diff --git a/.github/workflows/ms.analysisservices.servers.yml b/.github/workflows/ms.analysisservices.servers.yml
index 7551a91337..14dc7290bb 100644
--- a/.github/workflows/ms.analysisservices.servers.yml
+++ b/.github/workflows/ms.analysisservices.servers.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.apimanagement.service.yml b/.github/workflows/ms.apimanagement.service.yml
index ccb2652751..dffd5eb2d5 100644
--- a/.github/workflows/ms.apimanagement.service.yml
+++ b/.github/workflows/ms.apimanagement.service.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.appconfiguration.configurationstores.yml b/.github/workflows/ms.appconfiguration.configurationstores.yml
index 8df94e9822..77cb5f6b47 100644
--- a/.github/workflows/ms.appconfiguration.configurationstores.yml
+++ b/.github/workflows/ms.appconfiguration.configurationstores.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.authorization.locks.yml b/.github/workflows/ms.authorization.locks.yml
index 0372a1090d..0f274136fc 100644
--- a/.github/workflows/ms.authorization.locks.yml
+++ b/.github/workflows/ms.authorization.locks.yml
@@ -109,8 +109,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.authorization.policyassignments.yml b/.github/workflows/ms.authorization.policyassignments.yml
index bd20d50c1d..d865fb387c 100644
--- a/.github/workflows/ms.authorization.policyassignments.yml
+++ b/.github/workflows/ms.authorization.policyassignments.yml
@@ -109,8 +109,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.authorization.policydefinitions.yml b/.github/workflows/ms.authorization.policydefinitions.yml
index 0800137506..266b341592 100644
--- a/.github/workflows/ms.authorization.policydefinitions.yml
+++ b/.github/workflows/ms.authorization.policydefinitions.yml
@@ -109,8 +109,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.authorization.policyexemptions.yml b/.github/workflows/ms.authorization.policyexemptions.yml
index 878f3665c1..f880d599a4 100644
--- a/.github/workflows/ms.authorization.policyexemptions.yml
+++ b/.github/workflows/ms.authorization.policyexemptions.yml
@@ -109,8 +109,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.authorization.policysetdefinitions.yml b/.github/workflows/ms.authorization.policysetdefinitions.yml
index d1bd00c8d4..0e40d0496a 100644
--- a/.github/workflows/ms.authorization.policysetdefinitions.yml
+++ b/.github/workflows/ms.authorization.policysetdefinitions.yml
@@ -109,8 +109,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.authorization.roleassignments.yml b/.github/workflows/ms.authorization.roleassignments.yml
index 7679d04a07..8d63e45957 100644
--- a/.github/workflows/ms.authorization.roleassignments.yml
+++ b/.github/workflows/ms.authorization.roleassignments.yml
@@ -109,8 +109,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.authorization.roledefinitions.yml b/.github/workflows/ms.authorization.roledefinitions.yml
index d4f169b1fb..957107deb5 100644
--- a/.github/workflows/ms.authorization.roledefinitions.yml
+++ b/.github/workflows/ms.authorization.roledefinitions.yml
@@ -109,8 +109,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.automation.automationaccounts.yml b/.github/workflows/ms.automation.automationaccounts.yml
index 9b014db655..c35ec1f041 100644
--- a/.github/workflows/ms.automation.automationaccounts.yml
+++ b/.github/workflows/ms.automation.automationaccounts.yml
@@ -107,8 +107,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.batch.batchaccounts.yml b/.github/workflows/ms.batch.batchaccounts.yml
index 65c3811250..00b9db211e 100644
--- a/.github/workflows/ms.batch.batchaccounts.yml
+++ b/.github/workflows/ms.batch.batchaccounts.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.cache.redis.yml b/.github/workflows/ms.cache.redis.yml
index 9666ec63c0..b956542d52 100644
--- a/.github/workflows/ms.cache.redis.yml
+++ b/.github/workflows/ms.cache.redis.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.cognitiveservices.accounts.yml b/.github/workflows/ms.cognitiveservices.accounts.yml
index f311541b79..e17957f1f7 100644
--- a/.github/workflows/ms.cognitiveservices.accounts.yml
+++ b/.github/workflows/ms.cognitiveservices.accounts.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.compute.availabilitysets.yml b/.github/workflows/ms.compute.availabilitysets.yml
index 95c38275e8..3e2241399c 100644
--- a/.github/workflows/ms.compute.availabilitysets.yml
+++ b/.github/workflows/ms.compute.availabilitysets.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.compute.virtualmachines.yml b/.github/workflows/ms.compute.virtualmachines.yml
index bec15527fa..33d214bd98 100644
--- a/.github/workflows/ms.compute.virtualmachines.yml
+++ b/.github/workflows/ms.compute.virtualmachines.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.containerregistry.registries.yml b/.github/workflows/ms.containerregistry.registries.yml
index 8d0ea9e6c5..b7deab4d1f 100644
--- a/.github/workflows/ms.containerregistry.registries.yml
+++ b/.github/workflows/ms.containerregistry.registries.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.containerservice.managedclusters.yml b/.github/workflows/ms.containerservice.managedclusters.yml
index 3773128665..7b6d046566 100644
--- a/.github/workflows/ms.containerservice.managedclusters.yml
+++ b/.github/workflows/ms.containerservice.managedclusters.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.datafactory.factories.yml b/.github/workflows/ms.datafactory.factories.yml
index 162c0ed643..bbc3fb8aba 100644
--- a/.github/workflows/ms.datafactory.factories.yml
+++ b/.github/workflows/ms.datafactory.factories.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.kubernetesconfiguration.extensions.yml b/.github/workflows/ms.kubernetesconfiguration.extensions.yml
index aa0f094765..3dc16b79bf 100644
--- a/.github/workflows/ms.kubernetesconfiguration.extensions.yml
+++ b/.github/workflows/ms.kubernetesconfiguration.extensions.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml b/.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml
index a4f242ea2b..663fa61d5a 100644
--- a/.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml
+++ b/.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.network.connections.yml b/.github/workflows/ms.network.connections.yml
index 6c79aa5700..487dad0043 100644
--- a/.github/workflows/ms.network.connections.yml
+++ b/.github/workflows/ms.network.connections.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.network.networkinterfaces.yml b/.github/workflows/ms.network.networkinterfaces.yml
index 2a6533ecaf..5272fae199 100644
--- a/.github/workflows/ms.network.networkinterfaces.yml
+++ b/.github/workflows/ms.network.networkinterfaces.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.network.virtualhubs.yml b/.github/workflows/ms.network.virtualhubs.yml
index 6f8804f622..12c1e63689 100644
--- a/.github/workflows/ms.network.virtualhubs.yml
+++ b/.github/workflows/ms.network.virtualhubs.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.network.virtualnetworkgateways.yml b/.github/workflows/ms.network.virtualnetworkgateways.yml
index a426add415..643c210227 100644
--- a/.github/workflows/ms.network.virtualnetworkgateways.yml
+++ b/.github/workflows/ms.network.virtualnetworkgateways.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.network.vpngateways.yml b/.github/workflows/ms.network.vpngateways.yml
index e2f13f404c..f4b2c490f8 100644
--- a/.github/workflows/ms.network.vpngateways.yml
+++ b/.github/workflows/ms.network.vpngateways.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.network.vpnsites.yml b/.github/workflows/ms.network.vpnsites.yml
index 8488bb8a44..73f10b3c22 100644
--- a/.github/workflows/ms.network.vpnsites.yml
+++ b/.github/workflows/ms.network.vpnsites.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.resources.deploymentscripts.yml b/.github/workflows/ms.resources.deploymentscripts.yml
index c317b860ef..815ed47236 100644
--- a/.github/workflows/ms.resources.deploymentscripts.yml
+++ b/.github/workflows/ms.resources.deploymentscripts.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.sql.servers.yml b/.github/workflows/ms.sql.servers.yml
index 972e422285..28397eb22f 100644
--- a/.github/workflows/ms.sql.servers.yml
+++ b/.github/workflows/ms.sql.servers.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/.github/workflows/ms.web.sites.yml b/.github/workflows/ms.web.sites.yml
index 172f6a7571..d5a3eb08a6 100644
--- a/.github/workflows/ms.web.sites.yml
+++ b/.github/workflows/ms.web.sites.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md b/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md
index 02be9ae6bc..193e301a32 100644
--- a/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md	
+++ b/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md	
@@ -393,8 +393,6 @@ For this reason, make sure to update the references in the following modules onc
 
 | File | Parameter | Notes |
 | - | - | - |
-| `modules\Microsoft.Compute\virtualMachines\.test\linux.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | |
-| `modules\Microsoft.Compute\virtualMachines\.test\windows.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | |
 | `modules\Microsoft.Compute\virtualMachineScaleSets\.test\linux.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | |
 | `modules\Microsoft.Compute\virtualMachineScaleSets\.test\windows.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | |
 | `modules\Microsoft.Sql\managedInstances\.test\parameters.json` | `keys.value.uri` | |
diff --git a/modules/.shared/dependencyConstructs/diagnostic.dependencies.bicep b/modules/.shared/dependencyConstructs/diagnostic.dependencies.bicep
index db688cf95a..14a77d7796 100644
--- a/modules/.shared/dependencyConstructs/diagnostic.dependencies.bicep
+++ b/modules/.shared/dependencyConstructs/diagnostic.dependencies.bicep
@@ -60,8 +60,18 @@ resource eventHubNamespace 'Microsoft.EventHub/namespaces@2021-11-01' = {
 // ======= //
 // Outputs //
 // ======= //
+
+@description('The resource ID of the created Storage Account.')
 output storageAccountResourceId string = storageAccount.id
+
+@description('The resource ID of the created Log Analytics Workspace.')
 output logAnalyticsWorkspaceResourceId string = logAnalyticsWorkspace.id
+
+@description('The resource ID of the created Event Hub Namespace.')
 output eventHubNamespaceResourceId string = eventHubNamespace.id
+
+@description('The resource ID of the created Event Hub Namespace Authorization Rule.')
 output eventHubAuthorizationRuleId string = eventHubNamespace::authorizationRule.id
+
+@description('The name of the created Event Hub Namespace Event Hub.')
 output eventHubNamespaceEventHubName string = eventHubNamespace::eventHub.name
diff --git a/modules/Microsoft.AnalysisServices/servers/.test/default/dependencies.bicep b/modules/Microsoft.AnalysisServices/servers/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..bfae36a05d
--- /dev/null
+++ b/modules/Microsoft.AnalysisServices/servers/.test/default/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/Microsoft.AnalysisServices/servers/.test/default/deploy.test.bicep b/modules/Microsoft.AnalysisServices/servers/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..bf81829b3b
--- /dev/null
+++ b/modules/Microsoft.AnalysisServices/servers/.test/default/deploy.test.bicep
@@ -0,0 +1,74 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.analysisservices.servers-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'assdef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>azsa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}'
+    lock: 'CanNotDelete'
+    skuName: 'S0'
+    roleAssignments: [
+      {
+        roleDefinitionIdOrName: 'Reader'
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+      }
+    ]
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+  }
+}
diff --git a/modules/Microsoft.AnalysisServices/servers/.test/max.parameters.json b/modules/Microsoft.AnalysisServices/servers/.test/max.parameters.json
deleted file mode 100644
index 54abf71cc2..0000000000
--- a/modules/Microsoft.AnalysisServices/servers/.test/max.parameters.json
+++ /dev/null
@@ -1,66 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>azasweumax001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "skuName": {
-            "value": "S0"
-        },
-        "skuCapacity": {
-            "value": 1
-        },
-        "firewallSettings": {
-            "value": {
-                "firewallRules": [
-                    {
-                        "firewallRuleName": "AllowFromAll",
-                        "rangeStart": "0.0.0.0",
-                        "rangeEnd": "255.255.255.255"
-                    }
-                ],
-                "enablePowerBIService": true
-            }
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 365
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogCategoriesToEnable": {
-            "value": [
-                "Engine",
-                "Service"
-            ]
-        },
-        "diagnosticMetricsToEnable": {
-            "value": [
-                "AllMetrics"
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.AnalysisServices/servers/.test/max/dependencies.bicep b/modules/Microsoft.AnalysisServices/servers/.test/max/dependencies.bicep
new file mode 100644
index 0000000000..bfae36a05d
--- /dev/null
+++ b/modules/Microsoft.AnalysisServices/servers/.test/max/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/Microsoft.AnalysisServices/servers/.test/max/deploy.test.bicep b/modules/Microsoft.AnalysisServices/servers/.test/max/deploy.test.bicep
new file mode 100644
index 0000000000..ad01d327c1
--- /dev/null
+++ b/modules/Microsoft.AnalysisServices/servers/.test/max/deploy.test.bicep
@@ -0,0 +1,92 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.analysisservices.servers-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'assmax'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>azsa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: az.resourceGroup(resourceGroupName)
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}'
+    lock: 'CanNotDelete'
+    skuName: 'S0'
+    skuCapacity: 1
+    firewallSettings: {
+      firewallRules: [
+        {
+          firewallRuleName: 'AllowFromAll'
+          rangeStart: '0.0.0.0'
+          rangeEnd: '255.255.255.255'
+        }
+      ]
+      enablePowerBIService: true
+    }
+    roleAssignments: [
+      {
+        roleDefinitionIdOrName: 'Reader'
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+      }
+    ]
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    diagnosticLogCategoriesToEnable: [
+      'Engine'
+      'Service'
+    ]
+    diagnosticMetricsToEnable: [
+      'AllMetrics'
+    ]
+  }
+}
diff --git a/modules/Microsoft.AnalysisServices/servers/.test/min.parameters.json b/modules/Microsoft.AnalysisServices/servers/.test/min.parameters.json
deleted file mode 100644
index 33c06055de..0000000000
--- a/modules/Microsoft.AnalysisServices/servers/.test/min.parameters.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>azasweumin001"
-        }
-    }
-}
diff --git a/modules/Microsoft.AnalysisServices/servers/.test/min/deploy.test.bicep b/modules/Microsoft.AnalysisServices/servers/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..1b477fbdf0
--- /dev/null
+++ b/modules/Microsoft.AnalysisServices/servers/.test/min/deploy.test.bicep
@@ -0,0 +1,37 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.analysisservices.servers-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'assmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}'
+  }
+}
diff --git a/modules/Microsoft.AnalysisServices/servers/.test/parameters.json b/modules/Microsoft.AnalysisServices/servers/.test/parameters.json
deleted file mode 100644
index 592ffff258..0000000000
--- a/modules/Microsoft.AnalysisServices/servers/.test/parameters.json
+++ /dev/null
@@ -1,40 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>azasweux001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "skuName": {
-            "value": "S0"
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.AnalysisServices/servers/readme.md b/modules/Microsoft.AnalysisServices/servers/readme.md
index 9fcc375ebe..62631eb698 100644
--- a/modules/Microsoft.AnalysisServices/servers/readme.md
+++ b/modules/Microsoft.AnalysisServices/servers/readme.md
@@ -174,13 +174,100 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module servers './Microsoft.AnalysisServices/servers/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-servers'
+  name: '${uniqueString(deployment().name)}-test-asdef'
   params: {
     // Required parameters
-    name: '<<namePrefix>>azasweumax001'
+    name: '<<namePrefix>>assdef'
     // Non-required parameters
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
+    lock: 'CanNotDelete'
+    roleAssignments: [
+      {
+        principalIds: [
+          '<managedIdentityPrincipalId>'
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    skuName: 'S0'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "name": {
+      "value": "<<namePrefix>>azasdef"
+    },
+    // Non-required parameters
+    "diagnosticEventHubAuthorizationRuleId": {
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
+    },
+    "diagnosticEventHubName": {
+      "value": "<diagnosticEventHubName>"
+    },
+    "diagnosticLogsRetentionInDays": {
+      "value": 7
+    },
+    "diagnosticStorageAccountId": {
+      "value": "<diagnosticStorageAccountId>"
+    },
+    "diagnosticWorkspaceId": {
+      "value": "<diagnosticWorkspaceId>"
+    },
+    "lock": {
+      "value": "CanNotDelete"
+    },
+    "roleAssignments": {
+      "value": [
+        {
+          "principalIds": [
+            "<managedIdentityPrincipalId>"
+          ],
+          "roleDefinitionIdOrName": "Reader"
+        }
+      ]
+    },
+    "skuName": {
+      "value": "S0"
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<h3>Example 2: Max</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module servers './Microsoft.AnalysisServices/servers/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-asmax'
+  params: {
+    // Required parameters
+    name: '<<namePrefix>>azasmax'
+    // Non-required parameters
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogCategoriesToEnable: [
       'Engine'
       'Service'
@@ -230,7 +317,7 @@ module servers './Microsoft.AnalysisServices/servers/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>azasweumax001"
+      "value": "<<namePrefix>>azasmax"
     },
     // Non-required parameters
     "diagnosticEventHubAuthorizationRuleId": {
@@ -297,44 +384,7 @@ module servers './Microsoft.AnalysisServices/servers/deploy.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module servers './Microsoft.AnalysisServices/servers/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-servers'
-  params: {
-    name: '<<namePrefix>>azasweumin001'
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    "name": {
-      "value": "<<namePrefix>>azasweumin001"
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 3: Parameters</h3>
+<h3>Example 3: Min</h3>
 
 <details>
 
@@ -342,7 +392,7 @@ module servers './Microsoft.AnalysisServices/servers/deploy.bicep' = {
 
 ```bicep
 module servers './Microsoft.AnalysisServices/servers/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-servers'
+  name: '${uniqueString(deployment().name)}-test-asmin'
   params: {
     // Required parameters
     name: '<<namePrefix>>azasweux001'
@@ -380,39 +430,7 @@ module servers './Microsoft.AnalysisServices/servers/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>azasweux001"
-    },
-    // Non-required parameters
-    "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-    },
-    "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
-    },
-    "diagnosticLogsRetentionInDays": {
-      "value": 7
-    },
-    "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-    },
-    "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-    },
-    "lock": {
-      "value": "CanNotDelete"
-    },
-    "roleAssignments": {
-      "value": [
-        {
-          "principalIds": [
-            "<<deploymentSpId>>"
-          ],
-          "roleDefinitionIdOrName": "Reader"
-        }
-      ]
-    },
-    "skuName": {
-      "value": "S0"
+      "value": "<<namePrefix>>azasmin"
     }
   }
 }
diff --git a/modules/Microsoft.ApiManagement/service/.test/default/dependencies.bicep b/modules/Microsoft.ApiManagement/service/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..bfae36a05d
--- /dev/null
+++ b/modules/Microsoft.ApiManagement/service/.test/default/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/Microsoft.ApiManagement/service/.test/default/deploy.test.bicep b/modules/Microsoft.ApiManagement/service/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..ccaba404ab
--- /dev/null
+++ b/modules/Microsoft.ApiManagement/service/.test/default/deploy.test.bicep
@@ -0,0 +1,80 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.apimanagement.service-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apisdef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
+    publisherName: '<<namePrefix>>-az-amorg-x-001'
+    lock: 'CanNotDelete'
+    policies: [
+      {
+        format: 'xml'
+        value: '<policies> <inbound> <rate-limit-by-key calls=\'250\' renewal-period=\'60\' counter-key=\'@(context.Request.IpAddress)\' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>'
+      }
+    ]
+    portalSettings: [
+      {
+        name: 'signin'
+        properties: {
+          enabled: false
+        }
+      }
+      {
+        name: 'signup'
+        properties: {
+          enabled: false
+          termsOfService: {
+            consentRequired: false
+            enabled: false
+          }
+        }
+      }
+    ]
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+  }
+}
diff --git a/modules/Microsoft.ApiManagement/service/.test/max.parameters.json b/modules/Microsoft.ApiManagement/service/.test/max.parameters.json
deleted file mode 100644
index f760ecf1d4..0000000000
--- a/modules/Microsoft.ApiManagement/service/.test/max.parameters.json
+++ /dev/null
@@ -1,177 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-apim-max-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "publisherEmail": {
-            "value": "apimgmt-noreply@mail.windowsazure.com"
-        },
-        "publisherName": {
-            "value": "<<namePrefix>>-az-amorg-x-001"
-        },
-        "apis": {
-            "value": [
-                {
-                    "name": "echo-api",
-                    "displayName": "Echo API",
-                    "path": "echo",
-                    "serviceUrl": "http://echoapi.cloudapp.net/api",
-                    "apiVersionSet": {
-                        "name": "echo-version-set",
-                        "properties": {
-                            "description": "echo-version-set",
-                            "displayName": "echo-version-set",
-                            "versioningScheme": "Segment"
-                        }
-                    }
-                }
-            ]
-        },
-        "authorizationServers": {
-            "value": [
-                {
-                    "name": "AuthServer1",
-                    "authorizationEndpoint": "https://login.microsoftonline.com/651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/authorize",
-                    "grantTypes": [
-                        "authorizationCode"
-                    ],
-                    "clientCredentialsKeyVaultId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001",
-                    "clientIdSecretName": "apimclientid",
-                    "clientSecretSecretName": "apimclientsecret",
-                    "clientRegistrationEndpoint": "http://localhost",
-                    "tokenEndpoint": "https://login.microsoftonline.com/651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/token"
-                }
-            ]
-        },
-        "backends": {
-            "value": [
-                {
-                    "name": "backend",
-                    "url": "http://echoapi.cloudapp.net/api",
-                    "tls": {
-                        "validateCertificateChain": false,
-                        "validateCertificateName": false
-                    }
-                }
-            ]
-        },
-        "caches": {
-            "value": [
-                {
-                    "name": "westeurope",
-                    "connectionString": "connectionstringtest",
-                    "useFromLocation": "westeurope"
-                }
-            ]
-        },
-        "identityProviders": {
-            "value": [
-                {
-                    "name": "aadProvider"
-                }
-            ]
-        },
-        "namedValues": {
-            "value": [
-                {
-                    "name": "apimkey",
-                    "displayName": "apimkey",
-                    "secret": true
-                }
-            ]
-        },
-        "policies": {
-            "value": [
-                {
-                    "value": "<policies> <inbound> <rate-limit-by-key calls='250' renewal-period='60' counter-key='@(context.Request.IpAddress)' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>",
-                    "format": "xml"
-                }
-            ]
-        },
-        "portalSettings": {
-            "value": [
-                {
-                    "name": "signin",
-                    "properties": {
-                        "enabled": false
-                    }
-                },
-                {
-                    "name": "signup",
-                    "properties": {
-                        "enabled": false,
-                        "termsOfService": {
-                            "enabled": false,
-                            "consentRequired": false
-                        }
-                    }
-                }
-            ]
-        },
-        "products": {
-            "value": [
-                {
-                    "name": "Starter",
-                    "subscriptionRequired": false,
-                    "approvalRequired": false,
-                    "apis": [
-                        {
-                            "name": "echo-api"
-                        }
-                    ],
-                    "groups": [
-                        {
-                            "name": "developers"
-                        }
-                    ]
-                }
-            ]
-        },
-        "subscriptions": {
-            "value": [
-                {
-                    "scope": "/apis",
-                    "name": "testArmSubscriptionAllApis"
-                }
-            ]
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.ApiManagement/service/.test/max/dependencies.bicep b/modules/Microsoft.ApiManagement/service/.test/max/dependencies.bicep
new file mode 100644
index 0000000000..9bf566f5d9
--- /dev/null
+++ b/modules/Microsoft.ApiManagement/service/.test/max/dependencies.bicep
@@ -0,0 +1,56 @@
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Optional. The secret to store in the Key Vault. Is auto-generated if not provided.')
+@secure()
+param customSecret string = newGuid()
+
+var keyVaultSecretName = 'apimclientsecret'
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+  name: keyVaultName
+  location: location
+  properties: {
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    tenantId: tenant().tenantId
+    enablePurgeProtection: null
+    enabledForTemplateDeployment: true
+    enabledForDiskEncryption: true
+    enabledForDeployment: true
+    enableRbacAuthorization: true
+    accessPolicies: []
+  }
+
+  resource secret 'secrets@2022-07-01' = {
+    name: keyVaultSecretName
+    properties: {
+      value: customSecret
+    }
+  }
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The resource ID of the created Key Vault.')
+output keyVaultResourceId string = keyVault.id
+
+@description('The name of the created Key Vault secret.')
+output keyVaultSecretName string = keyVaultSecretName
diff --git a/modules/Microsoft.ApiManagement/service/.test/max/deploy.test.bicep b/modules/Microsoft.ApiManagement/service/.test/max/deploy.test.bicep
new file mode 100644
index 0000000000..c193d64561
--- /dev/null
+++ b/modules/Microsoft.ApiManagement/service/.test/max/deploy.test.bicep
@@ -0,0 +1,187 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.apimanagement.service-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apismax'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>azsa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
+    publisherName: '<<namePrefix>>-az-amorg-x-001'
+    // Non-required parameters
+    apis: [
+      {
+        apiVersionSet: {
+          name: 'echo-version-set'
+          properties: {
+            description: 'echo-version-set'
+            displayName: 'echo-version-set'
+            versioningScheme: 'Segment'
+          }
+        }
+        displayName: 'Echo API'
+        name: 'echo-api'
+        path: 'echo'
+        serviceUrl: 'http://echoapi.cloudapp.net/api'
+      }
+    ]
+    authorizationServers: [
+      {
+        authorizationEndpoint: '${environment().authentication.loginEndpoint}651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/authorize'
+        clientCredentialsKeyVaultId: resourceGroupResources.outputs.keyVaultResourceId
+        clientIdSecretName: resourceGroupResources.outputs.keyVaultSecretName
+        clientRegistrationEndpoint: 'http://localhost'
+        clientSecretSecretName: resourceGroupResources.outputs.keyVaultSecretName
+        grantTypes: [
+          'authorizationCode'
+        ]
+        name: 'AuthServer1'
+        tokenEndpoint: '${environment().authentication.loginEndpoint}651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/token'
+      }
+    ]
+    backends: [
+      {
+        name: 'backend'
+        tls: {
+          validateCertificateChain: false
+          validateCertificateName: false
+        }
+        url: 'http://echoapi.cloudapp.net/api'
+      }
+    ]
+    caches: [
+      {
+        connectionString: 'connectionstringtest'
+        name: 'westeurope'
+        useFromLocation: 'westeurope'
+      }
+    ]
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    identityProviders: [
+      {
+        name: 'aadProvider'
+      }
+    ]
+    lock: 'CanNotDelete'
+    namedValues: [
+      {
+        displayName: 'apimkey'
+        name: 'apimkey'
+        secret: true
+      }
+    ]
+    policies: [
+      {
+        format: 'xml'
+        value: '<policies> <inbound> <rate-limit-by-key calls=\'250\' renewal-period=\'60\' counter-key=\'@(context.Request.IpAddress)\' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>'
+      }
+    ]
+    portalSettings: [
+      {
+        name: 'signin'
+        properties: {
+          enabled: false
+        }
+      }
+      {
+        name: 'signup'
+        properties: {
+          enabled: false
+          termsOfService: {
+            consentRequired: false
+            enabled: false
+          }
+        }
+      }
+    ]
+    products: [
+      {
+        apis: [
+          {
+            name: 'echo-api'
+          }
+        ]
+        approvalRequired: false
+        groups: [
+          {
+            name: 'developers'
+          }
+        ]
+        name: 'Starter'
+        subscriptionRequired: false
+      }
+    ]
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    subscriptions: [
+      {
+        name: 'testArmSubscriptionAllApis'
+        scope: '/apis'
+      }
+    ]
+    systemAssignedIdentity: true
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.ApiManagement/service/.test/min.parameters.json b/modules/Microsoft.ApiManagement/service/.test/min.parameters.json
deleted file mode 100644
index d71e822cc5..0000000000
--- a/modules/Microsoft.ApiManagement/service/.test/min.parameters.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-apim-min-001"
-        },
-        "publisherEmail": {
-            "value": "apimgmt-noreply@mail.windowsazure.com"
-        },
-        "publisherName": {
-            "value": "<<namePrefix>>-az-amorg-x-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.ApiManagement/service/.test/min/deploy.test.bicep b/modules/Microsoft.ApiManagement/service/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..cefa054c83
--- /dev/null
+++ b/modules/Microsoft.ApiManagement/service/.test/min/deploy.test.bicep
@@ -0,0 +1,39 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.apimanagement.service-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apismin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
+    publisherName: '<<namePrefix>>-az-amorg-x-001'
+  }
+}
diff --git a/modules/Microsoft.ApiManagement/service/.test/parameters.json b/modules/Microsoft.ApiManagement/service/.test/parameters.json
deleted file mode 100644
index 8f73097f17..0000000000
--- a/modules/Microsoft.ApiManagement/service/.test/parameters.json
+++ /dev/null
@@ -1,56 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-apim-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "publisherEmail": {
-            "value": "apimgmt-noreply@mail.windowsazure.com"
-        },
-        "publisherName": {
-            "value": "<<namePrefix>>-az-amorg-x-001"
-        },
-        "portalSettings": {
-            "value": [
-                {
-                    "name": "signin",
-                    "properties": {
-                        "enabled": false
-                    }
-                },
-                {
-                    "name": "signup",
-                    "properties": {
-                        "enabled": false,
-                        "termsOfService": {
-                            "enabled": false,
-                            "consentRequired": false
-                        }
-                    }
-                }
-            ]
-        },
-        "policies": {
-            "value": [
-                {
-                    "value": "<policies> <inbound> <rate-limit-by-key calls='250' renewal-period='60' counter-key='@(context.Request.IpAddress)' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>",
-                    "format": "xml"
-                }
-            ]
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.ApiManagement/service/readme.md b/modules/Microsoft.ApiManagement/service/readme.md
index b3aedc1115..4b8c3dc164 100644
--- a/modules/Microsoft.ApiManagement/service/readme.md
+++ b/modules/Microsoft.ApiManagement/service/readme.md
@@ -281,7 +281,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Max</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
@@ -289,10 +289,133 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module service './Microsoft.ApiManagement/service/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-service'
+  name: '${uniqueString(deployment().name)}-test-apisdef'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-apim-max-001'
+    name: '<<namePrefix>>apisdef001'
+    publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
+    publisherName: '<<namePrefix>>-az-amorg-x-001'
+    // Non-required parameters
+    lock: 'CanNotDelete'
+    policies: [
+      {
+        format: 'xml'
+        value: '<policies> <inbound> <rate-limit-by-key calls=\'250\' renewal-period=\'60\' counter-key=\'@(context.Request.IpAddress)\' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>'
+      }
+    ]
+    portalSettings: [
+      {
+        name: 'signin'
+        properties: {
+          enabled: false
+        }
+      }
+      {
+        name: 'signup'
+        properties: {
+          enabled: false
+          termsOfService: {
+            consentRequired: false
+            enabled: false
+          }
+        }
+      }
+    ]
+    roleAssignments: [
+      {
+        principalIds: [
+          '<managedIdentityPrincipalId>'
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "name": {
+      "value": "<<namePrefix>>apisdef001"
+    },
+    "publisherEmail": {
+      "value": "apimgmt-noreply@mail.windowsazure.com"
+    },
+    "publisherName": {
+      "value": "<<namePrefix>>-az-amorg-x-001"
+    },
+    // Non-required parameters
+    "lock": {
+      "value": "CanNotDelete"
+    },
+    "policies": {
+      "value": [
+        {
+          "format": "xml",
+          "value": "<policies> <inbound> <rate-limit-by-key calls=\"250\" renewal-period=\"60\" counter-key=\"@(context.Request.IpAddress)\" /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>"
+        }
+      ]
+    },
+    "portalSettings": {
+      "value": [
+        {
+          "name": "signin",
+          "properties": {
+            "enabled": false
+          }
+        },
+        {
+          "name": "signup",
+          "properties": {
+            "enabled": false,
+            "termsOfService": {
+              "consentRequired": false,
+              "enabled": false
+            }
+          }
+        }
+      ]
+    },
+    "roleAssignments": {
+      "value": [
+        {
+          "principalIds": [
+            "<managedIdentityPrincipalId>"
+          ],
+          "roleDefinitionIdOrName": "Reader"
+        }
+      ]
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<h3>Example 2: Max</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module service './Microsoft.ApiManagement/service/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-apismax'
+  params: {
+    // Required parameters
+    name: '<<namePrefix>>apismax001'
     publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
     publisherName: '<<namePrefix>>-az-amorg-x-001'
     // Non-required parameters
@@ -314,16 +437,16 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
     ]
     authorizationServers: [
       {
-        authorizationEndpoint: 'https://login.microsoftonline.com/651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/authorize'
-        clientCredentialsKeyVaultId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001'
-        clientIdSecretName: 'apimclientid'
+        authorizationEndpoint: '${environment().authentication.loginEndpoint}651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/authorize'
+        clientCredentialsKeyVaultId: '<clientCredentialsKeyVaultId>'
+        clientIdSecretName: '<clientIdSecretName>'
         clientRegistrationEndpoint: 'http://localhost'
-        clientSecretSecretName: 'apimclientsecret'
+        clientSecretSecretName: '<clientSecretSecretName>'
         grantTypes: [
           'authorizationCode'
         ]
         name: 'AuthServer1'
-        tokenEndpoint: 'https://login.microsoftonline.com/651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/token'
+        tokenEndpoint: '${environment().authentication.loginEndpoint}651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/token'
       }
     ]
     backends: [
@@ -343,11 +466,11 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
         useFromLocation: 'westeurope'
       }
     ]
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     identityProviders: [
       {
         name: 'aadProvider'
@@ -364,7 +487,7 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
     policies: [
       {
         format: 'xml'
-        value: '<policies> <inbound> <rate-limit-by-key calls='250' renewal-period='60' counter-key='@(context.Request.IpAddress)' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>'
+        value: '<policies> <inbound> <rate-limit-by-key calls=\'250\' renewal-period=\'60\' counter-key=\'@(context.Request.IpAddress)\' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>'
       }
     ]
     portalSettings: [
@@ -405,7 +528,7 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -413,12 +536,11 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
     subscriptions: [
       {
         name: 'testArmSubscriptionAllApis'
-        scope: '/apis'
       }
     ]
     systemAssignedIdentity: true
     userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+      '<managedIdentityResourceId>': {}
     }
   }
 }
@@ -438,7 +560,7 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-apim-max-001"
+      "value": "<<namePrefix>>apismax001"
     },
     "publisherEmail": {
       "value": "apimgmt-noreply@mail.windowsazure.com"
@@ -468,16 +590,16 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
     "authorizationServers": {
       "value": [
         {
-          "authorizationEndpoint": "https://login.microsoftonline.com/651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/authorize",
-          "clientCredentialsKeyVaultId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001",
-          "clientIdSecretName": "apimclientid",
+          "authorizationEndpoint": "${environment().authentication.loginEndpoint}651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/authorize",
+          "clientCredentialsKeyVaultId": "<clientCredentialsKeyVaultId>",
+          "clientIdSecretName": "<clientIdSecretName>",
           "clientRegistrationEndpoint": "http://localhost",
-          "clientSecretSecretName": "apimclientsecret",
+          "clientSecretSecretName": "<clientSecretSecretName>",
           "grantTypes": [
             "authorizationCode"
           ],
           "name": "AuthServer1",
-          "tokenEndpoint": "https://login.microsoftonline.com/651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/token"
+          "tokenEndpoint": "${environment().authentication.loginEndpoint}651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/token"
         }
       ]
     },
@@ -503,19 +625,19 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
       ]
     },
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "identityProviders": {
       "value": [
@@ -540,7 +662,7 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
       "value": [
         {
           "format": "xml",
-          "value": "<policies> <inbound> <rate-limit-by-key calls='250' renewal-period='60' counter-key='@(context.Request.IpAddress)' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>"
+          "value": "<policies> <inbound> <rate-limit-by-key calls=\"250\" renewal-period=\"60\" counter-key=\"@(context.Request.IpAddress)\" /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>"
         }
       ]
     },
@@ -587,7 +709,7 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -596,8 +718,7 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
     "subscriptions": {
       "value": [
         {
-          "name": "testArmSubscriptionAllApis",
-          "scope": "/apis"
+          "name": "testArmSubscriptionAllApis"
         }
       ]
     },
@@ -606,7 +727,7 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
     },
     "userAssignedIdentities": {
       "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+        "<managedIdentityResourceId>": {}
       }
     }
   }
@@ -616,7 +737,7 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+<h3>Example 3: Min</h3>
 
 <details>
 
@@ -624,10 +745,10 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
 
 ```bicep
 module service './Microsoft.ApiManagement/service/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-service'
+  name: '${uniqueString(deployment().name)}-test-apismin'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-apim-min-001'
+    name: '<<namePrefix>>apismin001'
     publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
     publisherName: '<<namePrefix>>-az-amorg-x-001'
   }
@@ -648,7 +769,7 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-apim-min-001"
+      "value": "<<namePrefix>>apismin001"
     },
     "publisherEmail": {
       "value": "apimgmt-noreply@mail.windowsazure.com"
@@ -662,126 +783,3 @@ module service './Microsoft.ApiManagement/service/deploy.bicep' = {
 
 </details>
 <p>
-
-<h3>Example 3: Parameters</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module service './Microsoft.ApiManagement/service/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-service'
-  params: {
-    // Required parameters
-    name: '<<namePrefix>>-az-apim-x-001'
-    publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
-    publisherName: '<<namePrefix>>-az-amorg-x-001'
-    // Non-required parameters
-    lock: 'CanNotDelete'
-    policies: [
-      {
-        format: 'xml'
-        value: '<policies> <inbound> <rate-limit-by-key calls='250' renewal-period='60' counter-key='@(context.Request.IpAddress)' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>'
-      }
-    ]
-    portalSettings: [
-      {
-        name: 'signin'
-        properties: {
-          enabled: false
-        }
-      }
-      {
-        name: 'signup'
-        properties: {
-          enabled: false
-          termsOfService: {
-            consentRequired: false
-            enabled: false
-          }
-        }
-      }
-    ]
-    roleAssignments: [
-      {
-        principalIds: [
-          '<<deploymentSpId>>'
-        ]
-        roleDefinitionIdOrName: 'Reader'
-      }
-    ]
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "name": {
-      "value": "<<namePrefix>>-az-apim-x-001"
-    },
-    "publisherEmail": {
-      "value": "apimgmt-noreply@mail.windowsazure.com"
-    },
-    "publisherName": {
-      "value": "<<namePrefix>>-az-amorg-x-001"
-    },
-    // Non-required parameters
-    "lock": {
-      "value": "CanNotDelete"
-    },
-    "policies": {
-      "value": [
-        {
-          "format": "xml",
-          "value": "<policies> <inbound> <rate-limit-by-key calls='250' renewal-period='60' counter-key='@(context.Request.IpAddress)' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>"
-        }
-      ]
-    },
-    "portalSettings": {
-      "value": [
-        {
-          "name": "signin",
-          "properties": {
-            "enabled": false
-          }
-        },
-        {
-          "name": "signup",
-          "properties": {
-            "enabled": false,
-            "termsOfService": {
-              "consentRequired": false,
-              "enabled": false
-            }
-          }
-        }
-      ]
-    },
-    "roleAssignments": {
-      "value": [
-        {
-          "principalIds": [
-            "<<deploymentSpId>>"
-          ],
-          "roleDefinitionIdOrName": "Reader"
-        }
-      ]
-    }
-  }
-}
-```
-
-</details>
-<p>
diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/default/dependencies.bicep b/modules/Microsoft.AppConfiguration/configurationStores/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..bfae36a05d
--- /dev/null
+++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/default/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/default/deploy.test.bicep b/modules/Microsoft.AppConfiguration/configurationStores/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..f8b4b8f364
--- /dev/null
+++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/default/deploy.test.bicep
@@ -0,0 +1,94 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.appconfiguration.configurationstores-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'accdef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    createMode: 'Default'
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    disableLocalAuth: false
+    enablePurgeProtection: false
+    keyValues: [
+      {
+        contentType: 'contentType'
+        name: 'keyName'
+        roleAssignments: [
+          {
+            principalIds: [
+              resourceGroupResources.outputs.managedIdentityPrincipalId
+            ]
+            roleDefinitionIdOrName: 'Reader'
+          }
+        ]
+        value: 'valueName'
+      }
+    ]
+    lock: 'CanNotDelete'
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    softDeleteRetentionInDays: 1
+    systemAssignedIdentity: true
+  }
+}
diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/min.parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.test/min.parameters.json
deleted file mode 100644
index ccc759e927..0000000000
--- a/modules/Microsoft.AppConfiguration/configurationStores/.test/min.parameters.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-appc-min-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/min/dependencies.bicep b/modules/Microsoft.AppConfiguration/configurationStores/.test/min/dependencies.bicep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/min/deploy.test.bicep b/modules/Microsoft.AppConfiguration/configurationStores/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..99b324e4a2
--- /dev/null
+++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/min/deploy.test.bicep
@@ -0,0 +1,37 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.appconfiguration.configurationstores-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'accmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+  }
+}
diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json
deleted file mode 100644
index 0b7490ea14..0000000000
--- a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json
+++ /dev/null
@@ -1,69 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-appc-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "keyValues": {
-            "value": [
-                {
-                    "name": "keyName",
-                    "value": "valueName",
-                    "contentType": "contentType",
-                    "roleAssignments": [
-                        {
-                            "roleDefinitionIdOrName": "Reader",
-                            "principalIds": [
-                                "<<deploymentSpId>>"
-                            ]
-                        }
-                    ]
-                }
-            ]
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "createMode": {
-            "value": "Default"
-        },
-        "disableLocalAuth": {
-            "value": false
-        },
-        "enablePurgeProtection": {
-            "value": false
-        },
-        "softDeleteRetentionInDays": {
-            "value": 1
-        }
-    }
-}
diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/pe.parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.test/pe.parameters.json
deleted file mode 100644
index baab61d420..0000000000
--- a/modules/Microsoft.AppConfiguration/configurationStores/.test/pe.parameters.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-appc-pe-001"
-        },
-        "createMode": {
-            "value": "Default"
-        },
-        "disableLocalAuth": {
-            "value": false
-        },
-        "enablePurgeProtection": {
-            "value": false
-        },
-        "softDeleteRetentionInDays": {
-            "value": 1
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "configurationStores",
-                    "privateDnsZoneGroup": {
-                        "privateDNSResourceIds": [
-                            "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io"
-                        ]
-                    }
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/pe/dependencies.bicep b/modules/Microsoft.AppConfiguration/configurationStores/.test/pe/dependencies.bicep
new file mode 100644
index 0000000000..f122466913
--- /dev/null
+++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/pe/dependencies.bicep
@@ -0,0 +1,47 @@
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+  name: virtualNetworkName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/24'
+      ]
+    }
+    subnets: [
+      {
+        name: 'defaultSubnet'
+        properties: {
+          addressPrefix: '10.0.0.0/24'
+        }
+      }
+    ]
+  }
+}
+
+resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
+  name: 'privatelink.azconfig.io'
+  location: 'global'
+
+  resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = {
+    name: '${virtualNetworkName}-vnetlink'
+    location: 'global'
+    properties: {
+      virtualNetwork: {
+        id: virtualNetwork.id
+      }
+      registrationEnabled: false
+    }
+  }
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output privateDNSResourceId string = privateDNSZone.id
diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/pe/deploy.test.bicep b/modules/Microsoft.AppConfiguration/configurationStores/.test/pe/deploy.test.bicep
new file mode 100644
index 0000000000..6c60d7eea8
--- /dev/null
+++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/pe/deploy.test.bicep
@@ -0,0 +1,60 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.appconfiguration.configurationstores-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'accpe'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    createMode: 'Default'
+    disableLocalAuth: false
+    enablePurgeProtection: false
+    privateEndpoints: [
+      {
+        privateDnsZoneGroup: {
+          privateDNSResourceIds: [
+            resourceGroupResources.outputs.privateDNSResourceId
+          ]
+        }
+        service: 'configurationStores'
+        subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+      }
+    ]
+    softDeleteRetentionInDays: 1
+  }
+}
diff --git a/modules/Microsoft.AppConfiguration/configurationStores/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/readme.md
index 3a55cccdf9..9e0aef6720 100644
--- a/modules/Microsoft.AppConfiguration/configurationStores/readme.md
+++ b/modules/Microsoft.AppConfiguration/configurationStores/readme.md
@@ -295,7 +295,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Min</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
@@ -303,54 +303,17 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module configurationStores './Microsoft.AppConfiguration/configurationStores/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-configurationStores'
-  params: {
-    name: '<<namePrefix>>-az-appc-min-001'
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    "name": {
-      "value": "<<namePrefix>>-az-appc-min-001"
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Parameters</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module configurationStores './Microsoft.AppConfiguration/configurationStores/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-configurationStores'
+  name: '${uniqueString(deployment().name)}-test-accdef'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-appc-x-001'
+    name: '<<namePrefix>>accdef001'
     // Non-required parameters
     createMode: 'Default'
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     disableLocalAuth: false
     enablePurgeProtection: false
     keyValues: [
@@ -360,7 +323,7 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep
         roleAssignments: [
           {
             principalIds: [
-              '<<deploymentSpId>>'
+              '<managedIdentityPrincipalId>'
             ]
             roleDefinitionIdOrName: 'Reader'
           }
@@ -372,7 +335,7 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -397,26 +360,26 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-appc-x-001"
+      "value": "<<namePrefix>>accdef001"
     },
     // Non-required parameters
     "createMode": {
       "value": "Default"
     },
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "disableLocalAuth": {
       "value": false
@@ -432,7 +395,7 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep
           "roleAssignments": [
             {
               "principalIds": [
-                "<<deploymentSpId>>"
+                "<managedIdentityPrincipalId>"
               ],
               "roleDefinitionIdOrName": "Reader"
             }
@@ -448,7 +411,7 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -467,6 +430,43 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep
 </details>
 <p>
 
+<h3>Example 2: Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module configurationStores './Microsoft.AppConfiguration/configurationStores/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-accmin'
+  params: {
+    name: '<<namePrefix>>accmin001'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "name": {
+      "value": "<<namePrefix>>accmin001"
+    }
+  }
+}
+```
+
+</details>
+<p>
+
 <h3>Example 3: Pe</h3>
 
 <details>
@@ -475,10 +475,10 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep
 
 ```bicep
 module configurationStores './Microsoft.AppConfiguration/configurationStores/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-configurationStores'
+  name: '${uniqueString(deployment().name)}-test-accpe'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-appc-pe-001'
+    name: '<<namePrefix>>accpe001'
     // Non-required parameters
     createMode: 'Default'
     disableLocalAuth: false
@@ -487,11 +487,11 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep
       {
         privateDnsZoneGroup: {
           privateDNSResourceIds: [
-            '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io'
+            '<privateDNSResourceId>'
           ]
         }
         service: 'configurationStores'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
+        subnetResourceId: '<subnetResourceId>'
       }
     ]
     softDeleteRetentionInDays: 1
@@ -513,7 +513,7 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-appc-pe-001"
+      "value": "<<namePrefix>>accpe001"
     },
     // Non-required parameters
     "createMode": {
@@ -530,11 +530,11 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep
         {
           "privateDnsZoneGroup": {
             "privateDNSResourceIds": [
-              "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io"
+              "<privateDNSResourceId>"
             ]
           },
           "service": "configurationStores",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints"
+          "subnetResourceId": "<subnetResourceId>"
         }
       ]
     },
diff --git a/modules/Microsoft.Authorization/locks/.test/default/deploy.test.bicep b/modules/Microsoft.Authorization/locks/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..b5d1fdf8b3
--- /dev/null
+++ b/modules/Microsoft.Authorization/locks/.test/default/deploy.test.bicep
@@ -0,0 +1,38 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.authorization.locks-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'aldef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    level: 'CanNotDelete'
+    resourceGroupName: resourceGroup.name
+    subscriptionId: subscription().subscriptionId
+  }
+}
diff --git a/modules/Microsoft.Authorization/locks/.test/rg.parameters.json b/modules/Microsoft.Authorization/locks/.test/rg.parameters.json
deleted file mode 100644
index dc4870ce99..0000000000
--- a/modules/Microsoft.Authorization/locks/.test/rg.parameters.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "level": {
-            "value": "CanNotDelete"
-        },
-        "resourceGroupName": {
-            "value": "adp-<<namePrefix>>-az-locks-rg-001"
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/locks/readme.md b/modules/Microsoft.Authorization/locks/readme.md
index 9533d2924d..0020a528dd 100644
--- a/modules/Microsoft.Authorization/locks/readme.md
+++ b/modules/Microsoft.Authorization/locks/readme.md
@@ -51,7 +51,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Rg</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
@@ -59,13 +59,13 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module locks './Microsoft.Authorization/locks/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-locks'
+  name: '${uniqueString(deployment().name)}-test-aldef'
   params: {
     // Required parameters
     level: 'CanNotDelete'
     // Non-required parameters
-    resourceGroupName: 'adp-<<namePrefix>>-az-locks-rg-001'
-    subscriptionId: '<<subscriptionId>>'
+    resourceGroupName: '<resourceGroupName>'
+    subscriptionId: '<subscriptionId>'
   }
 }
 ```
@@ -88,10 +88,10 @@ module locks './Microsoft.Authorization/locks/deploy.bicep' = {
     },
     // Non-required parameters
     "resourceGroupName": {
-      "value": "adp-<<namePrefix>>-az-locks-rg-001"
+      "value": "<resourceGroupName>"
     },
     "subscriptionId": {
-      "value": "<<subscriptionId>>"
+      "value": "<subscriptionId>"
     }
   }
 }
diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/mg.min.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.test/mg.min.parameters.json
deleted file mode 100644
index 7271e1d839..0000000000
--- a/modules/Microsoft.Authorization/policyAssignments/.test/mg.min.parameters.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-min-mg-polAss"
-        },
-        "policyDefinitionID": {
-            "value": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/mg.min/deploy.test.bicep b/modules/Microsoft.Authorization/policyAssignments/.test/mg.min/deploy.test.bicep
new file mode 100644
index 0000000000..6305e6bdd7
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyAssignments/.test/mg.min/deploy.test.bicep
@@ -0,0 +1,19 @@
+targetScope = 'managementGroup'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apamgmin'
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d'
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/mg.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.test/mg.parameters.json
deleted file mode 100644
index d0c1451ff8..0000000000
--- a/modules/Microsoft.Authorization/policyAssignments/.test/mg.parameters.json
+++ /dev/null
@@ -1,63 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-mg-polAss"
-        },
-        "displayName": {
-            "value": "[Display Name] Policy Assignment at the management group scope"
-        },
-        "description": {
-            "value": "[Description] Policy Assignment at the management group scope"
-        },
-        "policyDefinitionId": {
-            "value": "/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26"
-        },
-        "parameters": {
-            "value": {
-                "tagName": {
-                    "value": "env"
-                },
-                "tagValue": {
-                    "value": "prod"
-                }
-            }
-        },
-        "nonComplianceMessages": {
-            "value": [
-                {
-                    "message": "Violated Policy Assignment - This is a Non Compliance Message"
-                }
-            ]
-        },
-        "enforcementMode": {
-            "value": "DoNotEnforce"
-        },
-        "metadata": {
-            "value": {
-                "category": "Security",
-                "version": "1.0"
-            }
-        },
-        "location": {
-            "value": "australiaeast"
-        },
-        "notScopes": {
-            "value": [
-                "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg"
-            ]
-        },
-        "identity": {
-            "value": "SystemAssigned"
-        },
-        "roleDefinitionIds": {
-            "value": [
-                "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
-            ]
-        },
-        "managementGroupId": {
-            "value": "<<managementGroupId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/mg/deploy.test.bicep b/modules/Microsoft.Authorization/policyAssignments/.test/mg/deploy.test.bicep
new file mode 100644
index 0000000000..56f55a6158
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyAssignments/.test/mg/deploy.test.bicep
@@ -0,0 +1,51 @@
+targetScope = 'managementGroup'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apamgdef'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26'
+    description: '[Description] Policy Assignment at the management group scope'
+    displayName: '[Display Name] Policy Assignment at the management group scope'
+    enforcementMode: 'DoNotEnforce'
+    identity: 'SystemAssigned'
+    location: location
+    managementGroupId: last(split(managementGroup().id, '/'))
+    metadata: {
+      category: 'Security'
+      version: '1.0'
+    }
+    nonComplianceMessages: [
+      {
+        message: 'Violated Policy Assignment - This is a Non Compliance Message'
+      }
+    ]
+    notScopes: [
+      '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg'
+    ]
+    parameters: {
+      tagName: {
+        value: 'env'
+      }
+      tagValue: {
+        value: 'prod'
+      }
+    }
+    roleDefinitionIds: [
+      '/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+    ]
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/rg.min.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.test/rg.min.parameters.json
deleted file mode 100644
index 8dd48a8dd7..0000000000
--- a/modules/Microsoft.Authorization/policyAssignments/.test/rg.min.parameters.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-min-rg-polAss"
-        },
-        "policyDefinitionID": {
-            "value": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        },
-        "resourceGroupName": {
-            "value": "validation-rg"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/rg.min/deploy.test.bicep b/modules/Microsoft.Authorization/policyAssignments/.test/rg.min/deploy.test.bicep
new file mode 100644
index 0000000000..b54479fd0f
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyAssignments/.test/rg.min/deploy.test.bicep
@@ -0,0 +1,39 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.xxx.xxx-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apargmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../resourceGroup/deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d'
+    subscriptionId: subscription().subscriptionId
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/rg.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.test/rg.parameters.json
deleted file mode 100644
index a42c54dc26..0000000000
--- a/modules/Microsoft.Authorization/policyAssignments/.test/rg.parameters.json
+++ /dev/null
@@ -1,69 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-rg-polAss"
-        },
-        "displayName": {
-            "value": "[Display Name] Policy Assignment at the resource group scope"
-        },
-        "description": {
-            "value": "[Description] Policy Assignment at the resource group scope"
-        },
-        "policyDefinitionId": {
-            "value": "/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26"
-        },
-        "parameters": {
-            "value": {
-                "tagName": {
-                    "value": "env"
-                },
-                "tagValue": {
-                    "value": "prod"
-                }
-            }
-        },
-        "nonComplianceMessages": {
-            "value": [
-                {
-                    "message": "Violated Policy Assignment - This is a Non Compliance Message"
-                }
-            ]
-        },
-        "enforcementMode": {
-            "value": "DoNotEnforce"
-        },
-        "metadata": {
-            "value": {
-                "category": "Security",
-                "version": "1.0"
-            }
-        },
-        "location": {
-            "value": "australiaeast"
-        },
-        "notScopes": {
-            "value": [
-                "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-            ]
-        },
-        "identity": {
-            "value": "UserAssigned"
-        },
-        "userAssignedIdentityId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-        },
-        "roleDefinitionIds": {
-            "value": [
-                "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
-            ]
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        },
-        "resourceGroupName": {
-            "value": "validation-rg"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/rg/dependencies.bicep b/modules/Microsoft.Authorization/policyAssignments/.test/rg/dependencies.bicep
new file mode 100644
index 0000000000..f4151d61c7
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyAssignments/.test/rg/dependencies.bicep
@@ -0,0 +1,33 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+    name: keyVaultName
+    location: location
+    properties: {
+        sku: {
+            family: 'A'
+            name: 'standard'
+        }
+        tenantId: tenant().tenantId
+        enablePurgeProtection: null
+        accessPolicies: []
+    }
+}
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The resource ID of the created Key Vault.')
+output keyVaultResourceId string = keyVault.id
diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/rg/deploy.test.bicep b/modules/Microsoft.Authorization/policyAssignments/.test/rg/deploy.test.bicep
new file mode 100644
index 0000000000..db457c9d0a
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyAssignments/.test/rg/deploy.test.bicep
@@ -0,0 +1,78 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.xxx.xxx-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apargdef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../resourceGroup/deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26'
+    description: '[Description] Policy Assignment at the resource group scope'
+    displayName: '[Display Name] Policy Assignment at the resource group scope'
+    enforcementMode: 'DoNotEnforce'
+    identity: 'UserAssigned'
+    location: location
+    metadata: {
+      category: 'Security'
+      version: '1.0'
+    }
+    nonComplianceMessages: [
+      {
+        message: 'Violated Policy Assignment - This is a Non Compliance Message'
+      }
+    ]
+    notScopes: [
+      resourceGroupResources.outputs.keyVaultResourceId
+    ]
+    parameters: {
+      tagName: {
+        value: 'env'
+      }
+      tagValue: {
+        value: 'prod'
+      }
+    }
+    resourceGroupName: resourceGroup.name
+    roleDefinitionIds: [
+      '/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+    ]
+    subscriptionId: subscription().subscriptionId
+    userAssignedIdentityId: resourceGroupResources.outputs.managedIdentityResourceId
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/sub.min.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.test/sub.min.parameters.json
deleted file mode 100644
index ebadf2e43b..0000000000
--- a/modules/Microsoft.Authorization/policyAssignments/.test/sub.min.parameters.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-min-sub-polAss"
-        },
-        "policyDefinitionID": {
-            "value": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/sub.min/deploy.test.bicep b/modules/Microsoft.Authorization/policyAssignments/.test/sub.min/deploy.test.bicep
new file mode 100644
index 0000000000..3c50fb893a
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyAssignments/.test/sub.min/deploy.test.bicep
@@ -0,0 +1,20 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apasubmin'
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../subscription/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d'
+    subscriptionId: subscription().subscriptionId
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/sub.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.test/sub.parameters.json
deleted file mode 100644
index 09f7c95bfc..0000000000
--- a/modules/Microsoft.Authorization/policyAssignments/.test/sub.parameters.json
+++ /dev/null
@@ -1,66 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-sub-polAss"
-        },
-        "displayName": {
-            "value": "[Display Name] Policy Assignment at the subscription scope"
-        },
-        "description": {
-            "value": "[Description] Policy Assignment at the subscription scope"
-        },
-        "policyDefinitionId": {
-            "value": "/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26"
-        },
-        "parameters": {
-            "value": {
-                "tagName": {
-                    "value": "env"
-                },
-                "tagValue": {
-                    "value": "prod"
-                }
-            }
-        },
-        "nonComplianceMessages": {
-            "value": [
-                {
-                    "message": "Violated Policy Assignment - This is a Non Compliance Message"
-                }
-            ]
-        },
-        "enforcementMode": {
-            "value": "DoNotEnforce"
-        },
-        "metadata": {
-            "value": {
-                "category": "Security",
-                "version": "1.0"
-            }
-        },
-        "location": {
-            "value": "australiaeast"
-        },
-        "notScopes": {
-            "value": [
-                "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg"
-            ]
-        },
-        "identity": {
-            "value": "UserAssigned"
-        },
-        "userAssignedIdentityId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-        },
-        "roleDefinitionIds": {
-            "value": [
-                "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
-            ]
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/sub/dependencies.bicep b/modules/Microsoft.Authorization/policyAssignments/.test/sub/dependencies.bicep
new file mode 100644
index 0000000000..f17c563bb2
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyAssignments/.test/sub/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
diff --git a/modules/Microsoft.Authorization/policyAssignments/.test/sub/deploy.test.bicep b/modules/Microsoft.Authorization/policyAssignments/.test/sub/deploy.test.bicep
new file mode 100644
index 0000000000..303a4f313b
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyAssignments/.test/sub/deploy.test.bicep
@@ -0,0 +1,75 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.authorization.policyassignments-${serviceShort}-rg'
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apasubdef'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../subscription/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26'
+    description: '[Description] Policy Assignment at the subscription scope'
+    displayName: '[Display Name] Policy Assignment at the subscription scope'
+    enforcementMode: 'DoNotEnforce'
+    identity: 'UserAssigned'
+    location: location
+    metadata: {
+      category: 'Security'
+      version: '1.0'
+    }
+    nonComplianceMessages: [
+      {
+        message: 'Violated Policy Assignment - This is a Non Compliance Message'
+      }
+    ]
+    notScopes: [
+      '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg'
+    ]
+    parameters: {
+      tagName: {
+        value: 'env'
+      }
+      tagValue: {
+        value: 'prod'
+      }
+    }
+    roleDefinitionIds: [
+      '/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+    ]
+    subscriptionId: subscription().subscriptionId
+    userAssignedIdentityId: resourceGroupResources.outputs.managedIdentityResourceId
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyAssignments/readme.md b/modules/Microsoft.Authorization/policyAssignments/readme.md
index 5dd13013db..480993c737 100644
--- a/modules/Microsoft.Authorization/policyAssignments/readme.md
+++ b/modules/Microsoft.Authorization/policyAssignments/readme.md
@@ -177,7 +177,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Mg Min</h3>
+<h3>Example 1: Mg</h3>
 
 <details>
 
@@ -185,61 +185,18 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyAssignments'
+  name: '${uniqueString(deployment().name)}-test-apamgdef'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-min-mg-polAss'
-    policyDefinitionID: '/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d'
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "name": {
-      "value": "<<namePrefix>>-min-mg-polAss"
-    },
-    "policyDefinitionID": {
-      "value": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Mg</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyAssignments'
-  params: {
-    // Required parameters
-    name: '<<namePrefix>>-mg-polAss'
+    name: '<<namePrefix>>apamgdef001'
     policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26'
     // Non-required parameters
     description: '[Description] Policy Assignment at the management group scope'
     displayName: '[Display Name] Policy Assignment at the management group scope'
     enforcementMode: 'DoNotEnforce'
     identity: 'SystemAssigned'
-    location: 'australiaeast'
-    managementGroupId: '<<managementGroupId>>'
+    location: '<location>'
+    managementGroupId: '<managementGroupId>'
     metadata: {
       category: 'Security'
       version: '1.0'
@@ -281,7 +238,7 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-mg-polAss"
+      "value": "<<namePrefix>>apamgdef001"
     },
     "policyDefinitionId": {
       "value": "/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26"
@@ -300,10 +257,10 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
       "value": "SystemAssigned"
     },
     "location": {
-      "value": "australiaeast"
+      "value": "<location>"
     },
     "managementGroupId": {
-      "value": "<<managementGroupId>>"
+      "value": "<managementGroupId>"
     },
     "metadata": {
       "value": {
@@ -345,7 +302,7 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
 </details>
 <p>
 
