From 76161698b51b46672d4946cc47d07e77095bc996 Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Sat, 3 Sep 2022 18:21:55 +0200
Subject: [PATCH 01/18] Updated MachineLearningServices workspaces to new
 dependency approach

---
 .../ms.machinelearningservices.workspaces.yml |   3 +-
 .../.test/default/dependencies.bicep          |  94 +++++
 .../.test/default/deploy.test.bicep           | 124 ++++++
 .../workspaces/.test/encr.parameters.json     |  49 ---
 .../workspaces/.test/encr/dependencies.bicep  | 111 ++++++
 .../workspaces/.test/encr/deploy.test.bicep   |  67 ++++
 .../workspaces/.test/min.parameters.json      |  24 --
 .../workspaces/.test/min/dependencies.bicep   |  57 +++
 .../workspaces/.test/min/deploy.test.bicep    |  52 +++
 .../workspaces/.test/parameters.json          | 110 -----
 .../workspaces/readme.md                      | 376 +++++++++---------
 11 files changed, 694 insertions(+), 373 deletions(-)
 create mode 100644 modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep
 create mode 100644 modules/Microsoft.MachineLearningServices/workspaces/.test/default/deploy.test.bicep
 delete mode 100644 modules/Microsoft.MachineLearningServices/workspaces/.test/encr.parameters.json
 create mode 100644 modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
 create mode 100644 modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
 delete mode 100644 modules/Microsoft.MachineLearningServices/workspaces/.test/min.parameters.json
 create mode 100644 modules/Microsoft.MachineLearningServices/workspaces/.test/min/dependencies.bicep
 create mode 100644 modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep
 delete mode 100644 modules/Microsoft.MachineLearningServices/workspaces/.test/parameters.json

diff --git a/.github/workflows/ms.machinelearningservices.workspaces.yml b/.github/workflows/ms.machinelearningservices.workspaces.yml
index b4760cc79c..ac26aca106 100644
--- a/.github/workflows/ms.machinelearningservices.workspaces.yml
+++ b/.github/workflows/ms.machinelearningservices.workspaces.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep
new file mode 100644
index 0000000000..5f93ed2a1a
--- /dev/null
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep
@@ -0,0 +1,94 @@
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Application Insights instance to create.')
+param applicationInsightsName string
+
+@description('Required. The name of the Storage Account to create.')
+param storageAccountName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+    name: keyVaultName
+    location: location
+    properties: {
+        sku: {
+            family: 'A'
+            name: 'standard'
+        }
+        tenantId: tenant().tenantId
+        enablePurgeProtection: null
+        enabledForTemplateDeployment: true
+        enabledForDiskEncryption: true
+        enabledForDeployment: true
+        enableRbacAuthorization: true
+        accessPolicies: []
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
+    name: applicationInsightsName
+    location: location
+    kind: ''
+    properties: {}
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+    name: storageAccountName
+    location: location
+    sku: {
+        name: 'Standard_LRS'
+    }
+    kind: 'StorageV2'
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The resource ID of the created Key Vault.')
+output keyVaultResourceId string = keyVault.id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The resource ID of the created Application Insights instance.')
+output applicationInsightsResourceId string = applicationInsights.id
+
+@description('The resource ID of the created Storage Account.')
+output storageAccountResourceId string = storageAccount.id
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/default/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/default/deploy.test.bicep
new file mode 100644
index 0000000000..938ddf5bd5
--- /dev/null
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/default/deploy.test.bicep
@@ -0,0 +1,124 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.machinelearningservices.workspaces-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'mlswdef'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}'
+    applicationInsightsName: 'dep-<<namePrefix>>-appI-${serviceShort}'
+    storageAccountName: 'dep<<namePrefix>>st${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    associatedApplicationInsightsResourceId: resourceGroupResources.outputs.applicationInsightsResourceId
+    associatedKeyVaultResourceId: resourceGroupResources.outputs.keyVaultResourceId
+    associatedStorageAccountResourceId: resourceGroupResources.outputs.storageAccountResourceId
+    sku: 'Basic'
+    computes: [
+      {
+        computeLocation: 'westeurope'
+        computeType: 'AmlCompute'
+        description: 'Default CPU Cluster'
+        disableLocalAuth: false
+        location: 'westeurope'
+        name: 'DefaultCPU'
+        properties: {
+          enableNodePublicIp: true
+          isolatedNetwork: false
+          osType: 'Linux'
+          remoteLoginPortPublicAccess: 'Disabled'
+          scaleSettings: {
+            maxNodeCount: 3
+            minNodeCount: 0
+            nodeIdleTimeBeforeScaleDown: 'PT5M'
+          }
+          vmPriority: 'Dedicated'
+          vmSize: 'STANDARD_DS11_V2'
+        }
+        sku: 'Basic'
+        systemAssignedIdentity: false
+        userAssignedIdentities: {
+          '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+        }
+      }
+    ]
+    description: 'The cake is a lie.'
