
-                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/<<resourceGroupName>>/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-                },
-                "secretName": "administratorLoginPassword"
-            }
-        },
-        "location": {
-            "value": "westeurope"
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "databases": {
-            "value": [
-                {
-                    "name": "<<namePrefix>>-az-sqldb-x-001",
-                    "collation": "SQL_Latin1_General_CP1_CI_AS",
-                    "skuTier": "BusinessCritical",
-                    "skuName": "BC_Gen5",
-                    "skuCapacity": 12,
-                    "skuFamily": "Gen5",
-                    "maxSizeBytes": 34359738368,
-                    "licenseType": "LicenseIncluded",
-                    "diagnosticLogsRetentionInDays": 7,
-                    "diagnosticStorageAccountId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001",
-                    "diagnosticWorkspaceId": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001",
-                    "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey",
-                    "diagnosticEventHubName": "adp-<<namePrefix>>-az-evh-x-001"
-                }
-            ]
-        },
-        "firewallRules": {
-            "value": [
-                {
-                    "name": "AllowAllWindowsAzureIps",
-                    "endIpAddress": "0.0.0.0",
-                    "startIpAddress": "0.0.0.0"
-                }
-            ]
-        },
-        "securityAlertPolicies": {
-            "value": [
-                {
-                    "name": "Default",
-                    "state": "Enabled",
-                    "emailAccountAdmins": true
-                }
-            ]
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
+        "secretName": "administratorLoginPassword"
+      }
+    },
+    "location": {
+      "value": "westeurope"
+    },
+    "roleAssignments": {
+      "value": [
+        {
+          "roleDefinitionIdOrName": "Reader",
+          "principalIds": ["<<deploymentSpId>>"]
+        }
+      ]
+    },
+    "vulnerabilityAssessmentsObj": {
+      "value": {
+        "name": "default",
+        "emailSubscriptionAdmins": true,
+        "recurringScansIsEnabled": true,
+        "recurringScansEmails": ["test1@contoso.com", "test2@contoso.com"],
+        "vulnerabilityAssessmentsStorageAccountId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      }
+    },
+    "databases": {
+      "value": [
+        {
+          "name": "<<namePrefix>>-az-sqldb-x-001",
+          "collation": "SQL_Latin1_General_CP1_CI_AS",
+          "skuTier": "BusinessCritical",
+          "skuName": "BC_Gen5",
+          "skuCapacity": 12,
+          "skuFamily": "Gen5",
+          "maxSizeBytes": 34359738368,
+          "licenseType": "LicenseIncluded",
+          "diagnosticLogsRetentionInDays": 7,
+          "diagnosticStorageAccountId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001",
+          "diagnosticWorkspaceId": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001",
+          "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey",
+          "diagnosticEventHubName": "adp-<<namePrefix>>-az-evh-x-001"
+        }
+      ]
+    },
+    "firewallRules": {
+      "value": [
+        {
+          "name": "AllowAllWindowsAzureIps",
+          "endIpAddress": "0.0.0.0",
+          "startIpAddress": "0.0.0.0"
+        }
+      ]
+    },
+    "securityAlertPolicies": {
+      "value": [
+        {
+          "name": "Default",
+          "state": "Enabled",
+          "emailAccountAdmins": true
         }
+      ]
+    },
+    "systemAssignedIdentity": {
+      "value": true
+    },
+    "userAssignedIdentities": {
+      "value": {
+        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+      }
     }
+  }
 }
diff --git a/arm/Microsoft.Sql/servers/deploy.bicep b/arm/Microsoft.Sql/servers/deploy.bicep
index eb6605c9f8..a49d0a198d 100644
--- a/arm/Microsoft.Sql/servers/deploy.bicep
+++ b/arm/Microsoft.Sql/servers/deploy.bicep
@@ -53,6 +53,9 @@ var identity = identityType != 'None' ? {
   userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null
 } : null
 
+@description('Optional. The vulnerability assessment configuration')
+param vulnerabilityAssessmentsObj object = {}
+
 resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
   name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
   properties: {
@@ -167,6 +170,22 @@ module server_securityAlertPolicies 'securityAlertPolicies/deploy.bicep' = [for
   }
 }]
 