-<h3>Example 3: Rg Min</h3>
+<h3>Example 2: Mg.Min</h3>
 
 <details>
 
@@ -353,14 +310,11 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
 
 ```bicep
 module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyAssignments'
+  name: '${uniqueString(deployment().name)}-test-apamgmin'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-min-rg-polAss'
-    policyDefinitionID: '/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d'
-    // Non-required parameters
-    resourceGroupName: 'validation-rg'
-    subscriptionId: '<<subscriptionId>>'
+    name: '<<namePrefix>>apamgmin001'
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d'
   }
 }
 ```
@@ -379,17 +333,10 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-min-rg-polAss"
+      "value": "<<namePrefix>>apamgmin001"
     },
-    "policyDefinitionID": {
+    "policyDefinitionId": {
       "value": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"
-    },
-    // Non-required parameters
-    "resourceGroupName": {
-      "value": "validation-rg"
-    },
-    "subscriptionId": {
-      "value": "<<subscriptionId>>"
     }
   }
 }
@@ -398,7 +345,7 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
 </details>
 <p>
 
-<h3>Example 4: Rg</h3>
+<h3>Example 3: Rg</h3>
 
 <details>
 
@@ -406,17 +353,17 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
 
 ```bicep
 module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyAssignments'
+  name: '${uniqueString(deployment().name)}-test-apargdef'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-rg-polAss'
+    name: '<<namePrefix>>apargdef001'
     policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26'
     // Non-required parameters
     description: '[Description] Policy Assignment at the resource group scope'
     displayName: '[Display Name] Policy Assignment at the resource group scope'
     enforcementMode: 'DoNotEnforce'
     identity: 'UserAssigned'
-    location: 'australiaeast'
+    location: '<location>'
     metadata: {
       category: 'Security'
       version: '1.0'
@@ -427,7 +374,7 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
       }
     ]
     notScopes: [
-      '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001'
+      '<keyVaultResourceId>'
     ]
     parameters: {
       tagName: {
@@ -437,12 +384,12 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
         value: 'prod'
       }
     }
-    resourceGroupName: 'validation-rg'
+    resourceGroupName: '<resourceGroupName>'
     roleDefinitionIds: [
       '/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
     ]
-    subscriptionId: '<<subscriptionId>>'
-    userAssignedIdentityId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001'
+    subscriptionId: '<subscriptionId>'
+    userAssignedIdentityId: '<userAssignedIdentityId>'
   }
 }
 ```
@@ -461,7 +408,7 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-rg-polAss"
+      "value": "<<namePrefix>>apargdef001"
     },
     "policyDefinitionId": {
       "value": "/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26"
@@ -480,7 +427,7 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
       "value": "UserAssigned"
     },
     "location": {
-      "value": "australiaeast"
+      "value": "<location>"
     },
     "metadata": {
       "value": {
@@ -497,7 +444,7 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
     },
     "notScopes": {
       "value": [
-        "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
+        "<keyVaultResourceId>"
       ]
     },
     "parameters": {
@@ -511,7 +458,7 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
       }
     },
     "resourceGroupName": {
-      "value": "validation-rg"
+      "value": "<resourceGroupName>"
     },
     "roleDefinitionIds": {
       "value": [
@@ -519,10 +466,10 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
       ]
     },
     "subscriptionId": {
-      "value": "<<subscriptionId>>"
+      "value": "<subscriptionId>"
     },
     "userAssignedIdentityId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
+      "value": "<userAssignedIdentityId>"
     }
   }
 }
@@ -531,7 +478,7 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
 </details>
 <p>
 
-<h3>Example 5: Sub Min</h3>
+<h3>Example 4: Rg.Min</h3>
 
 <details>
 
@@ -539,13 +486,13 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
 
 ```bicep
 module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyAssignments'
+  name: '${uniqueString(deployment().name)}-test-apargmin'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-min-sub-polAss'
-    policyDefinitionID: '/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d'
+    name: '<<namePrefix>>apargmin001'
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d'
     // Non-required parameters
-    subscriptionId: '<<subscriptionId>>'
+    subscriptionId: '<subscriptionId>'
   }
 }
 ```
@@ -564,14 +511,14 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-min-sub-polAss"
+      "value": "<<namePrefix>>apargmin001"
     },
-    "policyDefinitionID": {
+    "policyDefinitionId": {
       "value": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"
     },
     // Non-required parameters
     "subscriptionId": {
-      "value": "<<subscriptionId>>"
+      "value": "<subscriptionId>"
     }
   }
 }
@@ -580,7 +527,7 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
 </details>
 <p>
 
-<h3>Example 6: Sub</h3>
+<h3>Example 5: Sub</h3>
 
 <details>
 
@@ -588,17 +535,17 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
 
 ```bicep
 module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyAssignments'
+  name: '${uniqueString(deployment().name)}-test-apasubdef'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-sub-polAss'
+    name: '<<namePrefix>>apasubdef001'
     policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26'
     // Non-required parameters
     description: '[Description] Policy Assignment at the subscription scope'
     displayName: '[Display Name] Policy Assignment at the subscription scope'
     enforcementMode: 'DoNotEnforce'
     identity: 'UserAssigned'
-    location: 'australiaeast'
+    location: '<location>'
     metadata: {
       category: 'Security'
       version: '1.0'
@@ -622,8 +569,8 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
     roleDefinitionIds: [
       '/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
     ]
-    subscriptionId: '<<subscriptionId>>'
-    userAssignedIdentityId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001'
+    subscriptionId: '<subscriptionId>'
+    userAssignedIdentityId: '<userAssignedIdentityId>'
   }
 }
 ```
@@ -642,7 +589,7 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-sub-polAss"
+      "value": "<<namePrefix>>apasubdef001"
     },
     "policyDefinitionId": {
       "value": "/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26"
@@ -661,7 +608,7 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
       "value": "UserAssigned"
     },
     "location": {
-      "value": "australiaeast"
+      "value": "<location>"
     },
     "metadata": {
       "value": {
@@ -697,10 +644,59 @@ module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bic
       ]
     },
     "subscriptionId": {
-      "value": "<<subscriptionId>>"
+      "value": "<subscriptionId>"
     },
     "userAssignedIdentityId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
+      "value": "<userAssignedIdentityId>"
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<h3>Example 6: Sub.Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module policyAssignments './Microsoft.Authorization/policyAssignments/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-apasubmin'
+  params: {
+    // Required parameters
+    name: '<<namePrefix>>apasubmin001'
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d'
+    // Non-required parameters
+    subscriptionId: '<subscriptionId>'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "name": {
+      "value": "<<namePrefix>>apasubmin001"
+    },
+    "policyDefinitionId": {
+      "value": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d"
+    },
+    // Non-required parameters
+    "subscriptionId": {
+      "value": "<subscriptionId>"
     }
   }
 }
diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/mg.min.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.test/mg.min.parameters.json
deleted file mode 100644
index 431a0f6f5e..0000000000
--- a/modules/Microsoft.Authorization/policyDefinitions/.test/mg.min.parameters.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-mg-min-policyDef"
-        },
-        "policyRule": {
-            "value": {
-                "if": {
-                    "allOf": [
-                        {
-                            "equals": "Microsoft.KeyVault/vaults",
-                            "field": "type"
-                        }
-                    ]
-                },
-                "then": {
-                    "effect": "[parameters('effect')]"
-                }
-            }
-        },
-        "parameters": {
-            "value": {
-                "effect": {
-                    "allowedValues": [
-                        "Audit"
-                    ],
-                    "defaultValue": "Audit",
-                    "type": "String"
-                }
-            }
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/mg.min/deploy.test.bicep b/modules/Microsoft.Authorization/policyDefinitions/.test/mg.min/deploy.test.bicep
new file mode 100644
index 0000000000..5e52327dd0
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyDefinitions/.test/mg.min/deploy.test.bicep
@@ -0,0 +1,40 @@
+targetScope = 'managementGroup'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apdmgmin'
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyRule: {
+      if: {
+        allOf: [
+          {
+            equals: 'Microsoft.KeyVault/vaults'
+            field: 'type'
+          }
+        ]
+      }
+      then: {
+        effect: '[parameters(\'effect\')]'
+      }
+    }
+    parameters: {
+      effect: {
+        allowedValues: [
+          'Audit'
+        ]
+        defaultValue: 'Audit'
+        type: 'String'
+      }
+    }
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/mg.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.test/mg.parameters.json
deleted file mode 100644
index 7196de6154..0000000000
--- a/modules/Microsoft.Authorization/policyDefinitions/.test/mg.parameters.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-mg-policyDef"
-        },
-        "displayName": {
-            "value": "[DisplayName] This policy definition is deployed at the management group scope"
-        },
-        "description": {
-            "value": "[Description] This policy definition is deployed at the management group scope"
-        },
-        "policyRule": {
-            "value": {
-                "if": {
-                    "allOf": [
-                        {
-                            "field": "type",
-                            "equals": "Microsoft.Resources/subscriptions"
-                        },
-                        {
-                            "field": "[concat('tags[', parameters('tagName'), ']')]",
-                            "exists": "false"
-                        }
-                    ]
-                },
-                "then": {
-                    "effect": "modify",
-                    "details": {
-                        "roleDefinitionIds": [
-                            "/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f"
-                        ],
-                        "operations": [
-                            {
-                                "operation": "add",
-                                "field": "[concat('tags[', parameters('tagName'), ']')]",
-                                "value": "[parameters('tagValue')]"
-                            }
-                        ]
-                    }
-                }
-            }
-        },
-        "parameters": {
-            "value": {
-                "tagName": {
-                    "type": "String",
-                    "metadata": {
-                        "displayName": "Tag Name",
-                        "description": "Name of the tag, such as 'environment'"
-                    }
-                },
-                "tagValue": {
-                    "type": "String",
-                    "metadata": {
-                        "displayName": "Tag Value",
-                        "description": "Value of the tag, such as 'production'"
-                    }
-                }
-            }
-        },
-        "metadata": {
-            "value": {
-                "category": "Security"
-            }
-        },
-        "managementGroupId": {
-            "value": "<<managementGroupId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/mg/deploy.test.bicep b/modules/Microsoft.Authorization/policyDefinitions/.test/mg/deploy.test.bicep
new file mode 100644
index 0000000000..2b22cb76e5
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyDefinitions/.test/mg/deploy.test.bicep
@@ -0,0 +1,69 @@
+targetScope = 'managementGroup'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apdmg'
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../managementGroup/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyRule: {
+      if: {
+        allOf: [
+          {
+            equals: 'Microsoft.Resources/subscriptions'
+            field: 'type'
+          }
+          {
+            exists: 'false'
+            field: '[concat(\'tags[\', parameters(\'tagName\'), \']\')]'
+          }
+        ]
+      }
+      then: {
+        details: {
+          operations: [
+            {
+              field: '[concat(\'tags[\', parameters(\'tagName\'), \']\')]'
+              operation: 'add'
+              value: '[parameters(\'tagValue\')]'
+            }
+          ]
+          roleDefinitionIds: [
+            '/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f'
+          ]
+        }
+        effect: 'modify'
+      }
+    }
+    description: '[Description] This policy definition is deployed at the management group scope'
+    displayName: '[DisplayName] This policy definition is deployed at the management group scope'
+    managementGroupId: last(split(managementGroup().id, '/'))
+    metadata: {
+      category: 'Security'
+    }
+    parameters: {
+      tagName: {
+        metadata: {
+          description: 'Name of the tag such as \'environment\''
+          displayName: 'Tag Name'
+        }
+        type: 'String'
+      }
+      tagValue: {
+        metadata: {
+          description: 'Value of the tag such as \'environment\''
+          displayName: 'Tag Value'
+        }
+        type: 'String'
+      }
+    }
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/sub.min.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.test/sub.min.parameters.json
deleted file mode 100644
index f2cd03cfb5..0000000000
--- a/modules/Microsoft.Authorization/policyDefinitions/.test/sub.min.parameters.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-sub-min-policyDef"
-        },
-        "policyRule": {
-            "value": {
-                "if": {
-                    "allOf": [
-                        {
-                            "equals": "Microsoft.KeyVault/vaults",
-                            "field": "type"
-                        }
-                    ]
-                },
-                "then": {
-                    "effect": "[parameters('effect')]"
-                }
-            }
-        },
-        "parameters": {
-            "value": {
-                "effect": {
-                    "allowedValues": [
-                        "Audit"
-                    ],
-                    "defaultValue": "Audit",
-                    "type": "String"
-                }
-            }
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/sub.min/deploy.test.bicep b/modules/Microsoft.Authorization/policyDefinitions/.test/sub.min/deploy.test.bicep
new file mode 100644
index 0000000000..0519eab7bc
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyDefinitions/.test/sub.min/deploy.test.bicep
@@ -0,0 +1,41 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apdsubmin'
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../..//subscription/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyRule: {
+      if: {
+        allOf: [
+          {
+            equals: 'Microsoft.KeyVault/vaults'
+            field: 'type'
+          }
+        ]
+      }
+      then: {
+        effect: '[parameters(\'effect\')]'
+      }
+    }
+    parameters: {
+      effect: {
+        allowedValues: [
+          'Audit'
+        ]
+        defaultValue: 'Audit'
+        type: 'String'
+      }
+    }
+    subscriptionId: subscription().subscriptionId
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/sub.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.test/sub.parameters.json
deleted file mode 100644
index e445127518..0000000000
--- a/modules/Microsoft.Authorization/policyDefinitions/.test/sub.parameters.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-sub-policyDef"
-        },
-        "displayName": {
-            "value": "[DisplayName] This policy definition is deployed at subscription scope"
-        },
-        "description": {
-            "value": "[Description] This policy definition is deployed at subscription scope"
-        },
-        "policyRule": {
-            "value": {
-                "if": {
-                    "allOf": [
-                        {
-                            "field": "type",
-                            "equals": "Microsoft.Resources/subscriptions"
-                        },
-                        {
-                            "field": "[concat('tags[', parameters('tagName'), ']')]",
-                            "exists": "false"
-                        }
-                    ]
-                },
-                "then": {
-                    "effect": "modify",
-                    "details": {
-                        "roleDefinitionIds": [
-                            "/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f"
-                        ],
-                        "operations": [
-                            {
-                                "operation": "add",
-                                "field": "[concat('tags[', parameters('tagName'), ']')]",
-                                "value": "[parameters('tagValue')]"
-                            }
-                        ]
-                    }
-                }
-            }
-        },
-        "parameters": {
-            "value": {
-                "tagName": {
-                    "type": "String",
-                    "metadata": {
-                        "displayName": "Tag Name",
-                        "description": "Name of the tag, such as 'environment'"
-                    }
-                },
-                "tagValue": {
-                    "type": "String",
-                    "metadata": {
-                        "displayName": "Tag Value",
-                        "description": "Value of the tag, such as 'production'"
-                    }
-                }
-            }
-        },
-        "metadata": {
-            "value": {
-                "category": "Security"
-            }
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyDefinitions/.test/sub/deploy.test.bicep b/modules/Microsoft.Authorization/policyDefinitions/.test/sub/deploy.test.bicep
new file mode 100644
index 0000000000..174489347e
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyDefinitions/.test/sub/deploy.test.bicep
@@ -0,0 +1,69 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apdsub'
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../..//subscription/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyRule: {
+      if: {
+        allOf: [
+          {
+            equals: 'Microsoft.Resources/subscriptions'
+            field: 'type'
+          }
+          {
+            exists: 'false'
+            field: '[concat(\'tags[\', parameters(\'tagName\'), \']\')]'
+          }
+        ]
+      }
+      then: {
+        details: {
+          operations: [
+            {
+              field: '[concat(\'tags[\', parameters(\'tagName\'), \']\')]'
+              operation: 'add'
+              value: '[parameters(\'tagValue\')]'
+            }
+          ]
+          roleDefinitionIds: [
+            '/providers/microsoft.authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f'
+          ]
+        }
+        effect: 'modify'
+      }
+    }
+    description: '[Description] This policy definition is deployed at subscription scope'
+    displayName: '[DisplayName] This policy definition is deployed at subscription scope'
+    metadata: {
+      category: 'Security'
+    }
+    parameters: {
+      tagName: {
+        metadata: {
+          description: 'Name of the tag such as \'environment\''
+          displayName: 'Tag Name'
+        }
+        type: 'String'
+      }
+      tagValue: {
+        metadata: {
+          description: 'Value of the tag such as \'production\''
+          displayName: 'Tag Value'
+        }
+        type: 'String'
+      }
+    }
+    subscriptionId: subscription().subscriptionId
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyDefinitions/readme.md b/modules/Microsoft.Authorization/policyDefinitions/readme.md
index da0227d0d5..5bcc9e379f 100644
--- a/modules/Microsoft.Authorization/policyDefinitions/readme.md
+++ b/modules/Microsoft.Authorization/policyDefinitions/readme.md
@@ -135,7 +135,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Mg Min</h3>
+<h3>Example 1: Mg</h3>
 
 <details>
 
@@ -143,99 +143,10 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyDefinitions'
+  name: '${uniqueString(deployment().name)}-test-apdmg'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-mg-min-policyDef'
-    policyRule: {
-      if: {
-        allOf: [
-          {
-            equals: 'Microsoft.KeyVault/vaults'
-            field: 'type'
-          }
-        ]
-      }
-      then: {
-        effect: '[parameters('effect')]'
-      }
-    }
-    // Non-required parameters
-    parameters: {
-      effect: {
-        allowedValues: [
-          'Audit'
-        ]
-        defaultValue: 'Audit'
-        type: 'String'
-      }
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "name": {
-      "value": "<<namePrefix>>-mg-min-policyDef"
-    },
-    "policyRule": {
-      "value": {
-        "if": {
-          "allOf": [
-            {
-              "equals": "Microsoft.KeyVault/vaults",
-              "field": "type"
-            }
-          ]
-        },
-        "then": {
-          "effect": "[parameters('effect')]"
-        }
-      }
-    },
-    // Non-required parameters
-    "parameters": {
-      "value": {
-        "effect": {
-          "allowedValues": [
-            "Audit"
-          ],
-          "defaultValue": "Audit",
-          "type": "String"
-        }
-      }
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Mg</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyDefinitions'
-  params: {
-    // Required parameters
-    name: '<<namePrefix>>-mg-policyDef'
+    name: '<<namePrefix>>apdmg001'
     policyRule: {
       if: {
         allOf: [
@@ -245,7 +156,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
           }
           {
             exists: 'false'
-            field: '[concat('tags[' parameters('tagName') ']')]'
+            field: '<field>'
           }
         ]
       }
@@ -253,9 +164,9 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
         details: {
           operations: [
             {
-              field: '[concat('tags[' parameters('tagName') ']')]'
+              field: '<field>'
               operation: 'add'
-              value: '[parameters('tagValue')]'
+              value: '<value>'
             }
           ]
           roleDefinitionIds: [
@@ -275,14 +186,14 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
     parameters: {
       tagName: {
         metadata: {
-          description: 'Name of the tag such as 'environment''
+          description: 'Name of the tag such as \'environment\''
           displayName: 'Tag Name'
         }
         type: 'String'
       }
       tagValue: {
         metadata: {
-          description: 'Value of the tag such as 'production''
+          description: 'Value of the tag such as \'environment\''
           displayName: 'Tag Value'
         }
         type: 'String'
@@ -306,7 +217,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-mg-policyDef"
+      "value": "<<namePrefix>>apdmg001"
     },
     "policyRule": {
       "value": {
@@ -318,7 +229,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
             },
             {
               "exists": "false",
-              "field": "[concat('tags[', parameters('tagName'), ']')]"
+              "field": "<field>"
             }
           ]
         },
@@ -326,9 +237,9 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
           "details": {
             "operations": [
               {
-                "field": "[concat('tags[', parameters('tagName'), ']')]",
+                "field": "<field>",
                 "operation": "add",
-                "value": "[parameters('tagValue')]"
+                "value": "<value>"
               }
             ],
             "roleDefinitionIds": [
@@ -358,14 +269,14 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
       "value": {
         "tagName": {
           "metadata": {
-            "description": "Name of the tag, such as 'environment'",
+            "description": "Name of the tag such as \"environment\"",
             "displayName": "Tag Name"
           },
           "type": "String"
         },
         "tagValue": {
           "metadata": {
-            "description": "Value of the tag, such as 'production'",
+            "description": "Value of the tag such as \"environment\"",
             "displayName": "Tag Value"
           },
           "type": "String"
@@ -379,7 +290,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
 </details>
 <p>
 
-<h3>Example 3: Sub Min</h3>
+<h3>Example 2: Mg.Min</h3>
 
 <details>
 
@@ -387,10 +298,10 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
 
 ```bicep
 module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyDefinitions'
+  name: '${uniqueString(deployment().name)}-test-apdmgmin'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-sub-min-policyDef'
+    name: '<<namePrefix>>apdmgmin001'
     policyRule: {
       if: {
         allOf: [
@@ -401,7 +312,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
         ]
       }
       then: {
-        effect: '[parameters('effect')]'
+        effect: '<effect>'
       }
     }
     // Non-required parameters
@@ -414,7 +325,6 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
         type: 'String'
       }
     }
-    subscriptionId: '<<subscriptionId>>'
   }
 }
 ```
@@ -433,7 +343,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-sub-min-policyDef"
+      "value": "<<namePrefix>>apdmgmin001"
     },
     "policyRule": {
       "value": {
@@ -446,7 +356,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
           ]
         },
         "then": {
-          "effect": "[parameters('effect')]"
+          "effect": "<effect>"
         }
       }
     },
@@ -461,9 +371,6 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
           "type": "String"
         }
       }
-    },
-    "subscriptionId": {
-      "value": "<<subscriptionId>>"
     }
   }
 }
@@ -472,7 +379,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
 </details>
 <p>
 
-<h3>Example 4: Sub</h3>
+<h3>Example 3: Sub</h3>
 
 <details>
 
@@ -480,10 +387,10 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
 
 ```bicep
 module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyDefinitions'
+  name: '${uniqueString(deployment().name)}-test-apdsub'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-sub-policyDef'
+    name: '<<namePrefix>>apdsub001'
     policyRule: {
       if: {
         allOf: [
@@ -493,7 +400,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
           }
           {
             exists: 'false'
-            field: '[concat('tags[' parameters('tagName') ']')]'
+            field: '<field>'
           }
         ]
       }
@@ -501,9 +408,9 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
         details: {
           operations: [
             {
-              field: '[concat('tags[' parameters('tagName') ']')]'
+              field: '<field>'
               operation: 'add'
-              value: '[parameters('tagValue')]'
+              value: '<value>'
             }
           ]
           roleDefinitionIds: [
@@ -522,20 +429,20 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
     parameters: {
       tagName: {
         metadata: {
-          description: 'Name of the tag such as 'environment''
+          description: 'Name of the tag such as \'environment\''
           displayName: 'Tag Name'
         }
         type: 'String'
       }
       tagValue: {
         metadata: {
-          description: 'Value of the tag such as 'production''
+          description: 'Value of the tag such as \'production\''
           displayName: 'Tag Value'
         }
         type: 'String'
       }
     }
-    subscriptionId: '<<subscriptionId>>'
+    subscriptionId: '<subscriptionId>'
   }
 }
 ```
@@ -554,7 +461,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-sub-policyDef"
+      "value": "<<namePrefix>>apdsub001"
     },
     "policyRule": {
       "value": {
@@ -566,7 +473,7 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
             },
             {
               "exists": "false",
-              "field": "[concat('tags[', parameters('tagName'), ']')]"
+              "field": "<field>"
             }
           ]
         },
@@ -574,9 +481,9 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
           "details": {
             "operations": [
               {
-                "field": "[concat('tags[', parameters('tagName'), ']')]",
+                "field": "<field>",
                 "operation": "add",
-                "value": "[parameters('tagValue')]"
+                "value": "<value>"
               }
             ],
             "roleDefinitionIds": [
@@ -603,14 +510,14 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
       "value": {
         "tagName": {
           "metadata": {
-            "description": "Name of the tag, such as 'environment'",
+            "description": "Name of the tag such as \"environment\"",
             "displayName": "Tag Name"
           },
           "type": "String"
         },
         "tagValue": {
           "metadata": {
-            "description": "Value of the tag, such as 'production'",
+            "description": "Value of the tag such as \"production\"",
             "displayName": "Tag Value"
           },
           "type": "String"
@@ -618,7 +525,100 @@ module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bic
       }
     },
     "subscriptionId": {
-      "value": "<<subscriptionId>>"
+      "value": "<subscriptionId>"
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<h3>Example 4: Sub.Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module policyDefinitions './Microsoft.Authorization/policyDefinitions/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-apdsubmin'
+  params: {
+    // Required parameters
+    name: '<<namePrefix>>apdsubmin001'
+    policyRule: {
+      if: {
+        allOf: [
+          {
+            equals: 'Microsoft.KeyVault/vaults'
+            field: 'type'
+          }
+        ]
+      }
+      then: {
+        effect: '<effect>'
+      }
+    }
+    // Non-required parameters
+    parameters: {
+      effect: {
+        allowedValues: [
+          'Audit'
+        ]
+        defaultValue: 'Audit'
+        type: 'String'
+      }
+    }
+    subscriptionId: '<subscriptionId>'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "name": {
+      "value": "<<namePrefix>>apdsubmin001"
+    },
+    "policyRule": {
+      "value": {
+        "if": {
+          "allOf": [
+            {
+              "equals": "Microsoft.KeyVault/vaults",
+              "field": "type"
+            }
+          ]
+        },
+        "then": {
+          "effect": "<effect>"
+        }
+      }
+    },
+    // Non-required parameters
+    "parameters": {
+      "value": {
+        "effect": {
+          "allowedValues": [
+            "Audit"
+          ],
+          "defaultValue": "Audit",
+          "type": "String"
+        }
+      }
+    },
+    "subscriptionId": {
+      "value": "<subscriptionId>"
     }
   }
 }
diff --git a/modules/Microsoft.Authorization/policyExemptions/.test/mg.min.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.test/mg.min.parameters.json
deleted file mode 100644
index f5816fcd6d..0000000000
--- a/modules/Microsoft.Authorization/policyExemptions/.test/mg.min.parameters.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-min-mg-polexem"
-        },
-        "policyAssignmentId": {
-            "value": "/providers/Microsoft.Management/managementGroups/<<managementGroupId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-mg-pass-loc-rg"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyExemptions/.test/mg.min/deploy.test.bicep b/modules/Microsoft.Authorization/policyExemptions/.test/mg.min/deploy.test.bicep
new file mode 100644
index 0000000000..6e28b25ab3
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyExemptions/.test/mg.min/deploy.test.bicep
@@ -0,0 +1,37 @@
+targetScope = 'managementGroup'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apemgmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = {
+  name: 'dep-<<namePrefix>>-${serviceShort}-rgloc'
+  location: location
+  properties: {
+    displayName: '[Depedency] Audit resource location matches resource group location (management group scope)'
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../managementGroup/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyAssignmentId: policyAssignment.id
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyExemptions/.test/mg.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.test/mg.parameters.json
deleted file mode 100644
index 2c76ecb64a..0000000000
--- a/modules/Microsoft.Authorization/policyExemptions/.test/mg.parameters.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-mg-polexem"
-        },
-        "displayName": {
-            "value": "[Display Name] policy exempt (management group scope)"
-        },
-        "policyAssignmentId": {
-            "value": "/providers/Microsoft.Management/managementGroups/<<managementGroupId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-mg-pass-loc-rg"
-        },
-        "exemptionCategory": {
-            "value": "Waiver"
-        },
-        "metadata": {
-            "value": {
-                "category": "Security"
-            }
-        },
-        "expiresOn": {
-            "value": "2025-10-02T03:57:00.000Z"
-        },
-        "managementGroupId": {
-            "value": "<<managementGroupId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyExemptions/.test/mg/deploy.test.bicep b/modules/Microsoft.Authorization/policyExemptions/.test/mg/deploy.test.bicep
new file mode 100644
index 0000000000..9ac695d9ba
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyExemptions/.test/mg/deploy.test.bicep
@@ -0,0 +1,45 @@
+targetScope = 'managementGroup'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apemg'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+
+resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = {
+  name: 'dep-<<namePrefix>>-${serviceShort}-rgloc'
+  location: location
+  properties: {
+    displayName: '[Depedency] Audit resource location matches resource group location (management group scope)'
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../managementGroup/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyAssignmentId: policyAssignment.id
+    displayName: '[Display Name] policy exempt (management group scope)'
+    exemptionCategory: 'Waiver'
+    expiresOn: '2025-10-02T03:57:00Z'
+    managementGroupId: last(split(managementGroup().id, '/'))
+    metadata: {
+      category: 'Security'
+    }
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyExemptions/.test/rg.min.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.test/rg.min.parameters.json
deleted file mode 100644
index 2573b17fe7..0000000000
--- a/modules/Microsoft.Authorization/policyExemptions/.test/rg.min.parameters.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-min-rg-polexem"
-        },
-        "policyAssignmentId": {
-            "value": "/subscriptions/<<subscriptionId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-sb-pass-loc-rg"
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        },
-        "resourceGroupName": {
-            "value": "<<resourceGroupName>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyExemptions/.test/rg.min/deploy.test.bicep b/modules/Microsoft.Authorization/policyExemptions/.test/rg.min/deploy.test.bicep
new file mode 100644
index 0000000000..f988f5d9a2
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyExemptions/.test/rg.min/deploy.test.bicep
@@ -0,0 +1,49 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.authorization.policyexemptions-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apergmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = {
+  name: 'dep-<<namePrefix>>-${serviceShort}-rgloc'
+  location: location
+  properties: {
+    displayName: '[Depedency] Audit resource location matches resource group location (management group scope)'
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../resourceGroup/deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyAssignmentId: policyAssignment.id
+    resourceGroupName: resourceGroup.name
+    subscriptionId: subscription().subscriptionId
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyExemptions/.test/rg.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.test/rg.parameters.json
deleted file mode 100644
index 68fda77deb..0000000000
--- a/modules/Microsoft.Authorization/policyExemptions/.test/rg.parameters.json
+++ /dev/null
@@ -1,32 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-rg-polexem"
-        },
-        "displayName": {
-            "value": "[Display Name] policy exempt (resource group scope)"
-        },
-        "policyAssignmentId": {
-            "value": "/subscriptions/<<subscriptionId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-sb-pass-loc-rg"
-        },
-        "exemptionCategory": {
-            "value": "Waiver"
-        },
-        "metadata": {
-            "value": {
-                "category": "Security"
-            }
-        },
-        "expiresOn": {
-            "value": "2025-10-02T03:57:00.000Z"
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        },
-        "resourceGroupName": {
-            "value": "<<resourceGroupName>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyExemptions/.test/rg/deploy.test.bicep b/modules/Microsoft.Authorization/policyExemptions/.test/rg/deploy.test.bicep
new file mode 100644
index 0000000000..c36267a63c
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyExemptions/.test/rg/deploy.test.bicep
@@ -0,0 +1,55 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.authorization.policyexemptions-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'aperg'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = {
+  name: 'dep-<<namePrefix>>-${serviceShort}-rgloc'
+  location: location
+  properties: {
+    displayName: '[Depedency] Audit resource location matches resource group location (management group scope)'
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../resourceGroup/deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyAssignmentId: policyAssignment.id
+    displayName: '[Display Name] policy exempt (resource group scope)'
+    exemptionCategory: 'Waiver'
+    expiresOn: '2025-10-02T03:57:00Z'
+    metadata: {
+      category: 'Security'
+    }
+    resourceGroupName: resourceGroup.name
+    subscriptionId: subscription().subscriptionId
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyExemptions/.test/sub.min.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.test/sub.min.parameters.json
deleted file mode 100644
index 920e7d2add..0000000000
--- a/modules/Microsoft.Authorization/policyExemptions/.test/sub.min.parameters.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-min-sub-polexem"
-        },
-        "policyAssignmentId": {
-            "value": "/subscriptions/<<subscriptionId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-sb-pass-loc-rg"
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyExemptions/.test/sub.min/deploy.test.bicep b/modules/Microsoft.Authorization/policyExemptions/.test/sub.min/deploy.test.bicep
new file mode 100644
index 0000000000..b305dec286
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyExemptions/.test/sub.min/deploy.test.bicep
@@ -0,0 +1,38 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apesubmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = {
+  name: 'dep-<<namePrefix>>-${serviceShort}-rgloc'
+  location: location
+  properties: {
+    displayName: '[Depedency] Audit resource location matches resource group location (management group scope)'
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../subscription/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyAssignmentId: policyAssignment.id
+    subscriptionId: subscription().subscriptionId
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyExemptions/.test/sub.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.test/sub.parameters.json
deleted file mode 100644
index 02b3e9037c..0000000000
--- a/modules/Microsoft.Authorization/policyExemptions/.test/sub.parameters.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-sub-polexem"
-        },
-        "displayName": {
-            "value": "[Display Name] policy exempt (subscription scope)"
-        },
-        "policyAssignmentId": {
-            "value": "/subscriptions/<<subscriptionId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-sb-pass-loc-rg"
-        },
-        "exemptionCategory": {
-            "value": "Waiver"
-        },
-        "metadata": {
-            "value": {
-                "category": "Security"
-            }
-        },
-        "expiresOn": {
-            "value": "2025-10-02T03:57:00.000Z"
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policyExemptions/.test/sub/deploy.test.bicep b/modules/Microsoft.Authorization/policyExemptions/.test/sub/deploy.test.bicep
new file mode 100644
index 0000000000..ebdce8847a
--- /dev/null
+++ b/modules/Microsoft.Authorization/policyExemptions/.test/sub/deploy.test.bicep
@@ -0,0 +1,44 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apesub'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = {
+  name: 'dep-<<namePrefix>>-${serviceShort}-rgloc'
+  location: location
+  properties: {
+    displayName: '[Depedency] Audit resource location matches resource group location (management group scope)'
+    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../subscription/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyAssignmentId: policyAssignment.id
+    displayName: '[Display Name] policy exempt (subscription scope)'
+    exemptionCategory: 'Waiver'
+    expiresOn: '2025-10-02T03:57:00Z'
+    metadata: {
+      category: 'Security'
+    }
+    subscriptionId: subscription().subscriptionId
+  }
+}
diff --git a/modules/Microsoft.Authorization/policyExemptions/readme.md b/modules/Microsoft.Authorization/policyExemptions/readme.md
index 4e487c3b93..00002a60c9 100644
--- a/modules/Microsoft.Authorization/policyExemptions/readme.md
+++ b/modules/Microsoft.Authorization/policyExemptions/readme.md
@@ -158,7 +158,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Mg Min</h3>
+<h3>Example 1: Mg</h3>
 
 <details>
 
@@ -166,59 +166,16 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyExemptions'
+  name: '${uniqueString(deployment().name)}-test-apemg'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-min-mg-polexem'
-    policyAssignmentId: '/providers/Microsoft.Management/managementGroups/<<managementGroupId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-mg-pass-loc-rg'
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "name": {
-      "value": "<<namePrefix>>-min-mg-polexem"
-    },
-    "policyAssignmentId": {
-      "value": "/providers/Microsoft.Management/managementGroups/<<managementGroupId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-mg-pass-loc-rg"
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Mg</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyExemptions'
-  params: {
-    // Required parameters
-    name: '<<namePrefix>>-mg-polexem'
-    policyAssignmentId: '/providers/Microsoft.Management/managementGroups/<<managementGroupId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-mg-pass-loc-rg'
+    name: '<<namePrefix>>apemg001'
+    policyAssignmentId: '<policyAssignmentId>'
     // Non-required parameters
     displayName: '[Display Name] policy exempt (management group scope)'
     exemptionCategory: 'Waiver'
     expiresOn: '2025-10-02T03:57:00Z'
-    managementGroupId: '<<managementGroupId>>'
+    managementGroupId: '<managementGroupId>'
     metadata: {
       category: 'Security'
     }
@@ -240,10 +197,10 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-mg-polexem"
+      "value": "<<namePrefix>>apemg001"
     },
     "policyAssignmentId": {
-      "value": "/providers/Microsoft.Management/managementGroups/<<managementGroupId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-mg-pass-loc-rg"
+      "value": "<policyAssignmentId>"
     },
     // Non-required parameters
     "displayName": {
@@ -256,7 +213,7 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
       "value": "2025-10-02T03:57:00Z"
     },
     "managementGroupId": {
-      "value": "<<managementGroupId>>"
+      "value": "<managementGroupId>"
     },
     "metadata": {
       "value": {
@@ -270,7 +227,7 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
 </details>
 <p>
 
-<h3>Example 3: Rg Min</h3>
+<h3>Example 2: Mg.Min</h3>
 
 <details>
 
@@ -278,14 +235,11 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
 
 ```bicep
 module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyExemptions'
+  name: '${uniqueString(deployment().name)}-test-apemgmin'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-min-rg-polexem'
-    policyAssignmentId: '/subscriptions/<<subscriptionId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-sb-pass-loc-rg'
-    // Non-required parameters
-    resourceGroupName: '<<resourceGroupName>>'
-    subscriptionId: '<<subscriptionId>>'
+    name: '<<namePrefix>>apemgmin001'
+    policyAssignmentId: '<policyAssignmentId>'
   }
 }
 ```
@@ -304,17 +258,10 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-min-rg-polexem"
+      "value": "<<namePrefix>>apemgmin001"
     },
     "policyAssignmentId": {
-      "value": "/subscriptions/<<subscriptionId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-sb-pass-loc-rg"
-    },
-    // Non-required parameters
-    "resourceGroupName": {
-      "value": "<<resourceGroupName>>"
-    },
-    "subscriptionId": {
-      "value": "<<subscriptionId>>"
+      "value": "<policyAssignmentId>"
     }
   }
 }
@@ -323,7 +270,7 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
 </details>
 <p>
 
-<h3>Example 4: Rg</h3>
+<h3>Example 3: Rg</h3>
 
 <details>
 
@@ -331,11 +278,11 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
 
 ```bicep
 module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyExemptions'
+  name: '${uniqueString(deployment().name)}-test-aperg'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-rg-polexem'
-    policyAssignmentId: '/subscriptions/<<subscriptionId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-sb-pass-loc-rg'
+    name: '<<namePrefix>>aperg001'
+    policyAssignmentId: '<policyAssignmentId>'
     // Non-required parameters
     displayName: '[Display Name] policy exempt (resource group scope)'
     exemptionCategory: 'Waiver'
@@ -343,8 +290,8 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
     metadata: {
       category: 'Security'
     }
-    resourceGroupName: '<<resourceGroupName>>'
-    subscriptionId: '<<subscriptionId>>'
+    resourceGroupName: '<resourceGroupName>'
+    subscriptionId: '<subscriptionId>'
   }
 }
 ```
@@ -363,10 +310,10 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-rg-polexem"
+      "value": "<<namePrefix>>aperg001"
     },
     "policyAssignmentId": {
-      "value": "/subscriptions/<<subscriptionId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-sb-pass-loc-rg"
+      "value": "<policyAssignmentId>"
     },
     // Non-required parameters
     "displayName": {
@@ -384,10 +331,10 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
       }
     },
     "resourceGroupName": {
-      "value": "<<resourceGroupName>>"
+      "value": "<resourceGroupName>"
     },
     "subscriptionId": {
-      "value": "<<subscriptionId>>"
+      "value": "<subscriptionId>"
     }
   }
 }
@@ -396,7 +343,7 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
 </details>
 <p>
 
-<h3>Example 5: Sub Min</h3>
+<h3>Example 4: Rg.Min</h3>
 
 <details>
 
@@ -404,13 +351,14 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
 
 ```bicep
 module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyExemptions'
+  name: '${uniqueString(deployment().name)}-test-apergmin'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-min-sub-polexem'
-    policyAssignmentId: '/subscriptions/<<subscriptionId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-sb-pass-loc-rg'
+    name: '<<namePrefix>>apergmin001'
+    policyAssignmentId: '<policyAssignmentId>'
     // Non-required parameters
-    subscriptionId: '<<subscriptionId>>'
+    resourceGroupName: '<resourceGroupName>'
+    subscriptionId: '<subscriptionId>'
   }
 }
 ```
@@ -429,14 +377,17 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-min-sub-polexem"
+      "value": "<<namePrefix>>apergmin001"
     },
     "policyAssignmentId": {
-      "value": "/subscriptions/<<subscriptionId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-sb-pass-loc-rg"
+      "value": "<policyAssignmentId>"
     },
     // Non-required parameters
+    "resourceGroupName": {
+      "value": "<resourceGroupName>"
+    },
     "subscriptionId": {
-      "value": "<<subscriptionId>>"
+      "value": "<subscriptionId>"
     }
   }
 }
@@ -445,7 +396,7 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
 </details>
 <p>
 
-<h3>Example 6: Sub</h3>
+<h3>Example 5: Sub</h3>
 
 <details>
 
@@ -453,11 +404,11 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
 
 ```bicep
 module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policyExemptions'
+  name: '${uniqueString(deployment().name)}-test-apesub'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-sub-polexem'
-    policyAssignmentId: '/subscriptions/<<subscriptionId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-sb-pass-loc-rg'
+    name: '<<namePrefix>>apesub001'
+    policyAssignmentId: '<policyAssignmentId>'
     // Non-required parameters
     displayName: '[Display Name] policy exempt (subscription scope)'
     exemptionCategory: 'Waiver'
@@ -465,7 +416,7 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
     metadata: {
       category: 'Security'
     }
-    subscriptionId: '<<subscriptionId>>'
+    subscriptionId: '<subscriptionId>'
   }
 }
 ```
@@ -484,10 +435,10 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-sub-polexem"
+      "value": "<<namePrefix>>apesub001"
     },
     "policyAssignmentId": {
-      "value": "/subscriptions/<<subscriptionId>>/providers/Microsoft.Authorization/policyAssignments/adp-<<namePrefix>>-sb-pass-loc-rg"
+      "value": "<policyAssignmentId>"
     },
     // Non-required parameters
     "displayName": {
@@ -505,7 +456,56 @@ module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep
       }
     },
     "subscriptionId": {
-      "value": "<<subscriptionId>>"
+      "value": "<subscriptionId>"
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<h3>Example 6: Sub.Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module policyExemptions './Microsoft.Authorization/policyExemptions/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-apesubmin'
+  params: {
+    // Required parameters
+    name: '<<namePrefix>>apesubmin001'
+    policyAssignmentId: '<policyAssignmentId>'
+    // Non-required parameters
+    subscriptionId: '<subscriptionId>'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "name": {
+      "value": "<<namePrefix>>apesubmin001"
+    },
+    "policyAssignmentId": {
+      "value": "<policyAssignmentId>"
+    },
+    // Non-required parameters
+    "subscriptionId": {
+      "value": "<subscriptionId>"
     }
   }
 }
diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.test/mg.min.parameters.json b/modules/Microsoft.Authorization/policySetDefinitions/.test/mg.min.parameters.json
deleted file mode 100644
index 92f9d4ac2f..0000000000
--- a/modules/Microsoft.Authorization/policySetDefinitions/.test/mg.min.parameters.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-mg-min-policySet"
-        },
-        "policyDefinitions": {
-            "value": [
-                {
-                    "parameters": {
-                        "listOfAllowedLocations": {
-                            "value": [
-                                "australiaeast"
-                            ]
-                        }
-                    },
-                    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c"
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.test/mg.min/deploy.test.bicep b/modules/Microsoft.Authorization/policySetDefinitions/.test/mg.min/deploy.test.bicep
new file mode 100644
index 0000000000..8e2d46d55b
--- /dev/null
+++ b/modules/Microsoft.Authorization/policySetDefinitions/.test/mg.min/deploy.test.bicep
@@ -0,0 +1,30 @@
+targetScope = 'managementGroup'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apsdmgmin'
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../managementGroup/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyDefinitions: [
+      {
+        parameters: {
+          listOfAllowedLocations: {
+            value: [
+              'australiaeast'
+            ]
+          }
+        }
+        policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c'
+      }
+    ]
+  }
+}
diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.test/mg.parameters.json b/modules/Microsoft.Authorization/policySetDefinitions/.test/mg.parameters.json
deleted file mode 100644
index 029e2d47c8..0000000000
--- a/modules/Microsoft.Authorization/policySetDefinitions/.test/mg.parameters.json
+++ /dev/null
@@ -1,66 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-mg-policySet"
-        },
-        "displayName": {
-            "value": "[DisplayName] This policy set definition is deployed at management group scope"
-        },
-        "description": {
-            "value": "[Description] This policy set definition is deployed at management group scope"
-        },
-        "policyDefinitionGroups": {
-            "value": [
-                {
-                    "name": "Network"
-                },
-                {
-                    "name": "ARM"
-                }
-            ]
-        },
-        "policyDefinitions": {
-            "value": [
-                {
-                    "groupNames": [
-                        "ARM"
-                    ],
-                    "parameters": {
-                        "listOfAllowedLocations": {
-                            "value": [
-                                "australiaeast"
-                            ]
-                        }
-                    },
-                    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
-                    "policyDefinitionReferenceId": "Allowed locations_1"
-                },
-                {
-                    "groupNames": [
-                        "ARM"
-                    ],
-                    "parameters": {
-                        "listOfAllowedLocations": {
-                            "value": [
-                                "australiaeast"
-                            ]
-                        }
-                    },
-                    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
-                    "policyDefinitionReferenceId": "Allowed locations for resource groups_1"
-                }
-            ]
-        },
-        "metadata": {
-            "value": {
-                "category": "Security",
-                "version": "1"
-            }
-        },
-        "managementGroupId": {
-            "value": "<<managementGroupId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.test/mg/deploy.test.bicep b/modules/Microsoft.Authorization/policySetDefinitions/.test/mg/deploy.test.bicep
new file mode 100644
index 0000000000..3c99c21e3e
--- /dev/null
+++ b/modules/Microsoft.Authorization/policySetDefinitions/.test/mg/deploy.test.bicep
@@ -0,0 +1,64 @@
+targetScope = 'managementGroup'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apsdmg'
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../managementGroup/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyDefinitions: [
+      {
+        groupNames: [
+          'ARM'
+        ]
+        parameters: {
+          listOfAllowedLocations: {
+            value: [
+              'australiaeast'
+            ]
+          }
+        }
+        policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c'
+        policyDefinitionReferenceId: 'Allowed locations_1'
+      }
+      {
+        groupNames: [
+          'ARM'
+        ]
+        parameters: {
+          listOfAllowedLocations: {
+            value: [
+              'australiaeast'
+            ]
+          }
+        }
+        policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988'
+        policyDefinitionReferenceId: 'Allowed locations for resource groups_1'
+      }
+    ]
+    // Non-required parameters
+    description: '[Description] This policy set definition is deployed at management group scope'
+    displayName: '[DisplayName] This policy set definition is deployed at management group scope'
+    managementGroupId: last(split(managementGroup().id, '/'))
+    metadata: {
+      category: 'Security'
+      version: '1'
+    }
+    policyDefinitionGroups: [
+      {
+        name: 'Network'
+      }
+      {
+        name: 'ARM'
+      }
+    ]
+  }
+}
diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.test/sub.min.parameters.json b/modules/Microsoft.Authorization/policySetDefinitions/.test/sub.min.parameters.json
deleted file mode 100644
index f6a7e68f64..0000000000
--- a/modules/Microsoft.Authorization/policySetDefinitions/.test/sub.min.parameters.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-sub-min-policySet"
-        },
-        "policyDefinitions": {
-            "value": [
-                {
-                    "parameters": {
-                        "listOfAllowedLocations": {
-                            "value": [
-                                "australiaeast"
-                            ]
-                        }
-                    },
-                    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c"
-                }
-            ]
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.test/sub.min/deploy.test.bicep b/modules/Microsoft.Authorization/policySetDefinitions/.test/sub.min/deploy.test.bicep
new file mode 100644
index 0000000000..74469951ab
--- /dev/null
+++ b/modules/Microsoft.Authorization/policySetDefinitions/.test/sub.min/deploy.test.bicep
@@ -0,0 +1,32 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apsdsubmin'
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../subscription/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyDefinitions: [
+      {
+        parameters: {
+          listOfAllowedLocations: {
+            value: [
+              'australiaeast'
+            ]
+          }
+        }
+        policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c'
+      }
+    ]
+    // Non-required parameters
+    subscriptionId: '<<subscriptionId>>'
+  }
+}
diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.test/sub.parameters.json b/modules/Microsoft.Authorization/policySetDefinitions/.test/sub.parameters.json
deleted file mode 100644
index 16a92428b1..0000000000
--- a/modules/Microsoft.Authorization/policySetDefinitions/.test/sub.parameters.json
+++ /dev/null
@@ -1,66 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-sub-policySet"
-        },
-        "displayName": {
-            "value": "[DisplayName] This policy set definition is deployed at subscription scope"
-        },
-        "description": {
-            "value": "[Description] This policy set definition is deployed at subscription scope"
-        },
-        "policyDefinitionGroups": {
-            "value": [
-                {
-                    "name": "Network"
-                },
-                {
-                    "name": "ARM"
-                }
-            ]
-        },
-        "policyDefinitions": {
-            "value": [
-                {
-                    "groupNames": [
-                        "ARM"
-                    ],
-                    "parameters": {
-                        "listOfAllowedLocations": {
-                            "value": [
-                                "australiaeast"
-                            ]
-                        }
-                    },
-                    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
-                    "policyDefinitionReferenceId": "Allowed locations_1"
-                },
-                {
-                    "groupNames": [
-                        "ARM"
-                    ],
-                    "parameters": {
-                        "listOfAllowedLocations": {
-                            "value": [
-                                "australiaeast"
-                            ]
-                        }
-                    },
-                    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
-                    "policyDefinitionReferenceId": "Allowed locations for resource groups_1"
-                }
-            ]
-        },
-        "metadata": {
-            "value": {
-                "category": "Security",
-                "version": "1"
-            }
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.test/sub/deploy.test.bicep b/modules/Microsoft.Authorization/policySetDefinitions/.test/sub/deploy.test.bicep
new file mode 100644
index 0000000000..e5bde5fbcd
--- /dev/null
+++ b/modules/Microsoft.Authorization/policySetDefinitions/.test/sub/deploy.test.bicep
@@ -0,0 +1,64 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'apsdsub'
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../subscription/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    policyDefinitions: [
+      {
+        groupNames: [
+          'ARM'
+        ]
+        parameters: {
+          listOfAllowedLocations: {
+            value: [
+              'australiaeast'
+            ]
+          }
+        }
+        policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c'
+        policyDefinitionReferenceId: 'Allowed locations_1'
+      }
+      {
+        groupNames: [
+          'ARM'
+        ]
+        parameters: {
+          listOfAllowedLocations: {
+            value: [
+              'australiaeast'
+            ]
+          }
+        }
+        policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988'
+        policyDefinitionReferenceId: 'Allowed locations for resource groups_1'
+      }
+    ]
+    // Non-required parameters
+    description: '[Description] This policy set definition is deployed at subscription scope'
+    displayName: '[DisplayName] This policy set definition is deployed at subscription scope'
+    metadata: {
+      category: 'Security'
+      version: '1'
+    }
+    policyDefinitionGroups: [
+      {
+        name: 'Network'
+      }
+      {
+        name: 'ARM'
+      }
+    ]
+    subscriptionId: subscription().subscriptionId
+  }
+}
diff --git a/modules/Microsoft.Authorization/policySetDefinitions/readme.md b/modules/Microsoft.Authorization/policySetDefinitions/readme.md
index 6835f1765f..4a24e2182c 100644
--- a/modules/Microsoft.Authorization/policySetDefinitions/readme.md
+++ b/modules/Microsoft.Authorization/policySetDefinitions/readme.md
@@ -141,7 +141,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Mg Min</h3>
+<h3>Example 1: Mg</h3>
 
 <details>
 
@@ -149,75 +149,10 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policySetDefinitions'
+  name: '${uniqueString(deployment().name)}-test-apsdmg'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-mg-min-policySet'
-    policyDefinitions: [
-      {
-        parameters: {
-          listOfAllowedLocations: {
-            value: [
-              'australiaeast'
-            ]
-          }
-        }
-        policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c'
-      }
-    ]
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "name": {
-      "value": "<<namePrefix>>-mg-min-policySet"
-    },
-    "policyDefinitions": {
-      "value": [
-        {
-          "parameters": {
-            "listOfAllowedLocations": {
-              "value": [
-                "australiaeast"
-              ]
-            }
-          },
-          "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c"
-        }
-      ]
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Mg</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policySetDefinitions'
-  params: {
-    // Required parameters
-    name: '<<namePrefix>>-mg-policySet'
+    name: '<<namePrefix>>apsdmg001'
     policyDefinitions: [
       {
         groupNames: [
@@ -251,7 +186,7 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
     // Non-required parameters
     description: '[Description] This policy set definition is deployed at management group scope'
     displayName: '[DisplayName] This policy set definition is deployed at management group scope'
-    managementGroupId: '<<managementGroupId>>'
+    managementGroupId: '<managementGroupId>'
     metadata: {
       category: 'Security'
       version: '1'
@@ -282,7 +217,7 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-mg-policySet"
+      "value": "<<namePrefix>>apsdmg001"
     },
     "policyDefinitions": {
       "value": [
@@ -324,7 +259,7 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
       "value": "[DisplayName] This policy set definition is deployed at management group scope"
     },
     "managementGroupId": {
-      "value": "<<managementGroupId>>"
+      "value": "<managementGroupId>"
     },
     "metadata": {
       "value": {
@@ -349,7 +284,7 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
 </details>
 <p>
 
-<h3>Example 3: Sub Min</h3>
+<h3>Example 2: Mg.Min</h3>
 
 <details>
 
@@ -357,10 +292,10 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
 
 ```bicep
 module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policySetDefinitions'
+  name: '${uniqueString(deployment().name)}-test-apsdmgmin'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-sub-min-policySet'
+    name: '<<namePrefix>>apsdmgmin001'
     policyDefinitions: [
       {
         parameters: {
@@ -373,8 +308,6 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
         policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c'
       }
     ]
-    // Non-required parameters
-    subscriptionId: '<<subscriptionId>>'
   }
 }
 ```
@@ -393,7 +326,7 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-sub-min-policySet"
+      "value": "<<namePrefix>>apsdmgmin001"
     },
     "policyDefinitions": {
       "value": [
@@ -408,10 +341,6 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
           "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c"
         }
       ]
-    },
-    // Non-required parameters
-    "subscriptionId": {
-      "value": "<<subscriptionId>>"
     }
   }
 }
@@ -420,7 +349,7 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
 </details>
 <p>
 
-<h3>Example 4: Sub</h3>
+<h3>Example 3: Sub</h3>
 
 <details>
 
@@ -428,10 +357,10 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
 
 ```bicep
 module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-policySetDefinitions'
+  name: '${uniqueString(deployment().name)}-test-apsdsub'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-sub-policySet'
+    name: '<<namePrefix>>apsdsub001'
     policyDefinitions: [
       {
         groupNames: [
@@ -477,7 +406,7 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
         name: 'ARM'
       }
     ]
-    subscriptionId: '<<subscriptionId>>'
+    subscriptionId: '<subscriptionId>'
   }
 }
 ```
@@ -496,7 +425,7 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-sub-policySet"
+      "value": "<<namePrefix>>apsdsub001"
     },
     "policyDefinitions": {
       "value": [
@@ -553,6 +482,77 @@ module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/depl
         }
       ]
     },
+    "subscriptionId": {
+      "value": "<subscriptionId>"
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<h3>Example 4: Sub.Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module policySetDefinitions './Microsoft.Authorization/policySetDefinitions/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-apsdsubmin'
+  params: {
+    // Required parameters
+    name: '<<namePrefix>>apsdsubmin001'
+    policyDefinitions: [
+      {
+        parameters: {
+          listOfAllowedLocations: {
+            value: [
+              'australiaeast'
+            ]
+          }
+        }
+        policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c'
+      }
+    ]
+    // Non-required parameters
+    subscriptionId: '<<subscriptionId>>'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "name": {
+      "value": "<<namePrefix>>apsdsubmin001"
+    },
+    "policyDefinitions": {
+      "value": [
+        {
+          "parameters": {
+            "listOfAllowedLocations": {
+              "value": [
+                "australiaeast"
+              ]
+            }
+          },
+          "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c"
+        }
+      ]
+    },
+    // Non-required parameters
     "subscriptionId": {
       "value": "<<subscriptionId>>"
     }
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/mg.min.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.test/mg.min.parameters.json
deleted file mode 100644
index 02a409875c..0000000000
--- a/modules/Microsoft.Authorization/roleAssignments/.test/mg.min.parameters.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "roleDefinitionIdOrName": {
-            "value": "Storage Queue Data Reader"
-        },
-        "principalId": {
-            "value": "<<deploymentSpId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/mg.min/dependencies.bicep b/modules/Microsoft.Authorization/roleAssignments/.test/mg.min/dependencies.bicep
new file mode 100644
index 0000000000..4d86c195ca
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleAssignments/.test/mg.min/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/mg.min/deploy.test.bicep b/modules/Microsoft.Authorization/roleAssignments/.test/mg.min/deploy.test.bicep
new file mode 100644
index 0000000000..21c8a9ecf9
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleAssignments/.test/mg.min/deploy.test.bicep
@@ -0,0 +1,42 @@
+targetScope = 'managementGroup'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.authorization.roleassignments-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'aramgmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+module resourceGroupResources 'interm.dependencies.bicep' = {
+  scope: subscription('<<subscriptionId>>')
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    resourceGroupName: resourceGroupName
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../managementGroup/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    principalId: resourceGroupResources.outputs.managedIdentityPrincipalId
+    roleDefinitionIdOrName: 'Storage Queue Data Reader'
+  }
+}
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/mg.min/interm.dependencies.bicep b/modules/Microsoft.Authorization/roleAssignments/.test/mg.min/interm.dependencies.bicep
new file mode 100644
index 0000000000..8b7559cc9a
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleAssignments/.test/mg.min/interm.dependencies.bicep
@@ -0,0 +1,27 @@
+targetScope = 'subscription'
+
+@description('Required. The location to deploy to')
+param location string
+
+@description('Required. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string
+
+@description('Required. The name of the managed identity to create')
+param managedIdentityName string
+
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: managedIdentityName
+  }
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = resourceGroupResources.outputs.managedIdentityPrincipalId
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/mg.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.test/mg.parameters.json
deleted file mode 100644
index e6362b62aa..0000000000
--- a/modules/Microsoft.Authorization/roleAssignments/.test/mg.parameters.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "roleDefinitionIdOrName": {
-            "value": "Backup Reader"
-        },
-        "description": {
-            "value": "Role Assignment (management group scope)"
-        },
-        "principalId": {
-            "value": "<<deploymentSpId>>"
-        },
-        "principalType": {
-            "value": "ServicePrincipal"
-        },
-        "managementGroupId": {
-            "value": "<<managementGroupId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/mg/dependencies.bicep b/modules/Microsoft.Authorization/roleAssignments/.test/mg/dependencies.bicep
new file mode 100644
index 0000000000..4d86c195ca
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleAssignments/.test/mg/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/mg/deploy.test.bicep b/modules/Microsoft.Authorization/roleAssignments/.test/mg/deploy.test.bicep
new file mode 100644
index 0000000000..1040b57870
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleAssignments/.test/mg/deploy.test.bicep
@@ -0,0 +1,45 @@
+targetScope = 'managementGroup'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.authorization.roleassignments-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'aramg'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+module resourceGroupResources 'interm.dependencies.bicep' = {
+  scope: subscription('<<subscriptionId>>')
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    resourceGroupName: resourceGroupName
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../managementGroup/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    principalId: resourceGroupResources.outputs.managedIdentityPrincipalId
+    roleDefinitionIdOrName: 'Backup Reader'
+    description: 'Role Assignment (management group scope)'
+    managementGroupId: last(split(managementGroup().id, '/'))
+    principalType: 'ServicePrincipal'
+  }
+}
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/mg/interm.dependencies.bicep b/modules/Microsoft.Authorization/roleAssignments/.test/mg/interm.dependencies.bicep
new file mode 100644
index 0000000000..8b7559cc9a
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleAssignments/.test/mg/interm.dependencies.bicep
@@ -0,0 +1,27 @@
+targetScope = 'subscription'
+
+@description('Required. The location to deploy to')
+param location string
+
+@description('Required. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string
+
+@description('Required. The name of the managed identity to create')
+param managedIdentityName string
+
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: managedIdentityName
+  }
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = resourceGroupResources.outputs.managedIdentityPrincipalId
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/rg.min.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.test/rg.min.parameters.json
deleted file mode 100644
index 6011dc7e99..0000000000
--- a/modules/Microsoft.Authorization/roleAssignments/.test/rg.min.parameters.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "roleDefinitionIdOrName": {
-            "value": "Storage Queue Data Reader"
-        },
-        "principalId": {
-            "value": "<<deploymentSpId>>"
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        },
-        "resourceGroupName": {
-            "value": "<<resourceGroupName>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/rg.min/dependencies.bicep b/modules/Microsoft.Authorization/roleAssignments/.test/rg.min/dependencies.bicep
new file mode 100644
index 0000000000..bfae36a05d
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleAssignments/.test/rg.min/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/rg.min/deploy.test.bicep b/modules/Microsoft.Authorization/roleAssignments/.test/rg.min/deploy.test.bicep
new file mode 100644
index 0000000000..d0039a0c02
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleAssignments/.test/rg.min/deploy.test.bicep
@@ -0,0 +1,48 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.authorization.roleassignments-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'arargmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../resourceGroup/deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    principalId: resourceGroupResources.outputs.managedIdentityPrincipalId
+    roleDefinitionIdOrName: 'Storage Queue Data Reader'
+    resourceGroupName: resourceGroup.name
+    subscriptionId: subscription().subscriptionId
+  }
+}
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/rg.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.test/rg.parameters.json
deleted file mode 100644
index faf9fc3d90..0000000000
--- a/modules/Microsoft.Authorization/roleAssignments/.test/rg.parameters.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "roleDefinitionIdOrName": {
-            "value": "Backup Reader"
-        },
-        "description": {
-            "value": "Role Assignment (resource group scope)"
-        },
-        "principalId": {
-            "value": "<<deploymentSpId>>"
-        },
-        "principalType": {
-            "value": "ServicePrincipal"
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        },
-        "resourceGroupName": {
-            "value": "<<resourceGroupName>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/rg/dependencies.bicep b/modules/Microsoft.Authorization/roleAssignments/.test/rg/dependencies.bicep
new file mode 100644
index 0000000000..bfae36a05d
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleAssignments/.test/rg/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/rg/deploy.test.bicep b/modules/Microsoft.Authorization/roleAssignments/.test/rg/deploy.test.bicep
new file mode 100644
index 0000000000..acb7361eb4
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleAssignments/.test/rg/deploy.test.bicep
@@ -0,0 +1,50 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.authorization.roleassignments-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'ararg'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../resourceGroup/deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    principalId: resourceGroupResources.outputs.managedIdentityPrincipalId
+    roleDefinitionIdOrName: 'Backup Reader'
+    description: 'Role Assignment (resource group scope)'
+    principalType: 'ServicePrincipal'
+    resourceGroupName: resourceGroup.name
+    subscriptionId: subscription().subscriptionId
+  }
+}
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/sub.min.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.test/sub.min.parameters.json
deleted file mode 100644
index 2a90f97fb7..0000000000
--- a/modules/Microsoft.Authorization/roleAssignments/.test/sub.min.parameters.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "roleDefinitionIdOrName": {
-            "value": "Storage Queue Data Reader"
-        },
-        "principalId": {
-            "value": "<<deploymentSpId>>"
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/sub.min/dependencies.bicep b/modules/Microsoft.Authorization/roleAssignments/.test/sub.min/dependencies.bicep
new file mode 100644
index 0000000000..bfae36a05d
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleAssignments/.test/sub.min/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/sub.min/deploy.test.bicep b/modules/Microsoft.Authorization/roleAssignments/.test/sub.min/deploy.test.bicep
new file mode 100644
index 0000000000..eba218d839
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleAssignments/.test/sub.min/deploy.test.bicep
@@ -0,0 +1,46 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.authorization.roleassignments-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'arasubmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../subscription/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    principalId: resourceGroupResources.outputs.managedIdentityPrincipalId
+    roleDefinitionIdOrName: 'Storage Queue Data Reader'
+    subscriptionId: subscription().subscriptionId
+  }
+}
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/sub.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.test/sub.parameters.json
deleted file mode 100644
index 346ba64c04..0000000000
--- a/modules/Microsoft.Authorization/roleAssignments/.test/sub.parameters.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "roleDefinitionIdOrName": {
-            "value": "Backup Reader"
-        },
-        "description": {
-            "value": "Role Assignment (subscription scope)"
-        },
-        "principalId": {
-            "value": "<<deploymentSpId>>"
-        },
-        "principalType": {
-            "value": "ServicePrincipal"
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/sub/dependencies.bicep b/modules/Microsoft.Authorization/roleAssignments/.test/sub/dependencies.bicep
new file mode 100644
index 0000000000..bfae36a05d
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleAssignments/.test/sub/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/Microsoft.Authorization/roleAssignments/.test/sub/deploy.test.bicep b/modules/Microsoft.Authorization/roleAssignments/.test/sub/deploy.test.bicep
new file mode 100644
index 0000000000..a24dde0fce
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleAssignments/.test/sub/deploy.test.bicep
@@ -0,0 +1,48 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.authorization.roleassignments-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'arasub'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../subscription/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    principalId: resourceGroupResources.outputs.managedIdentityPrincipalId
+    roleDefinitionIdOrName: 'Backup Reader'
+    description: 'Role Assignment (subscription scope)'
+    principalType: 'ServicePrincipal'
+    subscriptionId: subscription().subscriptionId
+  }
+}
diff --git a/modules/Microsoft.Authorization/roleAssignments/readme.md b/modules/Microsoft.Authorization/roleAssignments/readme.md
index eed917bf76..1808daa3a6 100644
--- a/modules/Microsoft.Authorization/roleAssignments/readme.md
+++ b/modules/Microsoft.Authorization/roleAssignments/readme.md
@@ -176,7 +176,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Mg Min</h3>
+<h3>Example 1: Mg</h3>
 
