From d819b2d7a35da658779ab392126479a47487fea5 Mon Sep 17 00:00:00 2001
From: Jan-Henrik Damaschke <jdamaschke@visorian.com>
Date: Fri, 8 Jul 2022 12:09:17 +0200
Subject: [PATCH 1/8] feat(staticsites):  Added linkedBackends to staticSites
 extension

---
 .../staticSites/.test/min.parameters.json     |  12 +-
 .../staticSites/.test/parameters.json         | 111 ++++++++++--------
 .../staticSites/config/deploy.bicep           |  33 ++++++
 .../staticSites/customDomains/deploy.bicep    |  29 +++++
 .../Microsoft.Web/staticSites/deploy.bicep    |  61 +++++++++-
 .../staticSites/linkedBackends/deploy.bicep   |  33 ++++++
 .../userProvidedFunctionApps/deploy.bicep     |  33 ++++++
 7 files changed, 257 insertions(+), 55 deletions(-)
 create mode 100644 modules/Microsoft.Web/staticSites/config/deploy.bicep
 create mode 100644 modules/Microsoft.Web/staticSites/customDomains/deploy.bicep
 create mode 100644 modules/Microsoft.Web/staticSites/linkedBackends/deploy.bicep
 create mode 100644 modules/Microsoft.Web/staticSites/userProvidedFunctionApps/deploy.bicep

diff --git a/modules/Microsoft.Web/staticSites/.test/min.parameters.json b/modules/Microsoft.Web/staticSites/.test/min.parameters.json
index b5781f46f0..dd29975a58 100644
--- a/modules/Microsoft.Web/staticSites/.test/min.parameters.json
+++ b/modules/Microsoft.Web/staticSites/.test/min.parameters.json
@@ -1,9 +1,9 @@
 {
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-wss-min-001"
-        }
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "name": {
+      "value": "<<namePrefix>>-az-wss-min-001"
     }
+  }
 }
diff --git a/modules/Microsoft.Web/staticSites/.test/parameters.json b/modules/Microsoft.Web/staticSites/.test/parameters.json
index 68d8697715..4a35ab0448 100644
--- a/modules/Microsoft.Web/staticSites/.test/parameters.json
+++ b/modules/Microsoft.Web/staticSites/.test/parameters.json
@@ -1,50 +1,69 @@
 {
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-wss-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "sku": {
-            "value": "Standard"
-        },
-        "stagingEnvironmentPolicy": {
-            "value": "Enabled"
-        },
-        "allowConfigFileUpdates": {
-            "value": true
-        },
-        "enterpriseGradeCdnStatus": {
-            "value": "Disabled"
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "staticSites"
-                }
-            ]
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "name": {
+      "value": "<<namePrefix>>-az-wss-x-001"
+    },
+    "lock": {
+      "value": "CanNotDelete"
+    },
+    "sku": {
+      "value": "Standard"
+    },
+    "stagingEnvironmentPolicy": {
+      "value": "Enabled"
+    },
+    "allowConfigFileUpdates": {
+      "value": true
+    },
+    "enterpriseGradeCdnStatus": {
+      "value": "Disabled"
+    },
+    "systemAssignedIdentity": {
+      "value": true
+    },
+    "customDomains": {
+      "value": [
+        "testdomain1.domain",
+        "testdomain2.domain",
+        "testdomain3.domain"
+      ]
+    },
+    "appSettings": {
+      "value": {
+        "foo": "bar",
+        "setting": 1
+      }
+    },
+    "functionAppSettings": {
+      "value": {
+        "foo": "bar",
+        "setting": 1
+      }
+    },
+    "userAssignedIdentities": {
+      "value": {
+        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+      }
+    },
+    "roleAssignments": {
+      "value": [
+        {
+          "roleDefinitionIdOrName": "Reader",
+          "principalIds": [
+            "<<deploymentSpId>>"
+          ]
         }
+      ]
+    },
+    "privateEndpoints": {
+      "value": [
+        {
+          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
+          "service": "staticSites"
+        }
+      ]
     }
+  }
 }
diff --git a/modules/Microsoft.Web/staticSites/config/deploy.bicep b/modules/Microsoft.Web/staticSites/config/deploy.bicep
new file mode 100644
index 0000000000..453d5922be
--- /dev/null
+++ b/modules/Microsoft.Web/staticSites/config/deploy.bicep
@@ -0,0 +1,33 @@
+@allowed([
+  'appsettings'
+  'functionappsettings'
+])
+@description('Required. Type of settings to apply.')
+param kind string
+
+@description('Required. App settings.')
+param properties object
+
+@description('Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment.')
+param staticSiteName string
+
+resource staticSite 'Microsoft.Web/staticSites@2022-03-01' existing = {
+  name: staticSiteName
+}
+
+resource config 'Microsoft.Web/staticSites/config@2022-03-01' = {
+  #disable-next-line BCP225
+  name: kind
+  parent: staticSite
+  properties: properties
+}
+
+@description('The name of the config.')
+output name string = config.name
+
+@description('The resource ID of the config.')
+output resourceId string = config.id
+
+@description('The name of the resource group the config was created in.')
+output resourceGroupName string = resourceGroup().name
+
diff --git a/modules/Microsoft.Web/staticSites/customDomains/deploy.bicep b/modules/Microsoft.Web/staticSites/customDomains/deploy.bicep
new file mode 100644
index 0000000000..bd6ad9d005
--- /dev/null
+++ b/modules/Microsoft.Web/staticSites/customDomains/deploy.bicep
@@ -0,0 +1,29 @@
+@description('Conditional. The custom domain name. Required if the template is used in a standalone deployment.')
+param name string
+
+@description('Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment.')
+param staticSiteName string
+
+@description('Optional. Validation method for adding a custom domain.')
+param validationMethod string = 'cname-delegation'
+
+resource staticSite 'Microsoft.Web/staticSites@2022-03-01' existing = {
+  name: staticSiteName
+}
+
+resource customDomain 'Microsoft.Web/staticSites/customDomains@2022-03-01' = {
+  name: name
+  parent: staticSite
+  properties: {
+    validationMethod: validationMethod
+  }
+}
+
+@description('The name of the static site.')
+output name string = customDomain.name
+
+@description('The resource ID of the static site.')
+output resourceId string = customDomain.id
+
+@description('The resource group the static site was deployed into.')
+output resourceGroupName string = resourceGroup().name
diff --git a/modules/Microsoft.Web/staticSites/deploy.bicep b/modules/Microsoft.Web/staticSites/deploy.bicep
index 7fff54a10e..6494af9d9a 100644
--- a/modules/Microsoft.Web/staticSites/deploy.bicep
+++ b/modules/Microsoft.Web/staticSites/deploy.bicep
@@ -65,7 +65,7 @@ param userAssignedIdentities object = {}
 @description('Optional. Specify the type of lock.')
 param lock string = ''
 
-@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.')
+@description('Optional. Configuration details for private endpoints.')
 param privateEndpoints array = []
 
 @description('Optional. Tags of the resource.')
@@ -77,6 +77,25 @@ param enableDefaultTelemetry bool = true
 @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
 param roleAssignments array = []
 