+module server_vulnerabilityAssessment 'vulnerabilityAssessments/deploy.bicep' = if (!empty(vulnerabilityAssessmentsObj)) {
+  name: '${uniqueString(deployment().name, location)}-Sql-VulnAssessm'
+  params: {
+    serverName: server.name
+    name: vulnerabilityAssessmentsObj.name
+    recurringScansEmails: contains(vulnerabilityAssessmentsObj, 'recurringScansEmails') ? vulnerabilityAssessmentsObj.recurringScansEmails : []
+    recurringScansEmailSubscriptionAdmins: contains(vulnerabilityAssessmentsObj, 'recurringScansEmailSubscriptionAdmins') ? vulnerabilityAssessmentsObj.recurringScansEmailSubscriptionAdmins : false
+    recurringScansIsEnabled: contains(vulnerabilityAssessmentsObj, 'recurringScansIsEnabled') ? vulnerabilityAssessmentsObj.recurringScansIsEnabled : false
+    vulnerabilityAssessmentsStorageAccountId: contains(vulnerabilityAssessmentsObj, 'vulnerabilityAssessmentsStorageAccountId') ? vulnerabilityAssessmentsObj.vulnerabilityAssessmentsStorageAccountId : ''
+    enableDefaultTelemetry: enableDefaultTelemetry
+  }
+  dependsOn: [
+    server_securityAlertPolicies
+  ]
+}
+
 @description('The name of the deployed SQL server')
 output name string = server.name
 
diff --git a/arm/Microsoft.Sql/servers/readme.md b/arm/Microsoft.Sql/servers/readme.md
index d2f556b73b..a26299acce 100644
--- a/arm/Microsoft.Sql/servers/readme.md
+++ b/arm/Microsoft.Sql/servers/readme.md
@@ -19,6 +19,7 @@ This module deploys a SQL server.
 | `Microsoft.Sql/servers/databases` | [2021-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/servers/databases) |
 | `Microsoft.Sql/servers/firewallRules` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers/firewallRules) |
 | `Microsoft.Sql/servers/securityAlertPolicies` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers/securityAlertPolicies) |
+| `Microsoft.Sql/servers/vulnerabilityAssessments` | [2021-11-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-11-01-preview/servers/vulnerabilityAssessments) |
 
 ## Parameters
 
@@ -43,6 +44,7 @@ This module deploys a SQL server.
 | `systemAssignedIdentity` | bool | `False` |  | Enables system assigned managed identity on the resource. |
 | `tags` | object | `{object}` |  | Tags of the resource. |
 | `userAssignedIdentities` | object | `{object}` |  | The ID(s) to assign to the resource. |
+| `vulnerabilityAssessmentsObj` | _[vulnerabilityAssessments](vulnerabilityAssessments/readme.md)_ object | `{object}` |  | The vulnerability assessment configuration |
 
 
 ### Parameter Usage: `roleAssignments`

From c4409decb44ca9e2b7d4953a04bd2e77e329d0d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@outlook.de>
Date: Sun, 8 May 2022 15:33:16 +0200
Subject: [PATCH 3/4] Updated readme

---
 arm/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arm/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md b/arm/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md
index f3aeddbc59..c86bdeedce 100644
--- a/arm/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md
+++ b/arm/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md
@@ -1,4 +1,4 @@
-# SQL Managed Instance Vulnerability Assessments `[Microsoft.Sql/servers/vulnerabilityAssessments]`
+# SQL Server Vulnerability Assessments `[Microsoft.Sql/servers/vulnerabilityAssessments]`
 
 This module deploys a vulnerability assessment for a SQL server.
 

From 4e74e8cb834ef12e8fa635d26b893541b0043e3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20M=C3=BCller?= <robin.mueller@outlook.de>
Date: Sun, 8 May 2022 15:37:38 +0200
Subject: [PATCH 4/4] Fixed formatting

---
 .../servers/.parameters/parameters.json       | 171 +++++++++---------
 1 file changed, 87 insertions(+), 84 deletions(-)