 <details>
 
@@ -184,11 +184,15 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-roleAssignments'
+  name: '${uniqueString(deployment().name)}-test-aramg'
   params: {
     // Required parameters
-    principalId: '<<deploymentSpId>>'
-    roleDefinitionIdOrName: 'Storage Queue Data Reader'
+    principalId: '<principalId>'
+    roleDefinitionIdOrName: 'Backup Reader'
+    // Non-required parameters
+    description: 'Role Assignment (management group scope)'
+    managementGroupId: '<managementGroupId>'
+    principalType: 'ServicePrincipal'
   }
 }
 ```
@@ -207,10 +211,20 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
   "parameters": {
     // Required parameters
     "principalId": {
-      "value": "<<deploymentSpId>>"
+      "value": "<principalId>"
     },
     "roleDefinitionIdOrName": {
-      "value": "Storage Queue Data Reader"
+      "value": "Backup Reader"
+    },
+    // Non-required parameters
+    "description": {
+      "value": "Role Assignment (management group scope)"
+    },
+    "managementGroupId": {
+      "value": "<managementGroupId>"
+    },
+    "principalType": {
+      "value": "ServicePrincipal"
     }
   }
 }
@@ -219,7 +233,7 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
 </details>
 <p>
 
-<h3>Example 2: Mg</h3>
+<h3>Example 2: Mg.Min</h3>
 
 <details>
 
@@ -227,15 +241,11 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
 
 ```bicep
 module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-roleAssignments'
+  name: '${uniqueString(deployment().name)}-test-aramgmin'
   params: {
     // Required parameters
-    principalId: '<<deploymentSpId>>'
-    roleDefinitionIdOrName: 'Backup Reader'
-    // Non-required parameters
-    description: 'Role Assignment (management group scope)'
-    managementGroupId: '<<managementGroupId>>'
-    principalType: 'ServicePrincipal'
+    principalId: '<principalId>'
+    roleDefinitionIdOrName: 'Storage Queue Data Reader'
   }
 }
 ```
@@ -254,20 +264,10 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
   "parameters": {
     // Required parameters
     "principalId": {
-      "value": "<<deploymentSpId>>"
+      "value": "<principalId>"
     },
     "roleDefinitionIdOrName": {
-      "value": "Backup Reader"
-    },
-    // Non-required parameters
-    "description": {
-      "value": "Role Assignment (management group scope)"
-    },
-    "managementGroupId": {
-      "value": "<<managementGroupId>>"
-    },
-    "principalType": {
-      "value": "ServicePrincipal"
+      "value": "Storage Queue Data Reader"
     }
   }
 }
@@ -276,7 +276,7 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
 </details>
 <p>
 
-<h3>Example 3: Rg Min</h3>
+<h3>Example 3: Rg</h3>
 
 <details>
 
@@ -284,14 +284,16 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
 
 ```bicep
 module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-roleAssignments'
+  name: '${uniqueString(deployment().name)}-test-ararg'
   params: {
     // Required parameters
-    principalId: '<<deploymentSpId>>'
-    roleDefinitionIdOrName: 'Storage Queue Data Reader'
+    principalId: '<principalId>'
+    roleDefinitionIdOrName: 'Backup Reader'
     // Non-required parameters
-    resourceGroupName: '<<resourceGroupName>>'
-    subscriptionId: '<<subscriptionId>>'
+    description: 'Role Assignment (resource group scope)'
+    principalType: 'ServicePrincipal'
+    resourceGroupName: '<resourceGroupName>'
+    subscriptionId: '<subscriptionId>'
   }
 }
 ```
@@ -310,17 +312,23 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
   "parameters": {
     // Required parameters
     "principalId": {
-      "value": "<<deploymentSpId>>"
+      "value": "<principalId>"
     },
     "roleDefinitionIdOrName": {
-      "value": "Storage Queue Data Reader"
+      "value": "Backup Reader"
     },
     // Non-required parameters
+    "description": {
+      "value": "Role Assignment (resource group scope)"
+    },
+    "principalType": {
+      "value": "ServicePrincipal"
+    },
     "resourceGroupName": {
-      "value": "<<resourceGroupName>>"
+      "value": "<resourceGroupName>"
     },
     "subscriptionId": {
-      "value": "<<subscriptionId>>"
+      "value": "<subscriptionId>"
     }
   }
 }
@@ -329,7 +337,7 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
 </details>
 <p>
 
-<h3>Example 4: Rg</h3>
+<h3>Example 4: Rg.Min</h3>
 
 <details>
 
@@ -337,16 +345,14 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
 
 ```bicep
 module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-roleAssignments'
+  name: '${uniqueString(deployment().name)}-test-arargmin'
   params: {
     // Required parameters
-    principalId: '<<deploymentSpId>>'
-    roleDefinitionIdOrName: 'Backup Reader'
+    principalId: '<principalId>'
+    roleDefinitionIdOrName: 'Storage Queue Data Reader'
     // Non-required parameters
-    description: 'Role Assignment (resource group scope)'
-    principalType: 'ServicePrincipal'
-    resourceGroupName: '<<resourceGroupName>>'
-    subscriptionId: '<<subscriptionId>>'
+    resourceGroupName: '<resourceGroupName>'
+    subscriptionId: '<subscriptionId>'
   }
 }
 ```
@@ -365,23 +371,17 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
   "parameters": {
     // Required parameters
     "principalId": {
-      "value": "<<deploymentSpId>>"
+      "value": "<principalId>"
     },
     "roleDefinitionIdOrName": {
-      "value": "Backup Reader"
+      "value": "Storage Queue Data Reader"
     },
     // Non-required parameters
-    "description": {
-      "value": "Role Assignment (resource group scope)"
-    },
-    "principalType": {
-      "value": "ServicePrincipal"
-    },
     "resourceGroupName": {
-      "value": "<<resourceGroupName>>"
+      "value": "<resourceGroupName>"
     },
     "subscriptionId": {
-      "value": "<<subscriptionId>>"
+      "value": "<subscriptionId>"
     }
   }
 }
@@ -390,7 +390,7 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
 </details>
 <p>
 
-<h3>Example 5: Sub Min</h3>
+<h3>Example 5: Sub</h3>
 
 <details>
 
@@ -398,13 +398,15 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
 
 ```bicep
 module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-roleAssignments'
+  name: '${uniqueString(deployment().name)}-test-arasub'
   params: {
     // Required parameters
-    principalId: '<<deploymentSpId>>'
-    roleDefinitionIdOrName: 'Storage Queue Data Reader'
+    principalId: '<principalId>'
+    roleDefinitionIdOrName: 'Backup Reader'
     // Non-required parameters
-    subscriptionId: '<<subscriptionId>>'
+    description: 'Role Assignment (subscription scope)'
+    principalType: 'ServicePrincipal'
+    subscriptionId: '<subscriptionId>'
   }
 }
 ```
@@ -423,14 +425,20 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
   "parameters": {
     // Required parameters
     "principalId": {
-      "value": "<<deploymentSpId>>"
+      "value": "<principalId>"
     },
     "roleDefinitionIdOrName": {
-      "value": "Storage Queue Data Reader"
+      "value": "Backup Reader"
     },
     // Non-required parameters
+    "description": {
+      "value": "Role Assignment (subscription scope)"
+    },
+    "principalType": {
+      "value": "ServicePrincipal"
+    },
     "subscriptionId": {
-      "value": "<<subscriptionId>>"
+      "value": "<subscriptionId>"
     }
   }
 }
@@ -439,7 +447,7 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
 </details>
 <p>
 
-<h3>Example 6: Sub</h3>
+<h3>Example 6: Sub.Min</h3>
 
 <details>
 
@@ -447,15 +455,13 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
 
 ```bicep
 module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-roleAssignments'
+  name: '${uniqueString(deployment().name)}-test-arasubmin'
   params: {
     // Required parameters
-    principalId: '<<deploymentSpId>>'
-    roleDefinitionIdOrName: 'Backup Reader'
+    principalId: '<principalId>'
+    roleDefinitionIdOrName: 'Storage Queue Data Reader'
     // Non-required parameters
-    description: 'Role Assignment (subscription scope)'
-    principalType: 'ServicePrincipal'
-    subscriptionId: '<<subscriptionId>>'
+    subscriptionId: '<subscriptionId>'
   }
 }
 ```
@@ -474,20 +480,14 @@ module roleAssignments './Microsoft.Authorization/roleAssignments/deploy.bicep'
   "parameters": {
     // Required parameters
     "principalId": {
-      "value": "<<deploymentSpId>>"
+      "value": "<principalId>"
     },
     "roleDefinitionIdOrName": {
-      "value": "Backup Reader"
+      "value": "Storage Queue Data Reader"
     },
     // Non-required parameters
-    "description": {
-      "value": "Role Assignment (subscription scope)"
-    },
-    "principalType": {
-      "value": "ServicePrincipal"
-    },
     "subscriptionId": {
-      "value": "<<subscriptionId>>"
+      "value": "<subscriptionId>"
     }
   }
 }
diff --git a/modules/Microsoft.Authorization/roleDefinitions/.test/mg.min.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.test/mg.min.parameters.json
deleted file mode 100644
index c4a88ba9e8..0000000000
--- a/modules/Microsoft.Authorization/roleDefinitions/.test/mg.min.parameters.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "roleName": {
-            "value": "<<namePrefix>>-az-testRole-mg-min"
-        },
-        "actions": {
-            "value": [
-                "Microsoft.Compute/galleries/read",
-                "Microsoft.Compute/galleries/images/read"
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/roleDefinitions/.test/mg.min/deploy.test.bicep b/modules/Microsoft.Authorization/roleDefinitions/.test/mg.min/deploy.test.bicep
new file mode 100644
index 0000000000..a4c5effdf3
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleDefinitions/.test/mg.min/deploy.test.bicep
@@ -0,0 +1,22 @@
+targetScope = 'managementGroup'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'ardmgmin'
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../managementGroup/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    roleName: '<<namePrefix>>-testRole-${serviceShort}'
+    actions: [
+      'Microsoft.Compute/galleries/images/read'
+      'Microsoft.Compute/galleries/read'
+    ]
+  }
+}
diff --git a/modules/Microsoft.Authorization/roleDefinitions/.test/mg.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.test/mg.parameters.json
deleted file mode 100644
index d49ce1cae3..0000000000
--- a/modules/Microsoft.Authorization/roleDefinitions/.test/mg.parameters.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "roleName": {
-            "value": "<<namePrefix>>-az-testRole-mg"
-        },
-        "description": {
-            "value": "Test Custom Role Definition Standard (management group scope)"
-        },
-        "actions": {
-            "value": [
-                "Microsoft.Compute/galleries/*",
-                "Microsoft.Network/virtualNetworks/read"
-            ]
-        },
-        "notActions": {
-            "value": [
-                "Microsoft.Compute/images/write",
-                "Microsoft.Compute/images/delete",
-                "Microsoft.Network/virtualNetworks/subnets/join/action"
-            ]
-        },
-        "dataActions": {
-            "value": [
-                "Microsoft.Storage/storageAccounts/blobServices/*/read"
-            ]
-        },
-        "notDataActions": {
-            "value": [
-                "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
-            ]
-        },
-        "assignableScopes": {
-            "value": [
-                "/providers/Microsoft.Management/managementGroups/<<managementGroupId>>"
-            ]
-        },
-        "managementGroupId": {
-            "value": "<<managementGroupId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/roleDefinitions/.test/mg/deploy.test.bicep b/modules/Microsoft.Authorization/roleDefinitions/.test/mg/deploy.test.bicep
new file mode 100644
index 0000000000..ecc59bd033
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleDefinitions/.test/mg/deploy.test.bicep
@@ -0,0 +1,31 @@
+targetScope = 'managementGroup'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'ardmg'
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../managementGroup/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    roleName: '<<namePrefix>>-testRole-${serviceShort}'
+    actions: [
+      'Microsoft.Compute/galleries/*'
+      'Microsoft.Network/virtualNetworks/read'
+    ]
+    assignableScopes: [
+      managementGroup().id
+    ]
+    description: 'Test Custom Role Definition Standard (management group scope)'
+    notActions: [
+      'Microsoft.Compute/images/delete'
+      'Microsoft.Compute/images/write'
+      'Microsoft.Network/virtualNetworks/subnets/join/action'
+    ]
+  }
+}
diff --git a/modules/Microsoft.Authorization/roleDefinitions/.test/rg.min.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.test/rg.min.parameters.json
deleted file mode 100644
index cf6825cc02..0000000000
--- a/modules/Microsoft.Authorization/roleDefinitions/.test/rg.min.parameters.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "roleName": {
-            "value": "<<namePrefix>>-az-testRole-rg-min"
-        },
-        "actions": {
-            "value": [
-                "Microsoft.Compute/galleries/read",
-                "Microsoft.Compute/galleries/images/read"
-            ]
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        },
-        "resourceGroupName": {
-            "value": "<<resourceGroupName>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/roleDefinitions/.test/rg.min/deploy.test.bicep b/modules/Microsoft.Authorization/roleDefinitions/.test/rg.min/deploy.test.bicep
new file mode 100644
index 0000000000..e1bf4e52e2
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleDefinitions/.test/rg.min/deploy.test.bicep
@@ -0,0 +1,41 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.authorization.roledefinitions-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'ardrgmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../resourceGroup/deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    roleName: '<<namePrefix>>-testRole-${serviceShort}'
+    actions: [
+      'Microsoft.Compute/galleries/images/read'
+      'Microsoft.Compute/galleries/read'
+    ]
+  }
+}
diff --git a/modules/Microsoft.Authorization/roleDefinitions/.test/rg.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.test/rg.parameters.json
deleted file mode 100644
index c27ff2f862..0000000000
--- a/modules/Microsoft.Authorization/roleDefinitions/.test/rg.parameters.json
+++ /dev/null
@@ -1,46 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "roleName": {
-            "value": "<<namePrefix>>-az-testRole-rg"
-        },
-        "description": {
-            "value": "Test Custom Role Definition Standard (resource group scope)"
-        },
-        "actions": {
-            "value": [
-                "Microsoft.Compute/galleries/*",
-                "Microsoft.Network/virtualNetworks/read"
-            ]
-        },
-        "notActions": {
-            "value": [
-                "Microsoft.Compute/images/write",
-                "Microsoft.Compute/images/delete",
-                "Microsoft.Network/virtualNetworks/subnets/join/action"
-            ]
-        },
-        "dataActions": {
-            "value": [
-                "Microsoft.Storage/storageAccounts/blobServices/*/read"
-            ]
-        },
-        "notDataActions": {
-            "value": [
-                "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
-            ]
-        },
-        "assignableScopes": {
-            "value": [
-                "/subscriptions/<<subscriptionId>>/resourceGroups/<<resourceGroupName>>"
-            ]
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        },
-        "resourceGroupName": {
-            "value": "<<resourceGroupName>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/roleDefinitions/.test/rg/deploy.test.bicep b/modules/Microsoft.Authorization/roleDefinitions/.test/rg/deploy.test.bicep
new file mode 100644
index 0000000000..afb6fa4831
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleDefinitions/.test/rg/deploy.test.bicep
@@ -0,0 +1,56 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.authorization.roledefinitions-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'ardrg'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../resourceGroup/deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    roleName: '<<namePrefix>>-testRole-${serviceShort}'
+    actions: [
+      'Microsoft.Compute/galleries/*'
+      'Microsoft.Network/virtualNetworks/read'
+    ]
+    assignableScopes: [
+      resourceGroup.id
+    ]
+    dataActions: [
+      'Microsoft.Storage/storageAccounts/blobServices/*/read'
+    ]
+    description: 'Test Custom Role Definition Standard (resource group scope)'
+    notActions: [
+      'Microsoft.Compute/images/delete'
+      'Microsoft.Compute/images/write'
+      'Microsoft.Network/virtualNetworks/subnets/join/action'
+    ]
+    notDataActions: [
+      'Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read'
+    ]
+  }
+}
diff --git a/modules/Microsoft.Authorization/roleDefinitions/.test/sub.min.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.test/sub.min.parameters.json
deleted file mode 100644
index 87bbbc20b7..0000000000
--- a/modules/Microsoft.Authorization/roleDefinitions/.test/sub.min.parameters.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "roleName": {
-            "value": "<<namePrefix>>-az-testRole-sub-min"
-        },
-        "actions": {
-            "value": [
-                "Microsoft.Compute/galleries/read",
-                "Microsoft.Compute/galleries/images/read"
-            ]
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/roleDefinitions/.test/sub.min/deploy.test.bicep b/modules/Microsoft.Authorization/roleDefinitions/.test/sub.min/deploy.test.bicep
new file mode 100644
index 0000000000..51b5a4583c
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleDefinitions/.test/sub.min/deploy.test.bicep
@@ -0,0 +1,23 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'ardsubmin'
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../subscription/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    roleName: '<<namePrefix>>-testRole-${serviceShort}'
+    actions: [
+      'Microsoft.Compute/galleries/images/read'
+      'Microsoft.Compute/galleries/read'
+    ]
+    subscriptionId: subscription().subscriptionId
+  }
+}
diff --git a/modules/Microsoft.Authorization/roleDefinitions/.test/sub.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.test/sub.parameters.json
deleted file mode 100644
index 62e03ca98d..0000000000
--- a/modules/Microsoft.Authorization/roleDefinitions/.test/sub.parameters.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "roleName": {
-            "value": "<<namePrefix>>-az-testRole-sub"
-        },
-        "description": {
-            "value": "Test Custom Role Definition Standard (subscription scope)"
-        },
-        "actions": {
-            "value": [
-                "Microsoft.Compute/galleries/*",
-                "Microsoft.Network/virtualNetworks/read"
-            ]
-        },
-        "notActions": {
-            "value": [
-                "Microsoft.Compute/images/write",
-                "Microsoft.Compute/images/delete",
-                "Microsoft.Network/virtualNetworks/subnets/join/action"
-            ]
-        },
-        "dataActions": {
-            "value": [
-                "Microsoft.Storage/storageAccounts/blobServices/*/read"
-            ]
-        },
-        "notDataActions": {
-            "value": [
-                "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
-            ]
-        },
-        "assignableScopes": {
-            "value": [
-                "/subscriptions/<<subscriptionId>>"
-            ]
-        },
-        "subscriptionId": {
-            "value": "<<subscriptionId>>"
-        }
-    }
-}
diff --git a/modules/Microsoft.Authorization/roleDefinitions/.test/sub/deploy.test.bicep b/modules/Microsoft.Authorization/roleDefinitions/.test/sub/deploy.test.bicep
new file mode 100644
index 0000000000..945d0ca743
--- /dev/null
+++ b/modules/Microsoft.Authorization/roleDefinitions/.test/sub/deploy.test.bicep
@@ -0,0 +1,37 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'ardsub'
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../subscription/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    roleName: '<<namePrefix>>-testRole-${serviceShort}'
+    actions: [
+      'Microsoft.Compute/galleries/*'
+      'Microsoft.Network/virtualNetworks/read'
+    ]
+    assignableScopes: [
+      subscription().id
+    ]
+    dataActions: [
+      'Microsoft.Storage/storageAccounts/blobServices/*/read'
+    ]
+    description: 'Test Custom Role Definition Standard (subscription scope)'
+    notActions: [
+      'Microsoft.Compute/images/delete'
+      'Microsoft.Compute/images/write'
+      'Microsoft.Network/virtualNetworks/subnets/join/action'
+    ]
+    notDataActions: [
+      'Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read'
+    ]
+  }
+}
diff --git a/modules/Microsoft.Authorization/roleDefinitions/readme.md b/modules/Microsoft.Authorization/roleDefinitions/readme.md
index 331c5db066..c604fac317 100644
--- a/modules/Microsoft.Authorization/roleDefinitions/readme.md
+++ b/modules/Microsoft.Authorization/roleDefinitions/readme.md
@@ -180,7 +180,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Mg Min</h3>
+<h3>Example 1: Mg</h3>
 
 <details>
 
@@ -188,82 +188,24 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-roleDefinitions'
+  name: '${uniqueString(deployment().name)}-test-ardmg'
   params: {
     // Required parameters
-    roleName: '<<namePrefix>>-az-testRole-mg-min'
-    // Non-required parameters
-    actions: [
-      'Microsoft.Compute/galleries/images/read'
-      'Microsoft.Compute/galleries/read'
-    ]
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "roleName": {
-      "value": "<<namePrefix>>-az-testRole-mg-min"
-    },
-    // Non-required parameters
-    "actions": {
-      "value": [
-        "Microsoft.Compute/galleries/images/read",
-        "Microsoft.Compute/galleries/read"
-      ]
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Mg</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-roleDefinitions'
-  params: {
-    // Required parameters
-    roleName: '<<namePrefix>>-az-testRole-mg'
+    roleName: '<<namePrefix>>-testRole-ardmg'
     // Non-required parameters
     actions: [
       'Microsoft.Compute/galleries/*'
       'Microsoft.Network/virtualNetworks/read'
     ]
     assignableScopes: [
-      '/providers/Microsoft.Management/managementGroups/<<managementGroupId>>'
-    ]
-    dataActions: [
-      'Microsoft.Storage/storageAccounts/blobServices/*/read'
+      '<id>'
     ]
     description: 'Test Custom Role Definition Standard (management group scope)'
-    managementGroupId: '<<managementGroupId>>'
     notActions: [
       'Microsoft.Compute/images/delete'
       'Microsoft.Compute/images/write'
       'Microsoft.Network/virtualNetworks/subnets/join/action'
     ]
-    notDataActions: [
-      'Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read'
-    ]
   }
 }
 ```
@@ -282,7 +224,7 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
   "parameters": {
     // Required parameters
     "roleName": {
-      "value": "<<namePrefix>>-az-testRole-mg"
+      "value": "<<namePrefix>>-testRole-ardmg"
     },
     // Non-required parameters
     "actions": {
@@ -293,31 +235,18 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
     },
     "assignableScopes": {
       "value": [
-        "/providers/Microsoft.Management/managementGroups/<<managementGroupId>>"
-      ]
-    },
-    "dataActions": {
-      "value": [
-        "Microsoft.Storage/storageAccounts/blobServices/*/read"
+        "<id>"
       ]
     },
     "description": {
       "value": "Test Custom Role Definition Standard (management group scope)"
     },
-    "managementGroupId": {
-      "value": "<<managementGroupId>>"
-    },
     "notActions": {
       "value": [
         "Microsoft.Compute/images/delete",
         "Microsoft.Compute/images/write",
         "Microsoft.Network/virtualNetworks/subnets/join/action"
       ]
-    },
-    "notDataActions": {
-      "value": [
-        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
-      ]
     }
   }
 }
@@ -326,7 +255,7 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
 </details>
 <p>
 
-<h3>Example 3: Rg Min</h3>
+<h3>Example 2: Mg.Min</h3>
 
 <details>
 
@@ -334,17 +263,15 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
 
 ```bicep
 module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-roleDefinitions'
+  name: '${uniqueString(deployment().name)}-test-ardmgmin'
   params: {
     // Required parameters
-    roleName: '<<namePrefix>>-az-testRole-rg-min'
+    roleName: '<<namePrefix>>-testRole-ardmgmin'
     // Non-required parameters
     actions: [
       'Microsoft.Compute/galleries/images/read'
       'Microsoft.Compute/galleries/read'
     ]
-    resourceGroupName: '<<resourceGroupName>>'
-    subscriptionId: '<<subscriptionId>>'
   }
 }
 ```
@@ -363,7 +290,7 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
   "parameters": {
     // Required parameters
     "roleName": {
-      "value": "<<namePrefix>>-az-testRole-rg-min"
+      "value": "<<namePrefix>>-testRole-ardmgmin"
     },
     // Non-required parameters
     "actions": {
@@ -371,12 +298,6 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
         "Microsoft.Compute/galleries/images/read",
         "Microsoft.Compute/galleries/read"
       ]
-    },
-    "resourceGroupName": {
-      "value": "<<resourceGroupName>>"
-    },
-    "subscriptionId": {
-      "value": "<<subscriptionId>>"
     }
   }
 }
@@ -385,7 +306,7 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
 </details>
 <p>
 
-<h3>Example 4: Rg</h3>
+<h3>Example 3: Rg</h3>
 
 <details>
 
@@ -393,17 +314,17 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
 
 ```bicep
 module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-roleDefinitions'
+  name: '${uniqueString(deployment().name)}-test-ardrg'
   params: {
     // Required parameters
-    roleName: '<<namePrefix>>-az-testRole-rg'
+    roleName: '<<namePrefix>>-testRole-ardrg'
     // Non-required parameters
     actions: [
       'Microsoft.Compute/galleries/*'
       'Microsoft.Network/virtualNetworks/read'
     ]
     assignableScopes: [
-      '/subscriptions/<<subscriptionId>>/resourceGroups/<<resourceGroupName>>'
+      '<id>'
     ]
     dataActions: [
       'Microsoft.Storage/storageAccounts/blobServices/*/read'
@@ -417,8 +338,6 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
     notDataActions: [
       'Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read'
     ]
-    resourceGroupName: '<<resourceGroupName>>'
-    subscriptionId: '<<subscriptionId>>'
   }
 }
 ```
@@ -437,7 +356,7 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
   "parameters": {
     // Required parameters
     "roleName": {
-      "value": "<<namePrefix>>-az-testRole-rg"
+      "value": "<<namePrefix>>-testRole-ardrg"
     },
     // Non-required parameters
     "actions": {
@@ -448,7 +367,7 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
     },
     "assignableScopes": {
       "value": [
-        "/subscriptions/<<subscriptionId>>/resourceGroups/<<resourceGroupName>>"
+        "<id>"
       ]
     },
     "dataActions": {
@@ -470,12 +389,6 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
       "value": [
         "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
       ]
-    },
-    "resourceGroupName": {
-      "value": "<<resourceGroupName>>"
-    },
-    "subscriptionId": {
-      "value": "<<subscriptionId>>"
     }
   }
 }
@@ -484,7 +397,7 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
 </details>
 <p>
 
-<h3>Example 5: Sub Min</h3>
+<h3>Example 4: Rg.Min</h3>
 
 <details>
 
@@ -492,16 +405,15 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
 
 ```bicep
 module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-roleDefinitions'
+  name: '${uniqueString(deployment().name)}-test-ardrgmin'
   params: {
     // Required parameters
-    roleName: '<<namePrefix>>-az-testRole-sub-min'
+    roleName: '<<namePrefix>>-testRole-ardrgmin'
     // Non-required parameters
     actions: [
       'Microsoft.Compute/galleries/images/read'
       'Microsoft.Compute/galleries/read'
     ]
-    subscriptionId: '<<subscriptionId>>'
   }
 }
 ```
@@ -520,7 +432,7 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
   "parameters": {
     // Required parameters
     "roleName": {
-      "value": "<<namePrefix>>-az-testRole-sub-min"
+      "value": "<<namePrefix>>-testRole-ardrgmin"
     },
     // Non-required parameters
     "actions": {
@@ -528,9 +440,6 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
         "Microsoft.Compute/galleries/images/read",
         "Microsoft.Compute/galleries/read"
       ]
-    },
-    "subscriptionId": {
-      "value": "<<subscriptionId>>"
     }
   }
 }
@@ -539,7 +448,7 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
 </details>
 <p>
 
-<h3>Example 6: Sub</h3>
+<h3>Example 5: Sub</h3>
 
 <details>
 
@@ -547,17 +456,17 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
 
 ```bicep
 module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-roleDefinitions'
+  name: '${uniqueString(deployment().name)}-test-ardsub'
   params: {
     // Required parameters
-    roleName: '<<namePrefix>>-az-testRole-sub'
+    roleName: '<<namePrefix>>-testRole-ardsub'
     // Non-required parameters
     actions: [
       'Microsoft.Compute/galleries/*'
       'Microsoft.Network/virtualNetworks/read'
     ]
     assignableScopes: [
-      '/subscriptions/<<subscriptionId>>'
+      '<id>'
     ]
     dataActions: [
       'Microsoft.Storage/storageAccounts/blobServices/*/read'
@@ -571,7 +480,6 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
     notDataActions: [
       'Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read'
     ]
-    subscriptionId: '<<subscriptionId>>'
   }
 }
 ```
@@ -590,7 +498,7 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
   "parameters": {
     // Required parameters
     "roleName": {
-      "value": "<<namePrefix>>-az-testRole-sub"
+      "value": "<<namePrefix>>-testRole-ardsub"
     },
     // Non-required parameters
     "actions": {
@@ -601,7 +509,7 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
     },
     "assignableScopes": {
       "value": [
-        "/subscriptions/<<subscriptionId>>"
+        "<id>"
       ]
     },
     "dataActions": {
@@ -623,9 +531,61 @@ module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep'
       "value": [
         "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
       ]
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<h3>Example 6: Sub.Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module roleDefinitions './Microsoft.Authorization/roleDefinitions/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-ardsubmin'
+  params: {
+    // Required parameters
+    roleName: '<<namePrefix>>-testRole-ardsubmin'
+    // Non-required parameters
+    actions: [
+      'Microsoft.Compute/galleries/images/read'
+      'Microsoft.Compute/galleries/read'
+    ]
+    subscriptionId: '<subscriptionId>'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "roleName": {
+      "value": "<<namePrefix>>-testRole-ardsubmin"
+    },
+    // Non-required parameters
+    "actions": {
+      "value": [
+        "Microsoft.Compute/galleries/images/read",
+        "Microsoft.Compute/galleries/read"
+      ]
     },
     "subscriptionId": {
-      "value": "<<subscriptionId>>"
+      "value": "<subscriptionId>"
     }
   }
 }
diff --git a/modules/Microsoft.Automation/automationAccounts/.test/default/dependencies.bicep b/modules/Microsoft.Automation/automationAccounts/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..cbf606d9ad
--- /dev/null
+++ b/modules/Microsoft.Automation/automationAccounts/.test/default/dependencies.bicep
@@ -0,0 +1,88 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
+    name: 'privatelink.azure-automation.net'
+    location: 'global'
+
+    resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = {
+        name: '${virtualNetwork.name}-vnetlink'
+        location: 'global'
+        properties: {
+            virtualNetwork: {
+                id: virtualNetwork.id
+            }
+            registrationEnabled: false
+        }
+    }
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+    name: keyVaultName
+    location: location
+    properties: {
+        sku: {
+            family: 'A'
+            name: 'standard'
+        }
+        tenantId: tenant().tenantId
+        enablePurgeProtection: null
+        enabledForTemplateDeployment: true
+        enabledForDiskEncryption: true
+        enabledForDeployment: true
+        enableRbacAuthorization: true
+        accessPolicies: []
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The resource ID of the created Key Vault.')
+output keyVaultResourceId string = keyVault.id
+
+@description('The URL of the created Key Vault.')
+output keyVaultUrl string = keyVault.properties.vaultUri
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output privateDNSResourceId string = privateDNSZone.id
diff --git a/modules/Microsoft.Automation/automationAccounts/.test/default/deploy.test.bicep b/modules/Microsoft.Automation/automationAccounts/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..5952f317d3
--- /dev/null
+++ b/modules/Microsoft.Automation/automationAccounts/.test/default/deploy.test.bicep
@@ -0,0 +1,226 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.automation.account-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'aadef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    gallerySolutions: [
+      {
+        name: 'Updates'
+        product: 'OMSGallery'
+        publisher: 'Microsoft'
+      }
+    ]
+    jobSchedules: [
+      {
+        runbookName: 'TestRunbook'
+        scheduleName: 'TestSchedule'
+      }
+    ]
+    disableLocalAuth: true
+    linkedWorkspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    lock: 'CanNotDelete'
+    modules: [
+      {
+        name: 'PSWindowsUpdate'
+        uri: 'https://www.powershellgallery.com/api/v2/package'
+        version: 'latest'
+      }
+    ]
+    privateEndpoints: [
+      {
+        privateDnsZoneGroups: {
+          privateDNSResourceIds: [
+            resourceGroupResources.outputs.privateDNSResourceId
+          ]
+        }
+        service: 'Webhook'
+        subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+      }
+      {
+        privateDnsZoneGroups: {
+          privateDNSResourceIds: [
+            resourceGroupResources.outputs.privateDNSResourceId
+          ]
+        }
+        service: 'DSCAndHybridWorker'
+        subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+      }
+    ]
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    runbooks: [
+      {
+        description: 'Test runbook'
+        name: 'TestRunbook'
+        runbookType: 'PowerShell'
+        uri: 'https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.automation/101-automation/scripts/AzureAutomationTutorial.ps1'
+        version: '1.0.0.0'
+      }
+    ]
+    schedules: [
+      {
+        advancedSchedule: {}
+        expiryTime: '9999-12-31T13:00'
+        frequency: 'Minute'
+        interval: 15
+        name: 'TestSchedule'
+        startTime: ''
+        timeZone: 'Europe/Berlin'
+      }
+    ]
+    softwareUpdateConfigurations: [
+      {
+        excludeUpdates: [
+          '123456'
+        ]
+        frequency: 'Month'
+        includeUpdates: [
+          '654321'
+        ]
+        interval: 1
+        maintenanceWindow: 'PT4H'
+        monthlyOccurrences: [
+          {
+            day: 'Friday'
+            occurrence: 3
+          }
+        ]
+        name: 'Windows_ZeroDay'
+        operatingSystem: 'Windows'
+        rebootSetting: 'IfRequired'
+        scopeByTags: {
+          Update: [
+            'Automatic-Wave1'
+          ]
+        }
+        startTime: '22:00'
+        updateClassifications: [
+          'Critical'
+          'Definition'
+          'FeaturePack'
+          'Security'
+          'ServicePack'
+          'Tools'
+          'UpdateRollup'
+          'Updates'
+        ]
+      }
+      {
+        excludeUpdates: [
+          'icacls'
+        ]
+        frequency: 'OneTime'
+        includeUpdates: [
+          'kernel'
+        ]
+        maintenanceWindow: 'PT4H'
+        name: 'Linux_ZeroDay'
+        operatingSystem: 'Linux'
+        rebootSetting: 'IfRequired'
+        startTime: '22:00'
+        updateClassifications: [
+          'Critical'
+          'Other'
+          'Security'
+        ]
+      }
+    ]
+    systemAssignedIdentity: true
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+    variables: [
+      {
+        description: 'TestStringDescription'
+        name: 'TestString'
+        value: '\'TestString\''
+      }
+      {
+        description: 'TestIntegerDescription'
+        name: 'TestInteger'
+        value: '500'
+      }
+      {
+        description: 'TestBooleanDescription'
+        name: 'TestBoolean'
+        value: 'false'
+      }
+      {
+        description: 'TestDateTimeDescription'
+        isEncrypted: false
+        name: 'TestDateTime'
+        value: '\'\\/Date(1637934042656)\\/\''
+      }
+      {
+        description: 'TestEncryptedDescription'
+        name: 'TestEncryptedVariable'
+        value: '\'TestEncryptedValue\''
+      }
+    ]
+  }
+}
diff --git a/modules/Microsoft.Automation/automationAccounts/.test/encr.parameters.json b/modules/Microsoft.Automation/automationAccounts/.test/encr.parameters.json
deleted file mode 100644
index 984988dc39..0000000000
--- a/modules/Microsoft.Automation/automationAccounts/.test/encr.parameters.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-aut-encr-001"
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "cMKUserAssignedIdentityResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-        },
-        "cMKKeyName": {
-            "value": "keyEncryptionKey"
-        },
-        "cMKKeyVaultResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002"
-        },
-        "publicNetworkAccess": {
-            "value": "Enabled"
-        }
-    }
-}
diff --git a/modules/Microsoft.Automation/automationAccounts/.test/encr/dependencies.bicep b/modules/Microsoft.Automation/automationAccounts/.test/encr/dependencies.bicep
new file mode 100644
index 0000000000..eb1264c69f
--- /dev/null
+++ b/modules/Microsoft.Automation/automationAccounts/.test/encr/dependencies.bicep
@@ -0,0 +1,58 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+    name: keyVaultName
+    location: location
+    properties: {
+        sku: {
+            family: 'A'
+            name: 'standard'
+        }
+        tenantId: tenant().tenantId
+        enablePurgeProtection: null
+        enabledForTemplateDeployment: true
+        enabledForDiskEncryption: true
+        enabledForDeployment: true
+        enableRbacAuthorization: true
+        accessPolicies: []
+    }
+
+    resource key 'keys@2022-07-01' = {
+        name: 'keyEncryptionKey'
+        properties: {
+            kty: 'RSA'
+        }
+    }
+}
+
+resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${managedIdentity.name}-KeyVault-Key-Read-RoleAssignment')
+    scope: keyVault::key
+    properties: {
+        principalId: managedIdentity.properties.principalId
+        // Key Vault Crypto User
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424')
+        principalType: 'ServicePrincipal'
+    }
+}
+
+@description('The resource ID of the created Key Vault.')
+output keyVaultResourceId string = keyVault.id
+
+@description('The name of the Key Vault Encryption Key.')
+output keyVaultEncryptionKeyName string = keyVault::key.name
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
diff --git a/modules/Microsoft.Automation/automationAccounts/.test/encr/deploy.test.bicep b/modules/Microsoft.Automation/automationAccounts/.test/encr/deploy.test.bicep
new file mode 100644
index 0000000000..8a055b5583
--- /dev/null
+++ b/modules/Microsoft.Automation/automationAccounts/.test/encr/deploy.test.bicep
@@ -0,0 +1,53 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.automation.account-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'aaencr'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    cMKKeyName: resourceGroupResources.outputs.keyVaultEncryptionKeyName
+    cMKKeyVaultResourceId: resourceGroupResources.outputs.keyVaultResourceId
+    cMKUserAssignedIdentityResourceId: resourceGroupResources.outputs.managedIdentityResourceId
+    publicNetworkAccess: 'Enabled'
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.Automation/automationAccounts/.test/min.parameters.json b/modules/Microsoft.Automation/automationAccounts/.test/min.parameters.json
deleted file mode 100644
index c76e891806..0000000000
--- a/modules/Microsoft.Automation/automationAccounts/.test/min.parameters.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-aut-min-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.Automation/automationAccounts/.test/min/deploy.test.bicep b/modules/Microsoft.Automation/automationAccounts/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..cd4617a02d
--- /dev/null
+++ b/modules/Microsoft.Automation/automationAccounts/.test/min/deploy.test.bicep
@@ -0,0 +1,37 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.automation.account-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'aamin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+  }
+}
diff --git a/modules/Microsoft.Automation/automationAccounts/.test/parameters.json b/modules/Microsoft.Automation/automationAccounts/.test/parameters.json
deleted file mode 100644
index a2a0a55e37..0000000000
--- a/modules/Microsoft.Automation/automationAccounts/.test/parameters.json
+++ /dev/null
@@ -1,212 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-aut-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "schedules": {
-            "value": [
-                {
-                    "name": "TestSchedule",
-                    "startTime": "",
-                    "expiryTime": "9999-12-31T13:00",
-                    "interval": 15,
-                    "frequency": "Minute",
-                    "timeZone": "Europe/Berlin",
-                    "advancedSchedule": {}
-                }
-            ]
-        },
-        "modules": {
-            "value": [
-                {
-                    "name": "PSWindowsUpdate",
-                    "version": "latest",
-                    "uri": "https://www.powershellgallery.com/api/v2/package"
-                }
-            ]
-        },
-        "runbooks": {
-            "value": [
-                {
-                    "name": "TestRunbook",
-                    "runbookType": "PowerShell",
-                    "description": "Test runbook",
-                    "uri": "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.automation/101-automation/scripts/AzureAutomationTutorial.ps1",
-                    "version": "1.0.0.0"
-                }
-            ]
-        },
-        "jobSchedules": {
-            "value": [
-                {
-                    "scheduleName": "TestSchedule",
-                    "runbookName": "TestRunbook"
-                }
-            ]
-        },
-        "variables": {
-            "value": [
-                {
-                    "name": "TestString",
-                    "value": "\"TestString\"",
-                    "description": "TestStringDescription"
-                },
-                {
-                    "name": "TestInteger",
-                    "value": "500",
-                    "description": "TestIntegerDescription"
-                },
-                {
-                    "name": "TestBoolean",
-                    "value": "false",
-                    "description": "TestBooleanDescription"
-                },
-                {
-                    "name": "TestDateTime",
-                    "value": "\"\\/Date(1637934042656)\\/\"",
-                    "description": "TestDateTimeDescription",
-                    "isEncrypted": false
-                },
-                {
-                    "name": "TestEncryptedVariable",
-                    "value": "\"TestEncryptedValue\"",
-                    "description": "TestEncryptedDescription"
-                }
-            ]
-        },
-        "linkedWorkspaceResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-aut-001"
-        },
-        "gallerySolutions": {
-            "value": [
-                {
-                    "name": "Updates",
-                    "product": "OMSGallery",
-                    "publisher": "Microsoft"
-                }
-            ]
-        },
-        "softwareUpdateConfigurations": {
-            "value": [
-                {
-                    "name": "Windows_ZeroDay",
-                    "frequency": "Month",
-                    "operatingSystem": "Windows",
-                    "rebootSetting": "IfRequired",
-                    "scopeByTags": {
-                        "Update": [
-                            "Automatic-Wave1"
-                        ]
-                    },
-                    "maintenanceWindow": "PT4H",
-                    "updateClassifications": [
-                        "Critical",
-                        "Security",
-                        "UpdateRollup",
-                        "FeaturePack",
-                        "ServicePack",
-                        "Definition",
-                        "Tools",
-                        "Updates"
-                    ],
-                    "includeUpdates": [
-                        "654321"
-                    ],
-                    "excludeUpdates": [
-                        "123456"
-                    ],
-                    "interval": 1,
-                    "monthlyOccurrences": [
-                        {
-                            "occurrence": 3,
-                            "day": "Friday"
-                        }
-                    ],
-                    "startTime": "22:00"
-                },
-                {
-                    "name": "Linux_ZeroDay",
-                    "frequency": "OneTime",
-                    "operatingSystem": "Linux",
-                    "rebootSetting": "IfRequired",
-                    "maintenanceWindow": "PT4H",
-                    "updateClassifications": [
-                        "Critical",
-                        "Security",
-                        "Other"
-                    ],
-                    "includeUpdates": [
-                        "kernel"
-                    ],
-                    "excludeUpdates": [
-                        "icacls"
-                    ],
-                    "startTime": "22:00"
-                }
-            ]
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "Webhook",
-                    "privateDnsZoneGroups": {
-                        "privateDNSResourceIds": [
-                            "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net"
-                        ]
-                    }
-                },
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "DSCAndHybridWorker",
-                    "privateDnsZoneGroups": {
-                        "privateDNSResourceIds": [
-                            "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net"
-                        ]
-                    }
-                }
-            ]
-        },
-        "disableLocalAuth": {
-            "value": true
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.Automation/automationAccounts/readme.md b/modules/Microsoft.Automation/automationAccounts/readme.md
index efaae090e2..5edd508934 100644
--- a/modules/Microsoft.Automation/automationAccounts/readme.md
+++ b/modules/Microsoft.Automation/automationAccounts/readme.md
@@ -365,7 +365,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Encr</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
@@ -373,118 +373,16 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-automationAccounts'
+  name: '${uniqueString(deployment().name)}-test-aadef'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-aut-encr-001'
+    name: '<<namePrefix>>aadef001'
     // Non-required parameters
-    cMKKeyName: 'keyEncryptionKey'
-    cMKKeyVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002'
-    cMKUserAssignedIdentityResourceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001'
-    publicNetworkAccess: 'Enabled'
-    userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "name": {
-      "value": "<<namePrefix>>-az-aut-encr-001"
-    },
-    // Non-required parameters
-    "cMKKeyName": {
-      "value": "keyEncryptionKey"
-    },
-    "cMKKeyVaultResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002"
-    },
-    "cMKUserAssignedIdentityResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-    },
-    "publicNetworkAccess": {
-      "value": "Enabled"
-    },
-    "userAssignedIdentities": {
-      "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-      }
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Min</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-automationAccounts'
-  params: {
-    name: '<<namePrefix>>-az-aut-min-001'
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    "name": {
-      "value": "<<namePrefix>>-az-aut-min-001"
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 3: Parameters</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-automationAccounts'
-  params: {
-    // Required parameters
-    name: '<<namePrefix>>-az-aut-x-001'
-    // Non-required parameters
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     disableLocalAuth: true
     gallerySolutions: [
       {
@@ -499,7 +397,7 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice
         scheduleName: 'TestSchedule'
       }
     ]
-    linkedWorkspaceResourceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-aut-001'
+    linkedWorkspaceResourceId: '<linkedWorkspaceResourceId>'
     lock: 'CanNotDelete'
     modules: [
       {
@@ -512,26 +410,26 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice
       {
         privateDnsZoneGroups: {
           privateDNSResourceIds: [
-            '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net'
+            '<privateDNSResourceId>'
           ]
         }
         service: 'Webhook'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
+        subnetResourceId: '<subnetResourceId>'
       }
       {
         privateDnsZoneGroups: {
           privateDNSResourceIds: [
-            '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net'
+            '<privateDNSResourceId>'
           ]
         }
         service: 'DSCAndHybridWorker'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
+        subnetResourceId: '<subnetResourceId>'
       }
     ]
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -615,7 +513,7 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice
     ]
     systemAssignedIdentity: true
     userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+      '<managedIdentityResourceId>': {}
     }
     variables: [
       {
@@ -637,7 +535,7 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice
         description: 'TestDateTimeDescription'
         isEncrypted: false
         name: 'TestDateTime'
-        value: '\'\\/Date(1637934042656)\\/\''
+        value: '<value>'
       }
       {
         description: 'TestEncryptedDescription'
@@ -663,23 +561,23 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-aut-x-001"
+      "value": "<<namePrefix>>aadef001"
     },
     // Non-required parameters
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "disableLocalAuth": {
       "value": true
@@ -702,7 +600,7 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice
       ]
     },
     "linkedWorkspaceResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-aut-001"
+      "value": "<linkedWorkspaceResourceId>"
     },
     "lock": {
       "value": "CanNotDelete"
@@ -721,20 +619,20 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice
         {
           "privateDnsZoneGroups": {
             "privateDNSResourceIds": [
-              "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net"
+              "<privateDNSResourceId>"
             ]
           },
           "service": "Webhook",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints"
+          "subnetResourceId": "<subnetResourceId>"
         },
         {
           "privateDnsZoneGroups": {
             "privateDNSResourceIds": [
-              "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net"
+              "<privateDNSResourceId>"
             ]
           },
           "service": "DSCAndHybridWorker",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints"
+          "subnetResourceId": "<subnetResourceId>"
         }
       ]
     },
@@ -742,7 +640,7 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -836,7 +734,7 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice
     },
     "userAssignedIdentities": {
       "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+        "<managedIdentityResourceId>": {}
       }
     },
     "variables": {
@@ -860,7 +758,7 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice
           "description": "TestDateTimeDescription",
           "isEncrypted": false,
           "name": "TestDateTime",
-          "value": "\"\\/Date(1637934042656)\\/\""
+          "value": "<value>"
         },
         {
           "description": "TestEncryptedDescription",
@@ -875,3 +773,105 @@ module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bice
 
 </details>
 <p>
+
+<h3>Example 2: Encr</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-aaencr'
+  params: {
+    // Required parameters
+    name: '<<namePrefix>>aaencr001'
+    // Non-required parameters
+    cMKKeyName: '<cMKKeyName>'
+    cMKKeyVaultResourceId: '<cMKKeyVaultResourceId>'
+    cMKUserAssignedIdentityResourceId: '<cMKUserAssignedIdentityResourceId>'
+    publicNetworkAccess: 'Enabled'
+    userAssignedIdentities: {
+      '<managedIdentityResourceId>': {}
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "name": {
+      "value": "<<namePrefix>>aaencr001"
+    },
+    // Non-required parameters
+    "cMKKeyName": {
+      "value": "<cMKKeyName>"
+    },
+    "cMKKeyVaultResourceId": {
+      "value": "<cMKKeyVaultResourceId>"
+    },
+    "cMKUserAssignedIdentityResourceId": {
+      "value": "<cMKUserAssignedIdentityResourceId>"
+    },
+    "publicNetworkAccess": {
+      "value": "Enabled"
+    },
+    "userAssignedIdentities": {
+      "value": {
+        "<managedIdentityResourceId>": {}
+      }
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<h3>Example 3: Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module automationAccounts './Microsoft.Automation/automationAccounts/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-aamin'
+  params: {
+    name: '<<namePrefix>>aamin001'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "name": {
+      "value": "<<namePrefix>>aamin001"
+    }
+  }
+}
+```
+
+</details>
+<p>
diff --git a/modules/Microsoft.Batch/batchAccounts/.test/default/dependencies.bicep b/modules/Microsoft.Batch/batchAccounts/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..7af2d81f74
--- /dev/null
+++ b/modules/Microsoft.Batch/batchAccounts/.test/default/dependencies.bicep
@@ -0,0 +1,84 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Storage Account to create.')
+param storageAccountName string
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+    name: storageAccountName
+    location: location
+    sku: {
+        name: 'Standard_LRS'
+    }
+    kind: 'StorageV2'
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+    name: keyVaultName
+    location: location
+    properties: {
+        sku: {
+            family: 'A'
+            name: 'standard'
+        }
+        tenantId: tenant().tenantId
+        enablePurgeProtection: null
+        enabledForTemplateDeployment: true
+        enabledForDiskEncryption: true
+        enabledForDeployment: true
+        enableRbacAuthorization: true
+        accessPolicies: []
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The resource ID of the created Key Vault.')
+output keyVaultResourceId string = keyVault.id
+
+@description('The URL of the created Key Vault.')
+output keyVaultUrl string = keyVault.properties.vaultUri
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output storageAccountResourceId string = storageAccount.id
diff --git a/modules/Microsoft.Batch/batchAccounts/.test/default/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..e82b500ff7
--- /dev/null
+++ b/modules/Microsoft.Batch/batchAccounts/.test/default/deploy.test.bicep
@@ -0,0 +1,79 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.batch.batchaccounts-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'bbadef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>st${serviceShort}'
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    storageAccountId: resourceGroupResources.outputs.storageAccountResourceId
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    lock: 'CanNotDelete'
+    poolAllocationMode: 'BatchService'
+    privateEndpoints: [
+      {
+        service: 'batchAccount'
+        subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+      }
+    ]
+    storageAccessIdentity: resourceGroupResources.outputs.managedIdentityResourceId
+    storageAuthenticationMode: 'BatchAccountManagedIdentity'
+    systemAssignedIdentity: true
+  }
+}
diff --git a/modules/Microsoft.Batch/batchAccounts/.test/encr.parameters.json b/modules/Microsoft.Batch/batchAccounts/.test/encr.parameters.json
deleted file mode 100644
index 35cb8e8234..0000000000
--- a/modules/Microsoft.Batch/batchAccounts/.test/encr.parameters.json
+++ /dev/null
@@ -1,40 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>azbaweuencr001"
-        },
-        "poolAllocationMode": {
-            "value": "BatchService"
-        },
-        "storageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "storageAuthenticationMode": {
-            "value": "BatchAccountManagedIdentity"
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "storageAccessIdentity": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-        },
-        "cMKKeyName": {
-            "value": "keyEncryptionKey"
-        },
-        "cMKKeyVaultResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002"
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "batchAccount"
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep b/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep
new file mode 100644
index 0000000000..5bcdc03689
--- /dev/null
+++ b/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep
@@ -0,0 +1,106 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Storage Account to create.')
+param storageAccountName string
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+    name: storageAccountName
+    location: location
+    sku: {
+        name: 'Standard_LRS'
+    }
+    kind: 'StorageV2'
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+    name: keyVaultName
+    location: location
+    properties: {
+        sku: {
+            family: 'A'
+            name: 'standard'
+        }
+        tenantId: tenant().tenantId
+        enablePurgeProtection: true // Required by batch account
+        softDeleteRetentionInDays: 7
+        enabledForTemplateDeployment: true
+        enabledForDiskEncryption: true
+        enabledForDeployment: true
+        enableRbacAuthorization: true
+        accessPolicies: []
+    }
+
+    resource key 'keys@2022-07-01' = {
+        name: 'keyEncryptionKey'
+        properties: {
+            kty: 'RSA'
+        }
+    }
+}
+
+resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${managedIdentity.name}-KeyVault-${keyVault.name}-Key-${keyVault::key.name}-Read-RoleAssignment')
+    scope: keyVault::key
+    properties: {
+        principalId: managedIdentity.properties.principalId
+        // Key Vault Crypto User
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424')
+        principalType: 'ServicePrincipal'
+    }
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The resource ID of the created Key Vault.')
+output keyVaultResourceId string = keyVault.id
+
+@description('The URL of the created Key Vault.')
+output keyVaultUrl string = keyVault.properties.vaultUri
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output storageAccountResourceId string = storageAccount.id
+
+@description('The name of the Key Vault Encryption Key.')
+output keyVaultEncryptionKeyName string = keyVault::key.name
diff --git a/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep
new file mode 100644
index 0000000000..13ee909c6e
--- /dev/null
+++ b/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep
@@ -0,0 +1,67 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.batch.batchaccounts-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'bbaencr'
+
+@description('Generated. Used as a basis for unique resource names.')
+param baseTime string = utcNow('u')
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>st${serviceShort}'
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    // Adding base time to make the name unique as purge protection must be enabled (but may not be longer than 24 characters total)
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}-${substring(uniqueString(baseTime), 0, 3)}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    storageAccountId: resourceGroupResources.outputs.storageAccountResourceId
+    cMKKeyName: resourceGroupResources.outputs.keyVaultEncryptionKeyName
+    cMKKeyVaultResourceId: resourceGroupResources.outputs.keyVaultResourceId
+    poolAllocationMode: 'BatchService'
+    privateEndpoints: [
+      {
+        service: 'batchAccount'
+        subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+      }
+    ]
+    storageAccessIdentity: resourceGroupResources.outputs.managedIdentityResourceId
+    storageAuthenticationMode: 'BatchAccountManagedIdentity'
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.Batch/batchAccounts/.test/min.parameters.json b/modules/Microsoft.Batch/batchAccounts/.test/min.parameters.json
deleted file mode 100644
index 5528a0d14c..0000000000
--- a/modules/Microsoft.Batch/batchAccounts/.test/min.parameters.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>azbaweumin001"
-        },
-        "storageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        }
-    }
-}
diff --git a/modules/Microsoft.Batch/batchAccounts/.test/min/dependencies.bicep b/modules/Microsoft.Batch/batchAccounts/.test/min/dependencies.bicep
new file mode 100644
index 0000000000..f069fcdbd9
--- /dev/null
+++ b/modules/Microsoft.Batch/batchAccounts/.test/min/dependencies.bicep
@@ -0,0 +1,17 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Storage Account to create.')
+param storageAccountName string
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+    name: storageAccountName
+    location: location
+    sku: {
+        name: 'Standard_LRS'
+    }
+    kind: 'StorageV2'
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output storageAccountResourceId string = storageAccount.id
diff --git a/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..2998f4879e
--- /dev/null
+++ b/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep
@@ -0,0 +1,46 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.batch.batchaccounts-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'bbamin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>st${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    storageAccountId: resourceGroupResources.outputs.storageAccountResourceId
+  }
+}
diff --git a/modules/Microsoft.Batch/batchAccounts/.test/parameters.json b/modules/Microsoft.Batch/batchAccounts/.test/parameters.json
deleted file mode 100644
index 7e1d7111bd..0000000000
--- a/modules/Microsoft.Batch/batchAccounts/.test/parameters.json
+++ /dev/null
@@ -1,50 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>azbaweux001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "batchAccount"
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        },
-        "poolAllocationMode": {
-            "value": "BatchService"
-        },
-        "storageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "storageAuthenticationMode": {
-            "value": "BatchAccountManagedIdentity"
-        },
-        "storageAccessIdentity": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.Batch/batchAccounts/readme.md b/modules/Microsoft.Batch/batchAccounts/readme.md
index ac5d491fd8..96b6fce9fc 100644
--- a/modules/Microsoft.Batch/batchAccounts/readme.md
+++ b/modules/Microsoft.Batch/batchAccounts/readme.md
@@ -238,7 +238,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Encr</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
@@ -246,26 +246,28 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-batchAccounts'
+  name: '${uniqueString(deployment().name)}-test-bbadef'
   params: {
     // Required parameters
-    name: '<<namePrefix>>azbaweuencr001'
-    storageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
+    name: '<<namePrefix>>bbadef001'
+    storageAccountId: '<storageAccountId>'
     // Non-required parameters
-    cMKKeyName: 'keyEncryptionKey'
-    cMKKeyVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
+    lock: 'CanNotDelete'
     poolAllocationMode: 'BatchService'
     privateEndpoints: [
       {
         service: 'batchAccount'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
+        subnetResourceId: '<subnetResourceId>'
       }
     ]
-    storageAccessIdentity: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001'
+    storageAccessIdentity: '<storageAccessIdentity>'
     storageAuthenticationMode: 'BatchAccountManagedIdentity'
-    userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
-    }
+    systemAssignedIdentity: true
   }
 }
 ```
@@ -284,17 +286,29 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>azbaweuencr001"
+      "value": "<<namePrefix>>bbadef001"
     },
     "storageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<storageAccountId>"
     },
     // Non-required parameters
-    "cMKKeyName": {
-      "value": "keyEncryptionKey"
+    "diagnosticEventHubAuthorizationRuleId": {
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
-    "cMKKeyVaultResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002"
+    "diagnosticEventHubName": {
+      "value": "<diagnosticEventHubName>"
+    },
+    "diagnosticLogsRetentionInDays": {
+      "value": 7
+    },
+    "diagnosticStorageAccountId": {
+      "value": "<diagnosticStorageAccountId>"
+    },
+    "diagnosticWorkspaceId": {
+      "value": "<diagnosticWorkspaceId>"
+    },
+    "lock": {
+      "value": "CanNotDelete"
     },
     "poolAllocationMode": {
       "value": "BatchService"
@@ -303,20 +317,18 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
       "value": [
         {
           "service": "batchAccount",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints"
+          "subnetResourceId": "<subnetResourceId>"
         }
       ]
     },
     "storageAccessIdentity": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
+      "value": "<storageAccessIdentity>"
     },
     "storageAuthenticationMode": {
       "value": "BatchAccountManagedIdentity"
     },
-    "userAssignedIdentities": {
-      "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-      }
+    "systemAssignedIdentity": {
+      "value": true
     }
   }
 }
@@ -325,7 +337,7 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+<h3>Example 2: Encr</h3>
 
 <details>
 
@@ -333,11 +345,26 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
 