+@description('Optional. Object with parameters for the userDefinedFunctionApp property. WARNING: currently the userDefinedFunctionApp endpoint is no idempotent, meaning this can only be used for initial registration.')
+param userDefinedFunctionApp object = {}
+
+@description('Optional. ')
+param appSettings object = {}
+
+@description('Optional. ')
+param functionAppSettings object = {}
+
+@allowed([
+  'Enabled'
+  'Disabled'
+])
+@description('Optional. State indicating whether public traffic are allowed or not for a static web app. Allowed Values: "Enabled", "Disabled" or an empty string.')
+param publicNetworkAccess string = 'Enabled'
+
+@description('Optional. The custom domains associated with this static site.')
+param customDomains array = []
+
 var enableReferencedModulesTelemetry = false
 
 var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None')
@@ -98,7 +117,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
   }
 }
 
-resource staticSite 'Microsoft.Web/staticSites@2021-03-01' = {
+resource staticSite 'Microsoft.Web/staticSites@2022-03-01' = {
   name: name
   location: location
   tags: tags
@@ -117,10 +136,46 @@ resource staticSite 'Microsoft.Web/staticSites@2021-03-01' = {
     repositoryToken: !empty(repositoryToken) ? repositoryToken : null
     repositoryUrl: !empty(repositoryUrl) ? repositoryUrl : null
     templateProperties: !empty(templateProperties) ? templateProperties : null
+    publicNetworkAccess: publicNetworkAccess
+  }
+}
+
+module staticSite_userDefinedFunctionApp 'userProvidedFunctionApps/deploy.bicep' = if (!empty(userDefinedFunctionApp)) {
+  name: '${uniqueString(deployment().name, location)}-StaticSite-UserDefinedFunction'
+  params: {
+    staticSiteName: staticSite.name
+    functionAppRegion: userDefinedFunctionApp.functionAppRegion
+    functionAppResourceId: userDefinedFunctionApp.functionAppResourceId
   }
 }
 
-resource staticSite_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) {
+module staticSite_appSettings 'config/deploy.bicep' = if (!empty(appSettings)) {
+  name: '${uniqueString(deployment().name, location)}-StaticSite-appSettings'
+  params: {
+    kind: 'appsettings'
+    staticSiteName: staticSite.name
+    properties: appSettings
+  }
+}
+
+module staticSite_functionAppSettings 'config/deploy.bicep' = if (!empty(functionAppSettings)) {
+  name: '${uniqueString(deployment().name, location)}-StaticSite-functionAppSettings'
+  params: {
+    kind: 'functionappsettings'
+    staticSiteName: staticSite.name
+    properties: functionAppSettings
+  }
+}
+
+module staticSite_customDomains 'customDomains/deploy.bicep' = [for (customDomain, index) in customDomains: {
+  name: '${uniqueString(deployment().name, location)}-StaticSite-customDomains-${index}'
+  params: {
+    name: customDomain
+    staticSiteName: staticSite.name
+  }
+}]
+
+resource staticSite_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) {
   name: '${staticSite.name}-${lock}-lock'
   properties: {
     level: any(lock)
diff --git a/modules/Microsoft.Web/staticSites/linkedBackends/deploy.bicep b/modules/Microsoft.Web/staticSites/linkedBackends/deploy.bicep
new file mode 100644
index 0000000000..9f99f31843
--- /dev/null
+++ b/modules/Microsoft.Web/staticSites/linkedBackends/deploy.bicep
@@ -0,0 +1,33 @@
+@description('Requried. The resource id of the backend linked to the static site.')
+param backendResourceId string
+
+@description('Optional. The region of the backend linked to the static site.')
+param region string = resourceGroup().location
+
+@description('Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment.')
+param staticSiteName string
+
+@description('Optional. Name of the backend to link to the static site.')
+param linkedBackendName string = uniqueString(backendResourceId)
+
+resource staticSite 'Microsoft.Web/staticSites@2022-03-01' existing = {
+  name: staticSiteName
+}
+
+resource linkedBackend 'Microsoft.Web/staticSites/linkedBackends@2022-03-01' = {
+  name: linkedBackendName
+  parent: staticSite
+  properties: {
+    backendResourceId: backendResourceId
+    region: region
+  }
+}
+
+@description('The name of the static site.')
+output name string = linkedBackend.name
+
+@description('The resource ID of the static site.')
+output resourceId string = linkedBackend.id
+
+@description('The resource group the static site was deployed into.')
+output resourceGroupName string = resourceGroup().name
diff --git a/modules/Microsoft.Web/staticSites/userProvidedFunctionApps/deploy.bicep b/modules/Microsoft.Web/staticSites/userProvidedFunctionApps/deploy.bicep
new file mode 100644
index 0000000000..0854ba8768
--- /dev/null
+++ b/modules/Microsoft.Web/staticSites/userProvidedFunctionApps/deploy.bicep
@@ -0,0 +1,33 @@
+@description('Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment.')
+param staticSiteName string
+
+@description('Required. The resource id of the function app registered with the static site.')
+param functionAppResourceId string
+
+@description('Optional. The region of the function app registered with the static site.')
+param functionAppRegion string = resourceGroup().location
+
+resource staticSite 'Microsoft.Web/staticSites@2022-03-01' existing = {
+  name: staticSiteName
+}
+
+resource userProvidedFunctionApp 'Microsoft.Web/staticSites/userProvidedFunctionApps@2022-03-01' = {
+  name: '${staticSite.name}-userProvidedFunctionApp'
+  parent: staticSite
+  properties: empty(staticSite.properties.userProvidedFunctionApps) ? {
+    functionAppRegion: functionAppRegion
+    functionAppResourceId: functionAppResourceId
+  } : {}
+}
+
+@description('The name of the userProvidedFunctionApp setting.')
+output name string = userProvidedFunctionApp.name
+
+@description('The resource ID of the userProvidedFunctionApp setting.')
+output resourceId string = userProvidedFunctionApp.id
+
+@description('The name of the resource group the userProvidedFunctionApp setting was created in.')
+output resourceGroupName string = resourceGroup().name
+
+@description('The functionAppResourceId setting.')
+output functionAppResourceId string = userProvidedFunctionApp.properties.functionAppResourceId

From 6cf177cf28f59d77520f170b9890fd5e704a95d3 Mon Sep 17 00:00:00 2001
From: Jan-Henrik Damaschke <jdamaschke@visorian.com>
Date: Sat, 9 Jul 2022 18:22:08 +0200
Subject: [PATCH 2/8] feat(staticsites):  Added tests, readme, linkedBackends

---
 .../.bicep/nested_roleAssignments.bicep       |   6 +-
 .../staticSites/.test/parameters.json         | 143 +--
 .../staticSites/config/readme.md              |  42 +
 .../staticSites/config/version.json           |   4 +
 .../staticSites/customDomains/readme.md       |  42 +
 .../staticSites/customDomains/version.json    |   4 +
 .../Microsoft.Web/staticSites/deploy.bicep    |  31 +-
 .../staticSites/linkedBackends/readme.md      |  47 +
 .../staticSites/linkedBackends/version.json   |   4 +
 modules/Microsoft.Web/staticSites/readme.md   | 863 +++++++++---------
 .../userProvidedFunctionApps/deploy.bicep     |  33 -
 .../Microsoft.Web/staticSites/version.json    |   2 +-
 12 files changed, 688 insertions(+), 533 deletions(-)
 create mode 100644 modules/Microsoft.Web/staticSites/config/readme.md
 create mode 100644 modules/Microsoft.Web/staticSites/config/version.json
 create mode 100644 modules/Microsoft.Web/staticSites/customDomains/readme.md
 create mode 100644 modules/Microsoft.Web/staticSites/customDomains/version.json
 create mode 100644 modules/Microsoft.Web/staticSites/linkedBackends/readme.md
 create mode 100644 modules/Microsoft.Web/staticSites/linkedBackends/version.json
 delete mode 100644 modules/Microsoft.Web/staticSites/userProvidedFunctionApps/deploy.bicep