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    discoveryUrl: 'http://example.com'
+    imageBuildCompute: 'testcompute'
+    lock: 'CanNotDelete'
+    primaryUserAssignedIdentity: resourceGroupResources.outputs.managedIdentityResourceId
+    privateEndpoints: [
+      {
+        service: 'amlworkspace'
+        subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+      }
+    ]
+    publicNetworkAccess: 'Enabled'
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    systemAssignedIdentity: false
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr.parameters.json b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr.parameters.json
deleted file mode 100644
index b98a6f241d..0000000000
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr.parameters.json
+++ /dev/null
@@ -1,49 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-mls-encr-001"
-        },
-        "sku": {
-            "value": "Basic"
-        },
-        "associatedStorageAccountResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "associatedKeyVaultResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-        },
-        "associatedApplicationInsightsResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001"
-        },
-        "cMKUserAssignedIdentityResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-        },
-        "cMKKeyName": {
-            "value": "keyEncryptionKey"
-        },
-        "cMKKeyVaultResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002"
-        },
-        "systemAssignedIdentity": {
-            "value": false // Must be false if `primaryUserAssignedIdentity` is provided
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "primaryUserAssignedIdentity": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "amlworkspace"
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
new file mode 100644
index 0000000000..748de721dc
--- /dev/null
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
@@ -0,0 +1,111 @@
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Application Insights instance to create.')
+param applicationInsightsName string
+
+@description('Required. The name of the Storage Account to create.')
+param storageAccountName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/24'
+            ]
+        }
+        subnets: [
+            {
+                name: 'defaultSubnet'
+                properties: {
+                    addressPrefix: '10.0.0.0/24'
+                }
+            }
+        ]
+    }
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+    name: keyVaultName
+    location: location
+    properties: {
+        sku: {
+            family: 'A'
+            name: 'standard'
+        }
+        tenantId: tenant().tenantId
+        enablePurgeProtection: null
+        enabledForTemplateDeployment: true
+        enabledForDiskEncryption: true
+        enabledForDeployment: true
+        enableRbacAuthorization: true
+        accessPolicies: []
+    }
+
+    resource key 'keys@2022-07-01' = {
+        name: 'keyEncryptionKey'
+        properties: {
+            kty: 'RSA'
+        }
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${keyVault::key.id}-${location}-${managedIdentity.id}-Key-Reader-RoleAssignment')
+    scope: keyVault::key
+    properties: {
+        principalId: managedIdentity.properties.principalId
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') // Key Vault Crypto User
+        principalType: 'ServicePrincipal'
+    }
+}
+
+resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
+    name: applicationInsightsName
+    location: location
+    kind: ''
+    properties: {}
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+    name: storageAccountName
+    location: location
+    sku: {
+        name: 'Standard_LRS'
+    }
+    kind: 'StorageV2'
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The resource ID of the created Key Vault.')
+output keyVaultResourceId string = keyVault.id
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The resource ID of the created Application Insights instance.')
+output applicationInsightsResourceId string = applicationInsights.id
+
+@description('The resource ID of the created Storage Account.')
+output storageAccountResourceId string = storageAccount.id
+
+@description('The name of the Key Vault Encryption Key.')
+output keyVaultEncryptionKeyName string = keyVault::key.name
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
new file mode 100644
index 0000000000..136dbe7258
--- /dev/null
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
@@ -0,0 +1,67 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.machinelearningservices.workspaces-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'mlswenr'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    applicationInsightsName: 'dep-<<namePrefix>>-appI-${serviceShort}'
+    storageAccountName: 'dep<<namePrefix>>st${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    associatedApplicationInsightsResourceId: resourceGroupResources.outputs.applicationInsightsResourceId
+    associatedKeyVaultResourceId: resourceGroupResources.outputs.keyVaultResourceId
+    associatedStorageAccountResourceId: resourceGroupResources.outputs.storageAccountResourceId
+    sku: 'Basic'
+    cMKKeyName: resourceGroupResources.outputs.keyVaultEncryptionKeyName
+    cMKKeyVaultResourceId: resourceGroupResources.outputs.keyVaultResourceId
+    cMKUserAssignedIdentityResourceId: resourceGroupResources.outputs.managedIdentityResourceId
+    primaryUserAssignedIdentity: resourceGroupResources.outputs.managedIdentityResourceId
+    privateEndpoints: [
+      {
+        service: 'amlworkspace'
+        subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+      }
+    ]
+    systemAssignedIdentity: false
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/min.parameters.json b/modules/Microsoft.MachineLearningServices/workspaces/.test/min.parameters.json
deleted file mode 100644
index 012526cf1f..0000000000
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/min.parameters.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-mls-min-001"
-        },
-        "sku": {
-            "value": "Basic"
-        },
-        "associatedStorageAccountResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "associatedKeyVaultResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-        },
-        "associatedApplicationInsightsResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001"
-        },
-        "systemAssignedIdentity": {
-            "value": true
-        }
-    }
-}
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/min/dependencies.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/min/dependencies.bicep
new file mode 100644
index 0000000000..d172638c30
--- /dev/null
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/min/dependencies.bicep
@@ -0,0 +1,57 @@
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+@description('Required. The name of the Application Insights instance to create.')