 ```bicep
 module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-batchAccounts'
+  name: '${uniqueString(deployment().name)}-test-bbaencr'
   params: {
     // Required parameters
-    name: '<<namePrefix>>azbaweumin001'
-    storageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
+    name: '<<namePrefix>>bbaencr001'
+    storageAccountId: '<storageAccountId>'
+    // Non-required parameters
+    cMKKeyName: '<cMKKeyName>'
+    cMKKeyVaultResourceId: '<cMKKeyVaultResourceId>'
+    poolAllocationMode: 'BatchService'
+    privateEndpoints: [
+      {
+        service: 'batchAccount'
+        subnetResourceId: '<subnetResourceId>'
+      }
+    ]
+    storageAccessIdentity: '<storageAccessIdentity>'
+    storageAuthenticationMode: 'BatchAccountManagedIdentity'
+    userAssignedIdentities: {
+      '<managedIdentityResourceId>': {}
+    }
   }
 }
 ```
@@ -356,10 +383,39 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>azbaweumin001"
+      "value": "<<namePrefix>>bbaencr001"
     },
     "storageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<storageAccountId>"
+    },
+    // Non-required parameters
+    "cMKKeyName": {
+      "value": "<cMKKeyName>"
+    },
+    "cMKKeyVaultResourceId": {
+      "value": "<cMKKeyVaultResourceId>"
+    },
+    "poolAllocationMode": {
+      "value": "BatchService"
+    },
+    "privateEndpoints": {
+      "value": [
+        {
+          "service": "batchAccount",
+          "subnetResourceId": "<subnetResourceId>"
+        }
+      ]
+    },
+    "storageAccessIdentity": {
+      "value": "<storageAccessIdentity>"
+    },
+    "storageAuthenticationMode": {
+      "value": "BatchAccountManagedIdentity"
+    },
+    "userAssignedIdentities": {
+      "value": {
+        "<managedIdentityResourceId>": {}
+      }
     }
   }
 }
@@ -368,7 +424,7 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
 </details>
 <p>
 
-<h3>Example 3: Parameters</h3>
+<h3>Example 3: Min</h3>
 
 <details>
 
@@ -376,28 +432,11 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
 
 ```bicep
 module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-batchAccounts'
+  name: '${uniqueString(deployment().name)}-test-bbamin'
   params: {
     // Required parameters
-    name: '<<namePrefix>>azbaweux001'
-    storageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    // Non-required parameters
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
-    diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
-    lock: 'CanNotDelete'
-    poolAllocationMode: 'BatchService'
-    privateEndpoints: [
-      {
-        service: 'batchAccount'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
-      }
-    ]
-    storageAccessIdentity: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001'
-    storageAuthenticationMode: 'BatchAccountManagedIdentity'
-    systemAssignedIdentity: true
+    name: '<<namePrefix>>bbamin001'
+    storageAccountId: '<storageAccountId>'
   }
 }
 ```
@@ -416,49 +455,10 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>azbaweux001"
+      "value": "<<namePrefix>>bbamin001"
     },
     "storageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-    },
-    // Non-required parameters
-    "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-    },
-    "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
-    },
-    "diagnosticLogsRetentionInDays": {
-      "value": 7
-    },
-    "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-    },
-    "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-    },
-    "lock": {
-      "value": "CanNotDelete"
-    },
-    "poolAllocationMode": {
-      "value": "BatchService"
-    },
-    "privateEndpoints": {
-      "value": [
-        {
-          "service": "batchAccount",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints"
-        }
-      ]
-    },
-    "storageAccessIdentity": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-    },
-    "storageAuthenticationMode": {
-      "value": "BatchAccountManagedIdentity"
-    },
-    "systemAssignedIdentity": {
-      "value": true
+      "value": "<storageAccountId>"
     }
   }
 }
diff --git a/modules/Microsoft.Cache/redis/.test/default/dependencies.bicep b/modules/Microsoft.Cache/redis/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..91351ab840
--- /dev/null
+++ b/modules/Microsoft.Cache/redis/.test/default/dependencies.bicep
@@ -0,0 +1,28 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
diff --git a/modules/Microsoft.Cache/redis/.test/default/deploy.test.bicep b/modules/Microsoft.Cache/redis/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..9995f12b8b
--- /dev/null
+++ b/modules/Microsoft.Cache/redis/.test/default/deploy.test.bicep
@@ -0,0 +1,71 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.cache.redis-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'crdef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    capacity: 2
+    diagnosticLogCategoriesToEnable: [
+      'ApplicationGatewayAccessLog'
+      'ApplicationGatewayFirewallLog'
+    ]
+    diagnosticMetricsToEnable: [
+      'AllMetrics'
+    ]
+    diagnosticSettingsName: 'redisdiagnostics'
+    enableNonSslPort: true
+    lock: 'CanNotDelete'
+    minimumTlsVersion: '1.2'
+    privateEndpoints: [
+      {
+        service: 'redisCache'
+        subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+      }
+    ]
+    publicNetworkAccess: 'Enabled'
+    redisVersion: '6'
+    shardCount: 1
+    skuName: 'Premium'
+    systemAssignedIdentity: true
+    tags: {
+      resourceType: 'Redis Cache'
+    }
+  }
+}
diff --git a/modules/Microsoft.Cache/redis/.test/min.parameters.json b/modules/Microsoft.Cache/redis/.test/min.parameters.json
deleted file mode 100644
index 273328d0a9..0000000000
--- a/modules/Microsoft.Cache/redis/.test/min.parameters.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    "name": {
-      "value": "<<namePrefix>>-az-redis-min-001"
-    }
-  }
-}
diff --git a/modules/Microsoft.Cache/redis/.test/min/deploy.test.bicep b/modules/Microsoft.Cache/redis/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..bd8df19735
--- /dev/null
+++ b/modules/Microsoft.Cache/redis/.test/min/deploy.test.bicep
@@ -0,0 +1,37 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.cache.redis-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'crmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+  }
+}
diff --git a/modules/Microsoft.Cache/redis/.test/parameters.json b/modules/Microsoft.Cache/redis/.test/parameters.json
deleted file mode 100644
index 4910c49871..0000000000
--- a/modules/Microsoft.Cache/redis/.test/parameters.json
+++ /dev/null
@@ -1,63 +0,0 @@
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    "name": {
-      "value": "<<namePrefix>>-az-redis-full-001"
-    },
-    "capacity": {
-      "value": 2
-    },
-    "diagnosticLogCategoriesToEnable": {
-      "value": [
-        "ApplicationGatewayAccessLog",
-        "ApplicationGatewayFirewallLog"
-      ]
-    },
-    "diagnosticMetricsToEnable": {
-      "value": [
-        "AllMetrics"
-      ]
-    },
-    "enableNonSslPort": {
-      "value": true
-    },
-    "lock": {
-      "value": "CanNotDelete"
-    },
-    "minimumTlsVersion": {
-      "value": "1.2"
-    },
-    "diagnosticSettingsName": {
-      "value": "redisdiagnostics"
-    },
-    "publicNetworkAccess": {
-      "value": "Enabled"
-    },
-    "redisVersion": {
-      "value": "6"
-    },
-    "skuName": {
-      "value": "Premium"
-    },
-    "systemAssignedIdentity": {
-      "value": true
-    },
-    "shardCount": {
-      "value": 1
-    },
-    "tags": {
-      "value": {
-        "resourceType": "Redis Cache"
-      }
-    },
-    "privateEndpoints": {
-      "value": [
-        {
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-          "service": "redisCache"
-        }
-      ]
-    }
-  }
-}
diff --git a/modules/Microsoft.Cache/redis/readme.md b/modules/Microsoft.Cache/redis/readme.md
index 12eae15675..c8ffcff3c3 100644
--- a/modules/Microsoft.Cache/redis/readme.md
+++ b/modules/Microsoft.Cache/redis/readme.md
@@ -335,55 +335,18 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Min</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module redis './Microsoft.Cache/redis/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-redis'
-  params: {
-    name: '<<namePrefix>>-az-redis-min-001'
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    "name": {
-      "value": "<<namePrefix>>-az-redis-min-001"
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Parameters</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module redis './Microsoft.Cache/redis/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-redis'
+module Redis './Microsoft.Cache/Redis/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-crdef'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-redis-full-001'
+    name: '<<namePrefix>>crdef001'
     // Non-required parameters
     capacity: 2
     diagnosticLogCategoriesToEnable: [
@@ -400,7 +363,7 @@ module redis './Microsoft.Cache/redis/deploy.bicep' = {
     privateEndpoints: [
       {
         service: 'redisCache'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
+        subnetResourceId: '<subnetResourceId>'
       }
     ]
     publicNetworkAccess: 'Enabled'
@@ -429,7 +392,7 @@ module redis './Microsoft.Cache/redis/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-redis-full-001"
+      "value": "<<namePrefix>>crdef001"
     },
     // Non-required parameters
     "capacity": {
@@ -462,7 +425,7 @@ module redis './Microsoft.Cache/redis/deploy.bicep' = {
       "value": [
         {
           "service": "redisCache",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints"
+          "subnetResourceId": "<subnetResourceId>"
         }
       ]
     },
@@ -492,3 +455,40 @@ module redis './Microsoft.Cache/redis/deploy.bicep' = {
 
 </details>
 <p>
+
+<h3>Example 2: Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module Redis './Microsoft.Cache/Redis/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-crmin'
+  params: {
+    name: '<<namePrefix>>crmin001'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "name": {
+      "value": "<<namePrefix>>crmin001"
+    }
+  }
+}
+```
+
+</details>
+<p>
diff --git a/modules/Microsoft.CognitiveServices/accounts/.test/default/dependencies.bicep b/modules/Microsoft.CognitiveServices/accounts/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..c739551f30
--- /dev/null
+++ b/modules/Microsoft.CognitiveServices/accounts/.test/default/dependencies.bicep
@@ -0,0 +1,47 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                    serviceEndpoints: [
+                        {
+                            service: 'Microsoft.CognitiveServices'
+                        }
+                    ]
+                }
+            }
+        ]
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/Microsoft.CognitiveServices/accounts/.test/default/deploy.test.bicep b/modules/Microsoft.CognitiveServices/accounts/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..a0ddc360a2
--- /dev/null
+++ b/modules/Microsoft.CognitiveServices/accounts/.test/default/deploy.test.bicep
@@ -0,0 +1,90 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.cognitiveservices.accounts-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'csadef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    kind: 'Face'
+    customSubDomainName: '<<namePrefix>>xdomain'
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    lock: 'CanNotDelete'
+    networkAcls: {
+      defaultAction: 'deny'
+      virtualNetworkRules: [
+        {
+          action: 'Allow'
+          id: resourceGroupResources.outputs.subnetResourceId
+        }
+      ]
+    }
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    sku: 'S0'
+    systemAssignedIdentity: true
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.CognitiveServices/accounts/.test/encr.parameters.json b/modules/Microsoft.CognitiveServices/accounts/.test/encr.parameters.json
deleted file mode 100644
index 082120732a..0000000000
--- a/modules/Microsoft.CognitiveServices/accounts/.test/encr.parameters.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-cgs-encr-001"
-        },
-        "kind": {
-            "value": "SpeechServices"
-        },
-        "sku": {
-            "value": "S0"
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "publicNetworkAccess": {
-            "value": "Enabled"
-        },
-        "encryption": {
-            "value": {
-                "keySource": "Microsoft.KeyVault",
-                "keyVaultProperties": {
-                    "identityClientId": "c907a696-36f4-49fe-b926-39e3aabba814", // ID must be updated for new identity
-                    "keyVaultUri": "https://adp-<<namePrefix>>-az-kv-nopr-002.vault.azure.net/",
-                    "keyName": "keyEncryptionKey",
-                    "keyversion": "4570a207ec394a0bbbe4fc9adc663a51" // Version must be updated for new keys
-                }
-            }
-        }
-    }
-}
diff --git a/modules/Microsoft.CognitiveServices/accounts/.test/encr/dependencies.bicep b/modules/Microsoft.CognitiveServices/accounts/.test/encr/dependencies.bicep
new file mode 100644
index 0000000000..1f7cefa4be
--- /dev/null
+++ b/modules/Microsoft.CognitiveServices/accounts/.test/encr/dependencies.bicep
@@ -0,0 +1,94 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+    name: keyVaultName
+    location: location
+    properties: {
+        sku: {
+            family: 'A'
+            name: 'standard'
+        }
+        tenantId: tenant().tenantId
+        enablePurgeProtection: true // Required by batch account
+        softDeleteRetentionInDays: 7
+        enabledForTemplateDeployment: true
+        enabledForDiskEncryption: true
+        enabledForDeployment: true
+        enableRbacAuthorization: true
+        accessPolicies: []
+    }
+
+    resource key 'keys@2022-07-01' = {
+        name: 'keyEncryptionKey'
+        properties: {
+            kty: 'RSA'
+        }
+    }
+}
+
+resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${managedIdentity.name}-KeyVault-${keyVault.name}-Key-${keyVault::key.name}-Read-RoleAssignment')
+    scope: keyVault::key
+    properties: {
+        principalId: managedIdentity.properties.principalId
+        // Key Vault Crypto User
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424')
+        principalType: 'ServicePrincipal'
+    }
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The resource ID of the created Key Vault.')
+output keyVaultResourceId string = keyVault.id
+
+@description('The vault URI of the created Key Vault.')
+output keyVaultUri string = keyVault.properties.vaultUri
+
+@description('The name of the created Key Vault encryption key.')
+output keyVaultKeyName string = keyVault::key.name
+
+@description('The version of the created Key Vault encryption key.')
+output keyVaultKeyVersion string = last(split(keyVault::key.properties.keyUriWithVersion, '/'))
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The client ID of the created Managed Identity.')
+output managedIdentityClientId string = managedIdentity.properties.clientId
diff --git a/modules/Microsoft.CognitiveServices/accounts/.test/encr/deploy.test.bicep b/modules/Microsoft.CognitiveServices/accounts/.test/encr/deploy.test.bicep
new file mode 100644
index 0000000000..e0fe68ae16
--- /dev/null
+++ b/modules/Microsoft.CognitiveServices/accounts/.test/encr/deploy.test.bicep
@@ -0,0 +1,66 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.cognitiveservices.accounts-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'csaencr'
+
+@description('Generated. Used as a basis for unique resource names.')
+param baseTime string = utcNow('u')
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    // Adding base time to make the name unique as purge protection must be enabled (but may not be longer than 24 characters total)
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}-${substring(uniqueString(baseTime), 0, 3)}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    kind: 'SpeechServices'
+    encryption: {
+      keySource: 'Microsoft.KeyVault'
+      keyVaultProperties: {
+        identityClientId: resourceGroupResources.outputs.managedIdentityClientId
+        keyName: resourceGroupResources.outputs.keyVaultKeyName
+        keyVaultUri: resourceGroupResources.outputs.keyVaultUri
+        keyversion: resourceGroupResources.outputs.keyVaultKeyVersion
+      }
+    }
+    publicNetworkAccess: 'Enabled'
+    sku: 'S0'
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.CognitiveServices/accounts/.test/min.parameters.json b/modules/Microsoft.CognitiveServices/accounts/.test/min.parameters.json
deleted file mode 100644
index 0f4f624c48..0000000000
--- a/modules/Microsoft.CognitiveServices/accounts/.test/min.parameters.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-cgs-min-001"
-        },
-        "kind": {
-            "value": "SpeechServices"
-        }
-    }
-}
diff --git a/modules/Microsoft.CognitiveServices/accounts/.test/min/deploy.test.bicep b/modules/Microsoft.CognitiveServices/accounts/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..194d72b2e0
--- /dev/null
+++ b/modules/Microsoft.CognitiveServices/accounts/.test/min/deploy.test.bicep
@@ -0,0 +1,38 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.cognitiveservices.accounts-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'csamin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    kind: 'SpeechServices'
+  }
+}
diff --git a/modules/Microsoft.CognitiveServices/accounts/.test/parameters.json b/modules/Microsoft.CognitiveServices/accounts/.test/parameters.json
deleted file mode 100644
index c12f36aac5..0000000000
--- a/modules/Microsoft.CognitiveServices/accounts/.test/parameters.json
+++ /dev/null
@@ -1,65 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-cgs-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "kind": {
-            "value": "Face"
-        },
-        "sku": {
-            "value": "S0"
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "networkAcls": {
-            "value": {
-                "defaultAction": "deny",
-                "virtualNetworkRules": [
-                    {
-                        "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001",
-                        "action": "Allow"
-                    }
-                ]
-            }
-        },
-        "customSubDomainName": {
-            "value": "<<namePrefix>>xdomain"
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.CognitiveServices/accounts/.test/speech.parameters.json b/modules/Microsoft.CognitiveServices/accounts/.test/speech.parameters.json
deleted file mode 100644
index 7903268ccd..0000000000
--- a/modules/Microsoft.CognitiveServices/accounts/.test/speech.parameters.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-cgs-speech-001"
-        },
-        "kind": {
-            "value": "SpeechServices"
-        },
-        "sku": {
-            "value": "S0"
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "customSubDomainName": {
-            "value": "<<namePrefix>>speechdomain"
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "account"
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.CognitiveServices/accounts/.test/speech/dependencies.bicep b/modules/Microsoft.CognitiveServices/accounts/.test/speech/dependencies.bicep
new file mode 100644
index 0000000000..819c0c0c3c
--- /dev/null
+++ b/modules/Microsoft.CognitiveServices/accounts/.test/speech/dependencies.bicep
@@ -0,0 +1,39 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
diff --git a/modules/Microsoft.CognitiveServices/accounts/.test/speech/deploy.test.bicep b/modules/Microsoft.CognitiveServices/accounts/.test/speech/deploy.test.bicep
new file mode 100644
index 0000000000..109e7025e4
--- /dev/null
+++ b/modules/Microsoft.CognitiveServices/accounts/.test/speech/deploy.test.bicep
@@ -0,0 +1,58 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.cognitiveservices.accounts-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'csaspeech'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    kind: 'SpeechServices'
+    customSubDomainName: '<<namePrefix>>speechdomain'
+    privateEndpoints: [
+      {
+        service: 'account'
+        subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+      }
+    ]
+    sku: 'S0'
+    systemAssignedIdentity: true
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.CognitiveServices/accounts/readme.md b/modules/Microsoft.CognitiveServices/accounts/readme.md
index 94d7ffd163..9486de638d 100644
--- a/modules/Microsoft.CognitiveServices/accounts/readme.md
+++ b/modules/Microsoft.CognitiveServices/accounts/readme.md
@@ -421,33 +421,48 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Encr</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-accounts'
+module Accounts './Microsoft.Cognitiveservices/Accounts/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-csadef'
   params: {
     // Required parameters
-    kind: 'SpeechServices'
-    name: '<<namePrefix>>-az-cgs-encr-001'
+    kind: 'Face'
+    name: '<<namePrefix>>csadef001'
     // Non-required parameters
-    encryption: {
-      keySource: 'Microsoft.KeyVault'
-      keyVaultProperties: {
-        identityClientId: 'c907a696-36f4-49fe-b926-39e3aabba814'
-        keyName: 'keyEncryptionKey'
-        keyVaultUri: 'https://adp-<<namePrefix>>-az-kv-nopr-002.vault.azure.net/'
-        keyversion: '4570a207ec394a0bbbe4fc9adc663a51'
-      }
+    customSubDomainName: '<<namePrefix>>xdomain'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
+    lock: 'CanNotDelete'
+    networkAcls: {
+      defaultAction: 'deny'
+      virtualNetworkRules: [
+        {
+          action: 'Allow'
+          id: '<id>'
+        }
+      ]
     }
-    publicNetworkAccess: 'Enabled'
+    roleAssignments: [
+      {
+        principalIds: [
+          '<managedIdentityPrincipalId>'
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
     sku: 'S0'
+    systemAssignedIdentity: true
     userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+      '<managedIdentityResourceId>': {}
     }
   }
 }
@@ -467,32 +482,63 @@ module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "kind": {
-      "value": "SpeechServices"
+      "value": "Face"
     },
     "name": {
-      "value": "<<namePrefix>>-az-cgs-encr-001"
+      "value": "<<namePrefix>>csadef001"
     },
     // Non-required parameters
-    "encryption": {
+    "customSubDomainName": {
+      "value": "<<namePrefix>>xdomain"
+    },
+    "diagnosticEventHubAuthorizationRuleId": {
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
+    },
+    "diagnosticEventHubName": {
+      "value": "<diagnosticEventHubName>"
+    },
+    "diagnosticLogsRetentionInDays": {
+      "value": 7
+    },
+    "diagnosticStorageAccountId": {
+      "value": "<diagnosticStorageAccountId>"
+    },
+    "diagnosticWorkspaceId": {
+      "value": "<diagnosticWorkspaceId>"
+    },
+    "lock": {
+      "value": "CanNotDelete"
+    },
+    "networkAcls": {
       "value": {
-        "keySource": "Microsoft.KeyVault",
-        "keyVaultProperties": {
-          "identityClientId": "c907a696-36f4-49fe-b926-39e3aabba814",
-          "keyName": "keyEncryptionKey",
-          "keyVaultUri": "https://adp-<<namePrefix>>-az-kv-nopr-002.vault.azure.net/",
-          "keyversion": "4570a207ec394a0bbbe4fc9adc663a51"
-        }
+        "defaultAction": "deny",
+        "virtualNetworkRules": [
+          {
+            "action": "Allow",
+            "id": "<id>"
+          }
+        ]
       }
     },
-    "publicNetworkAccess": {
-      "value": "Enabled"
+    "roleAssignments": {
+      "value": [
+        {
+          "principalIds": [
+            "<managedIdentityPrincipalId>"
+          ],
+          "roleDefinitionIdOrName": "Reader"
+        }
+      ]
     },
     "sku": {
       "value": "S0"
     },
+    "systemAssignedIdentity": {
+      "value": true
+    },
     "userAssignedIdentities": {
       "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+        "<managedIdentityResourceId>": {}
       }
     }
   }
@@ -502,19 +548,34 @@ module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Min</h3>
+<h3>Example 2: Encr</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-accounts'
+module Accounts './Microsoft.Cognitiveservices/Accounts/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-csaencr'
   params: {
     // Required parameters
     kind: 'SpeechServices'
-    name: '<<namePrefix>>-az-cgs-min-001'
+    name: '<<namePrefix>>csaencr001'
+    // Non-required parameters
+    encryption: {
+      keySource: 'Microsoft.KeyVault'
+      keyVaultProperties: {
+        identityClientId: '<identityClientId>'
+        keyName: '<keyName>'
+        keyVaultUri: '<keyVaultUri>'
+        keyversion: '<keyversion>'
+      }
+    }
+    publicNetworkAccess: 'Enabled'
+    sku: 'S0'
+    userAssignedIdentities: {
+      '<managedIdentityResourceId>': {}
+    }
   }
 }
 ```
@@ -536,7 +597,30 @@ module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
       "value": "SpeechServices"
     },
     "name": {
-      "value": "<<namePrefix>>-az-cgs-min-001"
+      "value": "<<namePrefix>>csaencr001"
+    },
+    // Non-required parameters
+    "encryption": {
+      "value": {
+        "keySource": "Microsoft.KeyVault",
+        "keyVaultProperties": {
+          "identityClientId": "<identityClientId>",
+          "keyName": "<keyName>",
+          "keyVaultUri": "<keyVaultUri>",
+          "keyversion": "<keyversion>"
+        }
+      }
+    },
+    "publicNetworkAccess": {
+      "value": "Enabled"
+    },
+    "sku": {
+      "value": "S0"
+    },
+    "userAssignedIdentities": {
+      "value": {
+        "<managedIdentityResourceId>": {}
+      }
     }
   }
 }
@@ -545,49 +629,19 @@ module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
 </details>
 <p>
 
-<h3>Example 3: Parameters</h3>
+<h3>Example 3: Min</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-accounts'
+module Accounts './Microsoft.Cognitiveservices/Accounts/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-csamin'
   params: {
     // Required parameters
-    kind: 'Face'
-    name: '<<namePrefix>>-az-cgs-x-001'
-    // Non-required parameters
-    customSubDomainName: '<<namePrefix>>xdomain'
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
-    diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
-    lock: 'CanNotDelete'
-    networkAcls: {
-      defaultAction: 'deny'
-      virtualNetworkRules: [
-        {
-          action: 'Allow'
-          id: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001'
-        }
-      ]
-    }
-    roleAssignments: [
-      {
-        principalIds: [
-          '<<deploymentSpId>>'
-        ]
-        roleDefinitionIdOrName: 'Reader'
-      }
-    ]
-    sku: 'S0'
-    systemAssignedIdentity: true
-    userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
-    }
+    kind: 'SpeechServices'
+    name: '<<namePrefix>>csamin001'
   }
 }
 ```
@@ -606,64 +660,10 @@ module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "kind": {
-      "value": "Face"
+      "value": "SpeechServices"
     },
     "name": {
-      "value": "<<namePrefix>>-az-cgs-x-001"
-    },
-    // Non-required parameters
-    "customSubDomainName": {
-      "value": "<<namePrefix>>xdomain"
-    },
-    "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-    },
-    "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
-    },
-    "diagnosticLogsRetentionInDays": {
-      "value": 7
-    },
-    "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-    },
-    "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-    },
-    "lock": {
-      "value": "CanNotDelete"
-    },
-    "networkAcls": {
-      "value": {
-        "defaultAction": "deny",
-        "virtualNetworkRules": [
-          {
-            "action": "Allow",
-            "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
-          }
-        ]
-      }
-    },
-    "roleAssignments": {
-      "value": [
-        {
-          "principalIds": [
-            "<<deploymentSpId>>"
-          ],
-          "roleDefinitionIdOrName": "Reader"
-        }
-      ]
-    },
-    "sku": {
-      "value": "S0"
-    },
-    "systemAssignedIdentity": {
-      "value": true
-    },
-    "userAssignedIdentities": {
-      "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-      }
+      "value": "<<namePrefix>>csamin001"
     }
   }
 }
@@ -679,24 +679,24 @@ module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
 <summary>via Bicep module</summary>
 