diff --git a/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep
index d8c01ae5d9..e3d80db5b9 100644
--- a/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep
@@ -4,9 +4,9 @@ param roleDefinitionIdOrName string
 param resourceId string
 
 var builtInRoleNames = {
-  'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
-  'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
-  'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
+  Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
+  Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
+  Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
   'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
   'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
diff --git a/modules/Microsoft.Web/staticSites/.test/parameters.json b/modules/Microsoft.Web/staticSites/.test/parameters.json
index 4a35ab0448..4728d3cd16 100644
--- a/modules/Microsoft.Web/staticSites/.test/parameters.json
+++ b/modules/Microsoft.Web/staticSites/.test/parameters.json
@@ -1,69 +1,74 @@
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    "name": {
-      "value": "<<namePrefix>>-az-wss-x-001"
-    },
-    "lock": {
-      "value": "CanNotDelete"
-    },
-    "sku": {
-      "value": "Standard"
-    },
-    "stagingEnvironmentPolicy": {
-      "value": "Enabled"
-    },
-    "allowConfigFileUpdates": {
-      "value": true
-    },
-    "enterpriseGradeCdnStatus": {
-      "value": "Disabled"
-    },
-    "systemAssignedIdentity": {
-      "value": true
-    },
-    "customDomains": {
-      "value": [
-        "testdomain1.domain",
-        "testdomain2.domain",
-        "testdomain3.domain"
-      ]
-    },
-    "appSettings": {
-      "value": {
-        "foo": "bar",
-        "setting": 1
-      }
-    },
-    "functionAppSettings": {
-      "value": {
-        "foo": "bar",
-        "setting": 1
-      }
-    },
-    "userAssignedIdentities": {
-      "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-      }
-    },
-    "roleAssignments": {
-      "value": [
-        {
-          "roleDefinitionIdOrName": "Reader",
-          "principalIds": [
-            "<<deploymentSpId>>"
-          ]
-        }
-      ]
-    },
-    "privateEndpoints": {
-      "value": [
-        {
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-          "service": "staticSites"
-        }
-      ]
-    }
-  }
-}
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "name": {
+      "value": "<<namePrefix>>-az-wss-x-001"
+    },
+    "lock": {
+      "value": "CanNotDelete"
+    },
+    "sku": {
+      "value": "Standard"
+    },
+    "stagingEnvironmentPolicy": {
+      "value": "Enabled"
+    },
+    "allowConfigFileUpdates": {
+      "value": true
+    },
+    "enterpriseGradeCdnStatus": {
+      "value": "Disabled"
+    },
+    "systemAssignedIdentity": {
+      "value": true
+    },
+    "customDomains": {
+      "value": [
+        "<<namePrefix>>domain1.domain",
+        "<<namePrefix>>domain2.domain.domain",
+        "<<namePrefix>>domain3.domain.domain.domain"
+      ]
+    },
+    "appSettings": {
+      "value": {
+        "foo": "bar",
+        "setting": 1
+      }
+    },
+    "functionAppSettings": {
+      "value": {
+        "foo": "bar",
+        "setting": 1
+      }
+    },
+    "userAssignedIdentities": {
+      "value": {
+        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+      }
+    },
+    "roleAssignments": {
+      "value": [
+        {
+          "roleDefinitionIdOrName": "Reader",
+          "principalIds": [
+            "<<deploymentSpId>>"
+          ]
+        }
+      ]
+    },
+    "privateEndpoints": {
+      "value": [
+        {
+          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
+          "service": "staticSites"
+        }
+      ]
+    },
+    "linkedBackend": {
+      "value": {
+        "resourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Web/sites/<<namePrefix>>-az-fa-x-001"
+      }
+    }
+  }
+}
diff --git a/modules/Microsoft.Web/staticSites/config/readme.md b/modules/Microsoft.Web/staticSites/config/readme.md
new file mode 100644
index 0000000000..49f725dd85
--- /dev/null
+++ b/modules/Microsoft.Web/staticSites/config/readme.md
@@ -0,0 +1,42 @@
+# Web StaticSites Config `[Microsoft.Web/staticSites/config]`
+
+This module deploys Web StaticSites Config.
+// TODO: Replace Resource and fill in description
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Web/staticSites/config` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/staticSites/config) |
+
+## Parameters
+
+**Required parameters**
+| Parameter Name | Type | Allowed Values | Description |
+| :-- | :-- | :-- | :-- |
+| `kind` | string | `[appsettings, functionappsettings]` | Type of settings to apply. |
+| `properties` | object |  | App settings. |
+
+**Conditional parameters**
+| Parameter Name | Type | Description |
+| :-- | :-- | :-- |
+| `staticSiteName` | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. |
+
+
+### Parameter Usage: `<ParameterPlaceholder>`
+
+// TODO: Fill in Parameter usage
+
+## Outputs
+
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the config. |
+| `resourceGroupName` | string | The name of the resource group the config was created in. |
+| `resourceId` | string | The resource ID of the config. |
diff --git a/modules/Microsoft.Web/staticSites/config/version.json b/modules/Microsoft.Web/staticSites/config/version.json
new file mode 100644
index 0000000000..d52c7d0010
--- /dev/null
+++ b/modules/Microsoft.Web/staticSites/config/version.json
@@ -0,0 +1,4 @@
+{
+    "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
+    "version": "0.6"
+}
diff --git a/modules/Microsoft.Web/staticSites/customDomains/readme.md b/modules/Microsoft.Web/staticSites/customDomains/readme.md
new file mode 100644
index 0000000000..c72697caaa
--- /dev/null
+++ b/modules/Microsoft.Web/staticSites/customDomains/readme.md
@@ -0,0 +1,42 @@
+# Web StaticSites CustomDomains `[Microsoft.Web/staticSites/customDomains]`
+
+This module deploys Web StaticSites CustomDomains.
+// TODO: Replace Resource and fill in description
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Web/staticSites/customDomains` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/staticSites/customDomains) |
+
+## Parameters
+
+**Conditional parameters**
+| Parameter Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The custom domain name. Required if the template is used in a standalone deployment. |
+| `staticSiteName` | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. |
+
+**Optional parameters**
+| Parameter Name | Type | Default Value | Description |
+| :-- | :-- | :-- | :-- |
+| `validationMethod` | string | `'cname-delegation'` | Validation method for adding a custom domain. |
+
+
+### Parameter Usage: `<ParameterPlaceholder>`
+
+// TODO: Fill in Parameter usage
+
+## Outputs
+
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the static site. |
+| `resourceGroupName` | string | The resource group the static site was deployed into. |
+| `resourceId` | string | The resource ID of the static site. |
diff --git a/modules/Microsoft.Web/staticSites/customDomains/version.json b/modules/Microsoft.Web/staticSites/customDomains/version.json
new file mode 100644
index 0000000000..d52c7d0010
--- /dev/null
+++ b/modules/Microsoft.Web/staticSites/customDomains/version.json
@@ -0,0 +1,4 @@
+{
+    "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
+    "version": "0.6"
+}
diff --git a/modules/Microsoft.Web/staticSites/deploy.bicep b/modules/Microsoft.Web/staticSites/deploy.bicep
index 6494af9d9a..159f4742a6 100644
--- a/modules/Microsoft.Web/staticSites/deploy.bicep
+++ b/modules/Microsoft.Web/staticSites/deploy.bicep
@@ -10,7 +10,7 @@ param name string
 @description('Optional. Type of static site to deploy.')
 param sku string = 'Free'
 