+param applicationInsightsName string
+
+@description('Required. The name of the Storage Account to create.')
+param storageAccountName string
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+    name: keyVaultName
+    location: location
+    properties: {
+        sku: {
+            family: 'A'
+            name: 'standard'
+        }
+        tenantId: tenant().tenantId
+        enablePurgeProtection: null
+        enabledForTemplateDeployment: true
+        enabledForDiskEncryption: true
+        enabledForDeployment: true
+        enableRbacAuthorization: true
+        accessPolicies: []
+    }
+}
+
+resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
+    name: applicationInsightsName
+    location: location
+    kind: ''
+    properties: {}
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+    name: storageAccountName
+    location: location
+    sku: {
+        name: 'Standard_LRS'
+    }
+    kind: 'StorageV2'
+}
+
+@description('The resource ID of the created Application Insights instance.')
+output applicationInsightsResourceId string = applicationInsights.id
+
+@description('The resource ID of the created Storage Account.')
+output storageAccountResourceId string = storageAccount.id
+
+@description('The resource ID of the created Key Vault.')
+output keyVaultResourceId string = keyVault.id
+
+@description('The URL of the created Key Vault.')
+output keyVaultUrl string = keyVault.properties.vaultUri
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep
new file mode 100644
index 0000000000..35474f3596
--- /dev/null
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep
@@ -0,0 +1,52 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.machinelearningservices.workspaces-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'mlswmin'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}'
+    applicationInsightsName: 'dep-<<namePrefix>>-appI-${serviceShort}'
+    storageAccountName: 'dep<<namePrefix>>st${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    associatedApplicationInsightsResourceId: resourceGroupResources.outputs.applicationInsightsResourceId
+    associatedKeyVaultResourceId: resourceGroupResources.outputs.keyVaultResourceId
+    associatedStorageAccountResourceId: resourceGroupResources.outputs.storageAccountResourceId
+    sku: 'Basic'
+    systemAssignedIdentity: true
+  }
+}
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/parameters.json b/modules/Microsoft.MachineLearningServices/workspaces/.test/parameters.json
deleted file mode 100644
index ae1a639a13..0000000000
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/parameters.json
+++ /dev/null
@@ -1,110 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-mls-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "sku": {
-            "value": "Basic"
-        },
-        "associatedStorageAccountResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "associatedKeyVaultResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-        },
-        "associatedApplicationInsightsResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001"
-        },
-        "systemAssignedIdentity": {
-            "value": false // Must be false if `primaryUserAssignedIdentity` is provided
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "description": {
-            "value": "The cake is a lie."
-        },
-        "discoveryUrl": {
-            "value": "http://example.com"
-        },
-        "imageBuildCompute": {
-            "value": "testcompute"
-        },
-        "publicNetworkAccess": {
-            "value": "Enabled"
-        },
-        "primaryUserAssignedIdentity": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-        },
-        "computes": {
-            "value": [
-                {
-                    "name": "DefaultCPU",
-                    "location": "westeurope",
-                    "computeLocation": "westeurope",
-                    "sku": "Basic",
-                    "systemAssignedIdentity": false,
-                    "userAssignedIdentities": {
-                        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-                    },
-                    "description": "Default CPU Cluster",
-                    "disableLocalAuth": false,
-                    "computeType": "AmlCompute",
-                    "properties": {
-                        "enableNodePublicIp": true,
-                        "isolatedNetwork": false,
-                        "osType": "Linux",
-                        "remoteLoginPortPublicAccess": "Disabled",
-                        "scaleSettings": {
-                            "maxNodeCount": 3,
-                            "minNodeCount": 0,
-                            "nodeIdleTimeBeforeScaleDown": "PT5M"
-                        },
-                        "vmPriority": "Dedicated",
-                        "vmSize": "STANDARD_DS11_V2"
-                    }
-                }
-            ]
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "amlworkspace"
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/readme.md b/modules/Microsoft.MachineLearningServices/workspaces/readme.md
index ea003a15c8..4aa042dbc2 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/readme.md
+++ b/modules/Microsoft.MachineLearningServices/workspaces/readme.md
@@ -415,7 +415,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Encr</h3>
+<h3>Example 1: Default</h3>
 
 <details>
 
@@ -423,173 +423,13 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-Workspaces'
+  name: '${uniqueString(deployment().name)}-test-mlswdef'
   params: {
     // Required parameters
-    associatedApplicationInsightsResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001'
-    associatedKeyVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001'