 ```bicep
-module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-accounts'
+module Accounts './Microsoft.Cognitiveservices/Accounts/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-csaspeech'
   params: {
     // Required parameters
     kind: 'SpeechServices'
-    name: '<<namePrefix>>-az-cgs-speech-001'
+    name: '<<namePrefix>>csaspeech001'
     // Non-required parameters
     customSubDomainName: '<<namePrefix>>speechdomain'
     privateEndpoints: [
       {
         service: 'account'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
+        subnetResourceId: '<subnetResourceId>'
       }
     ]
     sku: 'S0'
     systemAssignedIdentity: true
     userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+      '<managedIdentityResourceId>': {}
     }
   }
 }
@@ -719,7 +719,7 @@ module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
       "value": "SpeechServices"
     },
     "name": {
-      "value": "<<namePrefix>>-az-cgs-speech-001"
+      "value": "<<namePrefix>>csaspeech001"
     },
     // Non-required parameters
     "customSubDomainName": {
@@ -729,7 +729,7 @@ module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
       "value": [
         {
           "service": "account",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints"
+          "subnetResourceId": "<subnetResourceId>"
         }
       ]
     },
@@ -741,7 +741,7 @@ module accounts './Microsoft.CognitiveServices/accounts/deploy.bicep' = {
     },
     "userAssignedIdentities": {
       "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+        "<managedIdentityResourceId>": {}
       }
     }
   }
diff --git a/modules/Microsoft.Compute/availabilitySets/.test/default/dependencies.bicep b/modules/Microsoft.Compute/availabilitySets/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..e3a353b1a4
--- /dev/null
+++ b/modules/Microsoft.Compute/availabilitySets/.test/default/dependencies.bicep
@@ -0,0 +1,27 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Proximity Placement Group to create.')
+param proximityPlacementGroupName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+resource proximityPlacementGroup 'Microsoft.Compute/proximityPlacementGroups@2022-03-01' = {
+    name: proximityPlacementGroupName
+    location: location
+}
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The resource ID of the created Proximity Placement Group.')
+output proximityPlacementGroupResourceId string = proximityPlacementGroup.id
diff --git a/modules/Microsoft.Compute/availabilitySets/.test/default/deploy.test.bicep b/modules/Microsoft.Compute/availabilitySets/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..1ce25928c8
--- /dev/null
+++ b/modules/Microsoft.Compute/availabilitySets/.test/default/deploy.test.bicep
@@ -0,0 +1,56 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.compute.availabilitysets-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'casdef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    proximityPlacementGroupName: 'dep-<<namePrefix>>-ppg-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    lock: 'CanNotDelete'
+    proximityPlacementGroupId: resourceGroupResources.outputs.proximityPlacementGroupResourceId
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+  }
+}
diff --git a/modules/Microsoft.Compute/availabilitySets/.test/min.parameters.json b/modules/Microsoft.Compute/availabilitySets/.test/min.parameters.json
deleted file mode 100644
index 99d2414f76..0000000000
--- a/modules/Microsoft.Compute/availabilitySets/.test/min.parameters.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-avs-min-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.Compute/availabilitySets/.test/min/deploy.test.bicep b/modules/Microsoft.Compute/availabilitySets/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..30e1c3cf5f
--- /dev/null
+++ b/modules/Microsoft.Compute/availabilitySets/.test/min/deploy.test.bicep
@@ -0,0 +1,37 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.compute.availabilitysets-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'casmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+  }
+}
diff --git a/modules/Microsoft.Compute/availabilitySets/.test/parameters.json b/modules/Microsoft.Compute/availabilitySets/.test/parameters.json
deleted file mode 100644
index f7d8be50c6..0000000000
--- a/modules/Microsoft.Compute/availabilitySets/.test/parameters.json
+++ /dev/null
@@ -1,25 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-avs-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "proximityPlacementGroupId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Compute/proximityPlacementGroups/adp-<<namePrefix>>-az-ppg-x-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.Compute/availabilitySets/readme.md b/modules/Microsoft.Compute/availabilitySets/readme.md
index 741a76e420..4d79ee62d9 100644
--- a/modules/Microsoft.Compute/availabilitySets/readme.md
+++ b/modules/Microsoft.Compute/availabilitySets/readme.md
@@ -158,17 +158,29 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Min</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module availabilitySets './Microsoft.Compute/availabilitySets/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-availabilitySets'
+module Availabilitysets './Microsoft.Compute/Availabilitysets/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-casdef'
   params: {
-    name: '<<namePrefix>>-az-avs-min-001'
+    // Required parameters
+    name: '<<namePrefix>>casdef001'
+    // Non-required parameters
+    lock: 'CanNotDelete'
+    proximityPlacementGroupId: '<proximityPlacementGroupId>'
+    roleAssignments: [
+      {
+        principalIds: [
+          '<managedIdentityPrincipalId>'
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
   }
 }
 ```
@@ -185,8 +197,26 @@ module availabilitySets './Microsoft.Compute/availabilitySets/deploy.bicep' = {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
   "contentVersion": "1.0.0.0",
   "parameters": {
+    // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-avs-min-001"
+      "value": "<<namePrefix>>casdef001"
+    },
+    // Non-required parameters
+    "lock": {
+      "value": "CanNotDelete"
+    },
+    "proximityPlacementGroupId": {
+      "value": "<proximityPlacementGroupId>"
+    },
+    "roleAssignments": {
+      "value": [
+        {
+          "principalIds": [
+            "<managedIdentityPrincipalId>"
+          ],
+          "roleDefinitionIdOrName": "Reader"
+        }
+      ]
     }
   }
 }
@@ -195,29 +225,17 @@ module availabilitySets './Microsoft.Compute/availabilitySets/deploy.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Parameters</h3>
+<h3>Example 2: Min</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module availabilitySets './Microsoft.Compute/availabilitySets/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-availabilitySets'
+module Availabilitysets './Microsoft.Compute/Availabilitysets/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-casmin'
   params: {
-    // Required parameters
-    name: '<<namePrefix>>-az-avs-x-001'
-    // Non-required parameters
-    lock: 'CanNotDelete'
-    proximityPlacementGroupId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Compute/proximityPlacementGroups/adp-<<namePrefix>>-az-ppg-x-001'
-    roleAssignments: [
-      {
-        principalIds: [
-          '<<deploymentSpId>>'
-        ]
-        roleDefinitionIdOrName: 'Reader'
-      }
-    ]
+    name: '<<namePrefix>>casmin001'
   }
 }
 ```
@@ -234,26 +252,8 @@ module availabilitySets './Microsoft.Compute/availabilitySets/deploy.bicep' = {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
   "contentVersion": "1.0.0.0",
   "parameters": {
-    // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-avs-x-001"
-    },
-    // Non-required parameters
-    "lock": {
-      "value": "CanNotDelete"
-    },
-    "proximityPlacementGroupId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Compute/proximityPlacementGroups/adp-<<namePrefix>>-az-ppg-x-001"
-    },
-    "roleAssignments": {
-      "value": [
-        {
-          "principalIds": [
-            "<<deploymentSpId>>"
-          ],
-          "roleDefinitionIdOrName": "Reader"
-        }
-      ]
+      "value": "<<namePrefix>>casmin001"
     }
   }
 }
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/linux.atmg/dependencies.bicep b/modules/Microsoft.Compute/virtualMachines/.test/linux.atmg/dependencies.bicep
new file mode 100644
index 0000000000..47aeab2817
--- /dev/null
+++ b/modules/Microsoft.Compute/virtualMachines/.test/linux.atmg/dependencies.bicep
@@ -0,0 +1,77 @@
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Deployment Script to create for the SSH Key generation.')
+param sshDeploymentScriptName string
+
+@description('Required. The name of the SSH Key to create.')
+param sshKeyName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+  name: virtualNetworkName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/24'
+      ]
+    }
+    subnets: [
+      {
+        name: 'defaultSubnet'
+        properties: {
+          addressPrefix: '10.0.0.0/24'
+        }
+      }
+    ]
+  }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+  name: sshDeploymentScriptName
+  location: location
+  kind: 'AzurePowerShell'
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentity.id}': {}
+    }
+  }
+  properties: {
+    azPowerShellVersion: '3.0'
+    retentionInterval: 'P1D'
+    scriptContent: '''
+      ssh-keygen -f generated -N (Get-Random -Maximum 99999)
+
+      $DeploymentScriptOutputs = @{
+        # privateKey = cat generated | Out-String
+        publicKey = cat 'generated.pub'
+      }
+    '''
+  }
+}
+
+resource sshKey 'Microsoft.Compute/sshPublicKeys@2022-03-01' = {
+  name: sshKeyName
+  location: location
+  properties: {
+    publicKey: sshDeploymentScript.properties.outputs.publicKey
+  }
+}
+
+@description('The resource ID of the created Virtual Network Subnet')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The resource ID of the created SSH Key')
+output SSHKeyResourceID string = sshKey.id
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/linux.atmg/deploy.test.bicep b/modules/Microsoft.Compute/virtualMachines/.test/linux.atmg/deploy.test.bicep
new file mode 100644
index 0000000000..325c46b412
--- /dev/null
+++ b/modules/Microsoft.Compute/virtualMachines/.test/linux.atmg/deploy.test.bicep
@@ -0,0 +1,90 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.compute.virtualMachines-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'cvmlinatmg'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    sshDeploymentScriptName: 'dep-<<namePrefix>>-ds-${serviceShort}'
+    sshKeyName: 'dep-<<namePrefix>>-ssh-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+resource sshKey 'Microsoft.Compute/sshPublicKeys@2022-03-01' existing = {
+  name: last(split(resourceGroupResources.outputs.SSHKeyResourceID, '/'))
+  scope: az.resourceGroup(split(resourceGroupResources.outputs.SSHKeyResourceID, '/')[2], split(resourceGroupResources.outputs.SSHKeyResourceID, '/')[4])
+}
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}'
+    adminUsername: 'localAdminUser'
+    imageReference: {
+      offer: 'UbuntuServer'
+      publisher: 'Canonical'
+      sku: '18.04-LTS'
+      version: 'latest'
+    }
+    nicConfigurations: [
+      {
+        ipConfigurations: [
+          {
+            name: 'ipconfig01'
+            pipConfiguration: {
+              publicIpNameSuffix: '-pip-01'
+            }
+            subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+          }
+        ]
+        nicSuffix: '-nic-01'
+      }
+    ]
+    osDisk: {
+      diskSizeGB: '128'
+      managedDisk: {
+        storageAccountType: 'Premium_LRS'
+      }
+    }
+    osType: 'Linux'
+    vmSize: 'Standard_B12ms'
+    configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
+    disablePasswordAuthentication: true
+    publicKeys: [
+      {
+        keyData: sshKey.properties.publicKey
+        path: '/home/localAdminUser/.ssh/authorized_keys'
+      }
+    ]
+  }
+}
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/linux.autmg.parameters.json b/modules/Microsoft.Compute/virtualMachines/.test/linux.autmg.parameters.json
deleted file mode 100644
index f375587dcf..0000000000
--- a/modules/Microsoft.Compute/virtualMachines/.test/linux.autmg.parameters.json
+++ /dev/null
@@ -1,64 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-vm-linux-autmg-01"
-        },
-        "osType": {
-            "value": "Linux"
-        },
-        "imageReference": {
-            "value": {
-                "publisher": "Canonical",
-                "offer": "UbuntuServer",
-                "sku": "18.04-LTS",
-                "version": "latest"
-            }
-        },
-        "osDisk": {
-            "value": {
-                "diskSizeGB": "128",
-                "managedDisk": {
-                    "storageAccountType": "Premium_LRS"
-                }
-            }
-        },
-        "vmSize": {
-            "value": "Standard_B12ms"
-        },
-        "adminUsername": {
-            "value": "localAdminUser"
-        },
-        "disablePasswordAuthentication": {
-            "value": true
-        },
-        "publicKeys": {
-            "value": [
-                {
-                    "path": "/home/localAdminUser/.ssh/authorized_keys",
-                    "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure"
-                }
-            ]
-        },
-        "nicConfigurations": {
-            "value": [
-                {
-                    "nicSuffix": "-nic-01",
-                    "ipConfigurations": [
-                        {
-                            "name": "ipconfig01",
-                            "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001",
-                            "pipConfiguration": {
-                                "publicIpNameSuffix": "-pip-01"
-                            }
-                        }
-                    ]
-                }
-            ]
-        },
-        "configurationProfile": {
-            "value": "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction"
-        }
-    }
-}
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/linux.min.parameters.json b/modules/Microsoft.Compute/virtualMachines/.test/linux.min.parameters.json
deleted file mode 100644
index ac54d9aaee..0000000000
--- a/modules/Microsoft.Compute/virtualMachines/.test/linux.min.parameters.json
+++ /dev/null
@@ -1,61 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-vm-linux-min-01"
-        },
-        "osType": {
-            "value": "Linux"
-        },
-        "imageReference": {
-            "value": {
-                "publisher": "Canonical",
-                "offer": "UbuntuServer",
-                "sku": "18.04-LTS",
-                "version": "latest"
-            }
-        },
-        "osDisk": {
-            "value": {
-                "diskSizeGB": "128",
-                "managedDisk": {
-                    "storageAccountType": "Premium_LRS"
-                }
-            }
-        },
-        "vmSize": {
-            "value": "Standard_B12ms"
-        },
-        "adminUsername": {
-            "value": "localAdminUser"
-        },
-        "disablePasswordAuthentication": {
-            "value": true
-        },
-        "publicKeys": {
-            "value": [
-                {
-                    "path": "/home/localAdminUser/.ssh/authorized_keys",
-                    "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure"
-                }
-            ]
-        },
-        "nicConfigurations": {
-            "value": [
-                {
-                    "nicSuffix": "-nic-01",
-                    "ipConfigurations": [
-                        {
-                            "name": "ipconfig01",
-                            "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001",
-                            "pipConfiguration": {
-                                "publicIpNameSuffix": "-pip-01"
-                            }
-                        }
-                    ]
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/linux.min/dependencies.bicep b/modules/Microsoft.Compute/virtualMachines/.test/linux.min/dependencies.bicep
new file mode 100644
index 0000000000..47aeab2817
--- /dev/null
+++ b/modules/Microsoft.Compute/virtualMachines/.test/linux.min/dependencies.bicep
@@ -0,0 +1,77 @@
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Deployment Script to create for the SSH Key generation.')
+param sshDeploymentScriptName string
+
+@description('Required. The name of the SSH Key to create.')
+param sshKeyName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+  name: virtualNetworkName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/24'
+      ]
+    }
+    subnets: [
+      {
+        name: 'defaultSubnet'
+        properties: {
+          addressPrefix: '10.0.0.0/24'
+        }
+      }
+    ]
+  }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+  name: sshDeploymentScriptName
+  location: location
+  kind: 'AzurePowerShell'
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentity.id}': {}
+    }
+  }
+  properties: {
+    azPowerShellVersion: '3.0'
+    retentionInterval: 'P1D'
+    scriptContent: '''
+      ssh-keygen -f generated -N (Get-Random -Maximum 99999)
+
+      $DeploymentScriptOutputs = @{
+        # privateKey = cat generated | Out-String
+        publicKey = cat 'generated.pub'
+      }
+    '''
+  }
+}
+
+resource sshKey 'Microsoft.Compute/sshPublicKeys@2022-03-01' = {
+  name: sshKeyName
+  location: location
+  properties: {
+    publicKey: sshDeploymentScript.properties.outputs.publicKey
+  }
+}
+
+@description('The resource ID of the created Virtual Network Subnet')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The resource ID of the created SSH Key')
+output SSHKeyResourceID string = sshKey.id
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/linux.min/deploy.test.bicep b/modules/Microsoft.Compute/virtualMachines/.test/linux.min/deploy.test.bicep
new file mode 100644
index 0000000000..5364542242
--- /dev/null
+++ b/modules/Microsoft.Compute/virtualMachines/.test/linux.min/deploy.test.bicep
@@ -0,0 +1,92 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.compute.virtualMachines-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'cvmlinmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    sshDeploymentScriptName: 'dep-<<namePrefix>>-ds-${serviceShort}'
+    sshKeyName: 'dep-<<namePrefix>>-ssh-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+resource sshKey 'Microsoft.Compute/sshPublicKeys@2022-03-01' existing = {
+  name: last(split(resourceGroupResources.outputs.SSHKeyResourceID, '/'))
+  scope: az.resourceGroup(split(resourceGroupResources.outputs.SSHKeyResourceID, '/')[2], split(resourceGroupResources.outputs.SSHKeyResourceID, '/')[4])
+}
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}'
+    adminUsername: 'localAdminUser'
+    imageReference: {
+      offer: 'UbuntuServer'
+      publisher: 'Canonical'
+      sku: '18.04-LTS'
+      version: 'latest'
+    }
+    nicConfigurations: [
+      {
+        ipConfigurations: [
+          {
+            name: 'ipconfig01'
+            pipConfiguration: {
+              publicIpNameSuffix: '-pip-01'
+            }
+            subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+          }
+        ]
+        nicSuffix: '-nic-01'
+      }
+    ]
+    osDisk: {
+      diskSizeGB: '128'
+      managedDisk: {
+        storageAccountType: 'Premium_LRS'
+      }
+    }
+    osType: 'Linux'
+    vmSize: 'Standard_B12ms'
+    disablePasswordAuthentication: true
+    publicKeys: [
+      {
+        // Does work
+        //keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure'
+        // Not working, but should
+        keyData: sshKey.properties.publicKey
+        path: '/home/localAdminUser/.ssh/authorized_keys'
+      }
+    ]
+  }
+}
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/linux.parameters.json b/modules/Microsoft.Compute/virtualMachines/.test/linux.parameters.json
deleted file mode 100644
index 05938fb23a..0000000000
--- a/modules/Microsoft.Compute/virtualMachines/.test/linux.parameters.json
+++ /dev/null
@@ -1,218 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-vm-linux-01"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "osType": {
-            "value": "Linux"
-        },
-        "encryptionAtHost": {
-            "value": false
-        },
-        "availabilityZone": {
-            "value": 1
-        },
-        "vmSize": {
-            "value": "Standard_B12ms"
-        },
-        "imageReference": {
-            "value": {
-                "publisher": "Canonical",
-                "offer": "UbuntuServer",
-                "sku": "18.04-LTS",
-                "version": "latest"
-            }
-        },
-        "osDisk": {
-            "value": {
-                "createOption": "fromImage",
-                "deleteOption": "Delete",
-                "caching": "ReadOnly",
-                "diskSizeGB": "128",
-                "managedDisk": {
-                    "storageAccountType": "Premium_LRS"
-                }
-            }
-        },
-        "dataDisks": {
-            "value": [
-                {
-                    "createOption": "Empty",
-                    "deleteOption": "Delete",
-                    "caching": "ReadWrite",
-                    "diskSizeGB": "128",
-                    "managedDisk": {
-                        "storageAccountType": "Premium_LRS"
-                    }
-                },
-                {
-                    "createOption": "Empty",
-                    "deleteOption": "Delete",
-                    "caching": "ReadWrite",
-                    "diskSizeGB": "128",
-                    "managedDisk": {
-                        "storageAccountType": "Premium_LRS"
-                    }
-                }
-            ]
-        },
-        "adminUsername": {
-            "value": "localAdminUser"
-        },
-        "disablePasswordAuthentication": {
-            "value": true
-        },
-        "publicKeys": {
-            "value": [
-                {
-                    "path": "/home/localAdminUser/.ssh/authorized_keys",
-                    "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure"
-                }
-            ]
-        },
-        "nicConfigurations": {
-            "value": [
-                {
-                    "nicSuffix": "-nic-01",
-                    "deleteOption": "Delete",
-                    "ipConfigurations": [
-                        {
-                            "name": "ipconfig01",
-                            "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001",
-                            "pipConfiguration": {
-                                "publicIpNameSuffix": "-pip-01",
-                                "roleAssignments": [
-                                    {
-                                        "roleDefinitionIdOrName": "Reader",
-                                        "principalIds": [
-                                            "<<deploymentSpId>>"
-                                        ]
-                                    }
-                                ]
-                            },
-                            "loadBalancerBackendAddressPools": [
-                                {
-                                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<<namePrefix>>-az-lb-internal-001/backendAddressPools/servers"
-                                }
-                            ],
-                            "applicationSecurityGroups": [
-                                {
-                                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<<namePrefix>>-az-asg-x-001"
-                                }
-                            ]
-                        }
-                    ],
-                    "roleAssignments": [
-                        {
-                            "roleDefinitionIdOrName": "Reader",
-                            "principalIds": [
-                                "<<deploymentSpId>>"
-                            ]
-                        }
-                    ]
-                }
-            ]
-        },
-        "backupVaultName": {
-            "value": "adp-<<namePrefix>>-az-rsv-x-001"
-        },
-        "backupVaultResourceGroup": {
-            "value": "validation-rg"
-        },
-        "backupPolicyName": {
-            "value": "VMpolicy"
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        },
-        "extensionMonitoringAgentConfig": {
-            "value": {
-                "enabled": true
-            }
-        },
-        "monitoringWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "extensionDependencyAgentConfig": {
-            "value": {
-                "enabled": true
-            }
-        },
-        "extensionNetworkWatcherAgentConfig": {
-            "value": {
-                "enabled": true
-            }
-        },
-        "extensionDiskEncryptionConfig": {
-            "value": {
-                "enabled": true,
-                "settings": {
-                    "EncryptionOperation": "EnableEncryption",
-                    "KeyVaultURL": "https://adp-<<namePrefix>>-az-kv-x-001.vault.azure.net/",
-                    "KeyVaultResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001",
-                    "KeyEncryptionKeyURL": "https://adp-<<namePrefix>>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5", // ID must be updated for new keys
-                    "KekVaultResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001",
-                    "KeyEncryptionAlgorithm": "RSA-OAEP",
-                    "VolumeType": "All",
-                    "ResizeOSDisk": "false"
-                }
-            }
-        },
-        "extensionDSCConfig": {
-            "value": {
-                "enabled": false
-            }
-        },
-        "extensionCustomScriptConfig": {
-            "value": {
-                "enabled": true,
-                "fileData": [
-                    {
-                        "uri": "https://adp<<namePrefix>>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1",
-                        "storageAccountId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-                    }
-                ]
-            }
-        },
-        "extensionCustomScriptProtectedSetting": {
-            "value": {
-                "commandToExecute": "sudo apt-get update"
-            }
-        }
-    }
-}
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/linux/dependencies.bicep b/modules/Microsoft.Compute/virtualMachines/.test/linux/dependencies.bicep
new file mode 100644
index 0000000000..c315c79038
--- /dev/null
+++ b/modules/Microsoft.Compute/virtualMachines/.test/linux/dependencies.bicep
@@ -0,0 +1,349 @@
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Application Security Group to create.')
+param applicationSecurityGroupName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Load Balancer to create.')
+param loadBalancerName string
+
+@description('Required. The name of the Recovery Services Vault to create.')
+param recoveryServicesVaultName string
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+@description('Required. The name of the Storage Account to create.')
+param storageAccountName string
+
+@description('Required. The name of the Deployment Script used to upload data to the Storage Account.')
+param storageUploadDeploymentScriptName string
+
+@description('Required. The name of the Deployment Script to create for the SSH Key generation.')
+param sshDeploymentScriptName string
+
+@description('Required. The name of the SSH Key to create.')
+param sshKeyName string
+
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+var storageContainerName = 'scripts'
+var storageAccountCSEFileName = 'scriptExtensionMasterInstaller.ps1'
+var backupPolicyName = 'backupPolicy'
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+  name: virtualNetworkName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/24'
+      ]
+    }
+    subnets: [
+      {
+        name: 'defaultSubnet'
+        properties: {
+          addressPrefix: '10.0.0.0/24'
+        }
+      }
+    ]
+  }
+}
+
+resource applicationSecurityGroup 'Microsoft.Network/applicationSecurityGroups@2022-01-01' = {
+  name: applicationSecurityGroupName
+  location: location
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+resource msiRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('msi-${managedIdentityName}-Subscription-Contributor-RoleAssignment')
+  properties: {
+    principalId: managedIdentity.properties.principalId
+    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' // Contributor
+    principalType: 'ServicePrincipal'
+  }
+}
+
+resource loadBalancer 'Microsoft.Network/loadBalancers@2022-01-01' = {
+  name: loadBalancerName
+  location: location
+  sku: {
+    name: 'Standard'
+  }
+  properties: {
+    frontendIPConfigurations: [
+      {
+        name: 'privateIPConfig1'
+        properties: {
+          subnet: virtualNetwork.properties.subnets[0]
+        }
+      }
+    ]
+    backendAddressPools: [
+      {
+        name: 'servers'
+      }
+    ]
+  }
+}
+
+resource recoveryServicesVault 'Microsoft.RecoveryServices/vaults@2022-04-01' = {
+  name: recoveryServicesVaultName
+  location: location
+  sku: {
+    name: 'RS0'
+    tier: 'Standard'
+  }
+  properties: {
+  }
+
+  resource backupPolicy 'backupPolicies@2022-03-01' = {
+    name: backupPolicyName
+    properties: {
+      backupManagementType: 'AzureIaasVM'
+      instantRPDetails: {}
+      schedulePolicy: {
+        schedulePolicyType: 'SimpleSchedulePolicy'
+        scheduleRunFrequency: 'Daily'
+        scheduleRunTimes: [
+          '2019-11-07T07:00:00Z'
+        ]
+        scheduleWeeklyFrequency: 0
+      }
+      retentionPolicy: {
+        retentionPolicyType: 'LongTermRetentionPolicy'
+        dailySchedule: {
+          retentionTimes: [
+            '2019-11-07T07:00:00Z'
+          ]
+          retentionDuration: {
+            count: 180
+            durationType: 'Days'
+          }
+        }
+        weeklySchedule: {
+          daysOfTheWeek: [
+            'Sunday'
+          ]
+          retentionTimes: [
+            '2019-11-07T07:00:00Z'
+          ]
+          retentionDuration: {
+            count: 12
+            durationType: 'Weeks'
+          }
+        }
+        monthlySchedule: {
+          retentionScheduleFormatType: 'Weekly'
+          retentionScheduleWeekly: {
+            daysOfTheWeek: [
+              'Sunday'
+            ]
+            weeksOfTheMonth: [
+              'First'
+            ]
+          }
+          retentionTimes: [
+            '2019-11-07T07:00:00Z'
+          ]
+          retentionDuration: {
+            count: 60
+            durationType: 'Months'
+          }
+        }
+        yearlySchedule: {
+          retentionScheduleFormatType: 'Weekly'
+          monthsOfYear: [
+            'January'
+          ]
+          retentionScheduleWeekly: {
+            daysOfTheWeek: [
+              'Sunday'
+            ]
+            weeksOfTheMonth: [
+              'First'
+            ]
+          }
+          retentionTimes: [
+            '2019-11-07T07:00:00Z'
+          ]
+          retentionDuration: {
+            count: 10
+            durationType: 'Years'
+          }
+        }
+      }
+      instantRpRetentionRangeInDays: 2
+      timeZone: 'UTC'
+      protectedItemsCount: 0
+    }
+  }
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+  name: keyVaultName
+  location: location
+  properties: {
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    tenantId: tenant().tenantId
+    enablePurgeProtection: null
+    enabledForTemplateDeployment: true
+    enabledForDiskEncryption: true
+    enabledForDeployment: true
+    enableRbacAuthorization: true
+    accessPolicies: []
+  }
+
+  resource key 'keys@2022-07-01' = {
+    name: 'encryptionKey'
+    properties: {
+      kty: 'RSA'
+    }
+  }
+}
+
+resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('msi-${managedIdentityName}-KeyVault-Key-Read-RoleAssignment')
+  scope: keyVault::key
+  properties: {
+    principalId: managedIdentity.properties.principalId
+    // Key Vault Crypto User
+    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424')
+    principalType: 'ServicePrincipal'
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: storageAccountName
+  location: location
+  sku: {
+    name: 'Standard_LRS'
+  }
+  kind: 'StorageV2'
+
+  resource blobService 'blobServices@2021-09-01' = {
+    name: 'default'
+
+    resource container 'containers@2021-09-01' = {
+      name: storageContainerName
+    }
+  }
+}
+
+resource storageUpload 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+  name: storageUploadDeploymentScriptName
+  location: location
+  kind: 'AzurePowerShell'
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentity.id}': {}
+    }
+  }
+  properties: {
+    azPowerShellVersion: '3.0'
+    retentionInterval: 'P1D'
+    arguments: ' -StorageAccountName "${storageAccount.name}" -ResourceGroupName "${resourceGroup().name}" -ContainerName "${storageAccount::blobService::container.name}" -FileName "${storageAccountCSEFileName}"'
+    scriptContent: '''
+          param(
+            [string] $StorageAccountName,
+            [string] $ResourceGroupName,
+            [string] $ContainerName,
+            [string] $FileName
+          )
+          Write-Verbose "Create file [$FileName]" -Verbose
+          $file = New-Item -Value 'I am content' -Path $FileName -Force
+          Write-Verbose "Getting storage account [$StorageAccountName|$ResourceGroupName] context." -Verbose
+          $storageAccount = Get-AzStorageAccount -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName -ErrorAction 'Stop'
+          Write-Verbose 'Uploading file [$fileName]' -Verbose
+          Set-AzStorageBlobContent -File $file.FullName -Container $ContainerName -Context $storageAccount.Context -Force -ErrorAction 'Stop' | Out-Null
+        '''
+  }
+  dependsOn: [
+    msiRoleAssignment
+  ]
+}
+
+resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+  name: sshDeploymentScriptName
+  location: location
+  kind: 'AzurePowerShell'
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentity.id}': {}
+    }
+  }
+  properties: {
+    azPowerShellVersion: '3.0'
+    retentionInterval: 'P1D'
+    scriptContent: '''
+      ssh-keygen -f generated -N (Get-Random -Maximum 99999)
+
+      $DeploymentScriptOutputs = @{
+        # privateKey = cat generated | Out-String
+        publicKey = cat 'generated.pub'
+      }
+    '''
+  }
+}
+
+resource sshKey 'Microsoft.Compute/sshPublicKeys@2022-03-01' = {
+  name: sshKeyName
+  location: location
+  properties: {
+    publicKey: sshDeploymentScript.properties.outputs.publicKey
+  }
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The resource ID of the created Application Security Group.')
+output applicationSecurityGroupResourceId string = applicationSecurityGroup.id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The resource ID of the created Load Balancer Backend Pool.')
+output loadBalancerBackendPoolResourceId string = loadBalancer.properties.backendAddressPools[0].id
+
+@description('The resource ID of the created Recovery Services Vault.')
+output recoveryServicesVaultResourceId string = recoveryServicesVault.id
+
+@description('The name of the Backup Policy created in the Backup Recovery Vault.')
+output recoveryServicesVaultBackupPolicyName string = backupPolicyName
+
+@description('The resource ID of the created Key Vault.')
+output keyVaultResourceId string = keyVault.id
+
+@description('The URL of the created Key Vault.')
+output keyVaultUrl string = keyVault.properties.vaultUri
+
+@description('The URL of the created Key Vault Encryption Key.')
+output keyVaultEncryptionKeyUrl string = keyVault::key.properties.keyUriWithVersion
+
+@description('The resource ID of the created Storage Account.')
+output storageAccountResourceId string = storageAccount.id
+
+@description('The URL of the Custom Script Extension in the created Storage Account')
+output storageAccountCSEFileUrl string = '${storageAccount.properties.primaryEndpoints.blob}${storageContainerName}/${storageAccountCSEFileName}'
+
+@description('The resource ID of the created SSH Key')
+output SSHKeyResourceID string = sshKey.id
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/linux/deploy.test.bicep b/modules/Microsoft.Compute/virtualMachines/.test/linux/deploy.test.bicep
new file mode 100644
index 0000000000..e0f1ad0d27
--- /dev/null
+++ b/modules/Microsoft.Compute/virtualMachines/.test/linux/deploy.test.bicep
@@ -0,0 +1,220 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.compute.virtualMachines-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'cvmlindef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    applicationSecurityGroupName: 'adp-<<namePrefix>>-asg-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}'
+    loadBalancerName: 'dep-<<namePrefix>>-lb-${serviceShort}'
+    recoveryServicesVaultName: 'dep-<<namePrefix>>-rsv-${serviceShort}'
+    storageAccountName: 'dep<<namePrefix>>sa${serviceShort}01'
+    storageUploadDeploymentScriptName: 'dep-<<namePrefix>>-sads-${serviceShort}'
+    sshDeploymentScriptName: 'dep-<<namePrefix>>-ds-${serviceShort}'
+    sshKeyName: 'dep-<<namePrefix>>-ssh-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+resource sshKey 'Microsoft.Compute/sshPublicKeys@2022-03-01' existing = {
+  name: last(split(resourceGroupResources.outputs.SSHKeyResourceID, '/'))
+  scope: az.resourceGroup(split(resourceGroupResources.outputs.SSHKeyResourceID, '/')[2], split(resourceGroupResources.outputs.SSHKeyResourceID, '/')[4])
+}
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}'
+    adminUsername: 'localAdminUser'
+    imageReference: {
+      offer: 'UbuntuServer'
+      publisher: 'Canonical'
+      sku: '18.04-LTS'
+      version: 'latest'
+    }
+    nicConfigurations: [
+      {
+        deleteOption: 'Delete'
+        ipConfigurations: [
+          {
+            applicationSecurityGroups: [
+              {
+                id: resourceGroupResources.outputs.applicationSecurityGroupResourceId
+              }
+            ]
+            loadBalancerBackendAddressPools: [
+              {
+                id: resourceGroupResources.outputs.loadBalancerBackendPoolResourceId
+              }
+            ]
+            name: 'ipconfig01'
+            pipConfiguration: {
+              publicIpNameSuffix: '-pip-01'
+              roleAssignments: [
+                {
+                  principalIds: [
+                    resourceGroupResources.outputs.managedIdentityPrincipalId
+                  ]
+                  roleDefinitionIdOrName: 'Reader'
+                }
+              ]
+            }
+            subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+          }
+        ]
+        nicSuffix: '-nic-01'
+        roleAssignments: [
+          {
+            principalIds: [
+              resourceGroupResources.outputs.managedIdentityPrincipalId
+            ]
+            roleDefinitionIdOrName: 'Reader'
+          }
+        ]
+      }
+    ]
+    osDisk: {
+      caching: 'ReadOnly'
+      createOption: 'fromImage'
+      deleteOption: 'Delete'
+      diskSizeGB: '128'
+      managedDisk: {
+        storageAccountType: 'Premium_LRS'
+      }
+    }
+    osType: 'Linux'
+    vmSize: 'Standard_B12ms'
+    availabilityZone: 1
+    backupPolicyName: resourceGroupResources.outputs.recoveryServicesVaultBackupPolicyName
+    backupVaultName: last(split(resourceGroupResources.outputs.recoveryServicesVaultResourceId, '/'))
+    backupVaultResourceGroup: (split(resourceGroupResources.outputs.recoveryServicesVaultResourceId, '/'))[4]
+    dataDisks: [
+      {
+        caching: 'ReadWrite'
+        createOption: 'Empty'
+        deleteOption: 'Delete'
+        diskSizeGB: '128'
+        managedDisk: {
+          storageAccountType: 'Premium_LRS'
+        }
+      }
+      {
+        caching: 'ReadWrite'
+        createOption: 'Empty'
+        deleteOption: 'Delete'
+        diskSizeGB: '128'
+        managedDisk: {
+          storageAccountType: 'Premium_LRS'
+        }
+      }
+    ]
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    diagnosticLogsRetentionInDays: 7
+    disablePasswordAuthentication: true
+    encryptionAtHost: false
+    extensionCustomScriptConfig: {
+      enabled: true
+      fileData: [
+        {
+          storageAccountId: resourceGroupResources.outputs.storageAccountResourceId
+          uri: resourceGroupResources.outputs.storageAccountCSEFileUrl
+        }
+      ]
+    }
+    extensionCustomScriptProtectedSetting: {
+      commandToExecute: 'value=$(./${last(split(resourceGroupResources.outputs.storageAccountCSEFileUrl, '/'))}); echo "$value"'
+    }
+    extensionDependencyAgentConfig: {
+      enabled: true
+    }
+    extensionDiskEncryptionConfig: {
+      enabled: true
+      settings: {
+        EncryptionOperation: 'EnableEncryption'
+        KekVaultResourceId: resourceGroupResources.outputs.keyVaultResourceId
+        KeyEncryptionAlgorithm: 'RSA-OAEP'
+        KeyEncryptionKeyURL: resourceGroupResources.outputs.keyVaultEncryptionKeyUrl
+        KeyVaultResourceId: resourceGroupResources.outputs.keyVaultResourceId
+        KeyVaultURL: resourceGroupResources.outputs.keyVaultUrl
+        ResizeOSDisk: 'false'
+        VolumeType: 'All'
+      }
+    }
+    extensionDSCConfig: {
+      enabled: false
+    }
+    extensionMonitoringAgentConfig: {
+      enabled: true
+    }
+    extensionNetworkWatcherAgentConfig: {
+      enabled: true
+    }
+    lock: 'CanNotDelete'
+    monitoringWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    publicKeys: [
+      {
+        keyData: sshKey.properties.publicKey
+        path: '/home/localAdminUser/.ssh/authorized_keys'
+      }
+    ]
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    systemAssignedIdentity: true
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/windows.atmg/dependencies.bicep b/modules/Microsoft.Compute/virtualMachines/.test/windows.atmg/dependencies.bicep
new file mode 100644
index 0000000000..b6ce61cfcd
--- /dev/null
+++ b/modules/Microsoft.Compute/virtualMachines/.test/windows.atmg/dependencies.bicep
@@ -0,0 +1,28 @@
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+  name: virtualNetworkName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/24'
+      ]
+    }
+    subnets: [
+      {
+        name: 'defaultSubnet'
+        properties: {
+          addressPrefix: '10.0.0.0/24'
+        }
+      }
+    ]
+  }
+}
+
+@description('The resource ID of the created Virtual Network Subnet')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/windows.atmg/deploy.test.bicep b/modules/Microsoft.Compute/virtualMachines/.test/windows.atmg/deploy.test.bicep
new file mode 100644
index 0000000000..f32ef34411
--- /dev/null
+++ b/modules/Microsoft.Compute/virtualMachines/.test/windows.atmg/deploy.test.bicep
@@ -0,0 +1,77 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.compute.virtualMachines-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'cvmwinautmg'
+
+@description('Optional. The password to leverage for the login.')
+@secure()
+param password string = newGuid()
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}'
+    adminUsername: 'localAdminUser'
+    imageReference: {
+      offer: 'WindowsServer'
+      publisher: 'MicrosoftWindowsServer'
+      sku: '2019-Datacenter'
+      version: 'latest'
+    }
+    nicConfigurations: [
+      {
+        ipConfigurations: [
+          {
+            name: 'ipconfig01'
+            subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+          }
+        ]
+        nicSuffix: '-nic-01'
+      }
+    ]
+    osDisk: {
+      diskSizeGB: '128'
+      managedDisk: {
+        storageAccountType: 'Premium_LRS'
+      }
+    }
+    osType: 'Windows'
+    vmSize: 'Standard_B12ms'
+    adminPassword: password
+    configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
+  }
+}
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/windows.autmg.parameters.json b/modules/Microsoft.Compute/virtualMachines/.test/windows.autmg.parameters.json
deleted file mode 100644
index cc63de20a4..0000000000
--- a/modules/Microsoft.Compute/virtualMachines/.test/windows.autmg.parameters.json
+++ /dev/null
@@ -1,58 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-vm-win-03"
-        },
-        "imageReference": {
-            "value": {
-                "publisher": "MicrosoftWindowsServer",
-                "offer": "WindowsServer",
-                "sku": "2019-Datacenter",
-                "version": "latest"
-            }
-        },
-        "osType": {
-            "value": "Windows"
-        },
-        "vmSize": {
-            "value": "Standard_B12ms"
-        },
-        "osDisk": {
-            "value": {
-                "diskSizeGB": "128",
-                "managedDisk": {
-                    "storageAccountType": "Premium_LRS"
-                }
-            }
-        },
-        "adminUsername": {
-            "value": "localAdminUser"
-        },
-        "adminPassword": {
-            "reference": {
-                "keyVault": {
-                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-                },
-                "secretName": "adminPassword"
-            }
-        },
-        "nicConfigurations": {
-            "value": [
-                {
-                    "nicSuffix": "-nic-01",
-                    "ipConfigurations": [
-                        {
-                            "name": "ipconfig01",
-                            "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
-                        }
-                    ]
-                }
-            ]
-        },
-        "configurationProfile": {
-            "value": "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction"
-        }
-    }
-}
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/windows.min.parameters.json b/modules/Microsoft.Compute/virtualMachines/.test/windows.min.parameters.json
deleted file mode 100644
index 8537deaacf..0000000000
--- a/modules/Microsoft.Compute/virtualMachines/.test/windows.min.parameters.json
+++ /dev/null
@@ -1,55 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-vm-win-02"
-        },
-        "imageReference": {
-            "value": {
-                "publisher": "MicrosoftWindowsServer",
-                "offer": "WindowsServer",
-                "sku": "2022-datacenter-azure-edition",
-                "version": "latest"
-            }
-        },
-        "osType": {
-            "value": "Windows"
-        },
-        "vmSize": {
-            "value": "Standard_B12ms"
-        },
-        "osDisk": {
-            "value": {
-                "diskSizeGB": "128",
-                "managedDisk": {
-                    "storageAccountType": "Premium_LRS"
-                }
-            }
-        },
-        "adminUsername": {
-            "value": "localAdminUser"
-        },
-        "adminPassword": {
-            "reference": {
-                "keyVault": {
-                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-                },
-                "secretName": "adminPassword"
-            }
-        },
-        "nicConfigurations": {
-            "value": [
-                {
-                    "nicSuffix": "-nic-01",
-                    "ipConfigurations": [
-                        {
-                            "name": "ipconfig01",
-                            "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
-                        }
-                    ]
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/windows.min/dependencies.bicep b/modules/Microsoft.Compute/virtualMachines/.test/windows.min/dependencies.bicep
new file mode 100644
index 0000000000..d4eef6887c
--- /dev/null
+++ b/modules/Microsoft.Compute/virtualMachines/.test/windows.min/dependencies.bicep
@@ -0,0 +1,28 @@
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+  name: virtualNetworkName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/24'
+      ]
+    }
+    subnets: [
+      {
+        name: 'defaultSubnet'
+        properties: {
+          addressPrefix: '10.0.0.0/24'
+        }
+      }
+    ]
+  }
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/windows.min/deploy.test.bicep b/modules/Microsoft.Compute/virtualMachines/.test/windows.min/deploy.test.bicep
new file mode 100644
index 0000000000..3dd6224baa
--- /dev/null
+++ b/modules/Microsoft.Compute/virtualMachines/.test/windows.min/deploy.test.bicep
@@ -0,0 +1,75 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.compute.virtualMachines-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'cvmwinmin'
+
+@description('Optional. The password to leverage for the login.')
+@secure()
+param password string = newGuid()
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}'
+    adminUsername: 'localAdminUser'
+    imageReference: {
+      offer: 'WindowsServer'
+      publisher: 'MicrosoftWindowsServer'
+      sku: '2022-datacenter-azure-edition'
+      version: 'latest'
+    }
+    nicConfigurations: [
+      {
+        ipConfigurations: [
+          {
+            name: 'ipconfig01'
+            subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+          }
+        ]
+        nicSuffix: '-nic-01'
+      }
+    ]
+    osDisk: {
+      diskSizeGB: '128'
+      managedDisk: {
+        storageAccountType: 'Premium_LRS'
+      }
+    }
+    osType: 'Windows'
+    vmSize: 'Standard_B12ms'
+    adminPassword: password
+  }
+}
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/windows.parameters.json b/modules/Microsoft.Compute/virtualMachines/.test/windows.parameters.json
deleted file mode 100644
index eea472aa0f..0000000000
--- a/modules/Microsoft.Compute/virtualMachines/.test/windows.parameters.json
+++ /dev/null
@@ -1,238 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-vm-win-01"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "encryptionAtHost": {
-            "value": false
-        },
-        "imageReference": {
-            "value": {
-                "publisher": "MicrosoftWindowsServer",
-                "offer": "WindowsServer",
-                "sku": "2019-Datacenter",
-                "version": "latest"
-            }
-        },
-        "osType": {
-            "value": "Windows"
-        },
-        "vmSize": {
-            "value": "Standard_B12ms"
-        },
-        "osDisk": {
-            "value": {
-                "createOption": "fromImage",
-                "deleteOption": "Delete",
-                "caching": "None",
-                "diskSizeGB": "128",
-                "managedDisk": {
-                    "storageAccountType": "Premium_LRS"
-                }
-            }
-        },
-        "dataDisks": {
-            "value": [
-                {
-                    "createOption": "Empty",
-                    "deleteOption": "Delete",
-                    "caching": "None",
-                    "diskSizeGB": "128",
-                    "managedDisk": {
-                        "storageAccountType": "Premium_LRS"
-                    }
-                },
-                {
-                    "createOption": "Empty",
-                    "deleteOption": "Delete",
-                    "caching": "None",
-                    "diskSizeGB": "128",
-                    "managedDisk": {
-                        "storageAccountType": "Premium_LRS"
-                    }
-                }
-            ]
-        },
-        "availabilityZone": {
-            "value": 2
-        },
-        "adminUsername": {
-            "value": "localAdminUser"
-        },
-        "adminPassword": {
-            "reference": {
-                "keyVault": {
-                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-                },
-                "secretName": "adminPassword"
-            }
-        },
-        "nicConfigurations": {
-            "value": [
-                {
-                    "nicSuffix": "-nic-01",
-                    "deleteOption": "Delete",
-                    "ipConfigurations": [
-                        {
-                            "name": "ipconfig01",
-                            "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001",
-                            "pipConfiguration": {
-                                "publicIpNameSuffix": "-pip-01",
-                                "roleAssignments": [
-                                    {
-                                        "roleDefinitionIdOrName": "Reader",
-                                        "principalIds": [
-                                            "<<deploymentSpId>>"
-                                        ]
-                                    }
-                                ]
-                            },
-                            "loadBalancerBackendAddressPools": [
-                                {
-                                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<<namePrefix>>-az-lb-internal-001/backendAddressPools/servers"
-                                }
-                            ],
-                            "applicationSecurityGroups": [
-                                {
-                                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<<namePrefix>>-az-asg-x-001"
-                                }
-                            ]
-                        }
-                    ],
-                    "roleAssignments": [
-                        {
-                            "roleDefinitionIdOrName": "Reader",
-                            "principalIds": [
-                                "<<deploymentSpId>>"
-                            ]
-                        }
-                    ]
-                }
-            ]
-        },
-        "backupVaultName": {
-            "value": "adp-<<namePrefix>>-az-rsv-x-001"
-        },
-        "backupVaultResourceGroup": {
-            "value": "validation-rg"
-        },
-        "backupPolicyName": {
-            "value": "VMpolicy"
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        },
-        "proximityPlacementGroupResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Compute/proximityPlacementGroups/adp-<<namePrefix>>-az-ppg-vm-001"
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "extensionAntiMalwareConfig": {
-            "value": {
-                "enabled": true,
-                "settings": {
-                    "AntimalwareEnabled": "true",
-                    "Exclusions": {
-                        "Extensions": ".ext1;.ext2",
-                        "Paths": "c:\\excluded-path-1;c:\\excluded-path-2",
-                        "Processes": "excludedproc1.exe;excludedproc2.exe"
-                    },
-                    "RealtimeProtectionEnabled": "true",
-                    "ScheduledScanSettings": {
-                        "isEnabled": "true",
-                        "scanType": "Quick",
-                        "day": "7",
-                        "time": "120"
-                    }
-                }
-            }
-        },
-        "extensionMonitoringAgentConfig": {
-            "value": {
-                "enabled": true
-            }
-        },
-        "monitoringWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "extensionDependencyAgentConfig": {
-            "value": {
-                "enabled": true
-            }
-        },
-        "extensionNetworkWatcherAgentConfig": {
-            "value": {
-                "enabled": true
-            }
-        },
-        "extensionDiskEncryptionConfig": {
-            "value": {
-                "enabled": true,
-                "settings": {
-                    "EncryptionOperation": "EnableEncryption",
-                    "KeyVaultURL": "https://adp-<<namePrefix>>-az-kv-x-001.vault.azure.net/",
-                    "KeyVaultResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001",
-                    "KeyEncryptionKeyURL": "https://adp-<<namePrefix>>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5", // ID must be updated for new keys
-                    "KekVaultResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001",
-                    "KeyEncryptionAlgorithm": "RSA-OAEP",
-                    "VolumeType": "All",
-                    "ResizeOSDisk": "false"
-                }
-            }
-        },
-        "extensionDSCConfig": {
-            "value": {
-                "enabled": true
-            }
-        },
-        "extensionCustomScriptConfig": {
-            "value": {
-                "enabled": true,
-                "fileData": [
-                    {
-                        "uri": "https://adp<<namePrefix>>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1",
-                        "storageAccountId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-                    }
-                ]
-            }
-        },
-        "extensionCustomScriptProtectedSetting": {
-            "value": {
-                "commandToExecute": "powershell -ExecutionPolicy Unrestricted -Command \"& .\\scriptExtensionMasterInstaller.ps1\""
-            }
-        }
-    }
-}
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/windows/dependencies.bicep b/modules/Microsoft.Compute/virtualMachines/.test/windows/dependencies.bicep
new file mode 100644
index 0000000000..e9466f580f
--- /dev/null
+++ b/modules/Microsoft.Compute/virtualMachines/.test/windows/dependencies.bicep
@@ -0,0 +1,319 @@
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Application Security Group to create.')
+param applicationSecurityGroupName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Load Balancer to create.')
+param loadBalancerName string
+
+@description('Required. The name of the Recovery Services Vault to create.')
+param recoveryServicesVaultName string
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+@description('Required. The name of the Storage Account to create.')
+param storageAccountName string
+
+@description('Required. The name of the Deployment Script used to upload data to the Storage Account.')
+param storageUploadDeploymentScriptName string
+
+@description('Required. The name of the Proximity Placement Group to create.')
+param proximityPlacementGroupName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+var storageContainerName = 'scripts'
+var storageAccountCSEFileName = 'scriptExtensionMasterInstaller.ps1'
+var backupPolicyName = 'backupPolicy'
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+  name: virtualNetworkName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/24'
+      ]
+    }
+    subnets: [
+      {
+        name: 'defaultSubnet'
+        properties: {
+          addressPrefix: '10.0.0.0/24'
+        }
+      }
+    ]
+  }
+}
+
+resource applicationSecurityGroup 'Microsoft.Network/applicationSecurityGroups@2022-01-01' = {
+  name: applicationSecurityGroupName
+  location: location
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+resource msiRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('msi-${managedIdentityName}-Subscription-Contributor-RoleAssignment')
+  properties: {
+    principalId: managedIdentity.properties.principalId
+    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' // Contributor
+    principalType: 'ServicePrincipal'
+  }
+}
+
+resource loadBalancer 'Microsoft.Network/loadBalancers@2022-01-01' = {
+  name: loadBalancerName
+  location: location
+  sku: {
+    name: 'Standard'
+  }
+  properties: {
+    frontendIPConfigurations: [
+      {
+        name: 'privateIPConfig1'
+        properties: {
+          subnet: virtualNetwork.properties.subnets[0]
+        }
+      }
+    ]
+    backendAddressPools: [
+      {
+        name: 'servers'
+      }
+    ]
+  }
+}
+
+resource recoveryServicesVault 'Microsoft.RecoveryServices/vaults@2022-04-01' = {
+  name: recoveryServicesVaultName
+  location: location
+  sku: {
+    name: 'RS0'
+    tier: 'Standard'
+  }
+  properties: {
+  }
+
+  resource backupPolicy 'backupPolicies@2022-03-01' = {
+    name: backupPolicyName
+    properties: {
+      backupManagementType: 'AzureIaasVM'
+      instantRPDetails: {}
+      schedulePolicy: {
+        schedulePolicyType: 'SimpleSchedulePolicy'
+        scheduleRunFrequency: 'Daily'
+        scheduleRunTimes: [
+          '2019-11-07T07:00:00Z'
+        ]
+        scheduleWeeklyFrequency: 0
+      }
+      retentionPolicy: {
+        retentionPolicyType: 'LongTermRetentionPolicy'
+        dailySchedule: {
+          retentionTimes: [
+            '2019-11-07T07:00:00Z'
+          ]
+          retentionDuration: {
+            count: 180
+            durationType: 'Days'
+          }
+        }
+        weeklySchedule: {
+          daysOfTheWeek: [
+            'Sunday'
+          ]
+          retentionTimes: [
+            '2019-11-07T07:00:00Z'
+          ]
+          retentionDuration: {
+            count: 12
+            durationType: 'Weeks'
+          }
+        }
+        monthlySchedule: {
+          retentionScheduleFormatType: 'Weekly'
+          retentionScheduleWeekly: {
+            daysOfTheWeek: [
+              'Sunday'
+            ]
+            weeksOfTheMonth: [
+              'First'
+            ]
+          }
+          retentionTimes: [
+            '2019-11-07T07:00:00Z'
+          ]
+          retentionDuration: {
+            count: 60
+            durationType: 'Months'
+          }
+        }
+        yearlySchedule: {
+          retentionScheduleFormatType: 'Weekly'
+          monthsOfYear: [
+            'January'
+          ]
+          retentionScheduleWeekly: {
+            daysOfTheWeek: [
+              'Sunday'
+            ]
+            weeksOfTheMonth: [
+              'First'
+            ]
+          }
+          retentionTimes: [
+            '2019-11-07T07:00:00Z'
+          ]
+          retentionDuration: {
+            count: 10
+            durationType: 'Years'
+          }
+        }
+      }
+      instantRpRetentionRangeInDays: 2
+      timeZone: 'UTC'
+      protectedItemsCount: 0
+    }
+  }
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+  name: keyVaultName
+  location: location
+  properties: {
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    tenantId: tenant().tenantId
+    enablePurgeProtection: null
+    enabledForTemplateDeployment: true
+    enabledForDiskEncryption: true
+    enabledForDeployment: true
+    enableRbacAuthorization: true
+    accessPolicies: []
+  }
+
+  resource key 'keys@2022-07-01' = {
+    name: 'encryptionKey'
+    properties: {
+      kty: 'RSA'
+    }
+  }
+}
+
+resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid('msi-${managedIdentityName}-KeyVault-Key-Read-RoleAssignment')
+  scope: keyVault::key
+  properties: {
+    principalId: managedIdentity.properties.principalId
+    // Key Vault Crypto User
+    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424')
+    principalType: 'ServicePrincipal'
+  }
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: storageAccountName
+  location: location
+  sku: {
+    name: 'Standard_LRS'
+  }
+  kind: 'StorageV2'
+
+  resource blobService 'blobServices@2021-09-01' = {
+    name: 'default'
+
+    resource container 'containers@2021-09-01' = {
+      name: storageContainerName
+    }
+  }
+}
+
+resource storageUpload 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+  name: storageUploadDeploymentScriptName
+  location: location
+  kind: 'AzurePowerShell'
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentity.id}': {}
+    }
+  }
+  properties: {
+    azPowerShellVersion: '3.0'
+    retentionInterval: 'P1D'
+    arguments: ' -StorageAccountName "${storageAccount.name}" -ResourceGroupName "${resourceGroup().name}" -ContainerName "${storageAccount::blobService::container.name}" -FileName "${storageAccountCSEFileName}"'
+    scriptContent: '''
+          param(
+            [string] $StorageAccountName,
+            [string] $ResourceGroupName,
+            [string] $ContainerName,
+            [string] $FileName
+          )
+          Write-Verbose "Create file [$FileName]" -Verbose
+          $file = New-Item -Value "Write-Host 'I am content'" -Path $FileName -Force
+          Write-Verbose "Getting storage account [$StorageAccountName|$ResourceGroupName] context." -Verbose
+          $storageAccount = Get-AzStorageAccount -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName -ErrorAction 'Stop'
+          Write-Verbose 'Uploading file [$fileName]' -Verbose
+          Set-AzStorageBlobContent -File $file.FullName -Container $ContainerName -Context $storageAccount.Context -Force -ErrorAction 'Stop' | Out-Null
+        '''
+  }
+  dependsOn: [
+    msiRoleAssignment
+  ]
+}
+
+resource proximityPlacementGroup 'Microsoft.Compute/proximityPlacementGroups@2022-03-01' = {
+  name: proximityPlacementGroupName
+  location: location
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The resource ID of the created Application Security Group.')
+output applicationSecurityGroupResourceId string = applicationSecurityGroup.id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The resource ID of the created Load Balancer Backend Pool.')
+output loadBalancerBackendPoolResourceId string = loadBalancer.properties.backendAddressPools[0].id
+
+@description('The resource ID of the created Recovery Services Vault.')
+output recoveryServicesVaultResourceId string = recoveryServicesVault.id
+
+@description('The name of the Backup Policy created in the Backup Recovery Vault.')
+output recoveryServicesVaultBackupPolicyName string = backupPolicyName
+
+@description('The resource ID of the created Key Vault.')
+output keyVaultResourceId string = keyVault.id
+
+@description('The URL of the created Key Vault.')
+output keyVaultUrl string = keyVault.properties.vaultUri
+
+@description('The URL of the created Key Vault Encryption Key.')
+output keyVaultEncryptionKeyUrl string = keyVault::key.properties.keyUriWithVersion
+
+@description('The resource ID of the created Storage Account.')
+output storageAccountResourceId string = storageAccount.id
+
+@description('The URL of the Custom Script Extension in the created Storage Account')
+output storageAccountCSEFileUrl string = '${storageAccount.properties.primaryEndpoints.blob}${storageContainerName}/${storageAccountCSEFileName}'
+
+@description('The resource ID of the created Proximity Placement Group.')
+output proximityPlacementGroupResourceId string = proximityPlacementGroup.id
diff --git a/modules/Microsoft.Compute/virtualMachines/.test/windows/deploy.test.bicep b/modules/Microsoft.Compute/virtualMachines/.test/windows/deploy.test.bicep
new file mode 100644
index 0000000000..b62fc43218
--- /dev/null
+++ b/modules/Microsoft.Compute/virtualMachines/.test/windows/deploy.test.bicep
@@ -0,0 +1,231 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.compute.virtualMachines-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'cvmwindef'
+
+@description('Optional. The password to leverage for the login.')
+@secure()
+param password string = newGuid()
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    applicationSecurityGroupName: 'adp-<<namePrefix>>-asg-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}'
+    loadBalancerName: 'dep-<<namePrefix>>-lb-${serviceShort}'
+    recoveryServicesVaultName: 'dep-<<namePrefix>>-rsv-${serviceShort}'
+    storageAccountName: 'dep<<namePrefix>>sa${serviceShort}01'
+    storageUploadDeploymentScriptName: 'dep-<<namePrefix>>-sads-${serviceShort}'
+    proximityPlacementGroupName: 'dep-<<namePrefix>>-ppg-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}'
+    adminUsername: 'localAdminUser'
+    imageReference: {
+      offer: 'WindowsServer'
+      publisher: 'MicrosoftWindowsServer'
+      sku: '2019-Datacenter'
+      version: 'latest'
+    }
+    nicConfigurations: [
+      {
+        deleteOption: 'Delete'
+        ipConfigurations: [
+          {
+            applicationSecurityGroups: [
+              {
+                id: resourceGroupResources.outputs.applicationSecurityGroupResourceId
+              }
+            ]
+            loadBalancerBackendAddressPools: [
+              {
+                id: resourceGroupResources.outputs.loadBalancerBackendPoolResourceId
+              }
+            ]
+            name: 'ipconfig01'
+            pipConfiguration: {
+              publicIpNameSuffix: '-pip-01'
+              roleAssignments: [
+                {
+                  principalIds: [
+                    resourceGroupResources.outputs.managedIdentityPrincipalId
+                  ]
+                  roleDefinitionIdOrName: 'Reader'
+                }
+              ]
+            }
+            subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+          }
+        ]
+        nicSuffix: '-nic-01'
+        roleAssignments: [
+          {
+            principalIds: [
+              resourceGroupResources.outputs.managedIdentityPrincipalId
+            ]
+            roleDefinitionIdOrName: 'Reader'
+          }
+        ]
+      }
+    ]
+    osDisk: {
+      caching: 'None'
+      createOption: 'fromImage'
+      deleteOption: 'Delete'
+      diskSizeGB: '128'
+      managedDisk: {
+        storageAccountType: 'Premium_LRS'
+      }
+    }
+    osType: 'Windows'
+    vmSize: 'Standard_B12ms'
+    adminPassword: password
+    availabilityZone: 2
+    backupPolicyName: resourceGroupResources.outputs.recoveryServicesVaultBackupPolicyName
+    backupVaultName: last(split(resourceGroupResources.outputs.recoveryServicesVaultResourceId, '/'))
+    backupVaultResourceGroup: (split(resourceGroupResources.outputs.recoveryServicesVaultResourceId, '/'))[4]
+    dataDisks: [
+      {
+        caching: 'None'
+        createOption: 'Empty'
+        deleteOption: 'Delete'
+        diskSizeGB: '128'
+        managedDisk: {
+          storageAccountType: 'Premium_LRS'
+        }
+      }
+      {
+        caching: 'None'
+        createOption: 'Empty'
+        deleteOption: 'Delete'
+        diskSizeGB: '128'
+        managedDisk: {
+          storageAccountType: 'Premium_LRS'
+        }
+      }
+    ]
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    diagnosticLogsRetentionInDays: 7
+    encryptionAtHost: false
+    extensionAntiMalwareConfig: {
+      enabled: true
+      settings: {
+        AntimalwareEnabled: 'true'
+        Exclusions: {
+          Extensions: '.ext1;.ext2'
+          Paths: 'c:\\excluded-path-1;c:\\excluded-path-2'
+          Processes: 'excludedproc1.exe;excludedproc2.exe'
+        }
+        RealtimeProtectionEnabled: 'true'
+        ScheduledScanSettings: {
+          day: '7'
+          isEnabled: 'true'
+          scanType: 'Quick'
+          time: '120'
+        }
+      }
+    }
+    extensionCustomScriptConfig: {
+      enabled: true
+      fileData: [
+        {
+          storageAccountId: resourceGroupResources.outputs.storageAccountResourceId
+          uri: resourceGroupResources.outputs.storageAccountCSEFileUrl
+        }
+      ]
+    }
+    extensionCustomScriptProtectedSetting: {
+      commandToExecute: 'powershell -ExecutionPolicy Unrestricted -Command "& ./${last(split(resourceGroupResources.outputs.storageAccountCSEFileUrl, '/'))}"'
+    }
+    extensionDependencyAgentConfig: {
+      enabled: true
+    }
+    extensionDiskEncryptionConfig: {
+      enabled: true
+      settings: {
+        EncryptionOperation: 'EnableEncryption'
+        KekVaultResourceId: resourceGroupResources.outputs.keyVaultResourceId
+        KeyEncryptionAlgorithm: 'RSA-OAEP'
+        KeyEncryptionKeyURL: resourceGroupResources.outputs.keyVaultEncryptionKeyUrl
+        KeyVaultResourceId: resourceGroupResources.outputs.keyVaultResourceId
+        KeyVaultURL: resourceGroupResources.outputs.keyVaultUrl
+        ResizeOSDisk: 'false'
+        VolumeType: 'All'
+      }
+    }
+    extensionDSCConfig: {
+      enabled: true
+    }
+    extensionMonitoringAgentConfig: {
+      enabled: true
+    }
+    extensionNetworkWatcherAgentConfig: {
+      enabled: true
+    }
+    lock: 'CanNotDelete'
+    monitoringWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    proximityPlacementGroupResourceId: resourceGroupResources.outputs.proximityPlacementGroupResourceId
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    systemAssignedIdentity: true
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.Compute/virtualMachines/readme.md b/modules/Microsoft.Compute/virtualMachines/readme.md
index 58ae78c88c..90970d5705 100644
--- a/modules/Microsoft.Compute/virtualMachines/readme.md
+++ b/modules/Microsoft.Compute/virtualMachines/readme.md
@@ -1015,277 +1015,15 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Linux Autmg</h3>
+<h3>Example 1: Linux</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-virtualMachines'
-  params: {
-    // Required parameters
-    adminUsername: 'localAdminUser'
-    imageReference: {
-      offer: 'UbuntuServer'
-      publisher: 'Canonical'
-      sku: '18.04-LTS'
-      version: 'latest'
-    }
-    nicConfigurations: [
-      {
-        ipConfigurations: [
-          {
-            name: 'ipconfig01'
-            pipConfiguration: {
-              publicIpNameSuffix: '-pip-01'
-            }
-            subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001'
-          }
-        ]
-        nicSuffix: '-nic-01'
-      }
-    ]
-    osDisk: {
-      diskSizeGB: '128'
-      managedDisk: {
-        storageAccountType: 'Premium_LRS'
-      }
-    }
-    osType: 'Linux'
-    vmSize: 'Standard_B12ms'
-    // Non-required parameters
-    configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
-    disablePasswordAuthentication: true
-    name: '<<namePrefix>>-vm-linux-autmg-01'
-    publicKeys: [
-      {
-        keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure'
-        path: '/home/localAdminUser/.ssh/authorized_keys'
-      }
-    ]
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "adminUsername": {
-      "value": "localAdminUser"
-    },
-    "imageReference": {
-      "value": {
-        "offer": "UbuntuServer",
-        "publisher": "Canonical",
-        "sku": "18.04-LTS",
-        "version": "latest"
-      }
-    },
-    "nicConfigurations": {
-      "value": [
-        {
-          "ipConfigurations": [
-            {
-              "name": "ipconfig01",
-              "pipConfiguration": {
-                "publicIpNameSuffix": "-pip-01"
-              },
-              "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
-            }
-          ],
-          "nicSuffix": "-nic-01"
-        }
-      ]
-    },
-    "osDisk": {
-      "value": {
-        "diskSizeGB": "128",
-        "managedDisk": {
-          "storageAccountType": "Premium_LRS"
-        }
-      }
-    },
-    "osType": {
-      "value": "Linux"
-    },
-    "vmSize": {
-      "value": "Standard_B12ms"
-    },
-    // Non-required parameters
-    "configurationProfile": {
-      "value": "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction"
-    },
-    "disablePasswordAuthentication": {
-      "value": true
-    },
-    "name": {
-      "value": "<<namePrefix>>-vm-linux-autmg-01"
-    },
-    "publicKeys": {
-      "value": [
-        {
-          "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure",
-          "path": "/home/localAdminUser/.ssh/authorized_keys"
-        }
-      ]
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Linux Min</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-virtualMachines'
-  params: {
-    // Required parameters
-    adminUsername: 'localAdminUser'
-    imageReference: {
-      offer: 'UbuntuServer'
-      publisher: 'Canonical'
-      sku: '18.04-LTS'
-      version: 'latest'
-    }
-    nicConfigurations: [
-      {
-        ipConfigurations: [
-          {
-            name: 'ipconfig01'
-            pipConfiguration: {
-              publicIpNameSuffix: '-pip-01'
-            }
-            subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001'
-          }
-        ]
-        nicSuffix: '-nic-01'
-      }
-    ]
-    osDisk: {
-      diskSizeGB: '128'
-      managedDisk: {
-        storageAccountType: 'Premium_LRS'
-      }
-    }
-    osType: 'Linux'
-    vmSize: 'Standard_B12ms'
-    // Non-required parameters
-    disablePasswordAuthentication: true
-    name: '<<namePrefix>>-vm-linux-min-01'
-    publicKeys: [
-      {
-        keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure'
-        path: '/home/localAdminUser/.ssh/authorized_keys'
-      }
-    ]
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "adminUsername": {
-      "value": "localAdminUser"
-    },
-    "imageReference": {
-      "value": {
-        "offer": "UbuntuServer",
-        "publisher": "Canonical",
-        "sku": "18.04-LTS",
-        "version": "latest"
-      }
-    },
-    "nicConfigurations": {
-      "value": [
-        {
-          "ipConfigurations": [
-            {
-              "name": "ipconfig01",
-              "pipConfiguration": {
-                "publicIpNameSuffix": "-pip-01"
-              },
-              "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
-            }
-          ],
-          "nicSuffix": "-nic-01"
-        }
-      ]
-    },
-    "osDisk": {
-      "value": {
-        "diskSizeGB": "128",
-        "managedDisk": {
-          "storageAccountType": "Premium_LRS"
-        }
-      }
-    },
-    "osType": {
-      "value": "Linux"
-    },
-    "vmSize": {
-      "value": "Standard_B12ms"
-    },
-    // Non-required parameters
-    "disablePasswordAuthentication": {
-      "value": true
-    },
-    "name": {
-      "value": "<<namePrefix>>-vm-linux-min-01"
-    },
-    "publicKeys": {
-      "value": [
-        {
-          "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure",
-          "path": "/home/localAdminUser/.ssh/authorized_keys"
-        }
-      ]
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 3: Linux</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-virtualMachines'
+module virtualMachines './Microsoft.compute/virtualMachines/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-cvmlindef'
   params: {
     // Required parameters
     adminUsername: 'localAdminUser'
@@ -1302,12 +1040,12 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
           {
             applicationSecurityGroups: [
               {
-                id: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<<namePrefix>>-az-asg-x-001'
+                id: '<id>'
               }
             ]
             loadBalancerBackendAddressPools: [
               {
-                id: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<<namePrefix>>-az-lb-internal-001/backendAddressPools/servers'
+                id: '<id>'
               }
             ]
             name: 'ipconfig01'
@@ -1316,20 +1054,20 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
               roleAssignments: [
                 {
                   principalIds: [
-                    '<<deploymentSpId>>'
+                    '<managedIdentityPrincipalId>'
                   ]
                   roleDefinitionIdOrName: 'Reader'
                 }
               ]
             }
-            subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001'
+            subnetResourceId: '<subnetResourceId>'
           }
         ]
         nicSuffix: '-nic-01'
         roleAssignments: [
           {
             principalIds: [
-              '<<deploymentSpId>>'
+              '<managedIdentityPrincipalId>'
             ]
             roleDefinitionIdOrName: 'Reader'
           }
@@ -1349,9 +1087,9 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
     vmSize: 'Standard_B12ms'
     // Non-required parameters
     availabilityZone: 1
-    backupPolicyName: 'VMpolicy'
-    backupVaultName: 'adp-<<namePrefix>>-az-rsv-x-001'
-    backupVaultResourceGroup: 'validation-rg'
+    backupPolicyName: '<backupPolicyName>'
+    backupVaultName: '<backupVaultName>'
+    backupVaultResourceGroup: '<backupVaultResourceGroup>'
     dataDisks: [
       {
         caching: 'ReadWrite'
@@ -1372,24 +1110,24 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
         }
       }
     ]
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     disablePasswordAuthentication: true
     encryptionAtHost: false
     extensionCustomScriptConfig: {
       enabled: true
       fileData: [
         {
-          storageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-          uri: 'https://adp<<namePrefix>>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1'
+          storageAccountId: '<storageAccountId>'
+          uri: '<uri>'
         }
       ]
     }
     extensionCustomScriptProtectedSetting: {
-      commandToExecute: 'sudo apt-get update'
+      commandToExecute: '<commandToExecute>'
     }
     extensionDependencyAgentConfig: {
       enabled: true
@@ -1398,11 +1136,11 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
       enabled: true
       settings: {
         EncryptionOperation: 'EnableEncryption'
-        KekVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001'
+        KekVaultResourceId: '<KekVaultResourceId>'
         KeyEncryptionAlgorithm: 'RSA-OAEP'
-        KeyEncryptionKeyURL: 'https://adp-<<namePrefix>>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5'
-        KeyVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001'
-        KeyVaultURL: 'https://adp-<<namePrefix>>-az-kv-x-001.vault.azure.net/'
+        KeyEncryptionKeyURL: '<KeyEncryptionKeyURL>'
+        KeyVaultResourceId: '<KeyVaultResourceId>'
+        KeyVaultURL: '<KeyVaultURL>'
         ResizeOSDisk: 'false'
         VolumeType: 'All'
       }
@@ -1417,25 +1155,25 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
       enabled: true
     }
     lock: 'CanNotDelete'
-    monitoringWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
-    name: '<<namePrefix>>-vm-linux-01'
+    monitoringWorkspaceId: '<monitoringWorkspaceId>'
+    name: '<<namePrefix>>cvmlindef'
     publicKeys: [
       {
-        keyData: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure'
+        keyData: '<keyData>'
         path: '/home/localAdminUser/.ssh/authorized_keys'
       }
     ]
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
     ]
     systemAssignedIdentity: true
     userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+      '<managedIdentityResourceId>': {}
     }
   }
 }
@@ -1473,12 +1211,12 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
             {
               "applicationSecurityGroups": [
                 {
-                  "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<<namePrefix>>-az-asg-x-001"
+                  "id": "<id>"
                 }
               ],
               "loadBalancerBackendAddressPools": [
                 {
-                  "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<<namePrefix>>-az-lb-internal-001/backendAddressPools/servers"
+                  "id": "<id>"
                 }
               ],
               "name": "ipconfig01",
@@ -1487,20 +1225,20 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
                 "roleAssignments": [
                   {
                     "principalIds": [
-                      "<<deploymentSpId>>"
+                      "<managedIdentityPrincipalId>"
                     ],
                     "roleDefinitionIdOrName": "Reader"
                   }
                 ]
               },
-              "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
+              "subnetResourceId": "<subnetResourceId>"
             }
           ],
           "nicSuffix": "-nic-01",
           "roleAssignments": [
             {
               "principalIds": [
-                "<<deploymentSpId>>"
+                "<managedIdentityPrincipalId>"
               ],
               "roleDefinitionIdOrName": "Reader"
             }
@@ -1530,13 +1268,13 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
       "value": 1
     },
     "backupPolicyName": {
-      "value": "VMpolicy"
+      "value": "<backupPolicyName>"
     },
     "backupVaultName": {
-      "value": "adp-<<namePrefix>>-az-rsv-x-001"
+      "value": "<backupVaultName>"
     },
     "backupVaultResourceGroup": {
-      "value": "validation-rg"
+      "value": "<backupVaultResourceGroup>"
     },
     "dataDisks": {
       "value": [
@@ -1561,19 +1299,19 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
       ]
     },
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "disablePasswordAuthentication": {
       "value": true
@@ -1586,15 +1324,15 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
         "enabled": true,
         "fileData": [
           {
-            "storageAccountId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001",
-            "uri": "https://adp<<namePrefix>>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1"
+            "storageAccountId": "<storageAccountId>",
+            "uri": "<uri>"
           }
         ]
       }
     },
     "extensionCustomScriptProtectedSetting": {
       "value": {
-        "commandToExecute": "sudo apt-get update"
+        "commandToExecute": "<commandToExecute>"
       }
     },
     "extensionDependencyAgentConfig": {
@@ -1607,11 +1345,11 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
         "enabled": true,
         "settings": {
           "EncryptionOperation": "EnableEncryption",
-          "KekVaultResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001",
+          "KekVaultResourceId": "<KekVaultResourceId>",
           "KeyEncryptionAlgorithm": "RSA-OAEP",
-          "KeyEncryptionKeyURL": "https://adp-<<namePrefix>>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5",
-          "KeyVaultResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001",
-          "KeyVaultURL": "https://adp-<<namePrefix>>-az-kv-x-001.vault.azure.net/",
+          "KeyEncryptionKeyURL": "<KeyEncryptionKeyURL>",
+          "KeyVaultResourceId": "<KeyVaultResourceId>",
+          "KeyVaultURL": "<KeyVaultURL>",
           "ResizeOSDisk": "false",
           "VolumeType": "All"
         }
@@ -1636,15 +1374,15 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
       "value": "CanNotDelete"
     },
     "monitoringWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<monitoringWorkspaceId>"
     },
     "name": {
-      "value": "<<namePrefix>>-vm-linux-01"
+      "value": "<<namePrefix>>cvmlindef"
     },
     "publicKeys": {
       "value": [
         {
-          "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure",
+          "keyData": "<keyData>",
           "path": "/home/localAdminUser/.ssh/authorized_keys"
         }
       ]
@@ -1653,7 +1391,7 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -1664,7 +1402,7 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
     },
     "userAssignedIdentities": {
       "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+        "<managedIdentityResourceId>": {}
       }
     }
   }
@@ -1674,27 +1412,22 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
 </details>
 <p>
 
-<h3>Example 4: Windows Autmg</h3>
+<h3>Example 2: Linux.Atmg</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
-  name: 'adp-<<namePrefix>>-az-kv-x-001'
-  scope: resourceGroup('<<subscriptionId>>','validation-rg')
-}
-
-module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-virtualMachines'
+module virtualMachines './Microsoft.compute/virtualMachines/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-cvmlinatmg'
   params: {
     // Required parameters
     adminUsername: 'localAdminUser'
     imageReference: {
-      offer: 'WindowsServer'
-      publisher: 'MicrosoftWindowsServer'
-      sku: '2019-Datacenter'
+      offer: 'UbuntuServer'
+      publisher: 'Canonical'
+      sku: '18.04-LTS'
       version: 'latest'
     }
     nicConfigurations: [
@@ -1702,7 +1435,10 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
         ipConfigurations: [
           {
             name: 'ipconfig01'
-            subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001'
+            pipConfiguration: {
+              publicIpNameSuffix: '-pip-01'
+            }
+            subnetResourceId: '<subnetResourceId>'
           }
         ]
         nicSuffix: '-nic-01'
@@ -1714,12 +1450,18 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
         storageAccountType: 'Premium_LRS'
       }
     }
-    osType: 'Windows'
+    osType: 'Linux'
     vmSize: 'Standard_B12ms'
     // Non-required parameters
-    adminPassword: kv1.getSecret('adminPassword')
     configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
-    name: '<<namePrefix>>-vm-win-03'
+    disablePasswordAuthentication: true
+    name: '<<namePrefix>>cvmlinatmg'
+    publicKeys: [
+      {
+        keyData: '<keyData>'
+        path: '/home/localAdminUser/.ssh/authorized_keys'
+      }
+    ]
   }
 }
 ```
@@ -1742,9 +1484,9 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
     },
     "imageReference": {
       "value": {
-        "offer": "WindowsServer",
-        "publisher": "MicrosoftWindowsServer",
-        "sku": "2019-Datacenter",
+        "offer": "UbuntuServer",
+        "publisher": "Canonical",
+        "sku": "18.04-LTS",
         "version": "latest"
       }
     },
@@ -1754,7 +1496,10 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
           "ipConfigurations": [
             {
               "name": "ipconfig01",
-              "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
+              "pipConfiguration": {
+                "publicIpNameSuffix": "-pip-01"
+              },
+              "subnetResourceId": "<subnetResourceId>"
             }
           ],
           "nicSuffix": "-nic-01"
@@ -1770,25 +1515,28 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
       }
     },
     "osType": {
-      "value": "Windows"
+      "value": "Linux"
     },
     "vmSize": {
       "value": "Standard_B12ms"
     },
     // Non-required parameters
-    "adminPassword": {
-      "reference": {
-        "keyVault": {
-          "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-        },
-        "secretName": "adminPassword"
-      }
-    },
     "configurationProfile": {
       "value": "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction"
     },
+    "disablePasswordAuthentication": {
+      "value": true
+    },
     "name": {
-      "value": "<<namePrefix>>-vm-win-03"
+      "value": "<<namePrefix>>cvmlinatmg"
+    },
+    "publicKeys": {
+      "value": [
+        {
+          "keyData": "<keyData>",
+          "path": "/home/localAdminUser/.ssh/authorized_keys"
+        }
+      ]
     }
   }
 }
@@ -1797,27 +1545,22 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
 </details>
 <p>
 
-<h3>Example 5: Windows Min</h3>
+<h3>Example 3: Linux.Min</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
-  name: 'adp-<<namePrefix>>-az-kv-x-001'
-  scope: resourceGroup('<<subscriptionId>>','validation-rg')
-}
-
-module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-virtualMachines'
+module virtualMachines './Microsoft.compute/virtualMachines/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-cvmlinmin'
   params: {
     // Required parameters
     adminUsername: 'localAdminUser'
     imageReference: {
-      offer: 'WindowsServer'
-      publisher: 'MicrosoftWindowsServer'
-      sku: '2022-datacenter-azure-edition'
+      offer: 'UbuntuServer'
+      publisher: 'Canonical'
+      sku: '18.04-LTS'
       version: 'latest'
     }
     nicConfigurations: [
@@ -1825,7 +1568,10 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
         ipConfigurations: [
           {
             name: 'ipconfig01'
-            subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001'
+            pipConfiguration: {
+              publicIpNameSuffix: '-pip-01'
+            }
+            subnetResourceId: '<subnetResourceId>'
           }
         ]
         nicSuffix: '-nic-01'
@@ -1837,11 +1583,17 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
         storageAccountType: 'Premium_LRS'
       }
     }
-    osType: 'Windows'
+    osType: 'Linux'
     vmSize: 'Standard_B12ms'
     // Non-required parameters
-    adminPassword: kv1.getSecret('adminPassword')
-    name: '<<namePrefix>>-vm-win-02'
+    disablePasswordAuthentication: true
+    name: '<<namePrefix>>cvmlinmin'
+    publicKeys: [
+      {
+        keyData: '<keyData>'
+        path: '/home/localAdminUser/.ssh/authorized_keys'
+      }
+    ]
   }
 }
 ```
@@ -1864,9 +1616,9 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
     },
     "imageReference": {
       "value": {
-        "offer": "WindowsServer",
-        "publisher": "MicrosoftWindowsServer",
-        "sku": "2022-datacenter-azure-edition",
+        "offer": "UbuntuServer",
+        "publisher": "Canonical",
+        "sku": "18.04-LTS",
         "version": "latest"
       }
     },
@@ -1876,7 +1628,10 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
           "ipConfigurations": [
             {
               "name": "ipconfig01",
-              "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
+              "pipConfiguration": {
+                "publicIpNameSuffix": "-pip-01"
+              },
+              "subnetResourceId": "<subnetResourceId>"
             }
           ],
           "nicSuffix": "-nic-01"
@@ -1892,22 +1647,25 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
       }
     },
     "osType": {
-      "value": "Windows"
+      "value": "Linux"
     },
     "vmSize": {
       "value": "Standard_B12ms"
     },
     // Non-required parameters
-    "adminPassword": {
-      "reference": {
-        "keyVault": {
-          "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-        },
-        "secretName": "adminPassword"
-      }
+    "disablePasswordAuthentication": {
+      "value": true
     },
     "name": {
-      "value": "<<namePrefix>>-vm-win-02"
+      "value": "<<namePrefix>>cvmlinmin"
+    },
+    "publicKeys": {
+      "value": [
+        {
+          "keyData": "<keyData>",
+          "path": "/home/localAdminUser/.ssh/authorized_keys"
+        }
+      ]
     }
   }
 }
@@ -1916,20 +1674,15 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
 </details>
 <p>
 