-@description('Optional. If config file is locked for this static web app.')
+@description('Optional. False if config file is locked for this static web app; otherwise, true.')
 param allowConfigFileUpdates bool = true
 
 @description('Optional. Location to deploy static site. The following locations are supported: CentralUS, EastUS2, EastAsia, WestEurope, WestUS2.')
@@ -77,23 +77,16 @@ param enableDefaultTelemetry bool = true
 @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
 param roleAssignments array = []
 
-@description('Optional. Object with parameters for the userDefinedFunctionApp property. WARNING: currently the userDefinedFunctionApp endpoint is no idempotent, meaning this can only be used for initial registration.')
-param userDefinedFunctionApp object = {}
+@description('Optional. Object with "resourceId" and "location" of the a user defined function app.')
+param linkedBackend object = {}
 
-@description('Optional. ')
+@description('Optional. Static site app settings.')
 param appSettings object = {}
 
-@description('Optional. ')
+@description('Optional. Function app settings.')
 param functionAppSettings object = {}
 
-@allowed([
-  'Enabled'
-  'Disabled'
-])
-@description('Optional. State indicating whether public traffic are allowed or not for a static web app. Allowed Values: "Enabled", "Disabled" or an empty string.')
-param publicNetworkAccess string = 'Enabled'
-
-@description('Optional. The custom domains associated with this static site.')
+@description('Optional. The custom domains associated with this static site. The deployment will fail as long as the validation records are not present.')
 param customDomains array = []
 
 var enableReferencedModulesTelemetry = false
@@ -117,7 +110,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
   }
 }
 
-resource staticSite 'Microsoft.Web/staticSites@2022-03-01' = {
+resource staticSite 'Microsoft.Web/staticSites@2021-03-01' = {
   name: name
   location: location
   tags: tags
@@ -136,16 +129,15 @@ resource staticSite 'Microsoft.Web/staticSites@2022-03-01' = {
     repositoryToken: !empty(repositoryToken) ? repositoryToken : null
     repositoryUrl: !empty(repositoryUrl) ? repositoryUrl : null
     templateProperties: !empty(templateProperties) ? templateProperties : null
-    publicNetworkAccess: publicNetworkAccess
   }
 }
 
-module staticSite_userDefinedFunctionApp 'userProvidedFunctionApps/deploy.bicep' = if (!empty(userDefinedFunctionApp)) {
+module staticSite_linkedBackend 'linkedBackends/deploy.bicep' = if (!empty(linkedBackend)) {
   name: '${uniqueString(deployment().name, location)}-StaticSite-UserDefinedFunction'
   params: {
     staticSiteName: staticSite.name
-    functionAppRegion: userDefinedFunctionApp.functionAppRegion
-    functionAppResourceId: userDefinedFunctionApp.functionAppResourceId
+    backendResourceId: linkedBackend.resourceId
+    region: contains(linkedBackend, 'location') ? linkedBackend.location : location
   }
 }
 
@@ -172,10 +164,11 @@ module staticSite_customDomains 'customDomains/deploy.bicep' = [for (customDomai
   params: {
     name: customDomain
     staticSiteName: staticSite.name
+    validationMethod: indexOf(customDomain, '.') == lastIndexOf(customDomain, '.') ? 'dns-txt-token' : 'cname-delegation'
   }
 }]
 