diff --git a/arm/Microsoft.Sql/servers/.parameters/parameters.json b/arm/Microsoft.Sql/servers/.parameters/parameters.json
index ad3924c53d..25727edea5 100644
--- a/arm/Microsoft.Sql/servers/.parameters/parameters.json
+++ b/arm/Microsoft.Sql/servers/.parameters/parameters.json
@@ -1,90 +1,93 @@
 {
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    "name": {
-      "value": "<<namePrefix>>-az-sqlsrv-x-001"
-    },
-    "administratorLogin": {
-      "reference": {
-        "keyVault": {
-          "id": "/subscriptions/<<subscriptionId>>/resourceGroups/<<resourceGroupName>>/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "<<namePrefix>>-az-sqlsrv-x-001"
         },
-        "secretName": "administratorLogin"
-      }
-    },
-    "administratorLoginPassword": {
-      "reference": {
-        "keyVault": {
-          "id": "/subscriptions/<<subscriptionId>>/resourceGroups/<<resourceGroupName>>/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
+        "administratorLogin": {
+            "reference": {
+                "keyVault": {
+                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/<<resourceGroupName>>/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
+                },
+                "secretName": "administratorLogin"
+            }
         },
-        "secretName": "administratorLoginPassword"
-      }
-    },
-    "location": {
-      "value": "westeurope"
-    },
-    "roleAssignments": {
-      "value": [
-        {
-          "roleDefinitionIdOrName": "Reader",
-          "principalIds": ["<<deploymentSpId>>"]
-        }
-      ]
-    },
-    "vulnerabilityAssessmentsObj": {
-      "value": {
-        "name": "default",
-        "emailSubscriptionAdmins": true,
-        "recurringScansIsEnabled": true,
-        "recurringScansEmails": ["test1@contoso.com", "test2@contoso.com"],
-        "vulnerabilityAssessmentsStorageAccountId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-      }
-    },
-    "databases": {
-      "value": [
-        {
-          "name": "<<namePrefix>>-az-sqldb-x-001",
-          "collation": "SQL_Latin1_General_CP1_CI_AS",
-          "skuTier": "BusinessCritical",
-          "skuName": "BC_Gen5",
-          "skuCapacity": 12,
-          "skuFamily": "Gen5",
-          "maxSizeBytes": 34359738368,
-          "licenseType": "LicenseIncluded",
-          "diagnosticLogsRetentionInDays": 7,
-          "diagnosticStorageAccountId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001",
-          "diagnosticWorkspaceId": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001",
-          "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey",
-          "diagnosticEventHubName": "adp-<<namePrefix>>-az-evh-x-001"
-        }
-      ]
-    },
-    "firewallRules": {
-      "value": [
-        {
-          "name": "AllowAllWindowsAzureIps",
-          "endIpAddress": "0.0.0.0",
-          "startIpAddress": "0.0.0.0"
-        }
-      ]
-    },
-    "securityAlertPolicies": {
-      "value": [
-        {
-          "name": "Default",
-          "state": "Enabled",
-          "emailAccountAdmins": true
+        "administratorLoginPassword": {
+            "reference": {
+                "keyVault": {
+                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/<<resourceGroupName>>/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
+                },
+                "secretName": "administratorLoginPassword"
+            }
+        },
+        "location": {
+            "value": "westeurope"
+        },
+        "roleAssignments": {
+            "value": [
+                {
+                    "roleDefinitionIdOrName": "Reader",
+                    "principalIds": ["<<deploymentSpId>>"]
+                }
+            ]
+        },
+        "vulnerabilityAssessmentsObj": {
+            "value": {
+                "name": "default",
+                "emailSubscriptionAdmins": true,
+                "recurringScansIsEnabled": true,
+                "recurringScansEmails": [
+                    "test1@contoso.com",
+                    "test2@contoso.com"
+                ],
+                "vulnerabilityAssessmentsStorageAccountId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+            }
+        },
+        "databases": {
+            "value": [
+                {
+                    "name": "<<namePrefix>>-az-sqldb-x-001",
+                    "collation": "SQL_Latin1_General_CP1_CI_AS",
+                    "skuTier": "BusinessCritical",
+                    "skuName": "BC_Gen5",
+                    "skuCapacity": 12,
+                    "skuFamily": "Gen5",
+                    "maxSizeBytes": 34359738368,
+                    "licenseType": "LicenseIncluded",
+                    "diagnosticLogsRetentionInDays": 7,
+                    "diagnosticStorageAccountId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001",
+                    "diagnosticWorkspaceId": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001",
+                    "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey",
+                    "diagnosticEventHubName": "adp-<<namePrefix>>-az-evh-x-001"
+                }
+            ]
+        },
+        "firewallRules": {
+            "value": [
+                {
+                    "name": "AllowAllWindowsAzureIps",
+                    "endIpAddress": "0.0.0.0",
+                    "startIpAddress": "0.0.0.0"
+                }
+            ]
+        },
+        "securityAlertPolicies": {
+            "value": [
+                {
+                    "name": "Default",
+                    "state": "Enabled",
+                    "emailAccountAdmins": true
+                }
+            ]
+        },
+        "systemAssignedIdentity": {
+            "value": true
+        },
+        "userAssignedIdentities": {
+            "value": {
+                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+            }
         }
-      ]
-    },
-    "systemAssignedIdentity": {
-      "value": true
-    },
-    "userAssignedIdentities": {
-      "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-      }
     }
-  }
 }