-<h3>Example 6: Windows</h3>
+<h3>Example 4: Windows</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
-  name: 'adp-<<namePrefix>>-az-kv-x-001'
-  scope: resourceGroup('<<subscriptionId>>','validation-rg')
-}
-
-module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-virtualMachines'
+module virtualMachines './Microsoft.compute/virtualMachines/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-cvmwindef'
   params: {
     // Required parameters
     adminUsername: 'localAdminUser'
@@ -1946,12 +1699,12 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
           {
             applicationSecurityGroups: [
               {
-                id: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<<namePrefix>>-az-asg-x-001'
+                id: '<id>'
               }
             ]
             loadBalancerBackendAddressPools: [
               {
-                id: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<<namePrefix>>-az-lb-internal-001/backendAddressPools/servers'
+                id: '<id>'
               }
             ]
             name: 'ipconfig01'
@@ -1960,20 +1713,20 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
               roleAssignments: [
                 {
                   principalIds: [
-                    '<<deploymentSpId>>'
+                    '<managedIdentityPrincipalId>'
                   ]
                   roleDefinitionIdOrName: 'Reader'
                 }
               ]
             }
-            subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001'
+            subnetResourceId: '<subnetResourceId>'
           }
         ]
         nicSuffix: '-nic-01'
         roleAssignments: [
           {
             principalIds: [
-              '<<deploymentSpId>>'
+              '<managedIdentityPrincipalId>'
             ]
             roleDefinitionIdOrName: 'Reader'
           }
@@ -1992,11 +1745,11 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
     osType: 'Windows'
     vmSize: 'Standard_B12ms'
     // Non-required parameters
-    adminPassword: kv1.getSecret('adminPassword')
+    adminPassword: '<adminPassword>'
     availabilityZone: 2
-    backupPolicyName: 'VMpolicy'
-    backupVaultName: 'adp-<<namePrefix>>-az-rsv-x-001'
-    backupVaultResourceGroup: 'validation-rg'
+    backupPolicyName: '<backupPolicyName>'
+    backupVaultName: '<backupVaultName>'
+    backupVaultResourceGroup: '<backupVaultResourceGroup>'
     dataDisks: [
       {
         caching: 'None'
@@ -2017,11 +1770,11 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
         }
       }
     ]
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     encryptionAtHost: false
     extensionAntiMalwareConfig: {
       enabled: true
@@ -2045,13 +1798,13 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
       enabled: true
       fileData: [
         {
-          storageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-          uri: 'https://adp<<namePrefix>>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1'
+          storageAccountId: '<storageAccountId>'
+          uri: '<uri>'
         }
       ]
     }
     extensionCustomScriptProtectedSetting: {
-      commandToExecute: 'powershell -ExecutionPolicy Unrestricted -Command \'& .\\scriptExtensionMasterInstaller.ps1\''
+      commandToExecute: '<commandToExecute>'
     }
     extensionDependencyAgentConfig: {
       enabled: true
@@ -2060,11 +1813,11 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
       enabled: true
       settings: {
         EncryptionOperation: 'EnableEncryption'
-        KekVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001'
+        KekVaultResourceId: '<KekVaultResourceId>'
         KeyEncryptionAlgorithm: 'RSA-OAEP'
-        KeyEncryptionKeyURL: 'https://adp-<<namePrefix>>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5'
-        KeyVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001'
-        KeyVaultURL: 'https://adp-<<namePrefix>>-az-kv-x-001.vault.azure.net/'
+        KeyEncryptionKeyURL: '<KeyEncryptionKeyURL>'
+        KeyVaultResourceId: '<KeyVaultResourceId>'
+        KeyVaultURL: '<KeyVaultURL>'
         ResizeOSDisk: 'false'
         VolumeType: 'All'
       }
@@ -2079,20 +1832,20 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
       enabled: true
     }
     lock: 'CanNotDelete'
-    monitoringWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
-    name: '<<namePrefix>>-vm-win-01'
-    proximityPlacementGroupResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Compute/proximityPlacementGroups/adp-<<namePrefix>>-az-ppg-vm-001'
+    monitoringWorkspaceId: '<monitoringWorkspaceId>'
+    name: '<<namePrefix>>cvmwindef'
+    proximityPlacementGroupResourceId: '<proximityPlacementGroupResourceId>'
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
     ]
     systemAssignedIdentity: true
     userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+      '<managedIdentityResourceId>': {}
     }
   }
 }
@@ -2130,12 +1883,12 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
             {
               "applicationSecurityGroups": [
                 {
-                  "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<<namePrefix>>-az-asg-x-001"
+                  "id": "<id>"
                 }
               ],
               "loadBalancerBackendAddressPools": [
                 {
-                  "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<<namePrefix>>-az-lb-internal-001/backendAddressPools/servers"
+                  "id": "<id>"
                 }
               ],
               "name": "ipconfig01",
@@ -2144,20 +1897,20 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
                 "roleAssignments": [
                   {
                     "principalIds": [
-                      "<<deploymentSpId>>"
+                      "<managedIdentityPrincipalId>"
                     ],
                     "roleDefinitionIdOrName": "Reader"
                   }
                 ]
               },
-              "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
+              "subnetResourceId": "<subnetResourceId>"
             }
           ],
           "nicSuffix": "-nic-01",
           "roleAssignments": [
             {
               "principalIds": [
-                "<<deploymentSpId>>"
+                "<managedIdentityPrincipalId>"
               ],
               "roleDefinitionIdOrName": "Reader"
             }
@@ -2184,24 +1937,19 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
     },
     // Non-required parameters
     "adminPassword": {
-      "reference": {
-        "keyVault": {
-          "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-        },
-        "secretName": "adminPassword"
-      }
+      "value": "<adminPassword>"
     },
     "availabilityZone": {
       "value": 2
     },
     "backupPolicyName": {
-      "value": "VMpolicy"
+      "value": "<backupPolicyName>"
     },
     "backupVaultName": {
-      "value": "adp-<<namePrefix>>-az-rsv-x-001"
+      "value": "<backupVaultName>"
     },
     "backupVaultResourceGroup": {
-      "value": "validation-rg"
+      "value": "<backupVaultResourceGroup>"
     },
     "dataDisks": {
       "value": [
@@ -2226,19 +1974,19 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
       ]
     },
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "encryptionAtHost": {
       "value": false
@@ -2268,15 +2016,15 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
         "enabled": true,
         "fileData": [
           {
-            "storageAccountId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001",
-            "uri": "https://adp<<namePrefix>>azsax001.blob.core.windows.net/scripts/scriptExtensionMasterInstaller.ps1"
+            "storageAccountId": "<storageAccountId>",
+            "uri": "<uri>"
           }
         ]
       }
     },
     "extensionCustomScriptProtectedSetting": {
       "value": {
-        "commandToExecute": "powershell -ExecutionPolicy Unrestricted -Command \"& .\\scriptExtensionMasterInstaller.ps1\""
+        "commandToExecute": "<commandToExecute>"
       }
     },
     "extensionDependencyAgentConfig": {
@@ -2289,11 +2037,11 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
         "enabled": true,
         "settings": {
           "EncryptionOperation": "EnableEncryption",
-          "KekVaultResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001",
+          "KekVaultResourceId": "<KekVaultResourceId>",
           "KeyEncryptionAlgorithm": "RSA-OAEP",
-          "KeyEncryptionKeyURL": "https://adp-<<namePrefix>>-az-kv-x-001.vault.azure.net/keys/keyEncryptionKey/bc3bb46d95c64367975d722f473eeae5",
-          "KeyVaultResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001",
-          "KeyVaultURL": "https://adp-<<namePrefix>>-az-kv-x-001.vault.azure.net/",
+          "KeyEncryptionKeyURL": "<KeyEncryptionKeyURL>",
+          "KeyVaultResourceId": "<KeyVaultResourceId>",
+          "KeyVaultURL": "<KeyVaultURL>",
           "ResizeOSDisk": "false",
           "VolumeType": "All"
         }
@@ -2318,19 +2066,19 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
       "value": "CanNotDelete"
     },
     "monitoringWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<monitoringWorkspaceId>"
     },
     "name": {
-      "value": "<<namePrefix>>-vm-win-01"
+      "value": "<<namePrefix>>cvmwindef"
     },
     "proximityPlacementGroupResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Compute/proximityPlacementGroups/adp-<<namePrefix>>-az-ppg-vm-001"
+      "value": "<proximityPlacementGroupResourceId>"
     },
     "roleAssignments": {
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -2341,8 +2089,230 @@ module virtualMachines './Microsoft.Compute/virtualMachines/deploy.bicep' = {
     },
     "userAssignedIdentities": {
       "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+        "<managedIdentityResourceId>": {}
+      }
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<h3>Example 5: Windows.Atmg</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module virtualMachines './Microsoft.compute/virtualMachines/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-cvmwinautmg'
+  params: {
+    // Required parameters
+    adminUsername: 'localAdminUser'
+    imageReference: {
+      offer: 'WindowsServer'
+      publisher: 'MicrosoftWindowsServer'
+      sku: '2019-Datacenter'
+      version: 'latest'
+    }
+    nicConfigurations: [
+      {
+        ipConfigurations: [
+          {
+            name: 'ipconfig01'
+            subnetResourceId: '<subnetResourceId>'
+          }
+        ]
+        nicSuffix: '-nic-01'
+      }
+    ]
+    osDisk: {
+      diskSizeGB: '128'
+      managedDisk: {
+        storageAccountType: 'Premium_LRS'
+      }
+    }
+    osType: 'Windows'
+    vmSize: 'Standard_B12ms'
+    // Non-required parameters
+    adminPassword: '<adminPassword>'
+    configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction'
+    name: '<<namePrefix>>cvmwinautmg'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "adminUsername": {
+      "value": "localAdminUser"
+    },
+    "imageReference": {
+      "value": {
+        "offer": "WindowsServer",
+        "publisher": "MicrosoftWindowsServer",
+        "sku": "2019-Datacenter",
+        "version": "latest"
+      }
+    },
+    "nicConfigurations": {
+      "value": [
+        {
+          "ipConfigurations": [
+            {
+              "name": "ipconfig01",
+              "subnetResourceId": "<subnetResourceId>"
+            }
+          ],
+          "nicSuffix": "-nic-01"
+        }
+      ]
+    },
+    "osDisk": {
+      "value": {
+        "diskSizeGB": "128",
+        "managedDisk": {
+          "storageAccountType": "Premium_LRS"
+        }
+      }
+    },
+    "osType": {
+      "value": "Windows"
+    },
+    "vmSize": {
+      "value": "Standard_B12ms"
+    },
+    // Non-required parameters
+    "adminPassword": {
+      "value": "<adminPassword>"
+    },
+    "configurationProfile": {
+      "value": "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction"
+    },
+    "name": {
+      "value": "<<namePrefix>>cvmwinautmg"
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<h3>Example 6: Windows.Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module virtualMachines './Microsoft.compute/virtualMachines/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-cvmwinmin'
+  params: {
+    // Required parameters
+    adminUsername: 'localAdminUser'
+    imageReference: {
+      offer: 'WindowsServer'
+      publisher: 'MicrosoftWindowsServer'
+      sku: '2022-datacenter-azure-edition'
+      version: 'latest'
+    }
+    nicConfigurations: [
+      {
+        ipConfigurations: [
+          {
+            name: 'ipconfig01'
+            subnetResourceId: '<subnetResourceId>'
+          }
+        ]
+        nicSuffix: '-nic-01'
+      }
+    ]
+    osDisk: {
+      diskSizeGB: '128'
+      managedDisk: {
+        storageAccountType: 'Premium_LRS'
+      }
+    }
+    osType: 'Windows'
+    vmSize: 'Standard_B12ms'
+    // Non-required parameters
+    adminPassword: '<adminPassword>'
+    name: '<<namePrefix>>cvmwinmin'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "adminUsername": {
+      "value": "localAdminUser"
+    },
+    "imageReference": {
+      "value": {
+        "offer": "WindowsServer",
+        "publisher": "MicrosoftWindowsServer",
+        "sku": "2022-datacenter-azure-edition",
+        "version": "latest"
+      }
+    },
+    "nicConfigurations": {
+      "value": [
+        {
+          "ipConfigurations": [
+            {
+              "name": "ipconfig01",
+              "subnetResourceId": "<subnetResourceId>"
+            }
+          ],
+          "nicSuffix": "-nic-01"
+        }
+      ]
+    },
+    "osDisk": {
+      "value": {
+        "diskSizeGB": "128",
+        "managedDisk": {
+          "storageAccountType": "Premium_LRS"
+        }
       }
+    },
+    "osType": {
+      "value": "Windows"
+    },
+    "vmSize": {
+      "value": "Standard_B12ms"
+    },
+    // Non-required parameters
+    "adminPassword": {
+      "value": "<adminPassword>"
+    },
+    "name": {
+      "value": "<<namePrefix>>cvmwinmin"
     }
   }
 }
diff --git a/modules/Microsoft.ContainerRegistry/registries/.test/default/dependencies.bicep b/modules/Microsoft.ContainerRegistry/registries/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..a7cc224d87
--- /dev/null
+++ b/modules/Microsoft.ContainerRegistry/registries/.test/default/dependencies.bicep
@@ -0,0 +1,42 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
diff --git a/modules/Microsoft.ContainerRegistry/registries/.test/default/deploy.test.bicep b/modules/Microsoft.ContainerRegistry/registries/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..72b924f97b
--- /dev/null
+++ b/modules/Microsoft.ContainerRegistry/registries/.test/default/deploy.test.bicep
@@ -0,0 +1,102 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.containerregistry.registries-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'crrdef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    acrAdminUserEnabled: false
+    acrSku: 'Premium'
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    exportPolicyStatus: 'enabled'
+    lock: 'CanNotDelete'
+    privateEndpoints: [
+      {
+        service: 'registry'
+        subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+      }
+    ]
+    publicNetworkAccess: 'Disabled'
+    quarantinePolicyStatus: 'enabled'
+    replications: [
+      {
+        location: 'northeurope'
+        name: 'northeurope'
+      }
+    ]
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    systemAssignedIdentity: true
+    trustPolicyStatus: 'enabled'
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+    webhooks: [
+      {
+        name: '<<namePrefix>>acrx001webhook'
+        serviceUri: 'https://www.contoso.com/webhook'
+      }
+    ]
+  }
+}
diff --git a/modules/Microsoft.ContainerRegistry/registries/.test/encr.parameters.json b/modules/Microsoft.ContainerRegistry/registries/.test/encr.parameters.json
deleted file mode 100644
index 2ed76c34cb..0000000000
--- a/modules/Microsoft.ContainerRegistry/registries/.test/encr.parameters.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>azacrencr001"
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "publicNetworkAccess": {
-            "value": "Disabled"
-        },
-        "acrSku": {
-            "value": "Premium"
-        },
-        "cMKUserAssignedIdentityResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-        },
-        "cMKKeyVaultResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002"
-        },
-        "cMKKeyName": {
-            "value": "keyEncryptionKey"
-        }
-    }
-}
diff --git a/modules/Microsoft.ContainerRegistry/registries/.test/encr/dependencies.bicep b/modules/Microsoft.ContainerRegistry/registries/.test/encr/dependencies.bicep
new file mode 100644
index 0000000000..d8f9d790e3
--- /dev/null
+++ b/modules/Microsoft.ContainerRegistry/registries/.test/encr/dependencies.bicep
@@ -0,0 +1,85 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+    name: keyVaultName
+    location: location
+    properties: {
+        sku: {
+            family: 'A'
+            name: 'standard'
+        }
+        tenantId: tenant().tenantId
+        enablePurgeProtection: true // Required by batch account
+        softDeleteRetentionInDays: 7
+        enabledForTemplateDeployment: true
+        enabledForDiskEncryption: true
+        enabledForDeployment: true
+        enableRbacAuthorization: true
+        accessPolicies: []
+    }
+
+    resource key 'keys@2022-07-01' = {
+        name: 'keyEncryptionKey'
+        properties: {
+            kty: 'RSA'
+        }
+    }
+}
+
+resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${managedIdentity.name}-KeyVault-${keyVault.name}-Key-${keyVault::key.name}-Read-RoleAssignment')
+    scope: keyVault::key
+    properties: {
+        principalId: managedIdentity.properties.principalId
+        // Key Vault Crypto User
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424')
+        principalType: 'ServicePrincipal'
+    }
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The resource ID of the created Key Vault.')
+output keyVaultResourceId string = keyVault.id
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The name of the Key Vault Encryption Key.')
+output keyVaultEncryptionKeyName string = keyVault::key.name
diff --git a/modules/Microsoft.ContainerRegistry/registries/.test/encr/deploy.test.bicep b/modules/Microsoft.ContainerRegistry/registries/.test/encr/deploy.test.bicep
new file mode 100644
index 0000000000..36d07f259a
--- /dev/null
+++ b/modules/Microsoft.ContainerRegistry/registries/.test/encr/deploy.test.bicep
@@ -0,0 +1,59 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.containerregistry.registries-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'crrencr'
+
+@description('Generated. Used as a basis for unique resource names.')
+param baseTime string = utcNow('u')
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    // Adding base time to make the name unique as purge protection must be enabled (but may not be longer than 24 characters total)
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}-${substring(uniqueString(baseTime), 0, 3)}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    acrSku: 'Premium'
+    cMKKeyName: resourceGroupResources.outputs.keyVaultEncryptionKeyName
+    cMKKeyVaultResourceId: resourceGroupResources.outputs.keyVaultResourceId
+    cMKUserAssignedIdentityResourceId: resourceGroupResources.outputs.managedIdentityResourceId
+    publicNetworkAccess: 'Disabled'
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.ContainerRegistry/registries/.test/min.parameters.json b/modules/Microsoft.ContainerRegistry/registries/.test/min.parameters.json
deleted file mode 100644
index 255a9ddfcf..0000000000
--- a/modules/Microsoft.ContainerRegistry/registries/.test/min.parameters.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>azacrmin001"
-        }
-    }
-}
diff --git a/modules/Microsoft.ContainerRegistry/registries/.test/min/deploy.test.bicep b/modules/Microsoft.ContainerRegistry/registries/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..236838945d
--- /dev/null
+++ b/modules/Microsoft.ContainerRegistry/registries/.test/min/deploy.test.bicep
@@ -0,0 +1,37 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.containerregistry.registries-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'crrmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+  }
+}
diff --git a/modules/Microsoft.ContainerRegistry/registries/.test/parameters.json b/modules/Microsoft.ContainerRegistry/registries/.test/parameters.json
deleted file mode 100644
index ca1df52de6..0000000000
--- a/modules/Microsoft.ContainerRegistry/registries/.test/parameters.json
+++ /dev/null
@@ -1,87 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>azacrx001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "acrAdminUserEnabled": {
-            "value": false
-        },
-        "acrSku": {
-            "value": "Premium"
-        },
-        "exportPolicyStatus": {
-            "value": "enabled"
-        },
-        "quarantinePolicyStatus": {
-            "value": "enabled"
-        },
-        "trustPolicyStatus": {
-            "value": "enabled"
-        },
-        "replications": {
-            "value": [
-                {
-                    "name": "northeurope",
-                    "location": "northeurope"
-                }
-            ]
-        },
-        "webhooks": {
-            "value": [
-                {
-                    "name": "<<namePrefix>>azacrx001webhook",
-                    "serviceUri": "https://www.contoso.com/webhook"
-                }
-            ]
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "publicNetworkAccess": {
-            "value": "Disabled"
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "registry"
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.ContainerRegistry/registries/readme.md b/modules/Microsoft.ContainerRegistry/registries/readme.md
index 8d8ef7c088..1d069b925a 100644
--- a/modules/Microsoft.ContainerRegistry/registries/readme.md
+++ b/modules/Microsoft.ContainerRegistry/registries/readme.md
@@ -348,138 +348,32 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Encr</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-registries'
+module Registries './Microsoft.Containerregistry/Registries/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-crrdef'
   params: {
     // Required parameters
-    name: '<<namePrefix>>azacrencr001'
-    // Non-required parameters
-    acrSku: 'Premium'
-    cMKKeyName: 'keyEncryptionKey'
-    cMKKeyVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002'
-    cMKUserAssignedIdentityResourceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001'
-    publicNetworkAccess: 'Disabled'
-    userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "name": {
-      "value": "<<namePrefix>>azacrencr001"
-    },
-    // Non-required parameters
-    "acrSku": {
-      "value": "Premium"
-    },
-    "cMKKeyName": {
-      "value": "keyEncryptionKey"
-    },
-    "cMKKeyVaultResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002"
-    },
-    "cMKUserAssignedIdentityResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-    },
-    "publicNetworkAccess": {
-      "value": "Disabled"
-    },
-    "userAssignedIdentities": {
-      "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-      }
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Min</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-registries'
-  params: {
-    name: '<<namePrefix>>azacrmin001'
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    "name": {
-      "value": "<<namePrefix>>azacrmin001"
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 3: Parameters</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-registries'
-  params: {
-    // Required parameters
-    name: '<<namePrefix>>azacrx001'
+    name: '<<namePrefix>>crrdef001'
     // Non-required parameters
     acrAdminUserEnabled: false
     acrSku: 'Premium'
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     exportPolicyStatus: 'enabled'
     lock: 'CanNotDelete'
     privateEndpoints: [
       {
         service: 'registry'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
+        subnetResourceId: '<subnetResourceId>'
       }
     ]
     publicNetworkAccess: 'Disabled'
@@ -493,7 +387,7 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -501,11 +395,11 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
     systemAssignedIdentity: true
     trustPolicyStatus: 'enabled'
     userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+      '<managedIdentityResourceId>': {}
     }
     webhooks: [
       {
-        name: '<<namePrefix>>azacrx001webhook'
+        name: '<<namePrefix>>acrx001webhook'
         serviceUri: 'https://www.contoso.com/webhook'
       }
     ]
@@ -527,7 +421,7 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>azacrx001"
+      "value": "<<namePrefix>>crrdef001"
     },
     // Non-required parameters
     "acrAdminUserEnabled": {
@@ -537,19 +431,19 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
       "value": "Premium"
     },
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "exportPolicyStatus": {
       "value": "enabled"
@@ -561,7 +455,7 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
       "value": [
         {
           "service": "registry",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints"
+          "subnetResourceId": "<subnetResourceId>"
         }
       ]
     },
@@ -583,7 +477,7 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -597,13 +491,13 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
     },
     "userAssignedIdentities": {
       "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+        "<managedIdentityResourceId>": {}
       }
     },
     "webhooks": {
       "value": [
         {
-          "name": "<<namePrefix>>azacrx001webhook",
+          "name": "<<namePrefix>>acrx001webhook",
           "serviceUri": "https://www.contoso.com/webhook"
         }
       ]
@@ -614,3 +508,109 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
 
 </details>
 <p>
+
+<h3>Example 2: Encr</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module Registries './Microsoft.Containerregistry/Registries/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-crrencr'
+  params: {
+    // Required parameters
+    name: '<<namePrefix>>crrencr001'
+    // Non-required parameters
+    acrSku: 'Premium'
+    cMKKeyName: '<cMKKeyName>'
+    cMKKeyVaultResourceId: '<cMKKeyVaultResourceId>'
+    cMKUserAssignedIdentityResourceId: '<cMKUserAssignedIdentityResourceId>'
+    publicNetworkAccess: 'Disabled'
+    userAssignedIdentities: {
+      '<managedIdentityResourceId>': {}
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "name": {
+      "value": "<<namePrefix>>crrencr001"
+    },
+    // Non-required parameters
+    "acrSku": {
+      "value": "Premium"
+    },
+    "cMKKeyName": {
+      "value": "<cMKKeyName>"
+    },
+    "cMKKeyVaultResourceId": {
+      "value": "<cMKKeyVaultResourceId>"
+    },
+    "cMKUserAssignedIdentityResourceId": {
+      "value": "<cMKUserAssignedIdentityResourceId>"
+    },
+    "publicNetworkAccess": {
+      "value": "Disabled"
+    },
+    "userAssignedIdentities": {
+      "value": {
+        "<managedIdentityResourceId>": {}
+      }
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<h3>Example 3: Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module Registries './Microsoft.Containerregistry/Registries/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-crrmin'
+  params: {
+    name: '<<namePrefix>>crrmin001'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "name": {
+      "value": "<<namePrefix>>crrmin001"
+    }
+  }
+}
+```
+
+</details>
+<p>
diff --git a/modules/Microsoft.ContainerService/managedClusters/.test/azure.parameters.json b/modules/Microsoft.ContainerService/managedClusters/.test/azure.parameters.json
deleted file mode 100644
index 327780a374..0000000000
--- a/modules/Microsoft.ContainerService/managedClusters/.test/azure.parameters.json
+++ /dev/null
@@ -1,123 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-aks-azure-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "diskEncryptionSetID": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Compute/diskEncryptionSets/adp-<<namePrefix>>-az-des-x-001"
-        },
-        "primaryAgentPoolProfile": {
-            "value": [
-                {
-                    "name": "systempool",
-                    "osDiskSizeGB": 0,
-                    "count": 1,
-                    "enableAutoScaling": true,
-                    "minCount": 1,
-                    "maxCount": 3,
-                    "vmSize": "Standard_DS2_v2",
-                    "osType": "Linux",
-                    "storageProfile": "ManagedDisks",
-                    "type": "VirtualMachineScaleSets",
-                    "mode": "System",
-                    "vnetSubnetID": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-aks/subnets/Primary",
-                    "serviceCidr": "",
-                    "maxPods": 30,
-                    "availabilityZones": [
-                        "1"
-                    ]
-                }
-            ]
-        },
-        "aksClusterNetworkPlugin": {
-            "value": "azure"
-        },
-        "agentPools": {
-            "value": [
-                {
-                    "name": "userpool1",
-                    "vmSize": "Standard_DS2_v2",
-                    "osDiskSizeGB": 128,
-                    "count": 2,
-                    "osType": "Linux",
-                    "maxCount": 3,
-                    "minCount": 1,
-                    "enableAutoScaling": true,
-                    "scaleSetPriority": "Regular",
-                    "scaleSetEvictionPolicy": "Delete",
-                    "nodeLabels": {},
-                    "nodeTaints": [
-                        "CriticalAddonsOnly=true:NoSchedule"
-                    ],
-                    "type": "VirtualMachineScaleSets",
-                    "availabilityZones": [
-                        "1"
-                    ],
-                    "minPods": 2,
-                    "maxPods": 30,
-                    "storageProfile": "ManagedDisks",
-                    "mode": "User",
-                    "vnetSubnetID": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-aks/subnets/Secondary"
-                },
-                {
-                    "name": "userpool2",
-                    "vmSize": "Standard_DS2_v2",
-                    "osDiskSizeGB": 128,
-                    "count": 2,
-                    "osType": "Linux",
-                    "maxCount": 3,
-                    "minCount": 1,
-                    "enableAutoScaling": true,
-                    "scaleSetPriority": "Regular",
-                    "scaleSetEvictionPolicy": "Delete",
-                    "nodeLabels": {},
-                    "nodeTaints": [
-                        "CriticalAddonsOnly=true:NoSchedule"
-                    ],
-                    "type": "VirtualMachineScaleSets",
-                    "availabilityZones": [
-                        "1"
-                    ],
-                    "minPods": 2,
-                    "maxPods": 30,
-                    "storageProfile": "ManagedDisks",
-                    "mode": "User",
-                    "vnetSubnetID": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-aks/subnets/Tertiary"
-                }
-            ]
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        }
-    }
-}
diff --git a/modules/Microsoft.ContainerService/managedClusters/.test/azure/dependencies.bicep b/modules/Microsoft.ContainerService/managedClusters/.test/azure/dependencies.bicep
new file mode 100644
index 0000000000..c0d987c093
--- /dev/null
+++ b/modules/Microsoft.ContainerService/managedClusters/.test/azure/dependencies.bicep
@@ -0,0 +1,117 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Disk Encryption Set to create.')
+param diskEncryptionSetName string
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.1.0.0/22'
+            ]
+        }
+        subnets: [
+            {
+                name: 'systemSubnet'
+                properties: {
+                    addressPrefix: '10.1.0.0/24'
+                }
+            }
+            {
+                name: 'userSubnet1'
+                properties: {
+                    addressPrefix: '10.1.1.0/24'
+                }
+            }
+            {
+                name: 'userSubnet2'
+                properties: {
+                    addressPrefix: '10.1.2.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+    name: keyVaultName
+    location: location
+    properties: {
+        sku: {
+            family: 'A'
+            name: 'standard'
+        }
+        tenantId: tenant().tenantId
+        enablePurgeProtection: null
+        enabledForTemplateDeployment: true
+        enabledForDiskEncryption: true
+        enabledForDeployment: true
+        enableRbacAuthorization: true
+        accessPolicies: []
+    }
+
+    resource key 'keys@2022-07-01' = {
+        name: 'encryptionKey'
+        properties: {
+            kty: 'RSA'
+        }
+    }
+}
+
+resource diskEncryptionSet 'Microsoft.Compute/diskEncryptionSets@2021-04-01' = {
+    name: diskEncryptionSetName
+    location: location
+    identity: {
+        type: 'SystemAssigned'
+    }
+    properties: {
+        activeKey: {
+            sourceVault: {
+                id: keyVault.id
+            }
+            keyUrl: keyVault::key.properties.keyUriWithVersion
+        }
+        encryptionType: 'EncryptionAtRestWithCustomerKey'
+    }
+}
+
+resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${managedIdentityName}-KeyVault-Key-Read-RoleAssignment')
+    scope: keyVault
+    properties: {
+        principalId: diskEncryptionSet.identity.principalId
+        // Key Vault Crypto Service Encryption User
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')
+        principalType: 'ServicePrincipal'
+    }
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceIds array = [
+    virtualNetwork.properties.subnets[0].id
+    virtualNetwork.properties.subnets[1].id
+    virtualNetwork.properties.subnets[2].id
+]
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Disk Encryption Set.')
+output diskEncryptionSetResourceId string = diskEncryptionSet.id
diff --git a/modules/Microsoft.ContainerService/managedClusters/.test/azure/deploy.test.bicep b/modules/Microsoft.ContainerService/managedClusters/.test/azure/deploy.test.bicep
new file mode 100644
index 0000000000..1f76f72e7b
--- /dev/null
+++ b/modules/Microsoft.ContainerService/managedClusters/.test/azure/deploy.test.bicep
@@ -0,0 +1,153 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.containerservice.managedclusters-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'csma'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    diskEncryptionSetName: 'dep-<<namePrefix>>-des-${serviceShort}'
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    primaryAgentPoolProfile: [
+      {
+        availabilityZones: [
+          '1'
+        ]
+        count: 1
+        enableAutoScaling: true
+        maxCount: 3
+        maxPods: 30
+        minCount: 1
+        mode: 'System'
+        name: 'systempool'
+        osDiskSizeGB: 0
+        osType: 'Linux'
+        serviceCidr: ''
+        storageProfile: 'ManagedDisks'
+        type: 'VirtualMachineScaleSets'
+        vmSize: 'Standard_DS2_v2'
+        vnetSubnetID: resourceGroupResources.outputs.subnetResourceIds[0]
+      }
+    ]
+    // Non-required parameters
+    agentPools: [
+      {
+        availabilityZones: [
+          '1'
+        ]
+        count: 2
+        enableAutoScaling: true
+        maxCount: 3
+        maxPods: 30
+        minCount: 1
+        minPods: 2
+        mode: 'User'
+        name: 'userpool1'
+        nodeLabels: {}
+        nodeTaints: [
+          'CriticalAddonsOnly=true:NoSchedule'
+        ]
+        osDiskSizeGB: 128
+        osType: 'Linux'
+        scaleSetEvictionPolicy: 'Delete'
+        scaleSetPriority: 'Regular'
+        storageProfile: 'ManagedDisks'
+        type: 'VirtualMachineScaleSets'
+        vmSize: 'Standard_DS2_v2'
+        vnetSubnetID: resourceGroupResources.outputs.subnetResourceIds[1]
+      }
+      {
+        availabilityZones: [
+          '1'
+        ]
+        count: 2
+        enableAutoScaling: true
+        maxCount: 3
+        maxPods: 30
+        minCount: 1
+        minPods: 2
+        mode: 'User'
+        name: 'userpool2'
+        nodeLabels: {}
+        nodeTaints: [
+          'CriticalAddonsOnly=true:NoSchedule'
+        ]
+        osDiskSizeGB: 128
+        osType: 'Linux'
+        scaleSetEvictionPolicy: 'Delete'
+        scaleSetPriority: 'Regular'
+        storageProfile: 'ManagedDisks'
+        type: 'VirtualMachineScaleSets'
+        vmSize: 'Standard_DS2_v2'
+        vnetSubnetID: resourceGroupResources.outputs.subnetResourceIds[2]
+      }
+    ]
+    aksClusterNetworkPlugin: 'azure'
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    diskEncryptionSetID: resourceGroupResources.outputs.diskEncryptionSetResourceId
+    lock: 'CanNotDelete'
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    systemAssignedIdentity: true
+  }
+}
diff --git a/modules/Microsoft.ContainerService/managedClusters/.test/kubenet.parameters.json b/modules/Microsoft.ContainerService/managedClusters/.test/kubenet.parameters.json
deleted file mode 100644
index 3e274f46ca..0000000000
--- a/modules/Microsoft.ContainerService/managedClusters/.test/kubenet.parameters.json
+++ /dev/null
@@ -1,116 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-aks-kubenet-001"
-        },
-        "primaryAgentPoolProfile": {
-            "value": [
-                {
-                    "name": "systempool",
-                    "osDiskSizeGB": 0,
-                    "count": 1,
-                    "enableAutoScaling": true,
-                    "minCount": 1,
-                    "maxCount": 3,
-                    "vmSize": "Standard_DS2_v2",
-                    "osType": "Linux",
-                    "storageProfile": "ManagedDisks",
-                    "type": "VirtualMachineScaleSets",
-                    "mode": "System",
-                    "serviceCidr": "",
-                    "maxPods": 30,
-                    "availabilityZones": [
-                        "1"
-                    ]
-                }
-            ]
-        },
-        "aksClusterNetworkPlugin": {
-            "value": "kubenet"
-        },
-        "agentPools": {
-            "value": [
-                {
-                    "name": "userpool1",
-                    "vmSize": "Standard_DS2_v2",
-                    "osDiskSizeGB": 128,
-                    "count": 2,
-                    "osType": "Linux",
-                    "maxCount": 3,
-                    "minCount": 1,
-                    "enableAutoScaling": true,
-                    "scaleSetPriority": "Regular",
-                    "scaleSetEvictionPolicy": "Delete",
-                    "nodeLabels": {},
-                    "nodeTaints": [
-                        "CriticalAddonsOnly=true:NoSchedule"
-                    ],
-                    "type": "VirtualMachineScaleSets",
-                    "availabilityZones": [
-                        "1"
-                    ],
-                    "minPods": 2,
-                    "maxPods": 30,
-                    "storageProfile": "ManagedDisks",
-                    "mode": "User"
-                },
-                {
-                    "name": "userpool2",
-                    "vmSize": "Standard_DS2_v2",
-                    "osDiskSizeGB": 128,
-                    "count": 2,
-                    "osType": "Linux",
-                    "maxCount": 3,
-                    "minCount": 1,
-                    "enableAutoScaling": true,
-                    "scaleSetPriority": "Regular",
-                    "scaleSetEvictionPolicy": "Delete",
-                    "nodeLabels": {},
-                    "nodeTaints": [
-                        "CriticalAddonsOnly=true:NoSchedule"
-                    ],
-                    "type": "VirtualMachineScaleSets",
-                    "availabilityZones": [
-                        "1"
-                    ],
-                    "minPods": 2,
-                    "maxPods": 30,
-                    "storageProfile": "ManagedDisks",
-                    "mode": "User"
-                }
-            ]
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        }
-    }
-}
diff --git a/modules/Microsoft.ContainerService/managedClusters/.test/kubenet/dependencies.bicep b/modules/Microsoft.ContainerService/managedClusters/.test/kubenet/dependencies.bicep
new file mode 100644
index 0000000000..cc8645d745
--- /dev/null
+++ b/modules/Microsoft.ContainerService/managedClusters/.test/kubenet/dependencies.bicep
@@ -0,0 +1,16 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
diff --git a/modules/Microsoft.ContainerService/managedClusters/.test/kubenet/deploy.test.bicep b/modules/Microsoft.ContainerService/managedClusters/.test/kubenet/deploy.test.bicep
new file mode 100644
index 0000000000..3a7d33ef88
--- /dev/null
+++ b/modules/Microsoft.ContainerService/managedClusters/.test/kubenet/deploy.test.bicep
@@ -0,0 +1,147 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.containerservice.managedclusters-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'csmk'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    primaryAgentPoolProfile: [
+      {
+        availabilityZones: [
+          '1'
+        ]
+        count: 1
+        enableAutoScaling: true
+        maxCount: 3
+        maxPods: 30
+        minCount: 1
+        mode: 'System'
+        name: 'systempool'
+        osDiskSizeGB: 0
+        osType: 'Linux'
+        serviceCidr: ''
+        storageProfile: 'ManagedDisks'
+        type: 'VirtualMachineScaleSets'
+        vmSize: 'Standard_DS2_v2'
+      }
+    ]
+    // Non-required parameters
+    agentPools: [
+      {
+        availabilityZones: [
+          '1'
+        ]
+        count: 2
+        enableAutoScaling: true
+        maxCount: 3
+        maxPods: 30
+        minCount: 1
+        minPods: 2
+        mode: 'User'
+        name: 'userpool1'
+        nodeLabels: {}
+        nodeTaints: [
+          'CriticalAddonsOnly=true:NoSchedule'
+        ]
+        osDiskSizeGB: 128
+        osType: 'Linux'
+        scaleSetEvictionPolicy: 'Delete'
+        scaleSetPriority: 'Regular'
+        storageProfile: 'ManagedDisks'
+        type: 'VirtualMachineScaleSets'
+        vmSize: 'Standard_DS2_v2'
+      }
+      {
+        availabilityZones: [
+          '1'
+        ]
+        count: 2
+        enableAutoScaling: true
+        maxCount: 3
+        maxPods: 30
+        minCount: 1
+        minPods: 2
+        mode: 'User'
+        name: 'userpool2'
+        nodeLabels: {}
+        nodeTaints: [
+          'CriticalAddonsOnly=true:NoSchedule'
+        ]
+        osDiskSizeGB: 128
+        osType: 'Linux'
+        scaleSetEvictionPolicy: 'Delete'
+        scaleSetPriority: 'Regular'
+        storageProfile: 'ManagedDisks'
+        type: 'VirtualMachineScaleSets'
+        vmSize: 'Standard_DS2_v2'
+      }
+    ]
+    aksClusterNetworkPlugin: 'kubenet'
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep b/modules/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep
index 66127c2b07..86b7c009ac 100644
--- a/modules/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep
+++ b/modules/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep
@@ -187,11 +187,11 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
   }
 }
 
-resource managedCluster 'Microsoft.ContainerService/managedClusters@2021-08-01' existing = {
+resource managedCluster 'Microsoft.ContainerService/managedClusters@2022-06-01' existing = {
   name: managedClusterName
 }
 
-resource agentPool 'Microsoft.ContainerService/managedClusters/agentPools@2021-08-01' = {
+resource agentPool 'Microsoft.ContainerService/managedClusters/agentPools@2022-06-01' = {
   name: name
   parent: managedCluster
   properties: {
diff --git a/modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md b/modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md
index 7defa13609..e3961dda9b 100644
--- a/modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md
+++ b/modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md
@@ -13,7 +13,7 @@ This module deploys an Agent Pool for a Container Service Managed Cluster
 
 | Resource Type | API Version |
 | :-- | :-- |
-| `Microsoft.ContainerService/managedClusters/agentPools` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2021-08-01/managedClusters/agentPools) |
+| `Microsoft.ContainerService/managedClusters/agentPools` | [2022-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2022-06-01/managedClusters/agentPools) |
 
 ## Parameters
 
diff --git a/modules/Microsoft.ContainerService/managedClusters/deploy.bicep b/modules/Microsoft.ContainerService/managedClusters/deploy.bicep
index dfb5edc731..e54235b227 100644
--- a/modules/Microsoft.ContainerService/managedClusters/deploy.bicep
+++ b/modules/Microsoft.ContainerService/managedClusters/deploy.bicep
@@ -286,7 +286,7 @@ param lock string = ''
 @description('Optional. Tags of the resource.')
 param tags object = {}
 
-@description('Optional. The resource ID of the disc encryption set to apply to the clsuter. For security reasons, this value should be provided.')
+@description('Optional. The resource ID of the disc encryption set to apply to the cluster. For security reasons, this value should be provided.')
 param diskEncryptionSetID string = ''
 
 @description('Optional. The name of logs that will be streamed.')
@@ -378,7 +378,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
   }
 }
 
-resource managedCluster 'Microsoft.ContainerService/managedClusters@2022-04-02-preview' = {
+resource managedCluster 'Microsoft.ContainerService/managedClusters@2022-06-01' = {
   name: name
   location: location
   tags: tags
diff --git a/modules/Microsoft.ContainerService/managedClusters/readme.md b/modules/Microsoft.ContainerService/managedClusters/readme.md
index 264253da80..76a62f5755 100644
--- a/modules/Microsoft.ContainerService/managedClusters/readme.md
+++ b/modules/Microsoft.ContainerService/managedClusters/readme.md
@@ -16,8 +16,8 @@ This module deploys Azure Kubernetes Cluster (AKS).
 | :-- | :-- |
 | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) |
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-| `Microsoft.ContainerService/managedClusters` | [2022-04-02-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2022-04-02-preview/managedClusters) |
-| `Microsoft.ContainerService/managedClusters/agentPools` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2021-08-01/managedClusters/agentPools) |
+| `Microsoft.ContainerService/managedClusters` | [2022-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2022-06-01/managedClusters) |
+| `Microsoft.ContainerService/managedClusters/agentPools` | [2022-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2022-06-01/managedClusters/agentPools) |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
 
 ## Parameters
@@ -89,7 +89,7 @@ This module deploys Azure Kubernetes Cluster (AKS).
 | `diagnosticWorkspaceId` | string | `''` |  | Resource ID of the diagnostic log analytics workspace. |
 | `disableLocalAccounts` | bool | `False` |  | If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. |
 | `disableRunCommand` | bool | `False` |  | Whether to disable run command for the cluster or not. |
-| `diskEncryptionSetID` | string | `''` |  | The resource ID of the disc encryption set to apply to the clsuter. For security reasons, this value should be provided. |
+| `diskEncryptionSetID` | string | `''` |  | The resource ID of the disc encryption set to apply to the cluster. For security reasons, this value should be provided. |
 | `enableAzureDefender` | bool | `False` |  | Whether to enable Azure Defender. |
 | `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `enableKeyvaultSecretsProvider` | bool | `False` |  | Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. |
@@ -376,10 +376,10 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-managedClusters'
+  name: '${uniqueString(deployment().name)}-test-csma'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-aks-azure-001'
+    name: '<<namePrefix>>csma001'
     primaryAgentPoolProfile: [
       {
         availabilityZones: [
@@ -398,7 +398,7 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
         storageProfile: 'ManagedDisks'
         type: 'VirtualMachineScaleSets'
         vmSize: 'Standard_DS2_v2'
-        vnetSubnetID: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-aks/subnets/Primary'
+        vnetSubnetID: '<vnetSubnetID>'
       }
     ]
     // Non-required parameters
@@ -426,7 +426,7 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
         storageProfile: 'ManagedDisks'
         type: 'VirtualMachineScaleSets'
         vmSize: 'Standard_DS2_v2'
-        vnetSubnetID: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-aks/subnets/Secondary'
+        vnetSubnetID: '<vnetSubnetID>'
       }
       {
         availabilityZones: [
@@ -451,21 +451,21 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
         storageProfile: 'ManagedDisks'
         type: 'VirtualMachineScaleSets'
         vmSize: 'Standard_DS2_v2'
-        vnetSubnetID: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-aks/subnets/Tertiary'
+        vnetSubnetID: '<vnetSubnetID>'
       }
     ]
     aksClusterNetworkPlugin: 'azure'
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
-    diskEncryptionSetID: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Compute/diskEncryptionSets/adp-<<namePrefix>>-az-des-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
+    diskEncryptionSetID: '<diskEncryptionSetID>'
     lock: 'CanNotDelete'
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -489,7 +489,7 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-aks-azure-001"
+      "value": "<<namePrefix>>csma001"
     },
     "primaryAgentPoolProfile": {
       "value": [
@@ -510,7 +510,7 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
           "storageProfile": "ManagedDisks",
           "type": "VirtualMachineScaleSets",
           "vmSize": "Standard_DS2_v2",
-          "vnetSubnetID": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-aks/subnets/Primary"
+          "vnetSubnetID": "<vnetSubnetID>"
         }
       ]
     },
@@ -540,7 +540,7 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
           "storageProfile": "ManagedDisks",
           "type": "VirtualMachineScaleSets",
           "vmSize": "Standard_DS2_v2",
-          "vnetSubnetID": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-aks/subnets/Secondary"
+          "vnetSubnetID": "<vnetSubnetID>"
         },
         {
           "availabilityZones": [
@@ -565,7 +565,7 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
           "storageProfile": "ManagedDisks",
           "type": "VirtualMachineScaleSets",
           "vmSize": "Standard_DS2_v2",
-          "vnetSubnetID": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-aks/subnets/Tertiary"
+          "vnetSubnetID": "<vnetSubnetID>"
         }
       ]
     },
@@ -573,22 +573,22 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
       "value": "azure"
     },
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "diskEncryptionSetID": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Compute/diskEncryptionSets/adp-<<namePrefix>>-az-des-x-001"
+      "value": "<diskEncryptionSetID>"
     },
     "lock": {
       "value": "CanNotDelete"
@@ -597,7 +597,7 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -621,10 +621,10 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
 
 ```bicep
 module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-managedClusters'
+  name: '${uniqueString(deployment().name)}-test-csmk'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-aks-kubenet-001'
+    name: '<<namePrefix>>csmk001'
     primaryAgentPoolProfile: [
       {
         availabilityZones: [
@@ -697,21 +697,21 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
       }
     ]
     aksClusterNetworkPlugin: 'kubenet'
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
     ]
     userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+      '<managedIdentityResourceId>': {}
     }
   }
 }
@@ -731,7 +731,7 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-aks-kubenet-001"
+      "value": "<<namePrefix>>csmk001"
     },
     "primaryAgentPoolProfile": {
       "value": [
@@ -812,25 +812,25 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
       "value": "kubenet"
     },
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "roleAssignments": {
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -838,7 +838,7 @@ module managedClusters './Microsoft.ContainerService/managedClusters/deploy.bice
     },
     "userAssignedIdentities": {
       "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+        "<managedIdentityResourceId>": {}
       }
     }
   }
diff --git a/modules/Microsoft.DataFactory/factories/.test/default/dependencies.bicep b/modules/Microsoft.DataFactory/factories/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..99c3536651
--- /dev/null
+++ b/modules/Microsoft.DataFactory/factories/.test/default/dependencies.bicep
@@ -0,0 +1,133 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Storage Account to create.')
+param storageAccountName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
+    name: 'privatelink.datafactory.azure.net'
+    location: 'global'
+
+    resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = {
+        name: '${virtualNetworkName}-vnetlink'
+        location: 'global'
+        properties: {
+            virtualNetwork: {
+                id: virtualNetwork.id
+            }
+            registrationEnabled: false
+        }
+    }
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+    name: keyVaultName
+    location: location
+    properties: {
+        sku: {
+            family: 'A'
+            name: 'standard'
+        }
+        tenantId: tenant().tenantId
+        enablePurgeProtection: null
+        enabledForTemplateDeployment: true
+        enabledForDiskEncryption: true
+        enabledForDeployment: true
+        enableRbacAuthorization: true
+        accessPolicies: []
+    }
+
+    resource key 'keys@2022-07-01' = {
+        name: 'encryptionKey'
+        properties: {
+            kty: 'RSA'
+        }
+    }
+}
+
+resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${managedIdentityName}-KeyVault-Key-Read-RoleAssignment')
+    scope: keyVault::key
+    properties: {
+        principalId: managedIdentity.properties.principalId
+        // Key Vault Crypto User
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424')
+        principalType: 'ServicePrincipal'
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-08-01' = {
+    name: storageAccountName
+    location: location
+    kind: 'StorageV2'
+    sku: {
+        name: 'Standard_LRS'
+    }
+    properties: {
+        allowBlobPublicAccess: false
+    }
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output privateDNSResourceId string = privateDNSZone.id
+
+@description('The resource ID of the created Key Vault.')
+output keyVaultResourceId string = keyVault.id
+
+@description('The URL of the created Key Vault.')
+output keyVaultUrl string = keyVault.properties.vaultUri
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The name of the created Key Vault Encryption Key.')
+output keyVaultEncryptionKeyName string = keyVault::key.name
+
+@description('The resource ID of the created Storage Account.')
+output storageAccountResourceId string = storageAccount.id
+
+@description('The name of the created Storage Account.')
+output storageAccountName string = storageAccount.name
+
+@description('The Blob Endpoint of the created Storage Account.')
+output storageAccountBlobEndpoint string = storageAccount.properties.primaryEndpoints.blob
diff --git a/modules/Microsoft.DataFactory/factories/.test/default/deploy.test.bicep b/modules/Microsoft.DataFactory/factories/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..ef6a36dcfe
--- /dev/null
+++ b/modules/Microsoft.DataFactory/factories/.test/default/deploy.test.bicep
@@ -0,0 +1,117 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.datafactory.factories-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'dffdef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    storageAccountName: 'dep<<namePrefix>>st${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    cMKKeyName: resourceGroupResources.outputs.keyVaultEncryptionKeyName
+    cMKKeyVaultResourceId: resourceGroupResources.outputs.keyVaultResourceId
+    cMKUserAssignedIdentityResourceId: resourceGroupResources.outputs.managedIdentityResourceId
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    gitConfigureLater: true
+    integrationRuntime: {
+      managedVirtualNetworkName: 'default'
+      name: 'AutoResolveIntegrationRuntime'
+      type: 'Managed'
+      typeProperties: {
+        computeProperties: {
+          location: 'AutoResolve'
+        }
+      }
+    }
+    lock: 'CanNotDelete'
+    managedPrivateEndpoints: [
+      {
+        fqdns: [
+          resourceGroupResources.outputs.storageAccountBlobEndpoint
+        ]
+        groupId: 'blob'
+        name: '${resourceGroupResources.outputs.storageAccountName}-managed-privateEndpoint'
+        privateLinkResourceId: resourceGroupResources.outputs.storageAccountResourceId
+      }
+    ]
+    managedVirtualNetworkName: 'default'
+    privateEndpoints: [
+      {
+        privateDnsZoneGroups: {
+          privateDNSResourceIds: [
+            resourceGroupResources.outputs.privateDNSResourceId
+          ]
+        }
+        service: 'dataFactory'
+        subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+      }
+    ]
+    publicNetworkAccess: 'Disabled'
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    systemAssignedIdentity: true
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.DataFactory/factories/.test/min.parameters.json b/modules/Microsoft.DataFactory/factories/.test/min.parameters.json
deleted file mode 100644
index f432bf3874..0000000000
--- a/modules/Microsoft.DataFactory/factories/.test/min.parameters.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-adf-min-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.DataFactory/factories/.test/min/deploy.test.bicep b/modules/Microsoft.DataFactory/factories/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..a9a1365ce1
--- /dev/null
+++ b/modules/Microsoft.DataFactory/factories/.test/min/deploy.test.bicep
@@ -0,0 +1,37 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.datafactory.factories-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'dffmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+  }
+}
diff --git a/modules/Microsoft.DataFactory/factories/.test/parameters.json b/modules/Microsoft.DataFactory/factories/.test/parameters.json
deleted file mode 100644
index 53bdc9cc7b..0000000000
--- a/modules/Microsoft.DataFactory/factories/.test/parameters.json
+++ /dev/null
@@ -1,100 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-adf-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "managedVirtualNetworkName": {
-            "value": "default"
-        },
-        "managedPrivateEndpoints": {
-            "value": [
-                {
-                    "name": "adp<<namePrefix>>azsax001-managed-privateEndpoint",
-                    "groupId": "blob",
-                    "fqdns": [
-                        "adp<<namePrefix>>azsax001.blob.core.windows.net"
-                    ],
-                    "privateLinkResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-                }
-            ]
-        },
-        "integrationRuntime": {
-            "value": {
-                "name": "AutoResolveIntegrationRuntime",
-                "type": "Managed",
-                "managedVirtualNetworkName": "default",
-                "typeProperties": {
-                    "computeProperties": {
-                        "location": "AutoResolve"
-                    }
-                }
-            }
-        },
-        "publicNetworkAccess": {
-            "value": "Disabled"
-        },
-        "gitConfigureLater": {
-            "value": true
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "dataFactory",
-                    "privateDnsZoneGroups": {
-                        "privateDNSResourceIds": [
-                            "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net"
-                        ]
-                    }
-                }
-            ]
-        },
-        "cMKUserAssignedIdentityResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-        },
-        "cMKKeyName": {
-            "value": "keyEncryptionKey"
-        },
-        "cMKKeyVaultResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002"
-        }
-    }
-}
diff --git a/modules/Microsoft.DataFactory/factories/readme.md b/modules/Microsoft.DataFactory/factories/readme.md
index 9f6e6f6502..4cb3dfcfd9 100644
--- a/modules/Microsoft.DataFactory/factories/readme.md
+++ b/modules/Microsoft.DataFactory/factories/readme.md
@@ -353,7 +353,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Min</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
@@ -361,56 +361,19 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module factories './Microsoft.DataFactory/factories/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-factories'
-  params: {
-    name: '<<namePrefix>>-adf-min-001'
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    "name": {
-      "value": "<<namePrefix>>-adf-min-001"
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Parameters</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module factories './Microsoft.DataFactory/factories/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-factories'
+  name: '${uniqueString(deployment().name)}-test-dffdef'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-adf-001'
+    name: '<<namePrefix>>dffdef001'
     // Non-required parameters
-    cMKKeyName: 'keyEncryptionKey'
-    cMKKeyVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002'
-    cMKUserAssignedIdentityResourceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001'
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    cMKKeyName: '<cMKKeyName>'
+    cMKKeyVaultResourceId: '<cMKKeyVaultResourceId>'
+    cMKUserAssignedIdentityResourceId: '<cMKUserAssignedIdentityResourceId>'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     gitConfigureLater: true
     integrationRuntime: {
       managedVirtualNetworkName: 'default'
@@ -426,11 +389,11 @@ module factories './Microsoft.DataFactory/factories/deploy.bicep' = {
     managedPrivateEndpoints: [
       {
         fqdns: [
-          'adp<<namePrefix>>azsax001.blob.core.windows.net'
+          '<storageAccountBlobEndpoint>'
         ]
         groupId: 'blob'
-        name: 'adp<<namePrefix>>azsax001-managed-privateEndpoint'
-        privateLinkResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
+        name: '${resourceGroupResources.outputs.storageAccountName}-managed-privateEndpoint'
+        privateLinkResourceId: '<privateLinkResourceId>'
       }
     ]
     managedVirtualNetworkName: 'default'
@@ -438,25 +401,25 @@ module factories './Microsoft.DataFactory/factories/deploy.bicep' = {
       {
         privateDnsZoneGroups: {
           privateDNSResourceIds: [
-            '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net'
+            '<privateDNSResourceId>'
           ]
         }
         service: 'dataFactory'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
+        subnetResourceId: '<subnetResourceId>'
       }
     ]
     publicNetworkAccess: 'Disabled'
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
     ]
     systemAssignedIdentity: true
     userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+      '<managedIdentityResourceId>': {}
     }
   }
 }
@@ -476,32 +439,32 @@ module factories './Microsoft.DataFactory/factories/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-adf-001"
+      "value": "<<namePrefix>>dffdef001"
     },
     // Non-required parameters
     "cMKKeyName": {
-      "value": "keyEncryptionKey"
+      "value": "<cMKKeyName>"
     },
     "cMKKeyVaultResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002"
+      "value": "<cMKKeyVaultResourceId>"
     },
     "cMKUserAssignedIdentityResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
+      "value": "<cMKUserAssignedIdentityResourceId>"
     },
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "gitConfigureLater": {
       "value": true
@@ -525,11 +488,11 @@ module factories './Microsoft.DataFactory/factories/deploy.bicep' = {
       "value": [
         {
           "fqdns": [
-            "adp<<namePrefix>>azsax001.blob.core.windows.net"
+            "<storageAccountBlobEndpoint>"
           ],
           "groupId": "blob",
-          "name": "adp<<namePrefix>>azsax001-managed-privateEndpoint",
-          "privateLinkResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+          "name": "${resourceGroupResources.outputs.storageAccountName}-managed-privateEndpoint",
+          "privateLinkResourceId": "<privateLinkResourceId>"
         }
       ]
     },
@@ -541,11 +504,11 @@ module factories './Microsoft.DataFactory/factories/deploy.bicep' = {
         {
           "privateDnsZoneGroups": {
             "privateDNSResourceIds": [
-              "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net"
+              "<privateDNSResourceId>"
             ]
           },
           "service": "dataFactory",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints"
+          "subnetResourceId": "<subnetResourceId>"
         }
       ]
     },
@@ -556,7 +519,7 @@ module factories './Microsoft.DataFactory/factories/deploy.bicep' = {
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -567,7 +530,7 @@ module factories './Microsoft.DataFactory/factories/deploy.bicep' = {
     },
     "userAssignedIdentities": {
       "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+        "<managedIdentityResourceId>": {}
       }
     }
   }
@@ -576,3 +539,40 @@ module factories './Microsoft.DataFactory/factories/deploy.bicep' = {
 
 </details>
 <p>
+
+<h3>Example 2: Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module factories './Microsoft.DataFactory/factories/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-dffmin'
+  params: {
+    name: '<<namePrefix>>dffmin001'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "name": {
+      "value": "<<namePrefix>>dffmin001"
+    }
+  }
+}
+```
+
+</details>
+<p>
diff --git a/modules/Microsoft.KeyVault/vaults/.test/min.parameters.json b/modules/Microsoft.KeyVault/vaults/.test/min.parameters.json
index 1b3f85781f..6aef9589c0 100644
--- a/modules/Microsoft.KeyVault/vaults/.test/min.parameters.json
+++ b/modules/Microsoft.KeyVault/vaults/.test/min.parameters.json
@@ -3,7 +3,7 @@
     "contentVersion": "1.0.0.0",
     "parameters": {
         "name": {
-            "value": "<<namePrefix>>-az-kv-min-001"
+            "value": "<<namePrefix>>-az-kv-min-002"
         }
     }
 }
diff --git a/modules/Microsoft.KeyVault/vaults/readme.md b/modules/Microsoft.KeyVault/vaults/readme.md
index 76df8d3534..fef5ff065b 100644
--- a/modules/Microsoft.KeyVault/vaults/readme.md
+++ b/modules/Microsoft.KeyVault/vaults/readme.md
@@ -406,7 +406,7 @@ The following module usage examples are retrieved from the content of the files
 module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = {
   name: '${uniqueString(deployment().name)}-vaults'
   params: {
-    name: '<<namePrefix>>-az-kv-min-001'
+    name: '<<namePrefix>>-az-kv-min-002'
   }
 }
 ```
@@ -424,7 +424,7 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = {
   "contentVersion": "1.0.0.0",
   "parameters": {
     "name": {
-      "value": "<<namePrefix>>-az-kv-min-001"
+      "value": "<<namePrefix>>-az-kv-min-002"
     }
   }
 }
diff --git a/modules/Microsoft.KubernetesConfiguration/extensions/.test/default/dependencies.bicep b/modules/Microsoft.KubernetesConfiguration/extensions/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..0f9ca8f0ee
--- /dev/null
+++ b/modules/Microsoft.KubernetesConfiguration/extensions/.test/default/dependencies.bicep
@@ -0,0 +1,43 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the AKS cluster to create.')
+param clusterName string
+
+@description('Required. The name of the AKS cluster nodes resource group to create.')
+param clusterNodeResourceGroupName string
+
+resource cluster 'Microsoft.ContainerService/managedClusters@2022-06-01' = {
+  name: clusterName
+  location: location
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    dnsPrefix: clusterName
+    nodeResourceGroup: clusterNodeResourceGroupName
+    agentPoolProfiles: [
+      {
+        name: 'agentpool'
+        // osDiskSizeGB: osDiskSizeGB
+        count: 1
+        vmSize: 'Standard_DS2_v2'
+        osType: 'Linux'
+        mode: 'System'
+      }
+    ]
+    // linuxProfile: {
+    //   adminUsername: 'azureuser'
+    //   ssh: {
+    //     publicKeys: [
+    //       {
+    //         keyData: sshRSAPublicKey
+    //       }
+    //     ]
+    //   }
+    // }
+  }
+}
+
+@description('The name of the created AKS cluster.')
+output clusterName string = cluster.name
diff --git a/modules/Microsoft.KubernetesConfiguration/extensions/.test/default/deploy.test.bicep b/modules/Microsoft.KubernetesConfiguration/extensions/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..24b0109288
--- /dev/null
+++ b/modules/Microsoft.KubernetesConfiguration/extensions/.test/default/deploy.test.bicep
@@ -0,0 +1,58 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.kubernetesconfiguration.extensions-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'kcedef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    clusterName: 'dep-<<namePrefix>>-aks-${serviceShort}'
+    clusterNodeResourceGroupName: 'nodes-${resourceGroupName}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    clusterName: resourceGroupResources.outputs.clusterName
+    extensionType: 'microsoft.flux'
+    configurationSettings: {
+      'image-automation-controller.enabled': 'false'
+      'image-reflector-controller.enabled': 'false'
+      'kustomize-controller.enabled': 'true'
+      'notification-controller.enabled': 'false'
+      'source-controller.enabled': 'true'
+    }
+    releaseNamespace: 'flux-system'
+    releaseTrain: 'Stable'
+    version: '0.5.2'
+  }
+}
diff --git a/modules/Microsoft.KubernetesConfiguration/extensions/.test/min.parameters.json b/modules/Microsoft.KubernetesConfiguration/extensions/.test/min.parameters.json
deleted file mode 100644
index 8beee2d23b..0000000000
--- a/modules/Microsoft.KubernetesConfiguration/extensions/.test/min.parameters.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "flux"
-        },
-        "extensionType": {
-            "value": "microsoft.flux"
-        },
-        "clusterName": {
-            "value": "<<namePrefix>>-az-aks-kubenet-001"
-        },
-        "releaseTrain": {
-            "value": "Stable"
-        },
-        "releaseNamespace": {
-            "value": "flux-system"
-        }
-    }
-}
diff --git a/modules/Microsoft.KubernetesConfiguration/extensions/.test/min/dependencies.bicep b/modules/Microsoft.KubernetesConfiguration/extensions/.test/min/dependencies.bicep
new file mode 100644
index 0000000000..0f9ca8f0ee
--- /dev/null
+++ b/modules/Microsoft.KubernetesConfiguration/extensions/.test/min/dependencies.bicep
@@ -0,0 +1,43 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the AKS cluster to create.')
+param clusterName string
+
+@description('Required. The name of the AKS cluster nodes resource group to create.')
+param clusterNodeResourceGroupName string
+
+resource cluster 'Microsoft.ContainerService/managedClusters@2022-06-01' = {
+  name: clusterName
+  location: location
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    dnsPrefix: clusterName
+    nodeResourceGroup: clusterNodeResourceGroupName
+    agentPoolProfiles: [
+      {
+        name: 'agentpool'
+        // osDiskSizeGB: osDiskSizeGB
+        count: 1
+        vmSize: 'Standard_DS2_v2'
+        osType: 'Linux'
+        mode: 'System'
+      }
+    ]
+    // linuxProfile: {
+    //   adminUsername: 'azureuser'
+    //   ssh: {
+    //     publicKeys: [
+    //       {
+    //         keyData: sshRSAPublicKey
+    //       }
+    //     ]
+    //   }
+    // }
+  }
+}
+
+@description('The name of the created AKS cluster.')
+output clusterName string = cluster.name
diff --git a/modules/Microsoft.KubernetesConfiguration/extensions/.test/min/deploy.test.bicep b/modules/Microsoft.KubernetesConfiguration/extensions/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..46f99eed16
--- /dev/null
+++ b/modules/Microsoft.KubernetesConfiguration/extensions/.test/min/deploy.test.bicep
@@ -0,0 +1,50 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.kubernetesconfiguration.extensions-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'kcemin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    clusterName: 'dep-<<namePrefix>>-aks-${serviceShort}'
+    clusterNodeResourceGroupName: 'nodes-${resourceGroupName}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    clusterName: resourceGroupResources.outputs.clusterName
+    extensionType: 'microsoft.flux'
+    releaseNamespace: 'flux-system'
+    releaseTrain: 'Stable'
+  }
+}
diff --git a/modules/Microsoft.KubernetesConfiguration/extensions/.test/parameters.json b/modules/Microsoft.KubernetesConfiguration/extensions/.test/parameters.json
deleted file mode 100644
index 29ca85067d..0000000000
--- a/modules/Microsoft.KubernetesConfiguration/extensions/.test/parameters.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "flux"
-        },
-        "extensionType": {
-            "value": "microsoft.flux"
-        },
-        "clusterName": {
-            "value": "<<namePrefix>>-az-aks-kubenet-001"
-        },
-        "releaseTrain": {
-            "value": "Stable"
-        },
-        "releaseNamespace": {
-            "value": "flux-system"
-        },
-        "version": {
-            "value": "0.5.2"
-        },
-        "configurationSettings": {
-            "value": {
-                // "helm-controller.enabled": "false",
-                "source-controller.enabled": "true",
-                "kustomize-controller.enabled": "true",
-                "notification-controller.enabled": "false",
-                "image-automation-controller.enabled": "false",
-                "image-reflector-controller.enabled": "false"
-            }
-        }
-    }
-}
diff --git a/modules/Microsoft.KubernetesConfiguration/extensions/readme.md b/modules/Microsoft.KubernetesConfiguration/extensions/readme.md
index d2bc9c9083..47bf6f466c 100644
--- a/modules/Microsoft.KubernetesConfiguration/extensions/readme.md
+++ b/modules/Microsoft.KubernetesConfiguration/extensions/readme.md
@@ -28,6 +28,7 @@ az provider register --namespace Microsoft.KubernetesConfiguration
 ```
 
 For Details see [Prerequisites](https://docs.microsoft.com/en-us/azure/azure-arc/kubernetes/tutorial-use-gitops-flux2)
+
 ## Resource Types
 
 | Resource Type | API Version |
@@ -74,7 +75,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Min</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
@@ -82,15 +83,23 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module extensions './Microsoft.KubernetesConfiguration/extensions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-extensions'
+  name: '${uniqueString(deployment().name)}-test-kcedef'
   params: {
     // Required parameters
-    clusterName: '<<namePrefix>>-az-aks-kubenet-001'
+    clusterName: '<clusterName>'
     extensionType: 'microsoft.flux'
-    name: 'flux'
+    name: '<<namePrefix>>kcedef001'
     // Non-required parameters
+    configurationSettings: {
+      'image-automation-controller.enabled': 'false'
+      'image-reflector-controller.enabled': 'false'
+      'kustomize-controller.enabled': 'true'
+      'notification-controller.enabled': 'false'
+      'source-controller.enabled': 'true'
+    }
     releaseNamespace: 'flux-system'
     releaseTrain: 'Stable'
+    version: '0.5.2'
   }
 }
 ```
@@ -109,20 +118,32 @@ module extensions './Microsoft.KubernetesConfiguration/extensions/deploy.bicep'
   "parameters": {
     // Required parameters
     "clusterName": {
-      "value": "<<namePrefix>>-az-aks-kubenet-001"
+      "value": "<clusterName>"
     },
     "extensionType": {
       "value": "microsoft.flux"
     },
     "name": {
-      "value": "flux"
+      "value": "<<namePrefix>>kcedef001"
     },
     // Non-required parameters
+    "configurationSettings": {
+      "value": {
+        "image-automation-controller.enabled": "false",
+        "image-reflector-controller.enabled": "false",
+        "kustomize-controller.enabled": "true",
+        "notification-controller.enabled": "false",
+        "source-controller.enabled": "true"
+      }
+    },
     "releaseNamespace": {
       "value": "flux-system"
     },
     "releaseTrain": {
       "value": "Stable"
+    },
+    "version": {
+      "value": "0.5.2"
     }
   }
 }
@@ -131,7 +152,7 @@ module extensions './Microsoft.KubernetesConfiguration/extensions/deploy.bicep'
 </details>
 <p>
 