-resource staticSite_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) {
+resource staticSite_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) {
   name: '${staticSite.name}-${lock}-lock'
   properties: {
     level: any(lock)
diff --git a/modules/Microsoft.Web/staticSites/linkedBackends/readme.md b/modules/Microsoft.Web/staticSites/linkedBackends/readme.md
new file mode 100644
index 0000000000..89f5b70f3f
--- /dev/null
+++ b/modules/Microsoft.Web/staticSites/linkedBackends/readme.md
@@ -0,0 +1,47 @@
+# Web StaticSites LinkedBackends `[Microsoft.Web/staticSites/linkedBackends]`
+
+This module deploys Web StaticSites LinkedBackends.
+// TODO: Replace Resource and fill in description
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Web/staticSites/linkedBackends` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/staticSites) |
+
+## Parameters
+
+**Conditional parameters**
+| Parameter Name | Type | Description |
+| :-- | :-- | :-- |
+| `staticSiteName` | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. |
+
+**Optional parameters**
+| Parameter Name | Type | Default Value | Description |
+| :-- | :-- | :-- | :-- |
+| `linkedBackendName` | string | `[uniqueString(parameters('backendResourceId'))]` | Name of the backend to link to the static site. |
+| `region` | string | `[resourceGroup().location]` | The region of the backend linked to the static site. |
+
+**Requried parameters**
+| Parameter Name | Type | Description |
+| :-- | :-- | :-- |
+| `backendResourceId` | string | The resource id of the backend linked to the static site. |
+
+
+### Parameter Usage: `<ParameterPlaceholder>`
+
+// TODO: Fill in Parameter usage
+
+## Outputs
+
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the static site. |
+| `resourceGroupName` | string | The resource group the static site was deployed into. |
+| `resourceId` | string | The resource ID of the static site. |
diff --git a/modules/Microsoft.Web/staticSites/linkedBackends/version.json b/modules/Microsoft.Web/staticSites/linkedBackends/version.json
new file mode 100644
index 0000000000..d52c7d0010
--- /dev/null
+++ b/modules/Microsoft.Web/staticSites/linkedBackends/version.json
@@ -0,0 +1,4 @@
+{
+    "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
+    "version": "0.6"
+}
diff --git a/modules/Microsoft.Web/staticSites/readme.md b/modules/Microsoft.Web/staticSites/readme.md
index 52ed72ed41..4055cb2a58 100644
--- a/modules/Microsoft.Web/staticSites/readme.md
+++ b/modules/Microsoft.Web/staticSites/readme.md
@@ -1,408 +1,455 @@
-# Static Web Sites `[Microsoft.Web/staticSites]`
-
-This module deploys a Static Web Site.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Deployment examples](#Deployment-examples)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) |
-| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) |
-| `Microsoft.Network/privateEndpoints` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) |
-| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) |
-| `Microsoft.Web/staticSites` | [2021-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-03-01/staticSites) |
-
-## Parameters
-
-**Required parameters**
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the static site. |
-
-**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `allowConfigFileUpdates` | bool | `True` |  | If config file is locked for this static web app. |
-| `branch` | string | `''` |  | The branch name of the GitHub repo. |
-| `buildProperties` | object | `{object}` |  | Build properties for the static site. |
-| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via the Customer Usage Attribution ID (GUID). |
-| `enterpriseGradeCdnStatus` | string | `'Disabled'` | `[Disabled, Disabling, Enabled, Enabling]` | State indicating the status of the enterprise grade CDN serving traffic to the static web app. |
-| `location` | string | `[resourceGroup().location]` |  | Location to deploy static site. The following locations are supported: CentralUS, EastUS2, EastAsia, WestEurope, WestUS2. |
-| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `privateEndpoints` | array | `[]` |  | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
-| `provider` | string | `'None'` |  | The provider that submitted the last deployment to the primary environment of the static site. |
-| `repositoryToken` | secureString | `''` |  | The Personal Access Token for accessing the GitHub repo. |
-| `repositoryUrl` | string | `''` |  | The name of the GitHub repo. |
-| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `sku` | string | `'Free'` | `[Free, Standard]` | Type of static site to deploy. |
-| `stagingEnvironmentPolicy` | string | `'Enabled'` | `[Enabled, Disabled]` | State indicating whether staging environments are allowed or not allowed for a static web app. |
-| `systemAssignedIdentity` | bool | `False` |  | Enables system assigned managed identity on the resource. |
-| `tags` | object | `{object}` |  | Tags of the resource. |
-| `templateProperties` | object | `{object}` |  | Template Options for the static site. |
-| `userAssignedIdentities` | object | `{object}` |  | The ID(s) to assign to the resource. |
-
-
-### Parameter Usage: `privateEndpoints`
-
-To use Private Endpoint the following dependencies must be deployed:
-
-- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`.  Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
-- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
-
-<details>
-
-<summary>Parameter JSON format</summary>
-
-```json
-"privateEndpoints": {
-    "value": [
-        // Example showing all available fields
-        {
-            "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
-            "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
-            "service": "<<serviceName>>", // e.g. vault, registry, file, blob, queue, table etc.
-            "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified
-                "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net"
-            ],
-            "customDnsConfigs": [ // Optional
-                {
-                    "fqdn": "customname.test.local",
-                    "ipAddresses": [
-                        "10.10.10.10"
-                    ]
-                }
-            ]
-        },
-        // Example showing only mandatory fields
-        {
-            "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
-            "service": "<<serviceName>>" // e.g. vault, registry, file, blob, queue, table etc.
-        }
-    ]
-}
-```
-
-</details>
-
-<details>
-
-<summary>Bicep format</summary>
-
-```bicep
-privateEndpoints:  [
-    // Example showing all available fields
-    {
-        name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
-        service: '<<serviceName>>' // e.g. vault registry file blob queue table etc.
-        privateDnsZoneResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified
-            '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net'
-        ]
-        // Optional
-        customDnsConfigs: [
-            {
-                fqdn: 'customname.test.local'
-                ipAddresses: [
-                    '10.10.10.10'
-                ]
-            }
-        ]
-    }
-    // Example showing only mandatory fields
-    {
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
-        service: '<<serviceName>>' // e.g. vault registry file blob queue table etc.
-    }
-]
-```
-
-</details>
-<p>
-
-### Parameter Usage: `roleAssignments`
-
-Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
-
-<details>
-
-<summary>Parameter JSON format</summary>
-
-```json
-"roleAssignments": {
-    "value": [
-        {
-            "roleDefinitionIdOrName": "Reader",
-            "description": "Reader Role Assignment",
-            "principalIds": [
-                "12345678-1234-1234-1234-123456789012", // object 1
-                "78945612-1234-1234-1234-123456789012" // object 2
-            ]
-        },
-        {
-            "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
-            "principalIds": [
-                "12345678-1234-1234-1234-123456789012" // object 1
-            ],
-            "principalType": "ServicePrincipal"
-        }
-    ]
-}
-```
-
-</details>
-
-<details>
-
-<summary>Bicep format</summary>
-
-```bicep
-roleAssignments: [
-    {
-        roleDefinitionIdOrName: 'Reader'
-        description: 'Reader Role Assignment'
-        principalIds: [
-            '12345678-1234-1234-1234-123456789012' // object 1
-            '78945612-1234-1234-1234-123456789012' // object 2
-        ]
-    }
-    {
-        roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
-        principalIds: [
-            '12345678-1234-1234-1234-123456789012' // object 1
-        ]
-        principalType: 'ServicePrincipal'
-    }
-]
-```
-
-</details>
-<p>
-
-### Parameter Usage: `tags`
-
-Tag names and tag values can be provided as needed. A tag can be left without a value.
-
-<details>
-
-<summary>Parameter JSON format</summary>
-
-```json
-"tags": {
-    "value": {
-        "Environment": "Non-Prod",
-        "Contact": "test.user@testcompany.com",
-        "PurchaseOrder": "1234",
-        "CostCenter": "7890",
-        "ServiceName": "DeploymentValidation",
-        "Role": "DeploymentValidation"
-    }
-}
-```
-
-</details>
-
-<details>
-
-<summary>Bicep format</summary>
-
-```bicep
-tags: {
-    Environment: 'Non-Prod'
-    Contact: 'test.user@testcompany.com'
-    PurchaseOrder: '1234'
-    CostCenter: '7890'
-    ServiceName: 'DeploymentValidation'
-    Role: 'DeploymentValidation'
-}
-```
-
-</details>
-<p>
-
-### Parameter Usage: `userAssignedIdentities`
-
-You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
-
-<details>
-
-<summary>Parameter JSON format</summary>
-
-```json
-"userAssignedIdentities": {
-    "value": {
-        "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
-        "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
-    }
-}
-```
-
-</details>
-
-<details>
-
-<summary>Bicep format</summary>
-
-```bicep
-userAssignedIdentities: {
-    '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
-    '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
-}
-```
-
-</details>
-<p>
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the static site. |
-| `resourceGroupName` | string | The resource group the static site was deployed into. |
-| `resourceId` | string | The resource ID of the static site. |
-| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
-
-## Deployment examples
-
-<h3>Example 1</h3>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-wss-min-001"
-        }
-    }
-}
-```
-
-</details>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module staticSites './Microsoft.Web/staticSites/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-staticSites'
-  params: {
-    name: '<<namePrefix>>-az-wss-min-001'
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2</h3>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-wss-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "sku": {
-            "value": "Standard"
-        },
-        "stagingEnvironmentPolicy": {
-            "value": "Enabled"
-        },
-        "allowConfigFileUpdates": {
-            "value": true
-        },
-        "enterpriseGradeCdnStatus": {
-            "value": "Disabled"
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "staticSites"
-                }
-            ]
-        }
-    }
-}
-```
-
-</details>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module staticSites './Microsoft.Web/staticSites/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-staticSites'
-  params: {
-    name: '<<namePrefix>>-az-wss-x-001'
-    lock: 'CanNotDelete'
-    sku: 'Standard'
-    stagingEnvironmentPolicy: 'Enabled'
-    allowConfigFileUpdates: true
-    enterpriseGradeCdnStatus: 'Disabled'
-    systemAssignedIdentity: true
-    userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
-    }
-    roleAssignments: [
-      {
-        roleDefinitionIdOrName: 'Reader'
-        principalIds: [
-          '<<deploymentSpId>>'
-        ]
-      }
-    ]
-    privateEndpoints: [
-      {
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
-        service: 'staticSites'
-      }
-    ]
-  }
-}
-```
-
-</details>
-<p>
+# Static Web Sites `[Microsoft.Web/staticSites]`
+
+This module deploys a Static Web Site.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Deployment examples](#Deployment-examples)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) |
+| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) |
+| `Microsoft.Network/privateEndpoints` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) |
+| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) |
+| `Microsoft.Web/staticSites` | [2021-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-03-01/staticSites) |
+| `Microsoft.Web/staticSites/config` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/staticSites/config) |
+| `Microsoft.Web/staticSites/customDomains` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/staticSites/customDomains) |
+| `Microsoft.Web/staticSites/linkedBackends` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/staticSites) |
+
+## Parameters
+
+**Required parameters**
+| Parameter Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | Name of the static site. |
+
+**Optional parameters**
+| Parameter Name | Type | Default Value | Allowed Values | Description |
+| :-- | :-- | :-- | :-- | :-- |
+| `allowConfigFileUpdates` | bool | `True` |  | False if config file is locked for this static web app; otherwise, true. |
+| `appSettings` | object | `{object}` |  | Static site app settings. |
+| `branch` | string | `''` |  | The branch name of the GitHub repo. |
+| `buildProperties` | object | `{object}` |  | Build properties for the static site. |
+| `customDomains` | _[customDomains](customDomains/readme.md)_ array | `[]` |  | The custom domains associated with this static site. The deployment will fail as long as the validation records are not present. |
+| `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via the Customer Usage Attribution ID (GUID). |
+| `enterpriseGradeCdnStatus` | string | `'Disabled'` | `[Disabled, Disabling, Enabled, Enabling]` | State indicating the status of the enterprise grade CDN serving traffic to the static web app. |
+| `functionAppSettings` | object | `{object}` |  | Function app settings. |
+| `linkedBackend` | object | `{object}` |  | Object with "resourceId" and "location" of the a user defined function app. |
+| `location` | string | `[resourceGroup().location]` |  | Location to deploy static site. The following locations are supported: CentralUS, EastUS2, EastAsia, WestEurope, WestUS2. |
+| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. |
+| `privateEndpoints` | array | `[]` |  | Configuration details for private endpoints. |
+| `provider` | string | `'None'` |  | The provider that submitted the last deployment to the primary environment of the static site. |
+| `repositoryToken` | secureString | `''` |  | The Personal Access Token for accessing the GitHub repo. |
+| `repositoryUrl` | string | `''` |  | The name of the GitHub repo. |
+| `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| `sku` | string | `'Free'` | `[Free, Standard]` | Type of static site to deploy. |
+| `stagingEnvironmentPolicy` | string | `'Enabled'` | `[Enabled, Disabled]` | State indicating whether staging environments are allowed or not allowed for a static web app. |
+| `systemAssignedIdentity` | bool | `False` |  | Enables system assigned managed identity on the resource. |
+| `tags` | object | `{object}` |  | Tags of the resource. |
+| `templateProperties` | object | `{object}` |  | Template Options for the static site. |
+| `userAssignedIdentities` | object | `{object}` |  | The ID(s) to assign to the resource. |
+
+
+### Parameter Usage: `privateEndpoints`
+
+To use Private Endpoint the following dependencies must be deployed:
+
+- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`.  Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module.
+- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information.
+
+<details>
+
+<summary>Parameter JSON format</summary>
+
+```json
+"privateEndpoints": {
+    "value": [
+        // Example showing all available fields
+        {
+            "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here
+            "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
+            "service": "<<serviceName>>", // e.g. vault, registry, file, blob, queue, table etc.
+            "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified
+                "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net"
+            ],
+            "customDnsConfigs": [ // Optional
+                {
+                    "fqdn": "customname.test.local",
+                    "ipAddresses": [
+                        "10.10.10.10"
+                    ]
+                }
+            ]
+        },
+        // Example showing only mandatory fields
+        {
+            "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001",
+            "service": "<<serviceName>>" // e.g. vault, registry, file, blob, queue, table etc.
+        }
+    ]
+}
+```
+
+</details>
+
+<details>
+
+<summary>Bicep format</summary>
+
+```bicep
+privateEndpoints:  [
+    // Example showing all available fields
+    {
+        name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here
+        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
+        service: '<<serviceName>>' // e.g. vault registry file blob queue table etc.
+        privateDnsZoneResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified
+            '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net'
+        ]
+        // Optional
+        customDnsConfigs: [
+            {
+                fqdn: 'customname.test.local'
+                ipAddresses: [
+                    '10.10.10.10'
+                ]
+            }
+        ]
+    }
+    // Example showing only mandatory fields
+    {
+        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001'
+        service: '<<serviceName>>' // e.g. vault registry file blob queue table etc.
+    }
+]
+```
+
+</details>
+<p>
+
+### Parameter Usage: `roleAssignments`
+
+Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure.
+
+<details>
+
+<summary>Parameter JSON format</summary>
+
+```json
+"roleAssignments": {
+    "value": [
+        {
+            "roleDefinitionIdOrName": "Reader",
+            "description": "Reader Role Assignment",
+            "principalIds": [
+                "12345678-1234-1234-1234-123456789012", // object 1
+                "78945612-1234-1234-1234-123456789012" // object 2
+            ]
+        },
+        {
+            "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
+            "principalIds": [
+                "12345678-1234-1234-1234-123456789012" // object 1
+            ],
+            "principalType": "ServicePrincipal"
+        }
+    ]
+}
+```
+
+</details>
+
+<details>
+
+<summary>Bicep format</summary>
+
+```bicep
+roleAssignments: [
+    {
+        roleDefinitionIdOrName: 'Reader'
+        description: 'Reader Role Assignment'
+        principalIds: [
+            '12345678-1234-1234-1234-123456789012' // object 1
+            '78945612-1234-1234-1234-123456789012' // object 2
+        ]
+    }
+    {
+        roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'
+        principalIds: [
+            '12345678-1234-1234-1234-123456789012' // object 1
+        ]
+        principalType: 'ServicePrincipal'
+    }
+]
+```
+
+</details>
+<p>
+
+### Parameter Usage: `tags`
+
+Tag names and tag values can be provided as needed. A tag can be left without a value.
+
+<details>
+
+<summary>Parameter JSON format</summary>
+
+```json
+"tags": {
+    "value": {
+        "Environment": "Non-Prod",
+        "Contact": "test.user@testcompany.com",
+        "PurchaseOrder": "1234",
+        "CostCenter": "7890",
+        "ServiceName": "DeploymentValidation",
+        "Role": "DeploymentValidation"
+    }
+}
+```
+
+</details>
+
+<details>
+
+<summary>Bicep format</summary>
+
+```bicep
+tags: {
+    Environment: 'Non-Prod'
+    Contact: 'test.user@testcompany.com'
+    PurchaseOrder: '1234'
+    CostCenter: '7890'
+    ServiceName: 'DeploymentValidation'
+    Role: 'DeploymentValidation'
+}
+```
+
+</details>
+<p>
+
+### Parameter Usage: `userAssignedIdentities`
+
+You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
+
+<details>
+
+<summary>Parameter JSON format</summary>
+
+```json
+"userAssignedIdentities": {
+    "value": {
+        "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
+        "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
+    }
+}
+```
+
+</details>
+
+<details>
+
+<summary>Bicep format</summary>
+
+```bicep
+userAssignedIdentities: {
+    '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
+    '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
+}
+```
+
+</details>
+<p>
+
+## Outputs
+
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the static site. |
+| `resourceGroupName` | string | The resource group the static site was deployed into. |
+| `resourceId` | string | The resource ID of the static site. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Deployment examples
+
+<h3>Example 1</h3>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "name": {
+      "value": "<<namePrefix>>-az-wss-min-001"
+    }
+  }
+}
+```
+
+</details>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module staticSites './Microsoft.Web/staticSites/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-staticSites'
+  params: {
+    name: '<<namePrefix>>-az-wss-min-001'
+  }
+}
+```
+
+</details>
+<p>
+
+<h3>Example 2</h3>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "name": {
+      "value": "<<namePrefix>>-az-wss-x-001"
+    },
+    "lock": {
+      "value": "CanNotDelete"
+    },
+    "sku": {
+      "value": "Standard"
+    },
+    "stagingEnvironmentPolicy": {
+      "value": "Enabled"
+    },
+    "allowConfigFileUpdates": {
+      "value": true
+    },
+    "enterpriseGradeCdnStatus": {
+      "value": "Disabled"
+    },
+    "systemAssignedIdentity": {
+      "value": true
+    },
+    "customDomains": {
+      "value": [
+        "<<namePrefix>>domain1.domain",
+        "<<namePrefix>>domain2.domain.domain",
+        "<<namePrefix>>domain3.domain.domain.domain"
+      ]
+    },
+    "appSettings": {
+      "value": {
+        "foo": "bar",
+        "setting": 1
+      }
+    },
+    "functionAppSettings": {
+      "value": {
+        "foo": "bar",
+        "setting": 1
+      }
+    },
+    "userAssignedIdentities": {
+      "value": {
+        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+      }
+    },
+    "roleAssignments": {
+      "value": [
+        {
+          "roleDefinitionIdOrName": "Reader",
+          "principalIds": [
+            "<<deploymentSpId>>"
+          ]
+        }
+      ]
+    },
+    "privateEndpoints": {
+      "value": [
+        {
+          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
+          "service": "staticSites"
+        }
+      ]
+    },
+    "linkedBackend": {
+      "value": {
+        "resourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Web/sites/<<namePrefix>>-az-fa-x-001"
+      }
+    }
+  }
+}
+```
+
+</details>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module staticSites './Microsoft.Web/staticSites/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-staticSites'
+  params: {
+    name: '<<namePrefix>>-az-wss-x-001'
+    lock: 'CanNotDelete'
+    sku: 'Standard'
+    stagingEnvironmentPolicy: 'Enabled'
+    allowConfigFileUpdates: true
+    enterpriseGradeCdnStatus: 'Disabled'
+    systemAssignedIdentity: true
+    customDomains: [
+      '<<namePrefix>>domain1.domain'
+      '<<namePrefix>>domain2.domain.domain'
+      '<<namePrefix>>domain3.domain.domain.domain'
+    ]
+    appSettings: {
+      foo: 'bar'
+      setting: 1
+    }
+    functionAppSettings: {
+      foo: 'bar'
+      setting: 1
+    }
+    userAssignedIdentities: {
+      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+    }
+    roleAssignments: [
+      {
+        roleDefinitionIdOrName: 'Reader'
+        principalIds: [
+          '<<deploymentSpId>>'
+        ]
+      }
+    ]
+    privateEndpoints: [
+      {
+        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
+        service: 'staticSites'
+      }
+    ]
+    linkedBackend: {
+      resourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Web/sites/<<namePrefix>>-az-fa-x-001'
+    }
+  }
+}
+```
+
+</details>
+<p>
diff --git a/modules/Microsoft.Web/staticSites/userProvidedFunctionApps/deploy.bicep b/modules/Microsoft.Web/staticSites/userProvidedFunctionApps/deploy.bicep
deleted file mode 100644
index 0854ba8768..0000000000
--- a/modules/Microsoft.Web/staticSites/userProvidedFunctionApps/deploy.bicep
+++ /dev/null
@@ -1,33 +0,0 @@
-@description('Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment.')
-param staticSiteName string
-
-@description('Required. The resource id of the function app registered with the static site.')
-param functionAppResourceId string
-
-@description('Optional. The region of the function app registered with the static site.')
-param functionAppRegion string = resourceGroup().location
-
-resource staticSite 'Microsoft.Web/staticSites@2022-03-01' existing = {
-  name: staticSiteName
-}
-
-resource userProvidedFunctionApp 'Microsoft.Web/staticSites/userProvidedFunctionApps@2022-03-01' = {
-  name: '${staticSite.name}-userProvidedFunctionApp'
-  parent: staticSite
-  properties: empty(staticSite.properties.userProvidedFunctionApps) ? {
-    functionAppRegion: functionAppRegion
-    functionAppResourceId: functionAppResourceId
-  } : {}
-}
-
-@description('The name of the userProvidedFunctionApp setting.')
-output name string = userProvidedFunctionApp.name
-
-@description('The resource ID of the userProvidedFunctionApp setting.')
-output resourceId string = userProvidedFunctionApp.id
-
-@description('The name of the resource group the userProvidedFunctionApp setting was created in.')
-output resourceGroupName string = resourceGroup().name
-
-@description('The functionAppResourceId setting.')
-output functionAppResourceId string = userProvidedFunctionApp.properties.functionAppResourceId
diff --git a/modules/Microsoft.Web/staticSites/version.json b/modules/Microsoft.Web/staticSites/version.json
index 41f66cc990..d52c7d0010 100644
--- a/modules/Microsoft.Web/staticSites/version.json
+++ b/modules/Microsoft.Web/staticSites/version.json
@@ -1,4 +1,4 @@
 {
     "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
-    "version": "0.1"
+    "version": "0.6"
 }