-<h3>Example 2: Parameters</h3>
+<h3>Example 2: Min</h3>
 
 <details>
 
@@ -139,23 +160,15 @@ module extensions './Microsoft.KubernetesConfiguration/extensions/deploy.bicep'
 
 ```bicep
 module extensions './Microsoft.KubernetesConfiguration/extensions/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-extensions'
+  name: '${uniqueString(deployment().name)}-test-kcemin'
   params: {
     // Required parameters
-    clusterName: '<<namePrefix>>-az-aks-kubenet-001'
+    clusterName: '<clusterName>'
     extensionType: 'microsoft.flux'
-    name: 'flux'
+    name: '<<namePrefix>>kcemin001'
     // Non-required parameters
-    configurationSettings: {
-      'image-automation-controller.enabled': 'false'
-      'image-reflector-controller.enabled': 'false'
-      'kustomize-controller.enabled': 'true'
-      'notification-controller.enabled': 'false'
-      'source-controller.enabled': 'true'
-    }
     releaseNamespace: 'flux-system'
     releaseTrain: 'Stable'
-    version: '0.5.2'
   }
 }
 ```
@@ -174,32 +187,20 @@ module extensions './Microsoft.KubernetesConfiguration/extensions/deploy.bicep'
   "parameters": {
     // Required parameters
     "clusterName": {
-      "value": "<<namePrefix>>-az-aks-kubenet-001"
+      "value": "<clusterName>"
     },
     "extensionType": {
       "value": "microsoft.flux"
     },
     "name": {
-      "value": "flux"
+      "value": "<<namePrefix>>kcemin001"
     },
     // Non-required parameters
-    "configurationSettings": {
-      "value": {
-        "image-automation-controller.enabled": "false",
-        "image-reflector-controller.enabled": "false",
-        "kustomize-controller.enabled": "true",
-        "notification-controller.enabled": "false",
-        "source-controller.enabled": "true"
-      }
-    },
     "releaseNamespace": {
       "value": "flux-system"
     },
     "releaseTrain": {
       "value": "Stable"
-    },
-    "version": {
-      "value": "0.5.2"
     }
   }
 }
diff --git a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/default/dependencies.bicep b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..45eb2a246f
--- /dev/null
+++ b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/default/dependencies.bicep
@@ -0,0 +1,50 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the AKS cluster to create.')
+param clusterName string
+
+@description('Required. The name of the AKS cluster extension to create.')
+param clusterExtensionName string
+
+@description('Required. The name of the AKS cluster nodes resource group to create.')
+param clusterNodeResourceGroupName string
+
+resource cluster 'Microsoft.ContainerService/managedClusters@2022-06-01' = {
+  name: clusterName
+  location: location
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    dnsPrefix: clusterName
+    nodeResourceGroup: clusterNodeResourceGroupName
+    agentPoolProfiles: [
+      {
+        name: 'agentpool'
+        // osDiskSizeGB: osDiskSizeGB
+        count: 1
+        vmSize: 'Standard_DS2_v2'
+        osType: 'Linux'
+        mode: 'System'
+      }
+    ]
+  }
+}
+
+resource extension 'Microsoft.KubernetesConfiguration/extensions@2022-03-01' = {
+  scope: cluster
+  name: clusterExtensionName
+  properties: {
+    extensionType: 'microsoft.flux'
+    releaseTrain: 'Stable'
+    scope: {
+      cluster: {
+        releaseNamespace: 'flux-system'
+      }
+    }
+  }
+}
+
+@description('The name of the created AKS cluster.')
+output clusterName string = cluster.name
diff --git a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/default/deploy.test.bicep b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..ba309b2291
--- /dev/null
+++ b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/default/deploy.test.bicep
@@ -0,0 +1,70 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.kubernetesconfiguration.fluxconfigurations-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'kcfcdef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    clusterName: 'dep-carml-aks-${serviceShort}'
+    clusterExtensionName: '<<namePrefix>>${serviceShort}001'
+    clusterNodeResourceGroupName: 'nodes-${resourceGroupName}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    clusterName: resourceGroupResources.outputs.clusterName
+    namespace: 'flux-system'
+    scope: 'cluster'
+    sourceKind: 'GitRepository'
+    gitRepository: {
+      repositoryRef: {
+        branch: 'main'
+      }
+      sshKnownHosts: ''
+      syncIntervalInSeconds: 300
+      timeoutInSeconds: 180
+      url: 'https://github.com/mspnp/aks-baseline'
+    }
+    kustomizations: {
+      unified: {
+        dependsOn: []
+        force: false
+        path: './cluster-manifests'
+        prune: true
+        syncIntervalInSeconds: 300
+        timeoutInSeconds: 300
+      }
+    }
+  }
+}
diff --git a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/min.parameters.json b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/min.parameters.json
deleted file mode 100644
index 201ac22b6b..0000000000
--- a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/min.parameters.json
+++ /dev/null
@@ -1,32 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "flux2"
-        },
-        "scope": {
-            "value": "cluster"
-        },
-        "clusterName": {
-            "value": "<<namePrefix>>-az-aks-kubenet-001"
-        },
-        "namespace": {
-            "value": "flux-system"
-        },
-        "sourceKind": {
-            "value": "GitRepository"
-        },
-        "gitRepository": {
-            "value": {
-                "url": "https://github.com/mspnp/aks-baseline",
-                "timeoutInSeconds": 180,
-                "syncIntervalInSeconds": 300,
-                "repositoryRef": {
-                    "branch": "main"
-                },
-                "sshKnownHosts": ""
-            }
-        }
-    }
-}
diff --git a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/min/dependencies.bicep b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/min/dependencies.bicep
new file mode 100644
index 0000000000..45eb2a246f
--- /dev/null
+++ b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/min/dependencies.bicep
@@ -0,0 +1,50 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the AKS cluster to create.')
+param clusterName string
+
+@description('Required. The name of the AKS cluster extension to create.')
+param clusterExtensionName string
+
+@description('Required. The name of the AKS cluster nodes resource group to create.')
+param clusterNodeResourceGroupName string
+
+resource cluster 'Microsoft.ContainerService/managedClusters@2022-06-01' = {
+  name: clusterName
+  location: location
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    dnsPrefix: clusterName
+    nodeResourceGroup: clusterNodeResourceGroupName
+    agentPoolProfiles: [
+      {
+        name: 'agentpool'
+        // osDiskSizeGB: osDiskSizeGB
+        count: 1
+        vmSize: 'Standard_DS2_v2'
+        osType: 'Linux'
+        mode: 'System'
+      }
+    ]
+  }
+}
+
+resource extension 'Microsoft.KubernetesConfiguration/extensions@2022-03-01' = {
+  scope: cluster
+  name: clusterExtensionName
+  properties: {
+    extensionType: 'microsoft.flux'
+    releaseTrain: 'Stable'
+    scope: {
+      cluster: {
+        releaseNamespace: 'flux-system'
+      }
+    }
+  }
+}
+
+@description('The name of the created AKS cluster.')
+output clusterName string = cluster.name
diff --git a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/min/deploy.test.bicep b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..873fc6e0c8
--- /dev/null
+++ b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/min/deploy.test.bicep
@@ -0,0 +1,60 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.kubernetesconfiguration.fluxconfigurations-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'kcfcmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    clusterName: 'dep-carml-aks-${serviceShort}'
+    clusterExtensionName: '<<namePrefix>>${serviceShort}001'
+    clusterNodeResourceGroupName: 'nodes-${resourceGroupName}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    clusterName: resourceGroupResources.outputs.clusterName
+    namespace: 'flux-system'
+    scope: 'cluster'
+    sourceKind: 'GitRepository'
+    gitRepository: {
+      repositoryRef: {
+        branch: 'main'
+      }
+      sshKnownHosts: ''
+      syncIntervalInSeconds: 300
+      timeoutInSeconds: 180
+      url: 'https://github.com/mspnp/aks-baseline'
+    }
+  }
+}
diff --git a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/parameters.json b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/parameters.json
deleted file mode 100644
index e6f563f7f8..0000000000
--- a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.test/parameters.json
+++ /dev/null
@@ -1,44 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "flux2"
-        },
-        "scope": {
-            "value": "cluster"
-        },
-        "clusterName": {
-            "value": "<<namePrefix>>-az-aks-kubenet-001"
-        },
-        "namespace": {
-            "value": "flux-system"
-        },
-        "sourceKind": {
-            "value": "GitRepository"
-        },
-        "gitRepository": {
-            "value": {
-                "url": "https://github.com/mspnp/aks-baseline",
-                "timeoutInSeconds": 180,
-                "syncIntervalInSeconds": 300,
-                "repositoryRef": {
-                    "branch": "main"
-                },
-                "sshKnownHosts": ""
-            }
-        },
-        "kustomizations": {
-            "value": {
-                "unified": {
-                    "path": "./cluster-manifests",
-                    "dependsOn": [],
-                    "timeoutInSeconds": 300,
-                    "syncIntervalInSeconds": 300,
-                    "prune": true,
-                    "force": false
-                }
-            }
-        }
-    }
-}
diff --git a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/readme.md b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/readme.md
index e26f0c6f9a..f48697a1d4 100644
--- a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/readme.md
+++ b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/readme.md
@@ -76,7 +76,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Min</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
@@ -84,13 +84,12 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module fluxConfigurations './Microsoft.KubernetesConfiguration/fluxConfigurations/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-fluxConfigurations'
+  name: '${uniqueString(deployment().name)}-test-kcfcdef'
   params: {
     // Required parameters
-    clusterName: '<<namePrefix>>-az-aks-kubenet-001'
-    name: 'flux2'
+    clusterName: '<clusterName>'
+    name: '<<namePrefix>>kcfcdef001'
     namespace: 'flux-system'
-    scope: 'cluster'
     sourceKind: 'GitRepository'
     // Non-required parameters
     gitRepository: {
@@ -102,6 +101,16 @@ module fluxConfigurations './Microsoft.KubernetesConfiguration/fluxConfiguration
       timeoutInSeconds: 180
       url: 'https://github.com/mspnp/aks-baseline'
     }
+    kustomizations: {
+      unified: {
+        dependsOn: []
+        force: false
+        path: './cluster-manifests'
+        prune: true
+        syncIntervalInSeconds: 300
+        timeoutInSeconds: 300
+      }
+    }
   }
 }
 ```
@@ -120,17 +129,14 @@ module fluxConfigurations './Microsoft.KubernetesConfiguration/fluxConfiguration
   "parameters": {
     // Required parameters
     "clusterName": {
-      "value": "<<namePrefix>>-az-aks-kubenet-001"
+      "value": "<clusterName>"
     },
     "name": {
-      "value": "flux2"
+      "value": "<<namePrefix>>kcfcdef001"
     },
     "namespace": {
       "value": "flux-system"
     },
-    "scope": {
-      "value": "cluster"
-    },
     "sourceKind": {
       "value": "GitRepository"
     },
@@ -145,6 +151,18 @@ module fluxConfigurations './Microsoft.KubernetesConfiguration/fluxConfiguration
         "timeoutInSeconds": 180,
         "url": "https://github.com/mspnp/aks-baseline"
       }
+    },
+    "kustomizations": {
+      "value": {
+        "unified": {
+          "dependsOn": [],
+          "force": false,
+          "path": "./cluster-manifests",
+          "prune": true,
+          "syncIntervalInSeconds": 300,
+          "timeoutInSeconds": 300
+        }
+      }
     }
   }
 }
@@ -153,7 +171,7 @@ module fluxConfigurations './Microsoft.KubernetesConfiguration/fluxConfiguration
 </details>
 <p>
 
-<h3>Example 2: Parameters</h3>
+<h3>Example 2: Min</h3>
 
 <details>
 
@@ -161,15 +179,13 @@ module fluxConfigurations './Microsoft.KubernetesConfiguration/fluxConfiguration
 
 ```bicep
 module fluxConfigurations './Microsoft.KubernetesConfiguration/fluxConfigurations/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-fluxConfigurations'
+  name: '${uniqueString(deployment().name)}-test-kcfcmin'
   params: {
     // Required parameters
-    clusterName: '<<namePrefix>>-az-aks-kubenet-001'
-    name: 'flux2'
+    clusterName: '<clusterName>'
+    name: '<<namePrefix>>kcfcmin001'
     namespace: 'flux-system'
-    scope: 'cluster'
     sourceKind: 'GitRepository'
-    // Non-required parameters
     gitRepository: {
       repositoryRef: {
         branch: 'main'
@@ -179,16 +195,6 @@ module fluxConfigurations './Microsoft.KubernetesConfiguration/fluxConfiguration
       timeoutInSeconds: 180
       url: 'https://github.com/mspnp/aks-baseline'
     }
-    kustomizations: {
-      unified: {
-        dependsOn: []
-        force: false
-        path: './cluster-manifests'
-        prune: true
-        syncIntervalInSeconds: 300
-        timeoutInSeconds: 300
-      }
-    }
   }
 }
 ```
@@ -207,21 +213,17 @@ module fluxConfigurations './Microsoft.KubernetesConfiguration/fluxConfiguration
   "parameters": {
     // Required parameters
     "clusterName": {
-      "value": "<<namePrefix>>-az-aks-kubenet-001"
+      "value": "<clusterName>"
     },
     "name": {
-      "value": "flux2"
+      "value": "<<namePrefix>>kcfcmin001"
     },
     "namespace": {
       "value": "flux-system"
     },
-    "scope": {
-      "value": "cluster"
-    },
     "sourceKind": {
       "value": "GitRepository"
     },
-    // Non-required parameters
     "gitRepository": {
       "value": {
         "repositoryRef": {
@@ -232,18 +234,6 @@ module fluxConfigurations './Microsoft.KubernetesConfiguration/fluxConfiguration
         "timeoutInSeconds": 180,
         "url": "https://github.com/mspnp/aks-baseline"
       }
-    },
-    "kustomizations": {
-      "value": {
-        "unified": {
-          "dependsOn": [],
-          "force": false,
-          "path": "./cluster-manifests",
-          "prune": true,
-          "syncIntervalInSeconds": 300,
-          "timeoutInSeconds": 300
-        }
-      }
     }
   }
 }
diff --git a/modules/Microsoft.Network/connections/.test/vnet2vnet.parameters.json b/modules/Microsoft.Network/connections/.test/vnet2vnet.parameters.json
deleted file mode 100644
index c58d1a4593..0000000000
--- a/modules/Microsoft.Network/connections/.test/vnet2vnet.parameters.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-vnetgwc-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "virtualNetworkGateway1": {
-            "value": {
-                "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<<namePrefix>>-az-vnet-vpn-gw-p-001"
-            }
-        },
-        "virtualNetworkGateway2": {
-            "value": {
-                "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<<namePrefix>>-az-vnet-vpn-gw-p-002"
-            }
-        },
-        "vpnSharedKey": {
-            "reference": {
-                "keyVault": {
-                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-                },
-                "secretName": "vpnSharedKey"
-            }
-        },
-        "virtualNetworkGatewayConnectionType": {
-            "value": "Vnet2Vnet"
-        },
-        "enableBgp": {
-            "value": false
-        },
-        "location": {
-            "value": "eastus"
-        }
-    }
-}
diff --git a/modules/Microsoft.Network/connections/.test/vnet2vnet/dependencies.bicep b/modules/Microsoft.Network/connections/.test/vnet2vnet/dependencies.bicep
new file mode 100644
index 0000000000..6aaccc70af
--- /dev/null
+++ b/modules/Microsoft.Network/connections/.test/vnet2vnet/dependencies.bicep
@@ -0,0 +1,132 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the primary Public IP to create.')
+param primaryPublicIPName string
+
+@description('Required. The name of the primary VNET to create.')
+param primaryVirtualNetworkName string
+
+@description('Required. The name of the primary VNET Gateways to create.')
+param primaryVirtualNetworkGateway string
+
+@description('Required. The name of the secondary Public IP to create.')
+param secondaryPublicIPName string
+
+@description('Required. The name of the secondary VNET to create.')
+param secondaryVirtualNetworkName string
+
+@description('Required. The name of the secondary VNET Gateways to create.')
+param secondaryVirtualNetworkGateway string
+
+resource primaryVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: primaryVirtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'GatewaySubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource primaryPublicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = {
+    name: primaryPublicIPName
+    location: location
+}
+
+resource primaryVNETGateway 'Microsoft.Network/virtualNetworkGateways@2021-08-01' = {
+    name: primaryVirtualNetworkGateway
+    location: location
+    properties: {
+        gatewayType: 'Vpn'
+        ipConfigurations: [
+            {
+                name: 'default'
+                properties: {
+                    privateIPAllocationMethod: 'Dynamic'
+                    subnet: {
+                        id: primaryVirtualNetwork.properties.subnets[0].id
+                    }
+                    publicIPAddress: {
+                        id: primaryPublicIP.id
+                    }
+                }
+            }
+        ]
+        vpnType: 'RouteBased'
+        vpnGatewayGeneration: 'Generation2'
+        sku: {
+            name: 'VpnGw2'
+            tier: 'VpnGw2'
+        }
+    }
+}
+
+resource secondaryVirtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: secondaryVirtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.1.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'GatewaySubnet'
+                properties: {
+                    addressPrefix: '10.0.1.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource secondaryPublicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = {
+    name: secondaryPublicIPName
+    location: location
+}
+
+resource secondaryVNETGateway 'Microsoft.Network/virtualNetworkGateways@2021-08-01' = {
+    name: secondaryVirtualNetworkGateway
+    location: location
+    properties: {
+        gatewayType: 'Vpn'
+        ipConfigurations: [
+            {
+                name: 'default'
+                properties: {
+                    privateIPAllocationMethod: 'Dynamic'
+                    subnet: {
+                        id: secondaryVirtualNetwork.properties.subnets[0].id
+                    }
+                    publicIPAddress: {
+                        id: secondaryPublicIP.id
+                    }
+                }
+            }
+        ]
+        vpnType: 'RouteBased'
+        vpnGatewayGeneration: 'Generation2'
+        sku: {
+            name: 'VpnGw2'
+            tier: 'VpnGw2'
+        }
+    }
+}
+
+@description('The resource ID of the first created Virtual Network Gateways.')
+output primaryVNETGatewayResourceID string = primaryVNETGateway.id
+
+@description('The resource ID of the second created Virtual Network Gateways.')
+output secondaryVNETGatewayResourceID string = secondaryVNETGateway.id
diff --git a/modules/Microsoft.Network/connections/.test/vnet2vnet/deploy.test.bicep b/modules/Microsoft.Network/connections/.test/vnet2vnet/deploy.test.bicep
new file mode 100644
index 0000000000..8350f19126
--- /dev/null
+++ b/modules/Microsoft.Network/connections/.test/vnet2vnet/deploy.test.bicep
@@ -0,0 +1,64 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.network.connections-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'ncvtv'
+
+@description('Optional. The password to leverage for the login.')
+@secure()
+param password string = newGuid()
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    primaryPublicIPName: 'dep-<<namePrefix>>-pip-${serviceShort}-1'
+    primaryVirtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}-1'
+    primaryVirtualNetworkGateway: 'dep-<<namePrefix>>-vpn-gw-${serviceShort}-1'
+    secondaryPublicIPName: 'dep-<<namePrefix>>-pip-${serviceShort}-2'
+    secondaryVirtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}-2'
+    secondaryVirtualNetworkGateway: 'dep-<<namePrefix>>-vpn-gw-${serviceShort}-2'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    virtualNetworkGateway1: {
+      id: resourceGroupResources.outputs.primaryVNETGatewayResourceID
+    }
+    enableBgp: false
+    lock: 'CanNotDelete'
+    virtualNetworkGateway2: {
+      id: resourceGroupResources.outputs.secondaryVNETGatewayResourceID
+    }
+    virtualNetworkGatewayConnectionType: 'Vnet2Vnet'
+    vpnSharedKey: password
+  }
+}
diff --git a/modules/Microsoft.Network/connections/readme.md b/modules/Microsoft.Network/connections/readme.md
index 046f849b4b..6da1c9a026 100644
--- a/modules/Microsoft.Network/connections/readme.md
+++ b/modules/Microsoft.Network/connections/readme.md
@@ -320,28 +320,22 @@ The following module usage examples are retrieved from the content of the files
 <summary>via Bicep module</summary>
 
 ```bicep
-resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
-  name: 'adp-<<namePrefix>>-az-kv-x-001'
-  scope: resourceGroup('<<subscriptionId>>','validation-rg')
-}
-
 module connections './Microsoft.Network/connections/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-connections'
+  name: '${uniqueString(deployment().name)}-test-ncvtv'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-vnetgwc-x-001'
+    name: '<<namePrefix>>ncvtv001'
     virtualNetworkGateway1: {
-      id: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<<namePrefix>>-az-vnet-vpn-gw-p-001'
+      id: '<id>'
     }
     // Non-required parameters
     enableBgp: false
-    location: 'eastus'
     lock: 'CanNotDelete'
     virtualNetworkGateway2: {
-      id: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<<namePrefix>>-az-vnet-vpn-gw-p-002'
+      id: '<id>'
     }
     virtualNetworkGatewayConnectionType: 'Vnet2Vnet'
-    vpnSharedKey: kv1.getSecret('vpnSharedKey')
+    vpnSharedKey: '<vpnSharedKey>'
   }
 }
 ```
@@ -360,38 +354,30 @@ module connections './Microsoft.Network/connections/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-vnetgwc-x-001"
+      "value": "<<namePrefix>>ncvtv001"
     },
     "virtualNetworkGateway1": {
       "value": {
-        "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<<namePrefix>>-az-vnet-vpn-gw-p-001"
+        "id": "<id>"
       }
     },
     // Non-required parameters
     "enableBgp": {
       "value": false
     },
-    "location": {
-      "value": "eastus"
-    },
     "lock": {
       "value": "CanNotDelete"
     },
     "virtualNetworkGateway2": {
       "value": {
-        "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<<namePrefix>>-az-vnet-vpn-gw-p-002"
+        "id": "<id>"
       }
     },
     "virtualNetworkGatewayConnectionType": {
       "value": "Vnet2Vnet"
     },
     "vpnSharedKey": {
-      "reference": {
-        "keyVault": {
-          "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-        },
-        "secretName": "vpnSharedKey"
-      }
+      "value": "<vpnSharedKey>"
     }
   }
 }
diff --git a/modules/Microsoft.Network/networkInterfaces/.test/default/dependencies.bicep b/modules/Microsoft.Network/networkInterfaces/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..fae9929a7a
--- /dev/null
+++ b/modules/Microsoft.Network/networkInterfaces/.test/default/dependencies.bicep
@@ -0,0 +1,68 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Application Security Group to create.')
+param applicationSecurityGroupName string
+
+@description('Required. The name of the Load Balancer Backend Address Pool to create.')
+param loadBalancerName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+resource applicationSecurityGroup 'Microsoft.Network/applicationSecurityGroups@2022-01-01' = {
+    name: applicationSecurityGroupName
+    location: location
+}
+
+resource loadBalancer 'Microsoft.Network/loadBalancers@2022-01-01' = {
+    name: loadBalancerName
+    location: location
+    sku: {
+        name: 'Standard'
+    }
+
+    resource backendPoolName 'backendAddressPools@2022-01-01' = {
+        name: 'default'
+    }
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Application Security Group.')
+output applicationSecurityGroupResourceId string = applicationSecurityGroup.id
+
+@description('The resource ID of the created Load Balancer Backend Pool Name.')
+output loadBalancerBackendPoolResourceId string = loadBalancer::backendPoolName.id
diff --git a/modules/Microsoft.Network/networkInterfaces/.test/default/deploy.test.bicep b/modules/Microsoft.Network/networkInterfaces/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..b7bc1b22fc
--- /dev/null
+++ b/modules/Microsoft.Network/networkInterfaces/.test/default/deploy.test.bicep
@@ -0,0 +1,100 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.network.networkinterfaces-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'nnidef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    applicationSecurityGroupName: 'dep-<<namePrefix>>-asg-${serviceShort}'
+    loadBalancerName: 'dep-<<namePrefix>>-lb-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    ipConfigurations: [
+      {
+        applicationSecurityGroups: [
+          {
+            id: resourceGroupResources.outputs.applicationSecurityGroupResourceId
+          }
+        ]
+        loadBalancerBackendAddressPools: [
+          {
+            id: resourceGroupResources.outputs.loadBalancerBackendPoolResourceId
+          }
+        ]
+        name: 'ipconfig01'
+        subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+      }
+      {
+        subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+        applicationSecurityGroups: [
+          {
+            id: resourceGroupResources.outputs.applicationSecurityGroupResourceId
+          }
+        ]
+      }
+    ]
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    lock: 'CanNotDelete'
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+  }
+}
diff --git a/modules/Microsoft.Network/networkInterfaces/.test/min.parameters.json b/modules/Microsoft.Network/networkInterfaces/.test/min.parameters.json
deleted file mode 100644
index 070ae288cb..0000000000
--- a/modules/Microsoft.Network/networkInterfaces/.test/min.parameters.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-nic-min-001"
-        },
-        "ipConfigurations": {
-            "value": [
-                {
-                    "name": "ipconfig01",
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.Network/networkInterfaces/.test/min/dependencies.bicep b/modules/Microsoft.Network/networkInterfaces/.test/min/dependencies.bicep
new file mode 100644
index 0000000000..91351ab840
--- /dev/null
+++ b/modules/Microsoft.Network/networkInterfaces/.test/min/dependencies.bicep
@@ -0,0 +1,28 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
diff --git a/modules/Microsoft.Network/networkInterfaces/.test/min/deploy.test.bicep b/modules/Microsoft.Network/networkInterfaces/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..06a1568fac
--- /dev/null
+++ b/modules/Microsoft.Network/networkInterfaces/.test/min/deploy.test.bicep
@@ -0,0 +1,51 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.network.networkinterfaces-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'nnimin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    ipConfigurations: [
+      {
+        name: 'ipconfig01'
+        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001'
+      }
+    ]
+  }
+}
diff --git a/modules/Microsoft.Network/networkInterfaces/.test/parameters.json b/modules/Microsoft.Network/networkInterfaces/.test/parameters.json
deleted file mode 100644
index 9b22bf25de..0000000000
--- a/modules/Microsoft.Network/networkInterfaces/.test/parameters.json
+++ /dev/null
@@ -1,63 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-nic-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "ipConfigurations": {
-            "value": [
-                {
-                    "name": "ipconfig01",
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001",
-                    "loadBalancerBackendAddressPools": [
-                        {
-                            "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<<namePrefix>>-az-lb-internal-001/backendAddressPools/servers"
-                        }
-                    ],
-                    "applicationSecurityGroups": [
-                        {
-                            "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<<namePrefix>>-az-asg-x-001"
-                        }
-                    ]
-                },
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001",
-                    "applicationSecurityGroups": [
-                        {
-                            "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<<namePrefix>>-az-asg-x-001"
-                        }
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.Network/networkInterfaces/readme.md b/modules/Microsoft.Network/networkInterfaces/readme.md
index a5c2794158..6719154e04 100644
--- a/modules/Microsoft.Network/networkInterfaces/readme.md
+++ b/modules/Microsoft.Network/networkInterfaces/readme.md
@@ -188,106 +188,53 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Min</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module networkInterfaces './Microsoft.Network/networkInterfaces/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-networkInterfaces'
-  params: {
-    // Required parameters
-    ipConfigurations: [
-      {
-        name: 'ipconfig01'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001'
-      }
-    ]
-    name: '<<namePrefix>>-az-nic-min-001'
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "ipConfigurations": {
-      "value": [
-        {
-          "name": "ipconfig01",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
-        }
-      ]
-    },
-    "name": {
-      "value": "<<namePrefix>>-az-nic-min-001"
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Parameters</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module networkInterfaces './Microsoft.Network/networkInterfaces/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-networkInterfaces'
+module Networkinterfaces './Microsoft.Network/Networkinterfaces/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-nnidef'
   params: {
     // Required parameters
     ipConfigurations: [
       {
         applicationSecurityGroups: [
           {
-            id: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<<namePrefix>>-az-asg-x-001'
+            id: '<id>'
           }
         ]
         loadBalancerBackendAddressPools: [
           {
-            id: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<<namePrefix>>-az-lb-internal-001/backendAddressPools/servers'
+            id: '<id>'
           }
         ]
         name: 'ipconfig01'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001'
+        subnetResourceId: '<subnetResourceId>'
       }
       {
         applicationSecurityGroups: [
           {
-            id: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<<namePrefix>>-az-asg-x-001'
+            id: '<id>'
           }
         ]
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001'
+        subnetResourceId: '<subnetResourceId>'
       }
     ]
-    name: '<<namePrefix>>-az-nic-x-001'
+    name: '<<namePrefix>>nnidef001'
     // Non-required parameters
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     lock: 'CanNotDelete'
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -314,45 +261,45 @@ module networkInterfaces './Microsoft.Network/networkInterfaces/deploy.bicep' =
         {
           "applicationSecurityGroups": [
             {
-              "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<<namePrefix>>-az-asg-x-001"
+              "id": "<id>"
             }
           ],
           "loadBalancerBackendAddressPools": [
             {
-              "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<<namePrefix>>-az-lb-internal-001/backendAddressPools/servers"
+              "id": "<id>"
             }
           ],
           "name": "ipconfig01",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
+          "subnetResourceId": "<subnetResourceId>"
         },
         {
           "applicationSecurityGroups": [
             {
-              "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<<namePrefix>>-az-asg-x-001"
+              "id": "<id>"
             }
           ],
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
+          "subnetResourceId": "<subnetResourceId>"
         }
       ]
     },
     "name": {
-      "value": "<<namePrefix>>-az-nic-x-001"
+      "value": "<<namePrefix>>nnidef001"
     },
     // Non-required parameters
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "lock": {
       "value": "CanNotDelete"
@@ -361,7 +308,7 @@ module networkInterfaces './Microsoft.Network/networkInterfaces/deploy.bicep' =
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -373,3 +320,56 @@ module networkInterfaces './Microsoft.Network/networkInterfaces/deploy.bicep' =
 
 </details>
 <p>
+
+<h3>Example 2: Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module Networkinterfaces './Microsoft.Network/Networkinterfaces/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-nnimin'
+  params: {
+    // Required parameters
+    ipConfigurations: [
+      {
+        name: 'ipconfig01'
+        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001'
+      }
+    ]
+    name: '<<namePrefix>>nnimin001'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "ipConfigurations": {
+      "value": [
+        {
+          "name": "ipconfig01",
+          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-001"
+        }
+      ]
+    },
+    "name": {
+      "value": "<<namePrefix>>nnimin001"
+    }
+  }
+}
+```
+
+</details>
+<p>
diff --git a/modules/Microsoft.Network/virtualHubs/.test/default/dependencies.bicep b/modules/Microsoft.Network/virtualHubs/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..ccdcc86da6
--- /dev/null
+++ b/modules/Microsoft.Network/virtualHubs/.test/default/dependencies.bicep
@@ -0,0 +1,40 @@
+@description('Required. The name of the Virtual WAN to create.')
+param virtualWANName string
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource virtualWan 'Microsoft.Network/virtualWans@2021-05-01' = {
+  name: virtualWANName
+  location: location
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+  name: virtualNetworkName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    subnets: [
+      {
+        name: 'sxx-subnet-01'
+        properties: {
+
+          addressPrefix: '10.0.0.0/24'
+        }
+      }
+    ]
+  }
+}
+
+@description('The resource ID of the created Virtual WAN')
+output virtualWWANResourceId string = virtualWan.id
+
+@description('The resource ID of the created Virtual Network')
+output virtualNetworkResourceId string = virtualNetwork.id
diff --git a/modules/Microsoft.Network/virtualHubs/.test/default/deploy.test.bicep b/modules/Microsoft.Network/virtualHubs/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..af2d6da907
--- /dev/null
+++ b/modules/Microsoft.Network/virtualHubs/.test/default/deploy.test.bicep
@@ -0,0 +1,75 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.network.virtualHub-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'nvhdef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+  params: {
+    virtualWANName: 'dep-<<namePrefix>>-vw-${serviceShort}'
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>-${serviceShort}'
+    lock: 'CanNotDelete'
+    addressPrefix: '10.1.0.0/16'
+    virtualWanId: resourceGroupResources.outputs.virtualWWANResourceId
+    hubRouteTables: [
+      {
+        name: 'routeTable1'
+      }
+    ]
+    hubVirtualNetworkConnections: [
+      {
+        name: 'connection1'
+        remoteVirtualNetworkId: resourceGroupResources.outputs.virtualNetworkResourceId
+        routingConfiguration: {
+          associatedRouteTable: {
+            id: '${resourceGroup.id}/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-${serviceShort}/hubRouteTables/routeTable1'
+          }
+          propagatedRouteTables: {
+            ids: [
+              {
+                id: '${resourceGroup.id}/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-${serviceShort}/hubRouteTables/routeTable1'
+              }
+            ]
+            labels: [
+              'none'
+            ]
+          }
+        }
+      }
+    ]
+  }
+}
diff --git a/modules/Microsoft.Network/virtualHubs/.test/min.parameters.json b/modules/Microsoft.Network/virtualHubs/.test/min.parameters.json
deleted file mode 100644
index dbe2fa650a..0000000000
--- a/modules/Microsoft.Network/virtualHubs/.test/min.parameters.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-vhub-min-001"
-        },
-        "addressPrefix": {
-            "value": "10.0.0.0/16"
-        },
-        "virtualWanId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/adp-<<namePrefix>>-az-vw-x-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.Network/virtualHubs/.test/min/dependencies.bicep b/modules/Microsoft.Network/virtualHubs/.test/min/dependencies.bicep
new file mode 100644
index 0000000000..33c8d7907d
--- /dev/null
+++ b/modules/Microsoft.Network/virtualHubs/.test/min/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Required. The name of the virtual WAN to create.')
+param virtualWANName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource virtualWan 'Microsoft.Network/virtualWans@2021-05-01' = {
+  name: virtualWANName
+  location: location
+}
+
+@description('The resource ID of the created Virtual WAN')
+output virtualWWANResourceId string = virtualWan.id
diff --git a/modules/Microsoft.Network/virtualHubs/.test/min/deploy.test.bicep b/modules/Microsoft.Network/virtualHubs/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..f656f9e586
--- /dev/null
+++ b/modules/Microsoft.Network/virtualHubs/.test/min/deploy.test.bicep
@@ -0,0 +1,47 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.network.virtualHub-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'nvhmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+  params: {
+    virtualWANName: 'dep-<<namePrefix>>-vw-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>-${serviceShort}'
+    addressPrefix: '10.0.0.0/16'
+    virtualWanId: resourceGroupResources.outputs.virtualWWANResourceId
+  }
+}
diff --git a/modules/Microsoft.Network/virtualHubs/.test/parameters.json b/modules/Microsoft.Network/virtualHubs/.test/parameters.json
deleted file mode 100644
index 2660f1be93..0000000000
--- a/modules/Microsoft.Network/virtualHubs/.test/parameters.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-vhub-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "addressPrefix": {
-            "value": "10.1.0.0/16"
-        },
-        "virtualWanId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/adp-<<namePrefix>>-az-vw-x-001"
-        },
-        "hubRouteTables": {
-            "value": [
-                {
-                    "name": "routeTable1"
-                }
-            ]
-        },
-        "hubVirtualNetworkConnections": {
-            "value": [
-                {
-                    "name": "connection1",
-                    "remoteVirtualNetworkId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-vhub",
-                    "routingConfiguration": {
-                        "associatedRouteTable": {
-                            "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vHub-x-001/hubRouteTables/routeTable1"
-                        },
-                        "propagatedRouteTables": {
-                            "ids": [
-                                {
-                                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vHub-x-001/hubRouteTables/routeTable1"
-                                }
-                            ],
-                            "labels": [
-                                "none"
-                            ]
-                        }
-                    }
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.Network/virtualHubs/readme.md b/modules/Microsoft.Network/virtualHubs/readme.md
index 5bf6c803ae..d1f4a174a7 100644
--- a/modules/Microsoft.Network/virtualHubs/readme.md
+++ b/modules/Microsoft.Network/virtualHubs/readme.md
@@ -112,7 +112,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Min</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
@@ -120,59 +120,12 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module virtualHubs './Microsoft.Network/virtualHubs/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-virtualHubs'
-  params: {
-    // Required parameters
-    addressPrefix: '10.0.0.0/16'
-    name: '<<namePrefix>>-az-vhub-min-001'
-    virtualWanId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/adp-<<namePrefix>>-az-vw-x-001'
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "addressPrefix": {
-      "value": "10.0.0.0/16"
-    },
-    "name": {
-      "value": "<<namePrefix>>-az-vhub-min-001"
-    },
-    "virtualWanId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/adp-<<namePrefix>>-az-vw-x-001"
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Parameters</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module virtualHubs './Microsoft.Network/virtualHubs/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-virtualHubs'
+  name: '${uniqueString(deployment().name)}-test-nvhdef'
   params: {
     // Required parameters
     addressPrefix: '10.1.0.0/16'
-    name: '<<namePrefix>>-az-vhub-x-001'
-    virtualWanId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/adp-<<namePrefix>>-az-vw-x-001'
+    name: '<<namePrefix>>-nvhdef'
+    virtualWanId: '<virtualWanId>'
     // Non-required parameters
     hubRouteTables: [
       {
@@ -182,15 +135,15 @@ module virtualHubs './Microsoft.Network/virtualHubs/deploy.bicep' = {
     hubVirtualNetworkConnections: [
       {
         name: 'connection1'
-        remoteVirtualNetworkId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-vhub'
+        remoteVirtualNetworkId: '<remoteVirtualNetworkId>'
         routingConfiguration: {
           associatedRouteTable: {
-            id: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vHub-x-001/hubRouteTables/routeTable1'
+            id: '${resourceGroup.id}/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-nvhdef/hubRouteTables/routeTable1'
           }
           propagatedRouteTables: {
             ids: [
               {
-                id: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vHub-x-001/hubRouteTables/routeTable1'
+                id: '${resourceGroup.id}/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-nvhdef/hubRouteTables/routeTable1'
               }
             ]
             labels: [
@@ -222,10 +175,10 @@ module virtualHubs './Microsoft.Network/virtualHubs/deploy.bicep' = {
       "value": "10.1.0.0/16"
     },
     "name": {
-      "value": "<<namePrefix>>-az-vhub-x-001"
+      "value": "<<namePrefix>>-nvhdef"
     },
     "virtualWanId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/adp-<<namePrefix>>-az-vw-x-001"
+      "value": "<virtualWanId>"
     },
     // Non-required parameters
     "hubRouteTables": {
@@ -239,15 +192,15 @@ module virtualHubs './Microsoft.Network/virtualHubs/deploy.bicep' = {
       "value": [
         {
           "name": "connection1",
-          "remoteVirtualNetworkId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-vhub",
+          "remoteVirtualNetworkId": "<remoteVirtualNetworkId>",
           "routingConfiguration": {
             "associatedRouteTable": {
-              "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vHub-x-001/hubRouteTables/routeTable1"
+              "id": "${resourceGroup.id}/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-nvhdef/hubRouteTables/routeTable1"
             },
             "propagatedRouteTables": {
               "ids": [
                 {
-                  "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vHub-x-001/hubRouteTables/routeTable1"
+                  "id": "${resourceGroup.id}/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-nvhdef/hubRouteTables/routeTable1"
                 }
               ],
               "labels": [
@@ -267,3 +220,50 @@ module virtualHubs './Microsoft.Network/virtualHubs/deploy.bicep' = {
 
 </details>
 <p>
+
+<h3>Example 2: Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module virtualHubs './Microsoft.Network/virtualHubs/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-nvhmin'
+  params: {
+    // Required parameters
+    addressPrefix: '10.0.0.0/16'
+    name: '<<namePrefix>>-nvhmin'
+    virtualWanId: '<virtualWanId>'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "addressPrefix": {
+      "value": "10.0.0.0/16"
+    },
+    "name": {
+      "value": "<<namePrefix>>-nvhmin"
+    },
+    "virtualWanId": {
+      "value": "<virtualWanId>"
+    }
+  }
+}
+```
+
+</details>
+<p>
diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute.parameters.json b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute.parameters.json
deleted file mode 100644
index 3de5a1f41f..0000000000
--- a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute.parameters.json
+++ /dev/null
@@ -1,61 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-gw-er-001"
-        },
-        "gatewayPipName": {
-            "value": "<<namePrefix>>-az-gw-er-001-pip"
-        },
-        "domainNameLabel": {
-            "value": [
-                "<<namePrefix>>-az-gw-er-dm-001"
-            ]
-        },
-        "virtualNetworkGatewayType": {
-            "value": "ExpressRoute"
-        },
-        "virtualNetworkGatewaySku": {
-            "value": "ErGw1AZ"
-        },
-        "vNetResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001"
-        },
-        "tags": {
-            "value": {
-                "Environment": "Validation",
-                "Contact": "test.user@testcompany.com",
-                "PurchaseOrder": "",
-                "CostCenter": "",
-                "ServiceName": "DeploymentValidation",
-                "Role": "DeploymentValidation"
-            }
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/dependencies.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/dependencies.bicep
new file mode 100644
index 0000000000..044d115b84
--- /dev/null
+++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/dependencies.bicep
@@ -0,0 +1,39 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'GatewaySubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+@description('The resource ID of the created Virtual Network.')
+output vnetResourceId string = virtualNetwork.id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep
new file mode 100644
index 0000000000..cd6145ed3b
--- /dev/null
+++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep
@@ -0,0 +1,88 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.network.virtualnetworkgateways-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'nvger'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    virtualNetworkGatewaySku: 'ErGw1AZ'
+    virtualNetworkGatewayType: 'ExpressRoute'
+    vNetResourceId: resourceGroupResources.outputs.vnetResourceId
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    domainNameLabel: [
+      '<<namePrefix>>-dm-${serviceShort}'
+    ]
+    gatewayPipName: '<<namePrefix>>-pip-${serviceShort}'
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    tags: {
+      Contact: 'test.user@testcompany.com'
+      CostCenter: ''
+      Environment: 'Validation'
+      PurchaseOrder: ''
+      Role: 'DeploymentValidation'
+      ServiceName: 'DeploymentValidation'
+    }
+  }
+}
diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn.parameters.json b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn.parameters.json
deleted file mode 100644
index cf037dc7e9..0000000000
--- a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn.parameters.json
+++ /dev/null
@@ -1,62 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-gw-vpn-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "domainNameLabel": {
-            "value": [
-                "<<namePrefix>>-az-gw-vpn-dm-001"
-            ]
-        },
-        "virtualNetworkGatewayType": {
-            "value": "Vpn"
-        },
-        "virtualNetworkGatewaySku": {
-            "value": "VpnGw1AZ"
-        },
-        "publicIpZones": {
-            "value": [
-                "1"
-            ]
-        },
-        "vpnType": {
-            "value": "RouteBased"
-        },
-        "activeActive": {
-            "value": true
-        },
-        "vNetResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001"
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/dependencies.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/dependencies.bicep
new file mode 100644
index 0000000000..044d115b84
--- /dev/null
+++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/dependencies.bicep
@@ -0,0 +1,39 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'GatewaySubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+@description('The resource ID of the created Virtual Network.')
+output vnetResourceId string = virtualNetwork.id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep
new file mode 100644
index 0000000000..21c5615758
--- /dev/null
+++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep
@@ -0,0 +1,86 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.network.virtualnetworkgateways-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'nvgvpn'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    virtualNetworkGatewaySku: 'VpnGw1AZ'
+    virtualNetworkGatewayType: 'Vpn'
+    vNetResourceId: resourceGroupResources.outputs.vnetResourceId
+    // Non-required parameters
+    activeActive: true
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    domainNameLabel: [
+      '<<namePrefix>>-dm-${serviceShort}'
+    ]
+    lock: 'CanNotDelete'
+    publicIpZones: [
+      '1'
+    ]
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    vpnType: 'RouteBased'
+  }
+}
diff --git a/modules/Microsoft.Network/virtualNetworkGateways/readme.md b/modules/Microsoft.Network/virtualNetworkGateways/readme.md
index 347698398c..3bcba9dd2f 100644
--- a/modules/Microsoft.Network/virtualNetworkGateways/readme.md
+++ b/modules/Microsoft.Network/virtualNetworkGateways/readme.md
@@ -257,27 +257,27 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-virtualNetworkGateways'
+  name: '${uniqueString(deployment().name)}-test-nvger'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-gw-er-001'
+    name: '<<namePrefix>>nvger001'
     virtualNetworkGatewaySku: 'ErGw1AZ'
     virtualNetworkGatewayType: 'ExpressRoute'
-    vNetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001'
+    vNetResourceId: '<vNetResourceId>'
     // Non-required parameters
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     domainNameLabel: [
-      '<<namePrefix>>-az-gw-er-dm-001'
+      '<<namePrefix>>-dm-nvger'
     ]
-    gatewayPipName: '<<namePrefix>>-az-gw-er-001-pip'
+    gatewayPipName: '<<namePrefix>>-pip-nvger'
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -308,7 +308,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-gw-er-001"
+      "value": "<<namePrefix>>nvger001"
     },
     "virtualNetworkGatewaySku": {
       "value": "ErGw1AZ"
@@ -317,37 +317,37 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy
       "value": "ExpressRoute"
     },
     "vNetResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001"
+      "value": "<vNetResourceId>"
     },
     // Non-required parameters
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "domainNameLabel": {
       "value": [
-        "<<namePrefix>>-az-gw-er-dm-001"
+        "<<namePrefix>>-dm-nvger"
       ]
     },
     "gatewayPipName": {
-      "value": "<<namePrefix>>-az-gw-er-001-pip"
+      "value": "<<namePrefix>>-pip-nvger"
     },
     "roleAssignments": {
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -378,22 +378,22 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy
 
 ```bicep
 module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-virtualNetworkGateways'
+  name: '${uniqueString(deployment().name)}-test-nvgvpn'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-gw-vpn-001'
+    name: '<<namePrefix>>nvgvpn001'
     virtualNetworkGatewaySku: 'VpnGw1AZ'
     virtualNetworkGatewayType: 'Vpn'
-    vNetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001'
+    vNetResourceId: '<vNetResourceId>'
     // Non-required parameters
     activeActive: true
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     domainNameLabel: [
-      '<<namePrefix>>-az-gw-vpn-dm-001'
+      '<<namePrefix>>-dm-nvgvpn'
     ]
     lock: 'CanNotDelete'
     publicIpZones: [
@@ -402,7 +402,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -426,7 +426,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-gw-vpn-001"
+      "value": "<<namePrefix>>nvgvpn001"
     },
     "virtualNetworkGatewaySku": {
       "value": "VpnGw1AZ"
@@ -435,30 +435,30 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy
       "value": "Vpn"
     },
     "vNetResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001"
+      "value": "<vNetResourceId>"
     },
     // Non-required parameters
     "activeActive": {
       "value": true
     },
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "domainNameLabel": {
       "value": [
-        "<<namePrefix>>-az-gw-vpn-dm-001"
+        "<<namePrefix>>-dm-nvgvpn"
       ]
     },
     "lock": {
@@ -473,7 +473,7 @@ module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
diff --git a/modules/Microsoft.Network/vpnGateways/.test/default/dependencies.bicep b/modules/Microsoft.Network/vpnGateways/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..8a8b520dfc
--- /dev/null
+++ b/modules/Microsoft.Network/vpnGateways/.test/default/dependencies.bicep
@@ -0,0 +1,64 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Optional. The name of the Virtual Hub to create.')
+param virtualHubName string
+
+@description('Optional. The name of the VPN Site to create.')
+param vpnSiteName string
+
+@description('Required. The name of the virtual WAN to create.')
+param virtualWANName string
+
+resource virtualWan 'Microsoft.Network/virtualWans@2021-05-01' = {
+  name: virtualWANName
+  location: location
+}
+
+resource virtualHub 'Microsoft.Network/virtualHubs@2022-01-01' = {
+  name: virtualHubName
+  location: location
+  properties: {
+    virtualWan: {
+      id: virtualWan.id
+    }
+    addressPrefix: '10.1.0.0/16'
+  }
+}
+
+resource vpnSite 'Microsoft.Network/vpnSites@2022-01-01' = {
+  name: vpnSiteName
+  location: location
+  properties: {
+    virtualWan: {
+      id: virtualWan.id
+    }
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    vpnSiteLinks: [
+      {
+        name: '${vpnSiteName}-vSite-link'
+        properties: {
+          bgpProperties: {
+            asn: 65010
+            bgpPeeringAddress: '1.1.1.1'
+          }
+          ipAddress: '1.2.3.4'
+          linkProperties: {
+            linkProviderName: 'contoso'
+            linkSpeedInMbps: 5
+          }
+        }
+      }
+    ]
+  }
+}
+
+@description('The resource ID of the created Virtual Hub')
+output virtualHubResourceId string = virtualHub.id
+
+@description('The resource ID of the created VPN site')
+output vpnSiteResourceId string = vpnSite.id
diff --git a/modules/Microsoft.Network/vpnGateways/.test/default/deploy.test.bicep b/modules/Microsoft.Network/vpnGateways/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..8cb3a36da9
--- /dev/null
+++ b/modules/Microsoft.Network/vpnGateways/.test/default/deploy.test.bicep
@@ -0,0 +1,96 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.network.vpngateways-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'nvgdef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualHubName: 'dep-<<namePrefix>>-vh-${serviceShort}'
+    virtualWANName: 'dep-<<namePrefix>>-vw-${serviceShort}'
+    vpnSiteName: 'dep-<<namePrefix>>-vs-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+var vHubResourceId = '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup.name}/providers/Microsoft.Network/virtualHubs/<<namePrefix>>${serviceShort}001'
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    virtualHubResourceId: resourceGroupResources.outputs.virtualHubResourceId
+    bgpSettings: {
+      asn: 65515
+      peerWeight: 0
+    }
+    connections: [
+      {
+        connectionBandwidth: 10
+        enableBgp: true
+        name: 'Connection-<<namePrefix>>-az-vsite-x-001'
+        remoteVpnSiteResourceId: resourceGroupResources.outputs.vpnSiteResourceId
+        routingConfiguration: {
+          associatedRouteTable: {
+            id: '${vHubResourceId}/hubRouteTables/defaultRouteTable'
+          }
+          propagatedRouteTables: {
+            ids: [
+              {
+                id: '${vHubResourceId}/hubRouteTables/defaultRouteTable'
+              }
+            ]
+            labels: [
+              'default'
+            ]
+          }
+          vnetRoutes: {
+            staticRoutes: []
+          }
+        }
+      }
+    ]
+    lock: 'CanNotDelete'
+    natRules: [
+      {
+        externalMappings: [
+          {
+            addressSpace: '192.168.21.0/24'
+          }
+        ]
+        internalMappings: [
+          {
+            addressSpace: '10.4.0.0/24'
+          }
+        ]
+        mode: 'EgressSnat'
+        name: 'natRule1'
+        type: 'Static'
+      }
+    ]
+  }
+}
diff --git a/modules/Microsoft.Network/vpnGateways/.test/min.parameters.json b/modules/Microsoft.Network/vpnGateways/.test/min.parameters.json
deleted file mode 100644
index 4ed3a736e6..0000000000
--- a/modules/Microsoft.Network/vpnGateways/.test/min.parameters.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-vpngw-min-001"
-        },
-        "virtualHubResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-min-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.Network/vpnGateways/.test/min/dependencies.bicep b/modules/Microsoft.Network/vpnGateways/.test/min/dependencies.bicep
new file mode 100644
index 0000000000..c5e41c32af
--- /dev/null
+++ b/modules/Microsoft.Network/vpnGateways/.test/min/dependencies.bicep
@@ -0,0 +1,27 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Optional. The name of the Virtual Hub to create.')
+param virtualHubName string
+
+@description('Required. The name of the virtual WAN to create.')
+param virtualWANName string
+
+resource virtualWan 'Microsoft.Network/virtualWans@2021-05-01' = {
+  name: virtualWANName
+  location: location
+}
+
+resource virtualHub 'Microsoft.Network/virtualHubs@2022-01-01' = {
+  name: virtualHubName
+  location: location
+  properties: {
+    virtualWan: {
+      id: virtualWan.id
+    }
+    addressPrefix: '10.1.0.0/16'
+  }
+}
+
+@description('The resource ID of the created Virtual Hub')
+output virtualHubResourceId string = virtualHub.id
diff --git a/modules/Microsoft.Network/vpnGateways/.test/min/deploy.test.bicep b/modules/Microsoft.Network/vpnGateways/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..5ef7693e2d
--- /dev/null
+++ b/modules/Microsoft.Network/vpnGateways/.test/min/deploy.test.bicep
@@ -0,0 +1,47 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.network.vpngateways-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'nvgmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualHubName: 'dep-<<namePrefix>>-vh-${serviceShort}'
+    virtualWANName: 'dep-<<namePrefix>>-vw-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    virtualHubResourceId: resourceGroupResources.outputs.virtualHubResourceId
+  }
+}
diff --git a/modules/Microsoft.Network/vpnGateways/.test/parameters.json b/modules/Microsoft.Network/vpnGateways/.test/parameters.json
deleted file mode 100644
index 620e1c6ff7..0000000000
--- a/modules/Microsoft.Network/vpnGateways/.test/parameters.json
+++ /dev/null
@@ -1,68 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-vpngw-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "virtualHubResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-x-001"
-        },
-        "bgpSettings": {
-            "value": {
-                "asn": 65515,
-                "peerWeight": 0
-            }
-        },
-        "connections": {
-            "value": [
-                {
-                    "name": "Connection-<<namePrefix>>-az-vsite-x-001",
-                    "connectionBandwidth": 10,
-                    "enableBgp": true,
-                    "routingConfiguration": {
-                        "associatedRouteTable": {
-                            "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-x-001/hubRouteTables/defaultRouteTable"
-                        },
-                        "propagatedRouteTables": {
-                            "labels": [
-                                "default"
-                            ],
-                            "ids": [
-                                {
-                                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-x-001/hubRouteTables/defaultRouteTable"
-                                }
-                            ]
-                        },
-                        "vnetRoutes": {
-                            "staticRoutes": []
-                        }
-                    },
-                    "remoteVpnSiteResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/vpnSites/<<namePrefix>>-az-vsite-x-001"
-                }
-            ]
-        },
-        "natRules": {
-            "value": [
-                {
-                    "name": "natRule1",
-                    "internalMappings": [
-                        {
-                            "addressSpace": "10.4.0.0/24"
-                        }
-                    ],
-                    "externalMappings": [
-                        {
-                            "addressSpace": "192.168.21.0/24"
-                        }
-                    ],
-                    "type": "Static",
-                    "mode": "EgressSnat"
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.Network/vpnGateways/readme.md b/modules/Microsoft.Network/vpnGateways/readme.md
index 225a008542..2ad6ece7b2 100644
--- a/modules/Microsoft.Network/vpnGateways/readme.md
+++ b/modules/Microsoft.Network/vpnGateways/readme.md
@@ -179,7 +179,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Min</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
@@ -187,54 +187,11 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module vpnGateways './Microsoft.Network/vpnGateways/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-vpnGateways'
+  name: '${uniqueString(deployment().name)}-test-nvgdef'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-vpngw-min-001'
-    virtualHubResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-min-001'
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "name": {
-      "value": "<<namePrefix>>-az-vpngw-min-001"
-    },
-    "virtualHubResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-min-001"
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Parameters</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module vpnGateways './Microsoft.Network/vpnGateways/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-vpnGateways'
-  params: {
-    // Required parameters
-    name: '<<namePrefix>>-az-vpngw-x-001'
-    virtualHubResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-x-001'
+    name: '<<namePrefix>>nvgdef001'
+    virtualHubResourceId: '<virtualHubResourceId>'
     // Non-required parameters
     bgpSettings: {
       asn: 65515
@@ -245,15 +202,15 @@ module vpnGateways './Microsoft.Network/vpnGateways/deploy.bicep' = {
         connectionBandwidth: 10
         enableBgp: true
         name: 'Connection-<<namePrefix>>-az-vsite-x-001'
-        remoteVpnSiteResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/vpnSites/<<namePrefix>>-az-vsite-x-001'
+        remoteVpnSiteResourceId: '<remoteVpnSiteResourceId>'
         routingConfiguration: {
           associatedRouteTable: {
-            id: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-x-001/hubRouteTables/defaultRouteTable'
+            id: '${vHubResourceId}/hubRouteTables/defaultRouteTable'
           }
           propagatedRouteTables: {
             ids: [
               {
-                id: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-x-001/hubRouteTables/defaultRouteTable'
+                id: '${vHubResourceId}/hubRouteTables/defaultRouteTable'
               }
             ]
             labels: [
@@ -302,10 +259,10 @@ module vpnGateways './Microsoft.Network/vpnGateways/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-vpngw-x-001"
+      "value": "<<namePrefix>>nvgdef001"
     },
     "virtualHubResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-x-001"
+      "value": "<virtualHubResourceId>"
     },
     // Non-required parameters
     "bgpSettings": {
@@ -320,15 +277,15 @@ module vpnGateways './Microsoft.Network/vpnGateways/deploy.bicep' = {
           "connectionBandwidth": 10,
           "enableBgp": true,
           "name": "Connection-<<namePrefix>>-az-vsite-x-001",
-          "remoteVpnSiteResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/vpnSites/<<namePrefix>>-az-vsite-x-001",
+          "remoteVpnSiteResourceId": "<remoteVpnSiteResourceId>",
           "routingConfiguration": {
             "associatedRouteTable": {
-              "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-x-001/hubRouteTables/defaultRouteTable"
+              "id": "${vHubResourceId}/hubRouteTables/defaultRouteTable"
             },
             "propagatedRouteTables": {
               "ids": [
                 {
-                  "id": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<<namePrefix>>-az-vhub-x-001/hubRouteTables/defaultRouteTable"
+                  "id": "${vHubResourceId}/hubRouteTables/defaultRouteTable"
                 }
               ],
               "labels": [
@@ -370,3 +327,46 @@ module vpnGateways './Microsoft.Network/vpnGateways/deploy.bicep' = {
 
 </details>
 <p>
+
+<h3>Example 2: Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module vpnGateways './Microsoft.Network/vpnGateways/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-nvgmin'
+  params: {
+    // Required parameters
+    name: '<<namePrefix>>nvgmin001'
+    virtualHubResourceId: '<virtualHubResourceId>'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "name": {
+      "value": "<<namePrefix>>nvgmin001"
+    },
+    "virtualHubResourceId": {
+      "value": "<virtualHubResourceId>"
+    }
+  }
+}
+```
+
+</details>
+<p>
diff --git a/modules/Microsoft.Network/vpnSites/.test/default/dependencies.bicep b/modules/Microsoft.Network/vpnSites/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..e5728278c1
--- /dev/null
+++ b/modules/Microsoft.Network/vpnSites/.test/default/dependencies.bicep
@@ -0,0 +1,24 @@
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the virtual WAN to create.')
+param virtualWANName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+resource virtualWan 'Microsoft.Network/virtualWans@2021-05-01' = {
+  name: virtualWANName
+  location: location
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Virtual WAN')
+output virtualWWANResourceId string = virtualWan.id
diff --git a/modules/Microsoft.Network/vpnSites/.test/default/deploy.test.bicep b/modules/Microsoft.Network/vpnSites/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..0905f49105
--- /dev/null
+++ b/modules/Microsoft.Network/vpnSites/.test/default/deploy.test.bicep
@@ -0,0 +1,100 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.network.vpnSites-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'nvsidef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    virtualWANName: 'dep-<<namePrefix>>-vw-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>-${serviceShort}'
+    virtualWanId: resourceGroupResources.outputs.virtualWWANResourceId
+    lock: 'CanNotDelete'
+    tags: {
+      tagA: 'valueA'
+      tagB: 'valueB'
+    }
+    deviceProperties: {
+      linkSpeedInMbps: 0
+    }
+    vpnSiteLinks: [
+      {
+        name: '<<namePrefix>>-vSite-${serviceShort}'
+        properties: {
+          bgpProperties: {
+            asn: 65010
+            bgpPeeringAddress: '1.1.1.1'
+          }
+          ipAddress: '1.2.3.4'
+          linkProperties: {
+            linkProviderName: 'contoso'
+            linkSpeedInMbps: 5
+          }
+        }
+      }
+      {
+        name: 'Link1'
+        properties: {
+          bgpProperties: {
+            asn: 65020
+            bgpPeeringAddress: '192.168.1.0'
+          }
+          ipAddress: '2.2.2.2'
+          linkProperties: {
+            linkProviderName: 'contoso'
+            linkSpeedInMbps: 5
+          }
+        }
+      }
+    ]
+    o365Policy: {
+      breakOutCategories: {
+        optimize: true
+        allow: true
+        default: true
+      }
+    }
+    roleAssignments: [
+      {
+        roleDefinitionIdOrName: 'Reader'
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+      }
+    ]
+  }
+}
diff --git a/modules/Microsoft.Network/vpnSites/.test/min.parameters.json b/modules/Microsoft.Network/vpnSites/.test/min.parameters.json
deleted file mode 100644
index 24791e0339..0000000000
--- a/modules/Microsoft.Network/vpnSites/.test/min.parameters.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-vSite-min-001"
-        },
-        "addressPrefixes": {
-            "value": [
-                "10.0.0.0/16"
-            ]
-        },
-        "ipAddress": {
-            "value": "1.2.3.4"
-        },
-        "virtualWanId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<<namePrefix>>-az-vw-x-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.Network/vpnSites/.test/min/dependencies.bicep b/modules/Microsoft.Network/vpnSites/.test/min/dependencies.bicep
new file mode 100644
index 0000000000..33c8d7907d
--- /dev/null
+++ b/modules/Microsoft.Network/vpnSites/.test/min/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Required. The name of the virtual WAN to create.')
+param virtualWANName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource virtualWan 'Microsoft.Network/virtualWans@2021-05-01' = {
+  name: virtualWANName
+  location: location
+}
+
+@description('The resource ID of the created Virtual WAN')
+output virtualWWANResourceId string = virtualWan.id
diff --git a/modules/Microsoft.Network/vpnSites/.test/min/deploy.test.bicep b/modules/Microsoft.Network/vpnSites/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..0d461f2a9d
--- /dev/null
+++ b/modules/Microsoft.Network/vpnSites/.test/min/deploy.test.bicep
@@ -0,0 +1,50 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.network.vpnSites-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'nvsimin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+  params: {
+    virtualWANName: 'dep-<<namePrefix>>-vw-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>-${serviceShort}'
+    virtualWanId: resourceGroupResources.outputs.virtualWWANResourceId
+    addressPrefixes: [
+      '10.0.0.0/16'
+    ]
+    ipAddress: '1.2.3.4'
+  }
+}
diff --git a/modules/Microsoft.Network/vpnSites/.test/parameters.json b/modules/Microsoft.Network/vpnSites/.test/parameters.json
deleted file mode 100644
index 94c534c5e4..0000000000
--- a/modules/Microsoft.Network/vpnSites/.test/parameters.json
+++ /dev/null
@@ -1,77 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-vSite-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "tags": {
-            "value": {
-                "tagA": "valueA",
-                "tagB": "valueB"
-            }
-        },
-        "deviceProperties": {
-            "value": {
-                "linkSpeedInMbps": 0
-            }
-        },
-        "virtualWanId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<<namePrefix>>-az-vw-x-001"
-        },
-        "vpnSiteLinks": {
-            "value": [
-                {
-                    "name": "<<namePrefix>>-az-vSite-x-001",
-                    "properties": {
-                        "bgpProperties": {
-                            "asn": 65010,
-                            "bgpPeeringAddress": "1.1.1.1"
-                        },
-                        "ipAddress": "1.2.3.4",
-                        "linkProperties": {
-                            "linkProviderName": "contoso",
-                            "linkSpeedInMbps": 5
-                        }
-                    }
-                },
-                {
-                    "name": "Link1",
-                    "properties": {
-                        "bgpProperties": {
-                            "asn": 65020,
-                            "bgpPeeringAddress": "192.168.1.0"
-                        },
-                        "ipAddress": "2.2.2.2",
-                        "linkProperties": {
-                            "linkProviderName": "contoso",
-                            "linkSpeedInMbps": 5
-                        }
-                    }
-                }
-            ]
-        },
-        "o365Policy": {
-            "value": {
-                "breakOutCategories": {
-                    "optimize": true,
-                    "allow": true,
-                    "default": true
-                }
-            }
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.Network/vpnSites/deploy.bicep b/modules/Microsoft.Network/vpnSites/deploy.bicep
index 980ad072d4..356cdedb15 100644
--- a/modules/Microsoft.Network/vpnSites/deploy.bicep
+++ b/modules/Microsoft.Network/vpnSites/deploy.bicep
@@ -10,10 +10,10 @@ param location string = resourceGroup().location
 @description('Optional. Tags of the resource.')
 param tags object = {}
 