From 67adae1a2b5706566b9ef2a876031eab9d4b0ccf Mon Sep 17 00:00:00 2001
From: Jan-Henrik Damaschke <jdamaschke@visorian.com>
Date: Mon, 11 Jul 2022 01:37:29 +0200
Subject: [PATCH 3/8] docs(staticsites):  Removed parameter placeholder

---
 modules/Microsoft.Web/staticSites/config/readme.md         | 4 ----
 modules/Microsoft.Web/staticSites/customDomains/readme.md  | 4 ----
 modules/Microsoft.Web/staticSites/linkedBackends/readme.md | 4 ----
 3 files changed, 12 deletions(-)

diff --git a/modules/Microsoft.Web/staticSites/config/readme.md b/modules/Microsoft.Web/staticSites/config/readme.md
index 49f725dd85..0bfef39a46 100644
--- a/modules/Microsoft.Web/staticSites/config/readme.md
+++ b/modules/Microsoft.Web/staticSites/config/readme.md
@@ -29,10 +29,6 @@ This module deploys Web StaticSites Config.
 | `staticSiteName` | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. |
 
 
-### Parameter Usage: `<ParameterPlaceholder>`
-
-// TODO: Fill in Parameter usage
-
 ## Outputs
 
 | Output Name | Type | Description |
diff --git a/modules/Microsoft.Web/staticSites/customDomains/readme.md b/modules/Microsoft.Web/staticSites/customDomains/readme.md
index c72697caaa..9c2b9aea0d 100644
--- a/modules/Microsoft.Web/staticSites/customDomains/readme.md
+++ b/modules/Microsoft.Web/staticSites/customDomains/readme.md
@@ -29,10 +29,6 @@ This module deploys Web StaticSites CustomDomains.
 | `validationMethod` | string | `'cname-delegation'` | Validation method for adding a custom domain. |
 
 
-### Parameter Usage: `<ParameterPlaceholder>`
-
-// TODO: Fill in Parameter usage
-
 ## Outputs
 
 | Output Name | Type | Description |
diff --git a/modules/Microsoft.Web/staticSites/linkedBackends/readme.md b/modules/Microsoft.Web/staticSites/linkedBackends/readme.md
index 89f5b70f3f..da253be8e8 100644
--- a/modules/Microsoft.Web/staticSites/linkedBackends/readme.md
+++ b/modules/Microsoft.Web/staticSites/linkedBackends/readme.md
@@ -34,10 +34,6 @@ This module deploys Web StaticSites LinkedBackends.
 | `backendResourceId` | string | The resource id of the backend linked to the static site. |
 
 
-### Parameter Usage: `<ParameterPlaceholder>`
-
-// TODO: Fill in Parameter usage
-
 ## Outputs
 
 | Output Name | Type | Description |

From ec13798329747114e597433b615a056ae59319be Mon Sep 17 00:00:00 2001
From: Jan-Henrik Damaschke <jdamaschke@outlook.de>
Date: Mon, 11 Jul 2022 21:16:47 +0200
Subject: [PATCH 4/8] Update modules/Microsoft.Web/staticSites/config/readme.md

Co-authored-by: Alexander Sehr <ASehr@hotmail.de>
---
 modules/Microsoft.Web/staticSites/config/readme.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/Microsoft.Web/staticSites/config/readme.md b/modules/Microsoft.Web/staticSites/config/readme.md
index 0bfef39a46..76c4f8c709 100644
--- a/modules/Microsoft.Web/staticSites/config/readme.md
+++ b/modules/Microsoft.Web/staticSites/config/readme.md
@@ -1,7 +1,6 @@
 # Web StaticSites Config `[Microsoft.Web/staticSites/config]`
 
-This module deploys Web StaticSites Config.
-// TODO: Replace Resource and fill in description
+This module deploys a Static Site Config.
 
 ## Navigation
 

From 09317cfb2b3176f64921ea71493faa479aedbd53 Mon Sep 17 00:00:00 2001
From: Jan-Henrik Damaschke <jdamaschke@outlook.de>
Date: Mon, 11 Jul 2022 21:17:06 +0200
Subject: [PATCH 5/8] Update modules/Microsoft.Web/staticSites/config/readme.md

Co-authored-by: Alexander Sehr <ASehr@hotmail.de>
---
 modules/Microsoft.Web/staticSites/config/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/Microsoft.Web/staticSites/config/readme.md b/modules/Microsoft.Web/staticSites/config/readme.md
index 76c4f8c709..9ec0d83799 100644
--- a/modules/Microsoft.Web/staticSites/config/readme.md
+++ b/modules/Microsoft.Web/staticSites/config/readme.md
@@ -1,4 +1,4 @@
-# Web StaticSites Config `[Microsoft.Web/staticSites/config]`
+# Static Site Config `[Microsoft.Web/staticSites/config]`
 
 This module deploys a Static Site Config.
 

From 80fa029a54ff8c8346d1182d4b63e5abb57cf7b7 Mon Sep 17 00:00:00 2001
From: Jan-Henrik Damaschke <jdamaschke@outlook.de>
Date: Mon, 11 Jul 2022 21:17:14 +0200
Subject: [PATCH 6/8] Update
 modules/Microsoft.Web/staticSites/customDomains/readme.md

Co-authored-by: Alexander Sehr <ASehr@hotmail.de>
---
 modules/Microsoft.Web/staticSites/customDomains/readme.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/Microsoft.Web/staticSites/customDomains/readme.md b/modules/Microsoft.Web/staticSites/customDomains/readme.md
index 9c2b9aea0d..4c8b1e116f 100644
--- a/modules/Microsoft.Web/staticSites/customDomains/readme.md
+++ b/modules/Microsoft.Web/staticSites/customDomains/readme.md
@@ -1,4 +1,5 @@
-# Web StaticSites CustomDomains `[Microsoft.Web/staticSites/customDomains]`
+# Static Site Custom Domain `[Microsoft.Web/staticSites/customDomains]`
+
 
 This module deploys Web StaticSites CustomDomains.
 // TODO: Replace Resource and fill in description

From e69b8899043030d80a66c1665650e9e806d6cea6 Mon Sep 17 00:00:00 2001
From: Jan-Henrik Damaschke <jdamaschke@outlook.de>
Date: Mon, 11 Jul 2022 21:17:21 +0200
Subject: [PATCH 7/8] Update
 modules/Microsoft.Web/staticSites/linkedBackends/readme.md

Co-authored-by: Alexander Sehr <ASehr@hotmail.de>
---
 modules/Microsoft.Web/staticSites/linkedBackends/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/Microsoft.Web/staticSites/linkedBackends/readme.md b/modules/Microsoft.Web/staticSites/linkedBackends/readme.md
index da253be8e8..89672170b5 100644
--- a/modules/Microsoft.Web/staticSites/linkedBackends/readme.md
+++ b/modules/Microsoft.Web/staticSites/linkedBackends/readme.md
@@ -1,4 +1,4 @@
-# Web StaticSites LinkedBackends `[Microsoft.Web/staticSites/linkedBackends]`
+# Static Site Linked Backend `[Microsoft.Web/staticSites/linkedBackends]`
 
 This module deploys Web StaticSites LinkedBackends.
 // TODO: Replace Resource and fill in description

From 1e37a5a2f722aed3b0fae580c06a3d2ecc0c92b4 Mon Sep 17 00:00:00 2001
From: Jan-Henrik Damaschke <jdamaschke@visorian.com>
Date: Mon, 11 Jul 2022 23:00:53 +0200
Subject: [PATCH 8/8] fix(staticsites):  Integrated PR feedback

---
 .../staticSites/.bicep/nested_roleAssignments.bicep         | 6 +++---
 modules/Microsoft.Web/staticSites/customDomains/readme.md   | 4 +---
 modules/Microsoft.Web/staticSites/deploy.bicep              | 2 +-
 modules/Microsoft.Web/staticSites/linkedBackends/readme.md  | 3 +--
 4 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep
index e3d80db5b9..d8c01ae5d9 100644
--- a/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep
@@ -4,9 +4,9 @@ param roleDefinitionIdOrName string
 param resourceId string
 
 var builtInRoleNames = {
-  Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
-  Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
-  Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
+  'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
+  'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
+  'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
   'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
   'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
diff --git a/modules/Microsoft.Web/staticSites/customDomains/readme.md b/modules/Microsoft.Web/staticSites/customDomains/readme.md
index 4c8b1e116f..8c2307e642 100644
--- a/modules/Microsoft.Web/staticSites/customDomains/readme.md
+++ b/modules/Microsoft.Web/staticSites/customDomains/readme.md
@@ -1,8 +1,6 @@
 # Static Site Custom Domain `[Microsoft.Web/staticSites/customDomains]`
 
-
-This module deploys Web StaticSites CustomDomains.
-// TODO: Replace Resource and fill in description
+This module deploys a Custom Domain into a Static Site.
 
 ## Navigation
 
diff --git a/modules/Microsoft.Web/staticSites/deploy.bicep b/modules/Microsoft.Web/staticSites/deploy.bicep
index 159f4742a6..116eb2de02 100644
--- a/modules/Microsoft.Web/staticSites/deploy.bicep
+++ b/modules/Microsoft.Web/staticSites/deploy.bicep
@@ -65,7 +65,7 @@ param userAssignedIdentities object = {}
 @description('Optional. Specify the type of lock.')
 param lock string = ''
 
-@description('Optional. Configuration details for private endpoints.')
+@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.')
 param privateEndpoints array = []
 
 @description('Optional. Tags of the resource.')
diff --git a/modules/Microsoft.Web/staticSites/linkedBackends/readme.md b/modules/Microsoft.Web/staticSites/linkedBackends/readme.md
index 89672170b5..c727338ef3 100644
--- a/modules/Microsoft.Web/staticSites/linkedBackends/readme.md
+++ b/modules/Microsoft.Web/staticSites/linkedBackends/readme.md
@@ -1,7 +1,6 @@
 # Static Site Linked Backend `[Microsoft.Web/staticSites/linkedBackends]`
 
-This module deploys Web StaticSites LinkedBackends.
-// TODO: Replace Resource and fill in description
+This module deploys a Custom Function App into a Static Site using the linkedBackends property.
 
 ## Navigation