-@description('Optional. An array of IP address ranges that can be used by subnets of the virtual network. Must be provided if no bgpProperties or VPNSiteLinks are configured.')
+@description('Conditional. An array of IP address ranges that can be used by subnets of the virtual network. Required if no bgpProperties or VPNSiteLinks are configured.')
 param addressPrefixes array = []
 
-@description('Optional. BGP settings details. Must be provided if no addressPrefixes or VPNSiteLinks are configured. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead.')
+@description('Conditional. BGP settings details. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. Required if no addressPrefixes or VPNSiteLinks are configured.')
 param bgpProperties object = {}
 
 @description('Optional. List of properties of the device.')
diff --git a/modules/Microsoft.Network/vpnSites/readme.md b/modules/Microsoft.Network/vpnSites/readme.md
index 4adbe8a0be..66975d2489 100644
--- a/modules/Microsoft.Network/vpnSites/readme.md
+++ b/modules/Microsoft.Network/vpnSites/readme.md
@@ -26,11 +26,15 @@ This module deploys a VPN Site.
 | `name` | string | Name of the VPN Site. |
 | `virtualWanId` | string | Resource ID of the virtual WAN to link to. |
 
+**Conditional parameters**
+| Parameter Name | Type | Description |
+| :-- | :-- | :-- |
+| `addressPrefixes` | array | An array of IP address ranges that can be used by subnets of the virtual network. Required if no bgpProperties or VPNSiteLinks are configured. |
+| `bgpProperties` | object | BGP settings details. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. Required if no addressPrefixes or VPNSiteLinks are configured. |
+
 **Optional parameters**
 | Parameter Name | Type | Default Value | Allowed Values | Description |
 | :-- | :-- | :-- | :-- | :-- |
-| `addressPrefixes` | array | `[]` |  | An array of IP address ranges that can be used by subnets of the virtual network. Must be provided if no bgpProperties or VPNSiteLinks are configured. |
-| `bgpProperties` | object | `{object}` |  | BGP settings details. Must be provided if no addressPrefixes or VPNSiteLinks are configured. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. |
 | `deviceProperties` | object | `{object}` |  | List of properties of the device. |
 | `enableDefaultTelemetry` | bool | `True` |  | Enable telemetry via the Customer Usage Attribution ID (GUID). |
 | `ipAddress` | string | `''` |  | The IP-address for the VPN-site. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. |
@@ -327,64 +331,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Min</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-vpnSites'
-  params: {
-    // Required parameters
-    name: '<<namePrefix>>-az-vSite-min-001'
-    virtualWanId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<<namePrefix>>-az-vw-x-001'
-    // Non-required parameters
-    addressPrefixes: [
-      '10.0.0.0/16'
-    ]
-    ipAddress: '1.2.3.4'
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "name": {
-      "value": "<<namePrefix>>-az-vSite-min-001"
-    },
-    "virtualWanId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<<namePrefix>>-az-vw-x-001"
-    },
-    // Non-required parameters
-    "addressPrefixes": {
-      "value": [
-        "10.0.0.0/16"
-      ]
-    },
-    "ipAddress": {
-      "value": "1.2.3.4"
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Parameters</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
@@ -392,11 +339,11 @@ module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = {
 
 ```bicep
 module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-vpnSites'
+  name: '${uniqueString(deployment().name)}-test-nvsidef'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-vSite-x-001'
-    virtualWanId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<<namePrefix>>-az-vw-x-001'
+    name: '<<namePrefix>>-nvsidef'
+    virtualWanId: '<virtualWanId>'
     // Non-required parameters
     deviceProperties: {
       linkSpeedInMbps: 0
@@ -412,7 +359,7 @@ module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = {
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -423,7 +370,7 @@ module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = {
     }
     vpnSiteLinks: [
       {
-        name: '<<namePrefix>>-az-vSite-x-001'
+        name: '<<namePrefix>>-vSite-nvsidef'
         properties: {
           bgpProperties: {
             asn: 65010
@@ -469,10 +416,10 @@ module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-vSite-x-001"
+      "value": "<<namePrefix>>-nvsidef"
     },
     "virtualWanId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<<namePrefix>>-az-vw-x-001"
+      "value": "<virtualWanId>"
     },
     // Non-required parameters
     "deviceProperties": {
@@ -496,7 +443,7 @@ module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = {
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -511,7 +458,7 @@ module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = {
     "vpnSiteLinks": {
       "value": [
         {
-          "name": "<<namePrefix>>-az-vSite-x-001",
+          "name": "<<namePrefix>>-vSite-nvsidef",
           "properties": {
             "bgpProperties": {
               "asn": 65010,
@@ -546,3 +493,60 @@ module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = {
 
 </details>
 <p>
+
+<h3>Example 2: Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-nvsimin'
+  params: {
+    // Required parameters
+    name: '<<namePrefix>>-nvsimin'
+    virtualWanId: '<virtualWanId>'
+    // Non-required parameters
+    addressPrefixes: [
+      '10.0.0.0/16'
+    ]
+    ipAddress: '1.2.3.4'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "name": {
+      "value": "<<namePrefix>>-nvsimin"
+    },
+    "virtualWanId": {
+      "value": "<virtualWanId>"
+    },
+    // Non-required parameters
+    "addressPrefixes": {
+      "value": [
+        "10.0.0.0/16"
+      ]
+    },
+    "ipAddress": {
+      "value": "1.2.3.4"
+    }
+  }
+}
+```
+
+</details>
+<p>
diff --git a/modules/Microsoft.Resources/deploymentScripts/.test/cli.parameters.json b/modules/Microsoft.Resources/deploymentScripts/.test/cli.parameters.json
deleted file mode 100644
index e3e775a93d..0000000000
--- a/modules/Microsoft.Resources/deploymentScripts/.test/cli.parameters.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-ds-cli-001"
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "kind": {
-            "value": "AzureCLI"
-        },
-        "azCliVersion": {
-            "value": "2.15.0"
-        },
-        "scriptContent": {
-            "value": "echo \"Hello from inside the script\""
-        },
-        "retentionInterval": {
-            "value": "P1D"
-        },
-        "runOnce": {
-            "value": false
-        },
-        "cleanupPreference": {
-            "value": "Always"
-        },
-        "timeout": {
-            "value": "PT30M"
-        }
-    }
-}
diff --git a/modules/Microsoft.Resources/deploymentScripts/.test/cli/dependencies.bicep b/modules/Microsoft.Resources/deploymentScripts/.test/cli/dependencies.bicep
new file mode 100644
index 0000000000..9e6423c31b
--- /dev/null
+++ b/modules/Microsoft.Resources/deploymentScripts/.test/cli/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The resource ID of the created managed identity')
+output managedIdentityResourceId string = managedIdentity.id
diff --git a/modules/Microsoft.Resources/deploymentScripts/.test/cli/deploy.test.bicep b/modules/Microsoft.Resources/deploymentScripts/.test/cli/deploy.test.bicep
new file mode 100644
index 0000000000..a24368a562
--- /dev/null
+++ b/modules/Microsoft.Resources/deploymentScripts/.test/cli/deploy.test.bicep
@@ -0,0 +1,55 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.resources.deploymentscripts-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'rdscli'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    azCliVersion: '2.15.0'
+    cleanupPreference: 'Always'
+    kind: 'AzureCLI'
+    retentionInterval: 'P1D'
+    runOnce: false
+    scriptContent: 'echo \'Hello from inside the script\''
+    timeout: 'PT30M'
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.Resources/deploymentScripts/.test/ps.parameters.json b/modules/Microsoft.Resources/deploymentScripts/.test/ps.parameters.json
deleted file mode 100644
index accc14b0b0..0000000000
--- a/modules/Microsoft.Resources/deploymentScripts/.test/ps.parameters.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-ds-ps-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "kind": {
-            "value": "AzurePowerShell"
-        },
-        "azPowerShellVersion": {
-            "value": "3.0"
-        },
-        "scriptContent": {
-            "value": "Write-Host 'Running PowerShell from template'"
-        },
-        "retentionInterval": {
-            "value": "P1D"
-        },
-        "runOnce": {
-            "value": false
-        },
-        "cleanupPreference": {
-            "value": "Always"
-        },
-        "timeout": {
-            "value": "PT30M"
-        }
-    }
-}
diff --git a/modules/Microsoft.Resources/deploymentScripts/.test/ps/dependencies.bicep b/modules/Microsoft.Resources/deploymentScripts/.test/ps/dependencies.bicep
new file mode 100644
index 0000000000..9e6423c31b
--- /dev/null
+++ b/modules/Microsoft.Resources/deploymentScripts/.test/ps/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The resource ID of the created managed identity')
+output managedIdentityResourceId string = managedIdentity.id
diff --git a/modules/Microsoft.Resources/deploymentScripts/.test/ps/deploy.test.bicep b/modules/Microsoft.Resources/deploymentScripts/.test/ps/deploy.test.bicep
new file mode 100644
index 0000000000..3d6c4b2ee6
--- /dev/null
+++ b/modules/Microsoft.Resources/deploymentScripts/.test/ps/deploy.test.bicep
@@ -0,0 +1,56 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.resources.deploymentscripts-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'rdsps'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    azPowerShellVersion: '3.0'
+    cleanupPreference: 'Always'
+    kind: 'AzurePowerShell'
+    lock: 'CanNotDelete'
+    retentionInterval: 'P1D'
+    runOnce: false
+    scriptContent: 'Write-Host \'Running PowerShell from template\''
+    timeout: 'PT30M'
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.Resources/deploymentScripts/readme.md b/modules/Microsoft.Resources/deploymentScripts/readme.md
index 76e9181725..0aae74643b 100644
--- a/modules/Microsoft.Resources/deploymentScripts/readme.md
+++ b/modules/Microsoft.Resources/deploymentScripts/readme.md
@@ -157,11 +157,11 @@ The following module usage examples are retrieved from the content of the files
 <summary>via Bicep module</summary>
 
 ```bicep
-module deploymentScripts './Microsoft.Resources/deploymentScripts/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-deploymentScripts'
+module Deploymentscripts './Microsoft.Resources/Deploymentscripts/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-rdscli'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-ds-cli-001'
+    name: '<<namePrefix>>rdscli001'
     // Non-required parameters
     azCliVersion: '2.15.0'
     cleanupPreference: 'Always'
@@ -171,7 +171,7 @@ module deploymentScripts './Microsoft.Resources/deploymentScripts/deploy.bicep'
     scriptContent: 'echo \'Hello from inside the script\''
     timeout: 'PT30M'
     userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+      '<managedIdentityResourceId>': {}
     }
   }
 }
@@ -191,7 +191,7 @@ module deploymentScripts './Microsoft.Resources/deploymentScripts/deploy.bicep'
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-ds-cli-001"
+      "value": "<<namePrefix>>rdscli001"
     },
     // Non-required parameters
     "azCliVersion": {
@@ -217,7 +217,7 @@ module deploymentScripts './Microsoft.Resources/deploymentScripts/deploy.bicep'
     },
     "userAssignedIdentities": {
       "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+        "<managedIdentityResourceId>": {}
       }
     }
   }
@@ -234,11 +234,11 @@ module deploymentScripts './Microsoft.Resources/deploymentScripts/deploy.bicep'
 <summary>via Bicep module</summary>
 
 ```bicep
-module deploymentScripts './Microsoft.Resources/deploymentScripts/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-deploymentScripts'
+module Deploymentscripts './Microsoft.Resources/Deploymentscripts/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-rdsps'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-ds-ps-001'
+    name: '<<namePrefix>>rdsps001'
     // Non-required parameters
     azPowerShellVersion: '3.0'
     cleanupPreference: 'Always'
@@ -246,10 +246,10 @@ module deploymentScripts './Microsoft.Resources/deploymentScripts/deploy.bicep'
     lock: 'CanNotDelete'
     retentionInterval: 'P1D'
     runOnce: false
-    scriptContent: 'Write-Host 'Running PowerShell from template''
+    scriptContent: 'Write-Host \'Running PowerShell from template\''
     timeout: 'PT30M'
     userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+      '<managedIdentityResourceId>': {}
     }
   }
 }
@@ -269,7 +269,7 @@ module deploymentScripts './Microsoft.Resources/deploymentScripts/deploy.bicep'
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-ds-ps-001"
+      "value": "<<namePrefix>>rdsps001"
     },
     // Non-required parameters
     "azPowerShellVersion": {
@@ -291,14 +291,14 @@ module deploymentScripts './Microsoft.Resources/deploymentScripts/deploy.bicep'
       "value": false
     },
     "scriptContent": {
-      "value": "Write-Host 'Running PowerShell from template'"
+      "value": "Write-Host \"Running PowerShell from template\""
     },
     "timeout": {
       "value": "PT30M"
     },
     "userAssignedIdentities": {
       "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+        "<managedIdentityResourceId>": {}
       }
     }
   }
diff --git a/modules/Microsoft.Sql/servers/.test/admin.parameters.json b/modules/Microsoft.Sql/servers/.test/admin.parameters.json
deleted file mode 100644
index eadb38deec..0000000000
--- a/modules/Microsoft.Sql/servers/.test/admin.parameters.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-sqlsrv-admin-001"
-        },
-        "administrators": {
-            "value": {
-                "azureADOnlyAuthentication": true,
-                "login": "myspn",
-                "sid": "<<deploymentSpId>>",
-                "principalType": "Application",
-                "tenantId": "<<tenantId>>"
-            }
-        }
-    }
-}
diff --git a/modules/Microsoft.Sql/servers/.test/admin/dependencies.bicep b/modules/Microsoft.Sql/servers/.test/admin/dependencies.bicep
new file mode 100644
index 0000000000..bfae36a05d
--- /dev/null
+++ b/modules/Microsoft.Sql/servers/.test/admin/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/Microsoft.Sql/servers/.test/admin/deploy.test.bicep b/modules/Microsoft.Sql/servers/.test/admin/deploy.test.bicep
new file mode 100644
index 0000000000..fc4def4223
--- /dev/null
+++ b/modules/Microsoft.Sql/servers/.test/admin/deploy.test.bicep
@@ -0,0 +1,52 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.sql.servers-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'sqlsadmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>-${serviceShort}'
+    administrators: {
+      azureADOnlyAuthentication: true
+      login: 'myspn'
+      sid: resourceGroupResources.outputs.managedIdentityPrincipalId
+      principalType: 'Application'
+      tenantId: tenant().tenantId
+    }
+  }
+}
diff --git a/modules/Microsoft.Sql/servers/.test/default/dependencies.bicep b/modules/Microsoft.Sql/servers/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..f3d82c030c
--- /dev/null
+++ b/modules/Microsoft.Sql/servers/.test/default/dependencies.bicep
@@ -0,0 +1,43 @@
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+resource vnet 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+  name: virtualNetworkName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/16'
+      ]
+    }
+    subnets: [
+      {
+        name: 'sxx-subnet-pe-01'
+        properties: {
+
+          addressPrefix: '10.0.0.0/24'
+        }
+      }
+    ]
+  }
+}
+
+@description('The principal ID of the created managed identity')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created managed identity')
+output managedIdentitResourceId string = managedIdentity.id
+
+@description('The resource ID of the created virtual network subnet')
+output privateEndpointSubnetResourceId string = vnet.properties.subnets[0].id
diff --git a/modules/Microsoft.Sql/servers/.test/default/deploy.test.bicep b/modules/Microsoft.Sql/servers/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..54b48b8247
--- /dev/null
+++ b/modules/Microsoft.Sql/servers/.test/default/deploy.test.bicep
@@ -0,0 +1,129 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(80)
+param resourceGroupName string = 'ms.sql.servers-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'sqlsdef'
+
+@description('Optional. The password to leverage for the login.')
+@secure()
+param password string = newGuid()
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    virtualNetworkName: 'adp-<<namePrefix>>-vnet-${serviceShort}'
+    location: location
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>azsa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>-${serviceShort}'
+    lock: 'CanNotDelete'
+    administratorLogin: 'adminUserName'
+    administratorLoginPassword: password
+    location: location
+    minimalTlsVersion: '1.2'
+    roleAssignments: [
+      {
+        roleDefinitionIdOrName: 'Reader'
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+      }
+    ]
+    vulnerabilityAssessmentsObj: {
+      name: 'default'
+      emailSubscriptionAdmins: true
+      recurringScansIsEnabled: true
+      recurringScansEmails: [
+        'test1@contoso.com'
+        'test2@contoso.com'
+      ]
+      vulnerabilityAssessmentsStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    }
+    databases: [
+      {
+        name: '<<namePrefix>>-${serviceShort}db-001'
+        collation: 'SQL_Latin1_General_CP1_CI_AS'
+        skuTier: 'BusinessCritical'
+        skuName: 'BC_Gen5'
+        skuCapacity: 12
+        skuFamily: 'Gen5'
+        maxSizeBytes: 34359738368
+        licenseType: 'LicenseIncluded'
+        diagnosticLogsRetentionInDays: 7
+        diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+        diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+        diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+        diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+      }
+    ]
+    firewallRules: [
+      {
+        name: 'AllowAllWindowsAzureIps'
+        endIpAddress: '0.0.0.0'
+        startIpAddress: '0.0.0.0'
+      }
+    ]
+    securityAlertPolicies: [
+      {
+        name: 'Default'
+        state: 'Enabled'
+        emailAccountAdmins: true
+      }
+    ]
+    systemAssignedIdentity: true
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentitResourceId}': {}
+    }
+    privateEndpoints: [
+      {
+        subnetResourceId: resourceGroupResources.outputs.privateEndpointSubnetResourceId
+        service: 'sqlServer'
+      }
+    ]
+  }
+}
diff --git a/modules/Microsoft.Sql/servers/.test/parameters.json b/modules/Microsoft.Sql/servers/.test/parameters.json
deleted file mode 100644
index 77c3d9b4f1..0000000000
--- a/modules/Microsoft.Sql/servers/.test/parameters.json
+++ /dev/null
@@ -1,104 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-sqlsrv-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "administratorLogin": {
-            "value": "adminUserName"
-        },
-        "administratorLoginPassword": {
-            "reference": {
-                "keyVault": {
-                    "id": "/subscriptions/<<subscriptionId>>/resourceGroups/<<resourceGroupName>>/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-                },
-                "secretName": "administratorLoginPassword"
-            }
-        },
-        "location": {
-            "value": "westeurope"
-        },
-        "minimalTlsVersion": {
-            "value": "1.2"
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "vulnerabilityAssessmentsObj": {
-            "value": {
-                "name": "default",
-                "emailSubscriptionAdmins": true,
-                "recurringScansIsEnabled": true,
-                "recurringScansEmails": [
-                    "test1@contoso.com",
-                    "test2@contoso.com"
-                ],
-                "vulnerabilityAssessmentsStorageAccountId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-            }
-        },
-        "databases": {
-            "value": [
-                {
-                    "name": "<<namePrefix>>-az-sqldb-x-001",
-                    "collation": "SQL_Latin1_General_CP1_CI_AS",
-                    "skuTier": "BusinessCritical",
-                    "skuName": "BC_Gen5",
-                    "skuCapacity": 12,
-                    "skuFamily": "Gen5",
-                    "maxSizeBytes": 34359738368,
-                    "licenseType": "LicenseIncluded",
-                    "diagnosticLogsRetentionInDays": 7,
-                    "diagnosticStorageAccountId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001",
-                    "diagnosticWorkspaceId": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001",
-                    "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey",
-                    "diagnosticEventHubName": "adp-<<namePrefix>>-az-evh-x-001"
-                }
-            ]
-        },
-        "firewallRules": {
-            "value": [
-                {
-                    "name": "AllowAllWindowsAzureIps",
-                    "endIpAddress": "0.0.0.0",
-                    "startIpAddress": "0.0.0.0"
-                }
-            ]
-        },
-        "securityAlertPolicies": {
-            "value": [
-                {
-                    "name": "Default",
-                    "state": "Enabled",
-                    "emailAccountAdmins": true
-                }
-            ]
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "sqlServer"
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.Sql/servers/databases/deploy.bicep b/modules/Microsoft.Sql/servers/databases/deploy.bicep
index 917978fd6c..ea106dd350 100644
--- a/modules/Microsoft.Sql/servers/databases/deploy.bicep
+++ b/modules/Microsoft.Sql/servers/databases/deploy.bicep
@@ -178,11 +178,11 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
   }
 }
 
-resource server 'Microsoft.Sql/servers@2021-05-01-preview' existing = {
+resource server 'Microsoft.Sql/servers@2022-02-01-preview' existing = {
   name: serverName
 }
 
-resource database 'Microsoft.Sql/servers/databases@2021-02-01-preview' = {
+resource database 'Microsoft.Sql/servers/databases@2022-02-01-preview' = {
   name: name
   parent: server
   location: location
diff --git a/modules/Microsoft.Sql/servers/databases/readme.md b/modules/Microsoft.Sql/servers/databases/readme.md
index c67ee77e6a..a5de6b7b7b 100644
--- a/modules/Microsoft.Sql/servers/databases/readme.md
+++ b/modules/Microsoft.Sql/servers/databases/readme.md
@@ -14,7 +14,7 @@ This module deploys an Azure SQL Server.
 | Resource Type | API Version |
 | :-- | :-- |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
-| `Microsoft.Sql/servers/databases` | [2021-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/servers/databases) |
+| `Microsoft.Sql/servers/databases` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/servers/databases) |
 
 ## Parameters
 
diff --git a/modules/Microsoft.Sql/servers/deploy.bicep b/modules/Microsoft.Sql/servers/deploy.bicep
index cc0a4b8a4e..5ac081f141 100644
--- a/modules/Microsoft.Sql/servers/deploy.bicep
+++ b/modules/Microsoft.Sql/servers/deploy.bicep
@@ -81,7 +81,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
   }
 }
 
-resource server 'Microsoft.Sql/servers@2021-05-01-preview' = {
+resource server 'Microsoft.Sql/servers@2022-02-01-preview' = {
   location: location
   name: name
   tags: tags
diff --git a/modules/Microsoft.Sql/servers/firewallRules/deploy.bicep b/modules/Microsoft.Sql/servers/firewallRules/deploy.bicep
index 2ca51b8545..89ae71203a 100644
--- a/modules/Microsoft.Sql/servers/firewallRules/deploy.bicep
+++ b/modules/Microsoft.Sql/servers/firewallRules/deploy.bicep
@@ -25,11 +25,11 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
   }
 }
 
-resource server 'Microsoft.Sql/servers@2021-05-01-preview' existing = {
+resource server 'Microsoft.Sql/servers@2022-02-01-preview' existing = {
   name: serverName
 }
 
-resource firewallRule 'Microsoft.Sql/servers/firewallRules@2021-05-01-preview' = {
+resource firewallRule 'Microsoft.Sql/servers/firewallRules@2022-02-01-preview' = {
   name: name
   parent: server
   properties: {
diff --git a/modules/Microsoft.Sql/servers/firewallRules/readme.md b/modules/Microsoft.Sql/servers/firewallRules/readme.md
index d6cbe3fac1..d5564bac88 100644
--- a/modules/Microsoft.Sql/servers/firewallRules/readme.md
+++ b/modules/Microsoft.Sql/servers/firewallRules/readme.md
@@ -13,7 +13,7 @@ This module deploys an SQL Server Firewall rule.
 
 | Resource Type | API Version |
 | :-- | :-- |
-| `Microsoft.Sql/servers/firewallRules` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers/firewallRules) |
+| `Microsoft.Sql/servers/firewallRules` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/servers/firewallRules) |
 
 ## Parameters
 
diff --git a/modules/Microsoft.Sql/servers/readme.md b/modules/Microsoft.Sql/servers/readme.md
index 6cbdc40909..cedd830418 100644
--- a/modules/Microsoft.Sql/servers/readme.md
+++ b/modules/Microsoft.Sql/servers/readme.md
@@ -19,11 +19,11 @@ This module deploys a SQL server.
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
 | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) |
 | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints/privateDnsZoneGroups) |
-| `Microsoft.Sql/servers` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers) |
-| `Microsoft.Sql/servers/databases` | [2021-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/servers/databases) |
-| `Microsoft.Sql/servers/firewallRules` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers/firewallRules) |
-| `Microsoft.Sql/servers/securityAlertPolicies` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers/securityAlertPolicies) |
-| `Microsoft.Sql/servers/vulnerabilityAssessments` | [2021-11-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-11-01-preview/servers/vulnerabilityAssessments) |
+| `Microsoft.Sql/servers` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/servers) |
+| `Microsoft.Sql/servers/databases` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/servers/databases) |
+| `Microsoft.Sql/servers/firewallRules` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/servers/firewallRules) |
+| `Microsoft.Sql/servers/securityAlertPolicies` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/servers/securityAlertPolicies) |
+| `Microsoft.Sql/servers/vulnerabilityAssessments` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/servers/vulnerabilityAssessments) |
 
 ## Parameters
 
@@ -343,17 +343,17 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module servers './Microsoft.Sql/servers/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-servers'
+  name: '${uniqueString(deployment().name)}-test-sqlsadmin'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-sqlsrv-admin-001'
+    name: '<<namePrefix>>-sqlsadmin'
     // Non-required parameters
     administrators: {
       azureADOnlyAuthentication: true
       login: 'myspn'
       principalType: 'Application'
-      sid: '<<deploymentSpId>>'
-      tenantId: '<<tenantId>>'
+      sid: '<sid>'
+      tenantId: '<tenantId>'
     }
   }
 }
@@ -373,7 +373,7 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-sqlsrv-admin-001"
+      "value": "<<namePrefix>>-sqlsadmin"
     },
     // Non-required parameters
     "administrators": {
@@ -381,8 +381,8 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = {
         "azureADOnlyAuthentication": true,
         "login": "myspn",
         "principalType": "Application",
-        "sid": "<<deploymentSpId>>",
-        "tenantId": "<<tenantId>>"
+        "sid": "<sid>",
+        "tenantId": "<tenantId>"
       }
     }
   }
@@ -392,37 +392,32 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = {
 </details>
 <p>
 
-<h3>Example 2: Parameters</h3>
+<h3>Example 2: Default</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
-  name: 'adp-<<namePrefix>>-az-kv-x-001'
-  scope: resourceGroup('<<subscriptionId>>','<<resourceGroupName>>')
-}
-
 module servers './Microsoft.Sql/servers/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-servers'
+  name: '${uniqueString(deployment().name)}-test-sqlsdef'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-sqlsrv-x-001'
+    name: '<<namePrefix>>-sqlsdef'
     // Non-required parameters
     administratorLogin: 'adminUserName'
-    administratorLoginPassword: kv1.getSecret('administratorLoginPassword')
+    administratorLoginPassword: '<administratorLoginPassword>'
     databases: [
       {
         collation: 'SQL_Latin1_General_CP1_CI_AS'
-        diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-        diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+        diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+        diagnosticEventHubName: '<diagnosticEventHubName>'
         diagnosticLogsRetentionInDays: 7
-        diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-        diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+        diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+        diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
         licenseType: 'LicenseIncluded'
         maxSizeBytes: 34359738368
-        name: '<<namePrefix>>-az-sqldb-x-001'
+        name: '<<namePrefix>>-sqlsdefdb-001'
         skuCapacity: 12
         skuFamily: 'Gen5'
         skuName: 'BC_Gen5'
@@ -436,19 +431,19 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = {
         startIpAddress: '0.0.0.0'
       }
     ]
-    location: 'westeurope'
+    location: '<location>'
     lock: 'CanNotDelete'
     minimalTlsVersion: '1.2'
     privateEndpoints: [
       {
         service: 'sqlServer'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
+        subnetResourceId: '<subnetResourceId>'
       }
     ]
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -462,7 +457,7 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = {
     ]
     systemAssignedIdentity: true
     userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+      '<managedIdentitResourceId>': {}
     }
     vulnerabilityAssessmentsObj: {
       emailSubscriptionAdmins: true
@@ -472,7 +467,7 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = {
         'test2@contoso.com'
       ]
       recurringScansIsEnabled: true
-      vulnerabilityAssessmentsStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
+      vulnerabilityAssessmentsStorageAccountId: '<vulnerabilityAssessmentsStorageAccountId>'
     }
   }
 }
@@ -492,32 +487,27 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-sqlsrv-x-001"
+      "value": "<<namePrefix>>-sqlsdef"
     },
     // Non-required parameters
     "administratorLogin": {
       "value": "adminUserName"
     },
     "administratorLoginPassword": {
-      "reference": {
-        "keyVault": {
-          "id": "/subscriptions/<<subscriptionId>>/resourceGroups/<<resourceGroupName>>/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-        },
-        "secretName": "administratorLoginPassword"
-      }
+      "value": "<administratorLoginPassword>"
     },
     "databases": {
       "value": [
         {
           "collation": "SQL_Latin1_General_CP1_CI_AS",
-          "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey",
-          "diagnosticEventHubName": "adp-<<namePrefix>>-az-evh-x-001",
+          "diagnosticEventHubAuthorizationRuleId": "<diagnosticEventHubAuthorizationRuleId>",
+          "diagnosticEventHubName": "<diagnosticEventHubName>",
           "diagnosticLogsRetentionInDays": 7,
-          "diagnosticStorageAccountId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001",
-          "diagnosticWorkspaceId": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001",
+          "diagnosticStorageAccountId": "<diagnosticStorageAccountId>",
+          "diagnosticWorkspaceId": "<diagnosticWorkspaceId>",
           "licenseType": "LicenseIncluded",
           "maxSizeBytes": 34359738368,
-          "name": "<<namePrefix>>-az-sqldb-x-001",
+          "name": "<<namePrefix>>-sqlsdefdb-001",
           "skuCapacity": 12,
           "skuFamily": "Gen5",
           "skuName": "BC_Gen5",
@@ -535,7 +525,7 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = {
       ]
     },
     "location": {
-      "value": "westeurope"
+      "value": "<location>"
     },
     "lock": {
       "value": "CanNotDelete"
@@ -547,7 +537,7 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = {
       "value": [
         {
           "service": "sqlServer",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints"
+          "subnetResourceId": "<subnetResourceId>"
         }
       ]
     },
@@ -555,7 +545,7 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = {
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -575,7 +565,7 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = {
     },
     "userAssignedIdentities": {
       "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+        "<managedIdentitResourceId>": {}
       }
     },
     "vulnerabilityAssessmentsObj": {
@@ -587,7 +577,7 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = {
           "test2@contoso.com"
         ],
         "recurringScansIsEnabled": true,
-        "vulnerabilityAssessmentsStorageAccountId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+        "vulnerabilityAssessmentsStorageAccountId": "<vulnerabilityAssessmentsStorageAccountId>"
       }
     }
   }
diff --git a/modules/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep b/modules/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep
index 7800a6c409..3115a9751e 100644
--- a/modules/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep
+++ b/modules/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep
@@ -45,11 +45,11 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
   }
 }
 
-resource server 'Microsoft.Sql/servers@2021-05-01-preview' existing = {
+resource server 'Microsoft.Sql/servers@2022-02-01-preview' existing = {
   name: serverName
 }
 
-resource securityAlertPolicy 'Microsoft.Sql/servers/securityAlertPolicies@2021-05-01-preview' = {
+resource securityAlertPolicy 'Microsoft.Sql/servers/securityAlertPolicies@2022-02-01-preview' = {
   name: name
   parent: server
   properties: {
diff --git a/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md b/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md
index e68f3c8d39..60cb233bc8 100644
--- a/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md
+++ b/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md
@@ -13,7 +13,7 @@ This module deploys an SQL Server Security Alert Policy.
 
 | Resource Type | API Version |
 | :-- | :-- |
-| `Microsoft.Sql/servers/securityAlertPolicies` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers/securityAlertPolicies) |
+| `Microsoft.Sql/servers/securityAlertPolicies` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/servers/securityAlertPolicies) |
 
 ## Parameters
 
diff --git a/modules/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep b/modules/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep
index 777f905259..89a0f5ffba 100644
--- a/modules/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep
+++ b/modules/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep
@@ -31,11 +31,11 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
   }
 }
 
-resource server 'Microsoft.Sql/servers@2021-05-01-preview' existing = {
+resource server 'Microsoft.Sql/servers@2022-02-01-preview' existing = {
   name: serverName
 }
 
-resource vulnerabilityAssessment 'Microsoft.Sql/servers/vulnerabilityAssessments@2021-11-01-preview' = {
+resource vulnerabilityAssessment 'Microsoft.Sql/servers/vulnerabilityAssessments@2022-02-01-preview' = {
   name: name
   parent: server
   properties: {
diff --git a/modules/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md b/modules/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md
index 8b8cf7eed5..f48d00123c 100644
--- a/modules/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md
+++ b/modules/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md
@@ -13,7 +13,7 @@ This module deploys a vulnerability assessment for a SQL server.
 
 | Resource Type | API Version |
 | :-- | :-- |
-| `Microsoft.Sql/servers/vulnerabilityAssessments` | [2021-11-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-11-01-preview/servers/vulnerabilityAssessments) |
+| `Microsoft.Sql/servers/vulnerabilityAssessments` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2022-02-01-preview/servers/vulnerabilityAssessments) |
 
 ## Parameters
 
diff --git a/modules/Microsoft.Web/sites/.test/fa.min.parameters.json b/modules/Microsoft.Web/sites/.test/fa.min.parameters.json
deleted file mode 100644
index 0d4b5e85fb..0000000000
--- a/modules/Microsoft.Web/sites/.test/fa.min.parameters.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-fa-min-001"
-        },
-        "kind": {
-            "value": "functionapp"
-        },
-        "serverFarmResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<<namePrefix>>-az-asp-x-001"
-        },
-        "siteConfig": {
-            "value": {
-                "alwaysOn": true
-            }
-        }
-    }
-}
diff --git a/modules/Microsoft.Web/sites/.test/fa.min/dependencies.bicep b/modules/Microsoft.Web/sites/.test/fa.min/dependencies.bicep
new file mode 100644
index 0000000000..cd93e7ed3f
--- /dev/null
+++ b/modules/Microsoft.Web/sites/.test/fa.min/dependencies.bicep
@@ -0,0 +1,21 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Server Farm to create.')
+param serverFarmName string
+
+resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = {
+    name: serverFarmName
+    location: location
+    sku: {
+        name: 'S1'
+        tier: 'Standard'
+        size: 'S1'
+        family: 'S'
+        capacity: 1
+    }
+    properties: {}
+}
+
+@description('The resource ID of the created Server Farm.')
+output serverFarmResourceId string = serverFarm.id
diff --git a/modules/Microsoft.Web/sites/.test/fa.min/deploy.test.bicep b/modules/Microsoft.Web/sites/.test/fa.min/deploy.test.bicep
new file mode 100644
index 0000000000..b9412d749a
--- /dev/null
+++ b/modules/Microsoft.Web/sites/.test/fa.min/deploy.test.bicep
@@ -0,0 +1,50 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.web.sites-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'wsfamin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    serverFarmName: 'dep-<<namePrefix>>-sf-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    kind: 'functionapp'
+    serverFarmResourceId: resourceGroupResources.outputs.serverFarmResourceId
+    siteConfig: {
+      alwaysOn: true
+    }
+  }
+}
diff --git a/modules/Microsoft.Web/sites/.test/fa.parameters.json b/modules/Microsoft.Web/sites/.test/fa.parameters.json
deleted file mode 100644
index e67fc9f53e..0000000000
--- a/modules/Microsoft.Web/sites/.test/fa.parameters.json
+++ /dev/null
@@ -1,146 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-fa-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "kind": {
-            "value": "functionapp"
-        },
-        "serverFarmResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<<namePrefix>>-az-asp-x-001"
-        },
-        "siteConfig": {
-            "value": {
-                "alwaysOn": true,
-                "use32BitWorkerProcess": false
-            }
-        },
-        "appInsightId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001"
-        },
-        "storageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "setAzureWebJobsDashboard": {
-            "value": true
-        },
-        "appSettingsKeyValuePairs": {
-            "value": {
-                "FUNCTIONS_EXTENSION_VERSION": "~4",
-                "FUNCTIONS_WORKER_RUNTIME": "dotnet",
-                "AzureFunctionsJobHost__logging__logLevel__default": "Trace",
-                "EASYAUTH_SECRET": "https://adp-<<namePrefix>>-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password"
-            }
-        },
-        "authSettingV2Configuration": {
-            "value": {
-                "globalValidation": {
-                    "requireAuthentication": true,
-                    "unauthenticatedClientAction": "Return401"
-                },
-                "httpSettings": {
-                    "forwardProxy": {
-                        "convention": "NoProxy"
-                    },
-                    "requireHttps": true,
-                    "routes": {
-                        "apiPrefix": "/.auth"
-                    }
-                },
-                "identityProviders": {
-                    "azureActiveDirectory": {
-                        "enabled": true,
-                        "login": {
-                            "disableWWWAuthenticate": false
-                        },
-                        "registration": {
-                            "openIdIssuer": "https://sts.windows.net/<<tenantId>>/v2.0/",
-                            "clientId": "d874dd2f-2032-4db1-a053-f0ec243685aa",
-                            "clientSecretSettingName": "EASYAUTH_SECRET"
-                        },
-                        "validation": {
-                            "allowedAudiences": [
-                                "api://d874dd2f-2032-4db1-a053-f0ec243685aa"
-                            ],
-                            "defaultAuthorizationPolicy": {
-                                "allowedPrincipals": {}
-                            },
-                            "jwtClaimChecks": {}
-                        }
-                    }
-                },
-                "login": {
-                    "allowedExternalRedirectUrls": [
-                        "string"
-                    ],
-                    "cookieExpiration": {
-                        "convention": "FixedTime",
-                        "timeToExpiration": "08:00:00"
-                    },
-                    "nonce": {
-                        "nonceExpirationInterval": "00:05:00",
-                        "validateNonce": true
-                    },
-                    "preserveUrlFragmentsForLogins": false,
-                    "routes": {},
-                    "tokenStore": {
-                        "azureBlobStorage": {},
-                        "enabled": true,
-                        "fileSystem": {},
-                        "tokenRefreshExtensionHours": 72
-                    }
-                },
-                "platform": {
-                    "enabled": true,
-                    "runtimeVersion": "~1"
-                }
-            }
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "sites"
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.Web/sites/.test/fa/dependencies.bicep b/modules/Microsoft.Web/sites/.test/fa/dependencies.bicep
new file mode 100644
index 0000000000..f6c66d1cc3
--- /dev/null
+++ b/modules/Microsoft.Web/sites/.test/fa/dependencies.bicep
@@ -0,0 +1,90 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Server Farm to create.')
+param serverFarmName string
+
+@description('Required. The name of the Storage Account to create.')
+param storageAccountName string
+
+@description('Required. The name of the Application Insights instance to create.')
+param applicationInsightsName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+    name: storageAccountName
+    location: location
+    sku: {
+        name: 'Standard_LRS'
+    }
+    kind: 'StorageV2'
+    properties: {}
+}
+
+resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = {
+    name: serverFarmName
+    location: location
+    sku: {
+        name: 'S1'
+        tier: 'Standard'
+        size: 'S1'
+        family: 'S'
+        capacity: 1
+    }
+    properties: {}
+}
+
+resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
+    name: applicationInsightsName
+    location: location
+    kind: ''
+    properties: {}
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The resource ID of the created Server Farm.')
+output serverFarmResourceId string = serverFarm.id
+
+@description('The resource ID of the created Storage Account.')
+output storageAccountResourceId string = storageAccount.id
+
+@description('The resource ID of the created Application Insights instance.')
+output applicationInsightsResourceId string = applicationInsights.id
diff --git a/modules/Microsoft.Web/sites/.test/fa/deploy.test.bicep b/modules/Microsoft.Web/sites/.test/fa/deploy.test.bicep
new file mode 100644
index 0000000000..074bd41d29
--- /dev/null
+++ b/modules/Microsoft.Web/sites/.test/fa/deploy.test.bicep
@@ -0,0 +1,164 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.web.sites-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'wsfa'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    serverFarmName: 'dep-<<namePrefix>>-sf-${serviceShort}'
+    storageAccountName: 'dep<<namePrefix>>st${serviceShort}'
+    applicationInsightsName: 'dep-<<namePrefix>>-appi-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    kind: 'functionapp'
+    serverFarmResourceId: resourceGroupResources.outputs.serverFarmResourceId
+    appInsightId: resourceGroupResources.outputs.applicationInsightsResourceId
+    appSettingsKeyValuePairs: {
+      AzureFunctionsJobHost__logging__logLevel__default: 'Trace'
+      EASYAUTH_SECRET: 'https://adp-<<namePrefix>>-az-kv-x-001.${environment().suffixes.keyvaultDns}/secrets/Modules-Test-SP-Password'
+      FUNCTIONS_EXTENSION_VERSION: '~4'
+      FUNCTIONS_WORKER_RUNTIME: 'dotnet'
+    }
+    authSettingV2Configuration: {
+      globalValidation: {
+        requireAuthentication: true
+        unauthenticatedClientAction: 'Return401'
+      }
+      httpSettings: {
+        forwardProxy: {
+          convention: 'NoProxy'
+        }
+        requireHttps: true
+        routes: {
+          apiPrefix: '/.auth'
+        }
+      }
+      identityProviders: {
+        azureActiveDirectory: {
+          enabled: true
+          login: {
+            disableWWWAuthenticate: false
+          }
+          registration: {
+            clientId: 'd874dd2f-2032-4db1-a053-f0ec243685aa'
+            clientSecretSettingName: 'EASYAUTH_SECRET'
+            openIdIssuer: 'https://sts.windows.net/${tenant().tenantId}/v2.0/'
+          }
+          validation: {
+            allowedAudiences: [
+              'api://d874dd2f-2032-4db1-a053-f0ec243685aa'
+            ]
+            defaultAuthorizationPolicy: {
+              allowedPrincipals: {}
+            }
+            jwtClaimChecks: {}
+          }
+        }
+      }
+      login: {
+        allowedExternalRedirectUrls: [
+          'string'
+        ]
+        cookieExpiration: {
+          convention: 'FixedTime'
+          timeToExpiration: '08:00:00'
+        }
+        nonce: {
+          nonceExpirationInterval: '00:05:00'
+          validateNonce: true
+        }
+        preserveUrlFragmentsForLogins: false
+        routes: {}
+        tokenStore: {
+          azureBlobStorage: {}
+          enabled: true
+          fileSystem: {}
+          tokenRefreshExtensionHours: 72
+        }
+      }
+      platform: {
+        enabled: true
+        runtimeVersion: '~1'
+      }
+    }
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    lock: 'CanNotDelete'
+    privateEndpoints: [
+      {
+        service: 'sites'
+        subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+      }
+    ]
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    setAzureWebJobsDashboard: true
+    siteConfig: {
+      alwaysOn: true
+      use32BitWorkerProcess: false
+    }
+    storageAccountId: resourceGroupResources.outputs.storageAccountResourceId
+    systemAssignedIdentity: true
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.Web/sites/.test/wa.min.parameters.json b/modules/Microsoft.Web/sites/.test/wa.min.parameters.json
deleted file mode 100644
index 588beef102..0000000000
--- a/modules/Microsoft.Web/sites/.test/wa.min.parameters.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-wa-min-001"
-        },
-        "kind": {
-            "value": "app"
-        },
-        "serverFarmResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<<namePrefix>>-az-asp-x-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.Web/sites/.test/wa.min/dependencies.bicep b/modules/Microsoft.Web/sites/.test/wa.min/dependencies.bicep
new file mode 100644
index 0000000000..cd93e7ed3f
--- /dev/null
+++ b/modules/Microsoft.Web/sites/.test/wa.min/dependencies.bicep
@@ -0,0 +1,21 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Server Farm to create.')
+param serverFarmName string
+
+resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = {
+    name: serverFarmName
+    location: location
+    sku: {
+        name: 'S1'
+        tier: 'Standard'
+        size: 'S1'
+        family: 'S'
+        capacity: 1
+    }
+    properties: {}
+}
+
+@description('The resource ID of the created Server Farm.')
+output serverFarmResourceId string = serverFarm.id
diff --git a/modules/Microsoft.Web/sites/.test/wa.min/deploy.test.bicep b/modules/Microsoft.Web/sites/.test/wa.min/deploy.test.bicep
new file mode 100644
index 0000000000..493dd8fb6b
--- /dev/null
+++ b/modules/Microsoft.Web/sites/.test/wa.min/deploy.test.bicep
@@ -0,0 +1,47 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.web.sites-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'wswamin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    serverFarmName: 'dep-<<namePrefix>>-sf-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    kind: 'app'
+    serverFarmResourceId: resourceGroupResources.outputs.serverFarmResourceId
+  }
+}
diff --git a/modules/Microsoft.Web/sites/.test/wa.parameters.json b/modules/Microsoft.Web/sites/.test/wa.parameters.json
deleted file mode 100644
index 75ea5f8f00..0000000000
--- a/modules/Microsoft.Web/sites/.test/wa.parameters.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-wa-x-001"
-        },
-        "kind": {
-            "value": "app"
-        },
-        "serverFarmResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<<namePrefix>>-az-asp-x-001"
-        },
-        "siteConfig": {
-            "value": {
-                "metadata": [
-                    {
-                        "name": "CURRENT_STACK",
-                        "value": "dotnetcore"
-                    }
-                ],
-                "alwaysOn": true
-            }
-        },
-        "httpsOnly": {
-            "value": true
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "sites"
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.Web/sites/.test/wa/dependencies.bicep b/modules/Microsoft.Web/sites/.test/wa/dependencies.bicep
new file mode 100644
index 0000000000..4f6316ecb8
--- /dev/null
+++ b/modules/Microsoft.Web/sites/.test/wa/dependencies.bicep
@@ -0,0 +1,61 @@
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Server Farm to create.')
+param serverFarmName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = {
+    name: serverFarmName
+    location: location
+    sku: {
+        name: 'S1'
+        tier: 'Standard'
+        size: 'S1'
+        family: 'S'
+        capacity: 1
+    }
+    properties: {}
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The resource ID of the created Server Farm.')
+output serverFarmResourceId string = serverFarm.id
diff --git a/modules/Microsoft.Web/sites/.test/wa/deploy.test.bicep b/modules/Microsoft.Web/sites/.test/wa/deploy.test.bicep
new file mode 100644
index 0000000000..be12a00a56
--- /dev/null
+++ b/modules/Microsoft.Web/sites/.test/wa/deploy.test.bicep
@@ -0,0 +1,96 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.web.sites-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'wswa'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    serverFarmName: 'dep-<<namePrefix>>-sf-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    kind: 'app'
+    serverFarmResourceId: resourceGroupResources.outputs.serverFarmResourceId
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    httpsOnly: true
+    privateEndpoints: [
+      {
+        service: 'sites'
+        subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+      }
+    ]
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    siteConfig: {
+      alwaysOn: true
+      metadata: [
+        {
+          name: 'CURRENT_STACK'
+          value: 'dotnetcore'
+        }
+      ]
+    }
+    systemAssignedIdentity: true
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.Web/sites/readme.md b/modules/Microsoft.Web/sites/readme.md
index 0778ce52bd..1687dc266f 100644
--- a/modules/Microsoft.Web/sites/readme.md
+++ b/modules/Microsoft.Web/sites/readme.md
@@ -410,82 +410,25 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Fa Min</h3>
+<h3>Example 1: Fa</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module sites './Microsoft.Web/sites/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-sites'
+module Sites './Microsoft.Web/Sites/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-wsfa'
   params: {
     // Required parameters
     kind: 'functionapp'
-    name: '<<namePrefix>>-az-fa-min-001'
-    serverFarmResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<<namePrefix>>-az-asp-x-001'
+    name: '<<namePrefix>>wsfa001'
+    serverFarmResourceId: '<serverFarmResourceId>'
     // Non-required parameters
-    siteConfig: {
-      alwaysOn: true
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "kind": {
-      "value": "functionapp"
-    },
-    "name": {
-      "value": "<<namePrefix>>-az-fa-min-001"
-    },
-    "serverFarmResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<<namePrefix>>-az-asp-x-001"
-    },
-    // Non-required parameters
-    "siteConfig": {
-      "value": {
-        "alwaysOn": true
-      }
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Fa</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module sites './Microsoft.Web/sites/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-sites'
-  params: {
-    // Required parameters
-    kind: 'functionapp'
-    name: '<<namePrefix>>-az-fa-x-001'
-    serverFarmResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<<namePrefix>>-az-asp-x-001'
-    // Non-required parameters
-    appInsightId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001'
+    appInsightId: '<appInsightId>'
     appSettingsKeyValuePairs: {
       AzureFunctionsJobHost__logging__logLevel__default: 'Trace'
-      EASYAUTH_SECRET: 'https://adp-<<namePrefix>>-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password'
+      EASYAUTH_SECRET: 'https://adp-<<namePrefix>>-az-kv-x-001.${environment().suffixes.keyvaultDns}/secrets/Modules-Test-SP-Password'
       FUNCTIONS_EXTENSION_VERSION: '~4'
       FUNCTIONS_WORKER_RUNTIME: 'dotnet'
     }
@@ -512,7 +455,7 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
           registration: {
             clientId: 'd874dd2f-2032-4db1-a053-f0ec243685aa'
             clientSecretSettingName: 'EASYAUTH_SECRET'
-            openIdIssuer: 'https://sts.windows.net/<<tenantId>>/v2.0/'
+            openIdIssuer: 'https://sts.windows.net/${tenant().tenantId}/v2.0/'
           }
           validation: {
             allowedAudiences: [
@@ -551,22 +494,22 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
         runtimeVersion: '~1'
       }
     }
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     lock: 'CanNotDelete'
     privateEndpoints: [
       {
         service: 'sites'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
+        subnetResourceId: '<subnetResourceId>'
       }
     ]
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -576,10 +519,10 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
       alwaysOn: true
       use32BitWorkerProcess: false
     }
-    storageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
+    storageAccountId: '<storageAccountId>'
     systemAssignedIdentity: true
     userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+      '<managedIdentityResourceId>': {}
     }
   }
 }
@@ -602,19 +545,19 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
       "value": "functionapp"
     },
     "name": {
-      "value": "<<namePrefix>>-az-fa-x-001"
+      "value": "<<namePrefix>>wsfa001"
     },
     "serverFarmResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<<namePrefix>>-az-asp-x-001"
+      "value": "<serverFarmResourceId>"
     },
     // Non-required parameters
     "appInsightId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001"
+      "value": "<appInsightId>"
     },
     "appSettingsKeyValuePairs": {
       "value": {
         "AzureFunctionsJobHost__logging__logLevel__default": "Trace",
-        "EASYAUTH_SECRET": "https://adp-<<namePrefix>>-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password",
+        "EASYAUTH_SECRET": "https://adp-<<namePrefix>>-az-kv-x-001.${environment().suffixes.keyvaultDns}/secrets/Modules-Test-SP-Password",
         "FUNCTIONS_EXTENSION_VERSION": "~4",
         "FUNCTIONS_WORKER_RUNTIME": "dotnet"
       }
@@ -643,7 +586,7 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
             "registration": {
               "clientId": "d874dd2f-2032-4db1-a053-f0ec243685aa",
               "clientSecretSettingName": "EASYAUTH_SECRET",
-              "openIdIssuer": "https://sts.windows.net/<<tenantId>>/v2.0/"
+              "openIdIssuer": "https://sts.windows.net/${tenant().tenantId}/v2.0/"
             },
             "validation": {
               "allowedAudiences": [
@@ -684,19 +627,19 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
       }
     },
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "lock": {
       "value": "CanNotDelete"
@@ -705,7 +648,7 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
       "value": [
         {
           "service": "sites",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints"
+          "subnetResourceId": "<subnetResourceId>"
         }
       ]
     },
@@ -713,7 +656,7 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -729,14 +672,14 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
       }
     },
     "storageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<storageAccountId>"
     },
     "systemAssignedIdentity": {
       "value": true
     },
     "userAssignedIdentities": {
       "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+        "<managedIdentityResourceId>": {}
       }
     }
   }
@@ -746,20 +689,24 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
 </details>
 <p>
 
-<h3>Example 3: Wa Min</h3>
+<h3>Example 2: Fa.Min</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module sites './Microsoft.Web/sites/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-sites'
+module Sites './Microsoft.Web/Sites/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-wsfamin'
   params: {
     // Required parameters
-    kind: 'app'
-    name: '<<namePrefix>>-az-wa-min-001'
-    serverFarmResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<<namePrefix>>-az-asp-x-001'
+    kind: 'functionapp'
+    name: '<<namePrefix>>wsfamin001'
+    serverFarmResourceId: '<serverFarmResourceId>'
+    // Non-required parameters
+    siteConfig: {
+      alwaysOn: true
+    }
   }
 }
 ```
@@ -778,13 +725,19 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "kind": {
-      "value": "app"
+      "value": "functionapp"
     },
     "name": {
-      "value": "<<namePrefix>>-az-wa-min-001"
+      "value": "<<namePrefix>>wsfamin001"
     },
     "serverFarmResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<<namePrefix>>-az-asp-x-001"
+      "value": "<serverFarmResourceId>"
+    },
+    // Non-required parameters
+    "siteConfig": {
+      "value": {
+        "alwaysOn": true
+      }
     }
   }
 }
@@ -793,37 +746,37 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
 </details>
 <p>
 
-<h3>Example 4: Wa</h3>
+<h3>Example 3: Wa</h3>
 
 <details>
 
 <summary>via Bicep module</summary>
 
 ```bicep
-module sites './Microsoft.Web/sites/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-sites'
+module Sites './Microsoft.Web/Sites/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-wswa'
   params: {
     // Required parameters
     kind: 'app'
-    name: '<<namePrefix>>-az-wa-x-001'
-    serverFarmResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<<namePrefix>>-az-asp-x-001'
+    name: '<<namePrefix>>wswa001'
+    serverFarmResourceId: '<serverFarmResourceId>'
     // Non-required parameters
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     httpsOnly: true
     privateEndpoints: [
       {
         service: 'sites'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
+        subnetResourceId: '<subnetResourceId>'
       }
     ]
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -839,7 +792,7 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
     }
     systemAssignedIdentity: true
     userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+      '<managedIdentityResourceId>': {}
     }
   }
 }
@@ -862,26 +815,26 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
       "value": "app"
     },
     "name": {
-      "value": "<<namePrefix>>-az-wa-x-001"
+      "value": "<<namePrefix>>wswa001"
     },
     "serverFarmResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<<namePrefix>>-az-asp-x-001"
+      "value": "<serverFarmResourceId>"
     },
     // Non-required parameters
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "httpsOnly": {
       "value": true
@@ -890,7 +843,7 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
       "value": [
         {
           "service": "sites",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints"
+          "subnetResourceId": "<subnetResourceId>"
         }
       ]
     },
@@ -898,7 +851,7 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -920,7 +873,7 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
     },
     "userAssignedIdentities": {
       "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+        "<managedIdentityResourceId>": {}
       }
     }
   }
@@ -929,3 +882,50 @@ module sites './Microsoft.Web/sites/deploy.bicep' = {
 
 </details>
 <p>
+
+<h3>Example 4: Wa.Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module Sites './Microsoft.Web/Sites/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-wswamin'
+  params: {
+    // Required parameters
+    kind: 'app'
+    name: '<<namePrefix>>wswamin001'
+    serverFarmResourceId: '<serverFarmResourceId>'
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "kind": {
+      "value": "app"
+    },
+    "name": {
+      "value": "<<namePrefix>>wswamin001"
+    },
+    "serverFarmResourceId": {
+      "value": "<serverFarmResourceId>"
+    }
+  }
+}
+```
+
+</details>
+<p>
diff --git a/utilities/pipelines/staticValidation/module.tests.ps1 b/utilities/pipelines/staticValidation/module.tests.ps1
index 88a18332cb..c8c9f7b134 100644
--- a/utilities/pipelines/staticValidation/module.tests.ps1
+++ b/utilities/pipelines/staticValidation/module.tests.ps1
@@ -27,7 +27,7 @@ $script:moduleFolderPaths = $moduleFolderPaths
 $script:convertedTemplates = @{}
 
 # Shared exception messages
-$script:bicepTemplateCompilationFailedException = "Unable to compile the deploy.bicep template's content. This can happen if there is an error in the template. Please check if you can run the command `az bicep build --file {0} --stdout | ConvertFrom-Json -AsHashtable`." # -f $templateFilePath
+$script:bicepTemplateCompilationFailedException = "Unable to compile the deploy.bicep template's content. This can happen if there is an error in the template. Please check if you can run the command ``az bicep build --file {0} --stdout | ConvertFrom-Json -AsHashtable``." # -f $templateFilePath
 $script:jsonTemplateLoadFailedException = "Unable to load the deploy.json template's content. This can happen if there is an error in the template. Please check if you can run the command `Get-Content {0} -Raw | ConvertFrom-Json -AsHashtable`." # -f $templateFilePath
 $script:templateNotFoundException = 'No template file found in folder [{0}]' # -f $moduleFolderPath
 
@@ -610,16 +610,6 @@ Describe 'Parameter file tests' -Tag 'Parameter' {
             $testResource | Should -Not -BeNullOrEmpty -Because 'the handle ''-test-'' should be part of the module test invocation''s resource name to allow identification.'
         }
 
-        It '[<moduleFolderName>] JSON test deployment should have parameter [namePrefix]' -TestCases ($deploymentTestFileTestCases | Where-Object { (Split-Path $_.testFilePath -Extension) -eq '.json' }) {
-
-            param(
-                [object[]] $testFileContent
-            )
-
-            $rawContentHashtable = $testFileContent | ConvertFrom-Json -Depth 99 -AsHashtable
-            $rawContentHashtable.parameters.keys | Should -Contain 'namePrefix'
-        }
-
         It '[<moduleFolderName>] JSON test deployment should have parameter [serviceShort]' -TestCases ($deploymentTestFileTestCases | Where-Object { (Split-Path $_.testFilePath -Extension) -eq '.json' }) {
 
             param(
diff --git a/utilities/tools/Get-FormattedGitHubRelease.ps1 b/utilities/tools/Get-FormattedGitHubRelease.ps1
index 7db1747ad3..38f00ebe7b 100644
--- a/utilities/tools/Get-FormattedGitHubRelease.ps1
+++ b/utilities/tools/Get-FormattedGitHubRelease.ps1
@@ -103,7 +103,7 @@ function Get-FormattedGitHubRelease {
     # =================== #
     $categories = @()
     foreach ($line in $correctlyFormatted) {
-        $match = [regex]::Match($line, '\[(.+)\].+')
+        $match = [regex]::Match($line, '\[(.+?)\].+')
         $categories += $match.Captures.Groups[1].Value
     }
     $foundCategories = $categories | Select-Object -Unique
@@ -111,14 +111,14 @@ function Get-FormattedGitHubRelease {
     $output = @()
     foreach ($category in $foundCategories) {
         $output += "***$category***"
-        $categoryItems = $correctlyFormatted | Where-Object { $_ -match ".+\[$category\].+" }
+        $categoryItems = $correctlyFormatted | Where-Object { $_ -imatch ".+\[$category\].+" }
         foreach ($categoryItem in $categoryItems) {
             $simplifiedItem = $categoryItem -replace "\* \[$category\]"
             $simplifiedItem = $simplifiedItem -replace 'by @.*', ''
             if ($simplifiedItem -like ':*') {
                 $simplifiedItem = $simplifiedItem.Substring(1, ($simplifiedItem.Length - 1))
             }
-            $output += "* $simplifiedItem".Trim()
+            $output += '* {0}' -f $simplifiedItem.Trim()
         }
         $output += ''
     }
diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/tools/Set-ModuleReadMe.ps1
index a1074fed21..6b922d65e8 100644
--- a/utilities/tools/Set-ModuleReadMe.ps1
+++ b/utilities/tools/Set-ModuleReadMe.ps1
@@ -883,9 +883,10 @@ function Set-DeploymentExamplesSection {
         ''
     )
 
+    $TextInfo = (Get-Culture -Name 'en-US').TextInfo
     $moduleRoot = Split-Path $TemplateFilePath -Parent
-    $resourceTypeIdentifier = $moduleRoot.Replace('\', '/').Split('/modules/')[1].TrimStart('/')
-    $resourceType = $resourceTypeIdentifier.Split('/')[1]
+    $resourceTypeIdentifier = $TextInfo.ToTitleCase($moduleRoot.Replace('\', '/').Split('/modules/')[1].TrimStart('/'))
+    $resourceType = $TextInfo.ToTitleCase($resourceTypeIdentifier.Split('/')[1])
     $testFilePaths = Get-ModuleTestFileList -ModulePath $moduleRoot | ForEach-Object { Join-Path $moduleRoot $_ }
 
     $RequiredParametersList = $TemplateFileContent.parameters.Keys | Where-Object { $TemplateFileContent.parameters[$_].Keys -notcontains 'defaultValue' } | Sort-Object
@@ -906,7 +907,6 @@ function Set-DeploymentExamplesSection {
         } else {
             $exampleTitle = ((Split-Path $testFilePath -LeafBase) -replace '\.', ' ') -replace ' parameters', ''
         }
-        $TextInfo = (Get-Culture -Name 'en-US').TextInfo
         $exampleTitle = $TextInfo.ToTitleCase($exampleTitle)
         $SectionContent += @(
             '<h3>Example {0}: {1}</h3>' -f $pathIndex, $exampleTitle