-    associatedStorageAccountResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    name: '<<namePrefix>>-az-mls-encr-001'
-    sku: 'Basic'
-    // Non-required parameters
-    cMKKeyName: 'keyEncryptionKey'
-    cMKKeyVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002'
-    cMKUserAssignedIdentityResourceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001'
-    primaryUserAssignedIdentity: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001'
-    privateEndpoints: [
-      {
-        service: 'amlworkspace'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
-      }
-    ]
-    systemAssignedIdentity: false
-    userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "associatedApplicationInsightsResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001"
-    },
-    "associatedKeyVaultResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-    },
-    "associatedStorageAccountResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-    },
-    "name": {
-      "value": "<<namePrefix>>-az-mls-encr-001"
-    },
-    "sku": {
-      "value": "Basic"
-    },
-    // Non-required parameters
-    "cMKKeyName": {
-      "value": "keyEncryptionKey"
-    },
-    "cMKKeyVaultResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002"
-    },
-    "cMKUserAssignedIdentityResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-    },
-    "primaryUserAssignedIdentity": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-    },
-    "privateEndpoints": {
-      "value": [
-        {
-          "service": "amlworkspace",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints"
-        }
-      ]
-    },
-    "systemAssignedIdentity": {
-      "value": false
-    },
-    "userAssignedIdentities": {
-      "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-      }
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Min</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-Workspaces'
-  params: {
-    // Required parameters
-    associatedApplicationInsightsResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001'
-    associatedKeyVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001'
-    associatedStorageAccountResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    name: '<<namePrefix>>-az-mls-min-001'
-    sku: 'Basic'
-    // Non-required parameters
-    systemAssignedIdentity: true
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "associatedApplicationInsightsResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001"
-    },
-    "associatedKeyVaultResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-    },
-    "associatedStorageAccountResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-    },
-    "name": {
-      "value": "<<namePrefix>>-az-mls-min-001"
-    },
-    "sku": {
-      "value": "Basic"
-    },
-    // Non-required parameters
-    "systemAssignedIdentity": {
-      "value": true
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 3: Parameters</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-Workspaces'
-  params: {
-    // Required parameters
-    associatedApplicationInsightsResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001'
-    associatedKeyVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001'
-    associatedStorageAccountResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    name: '<<namePrefix>>-az-mls-x-001'
+    associatedApplicationInsightsResourceId: '<associatedApplicationInsightsResourceId>'
+    associatedKeyVaultResourceId: '<associatedKeyVaultResourceId>'
+    associatedStorageAccountResourceId: '<associatedStorageAccountResourceId>'
+    name: '<<namePrefix>>mlswdef001'
     sku: 'Basic'
     // Non-required parameters
     computes: [
@@ -616,38 +456,38 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
         sku: 'Basic'
         systemAssignedIdentity: false
         userAssignedIdentities: {
-          '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+          '<managedIdentityResourceId>': {}
         }
       }
     ]
     description: 'The cake is a lie.'
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     discoveryUrl: 'http://example.com'
     imageBuildCompute: 'testcompute'
     lock: 'CanNotDelete'
-    primaryUserAssignedIdentity: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001'
+    primaryUserAssignedIdentity: '<primaryUserAssignedIdentity>'
     privateEndpoints: [
       {
         service: 'amlworkspace'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
+        subnetResourceId: '<subnetResourceId>'
       }
     ]
     publicNetworkAccess: 'Enabled'
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
     ]
     systemAssignedIdentity: false
     userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
+      '<managedIdentityResourceId>': {}
     }
   }
 }
@@ -667,16 +507,16 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
   "parameters": {
     // Required parameters
     "associatedApplicationInsightsResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001"
+      "value": "<associatedApplicationInsightsResourceId>"
     },
     "associatedKeyVaultResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
+      "value": "<associatedKeyVaultResourceId>"
     },
     "associatedStorageAccountResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<associatedStorageAccountResourceId>"
     },
     "name": {
-      "value": "<<namePrefix>>-az-mls-x-001"
+      "value": "<<namePrefix>>mlswdef001"
     },
     "sku": {
       "value": "Basic"
@@ -707,7 +547,7 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
           "sku": "Basic",
           "systemAssignedIdentity": false,
           "userAssignedIdentities": {
-            "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+            "<managedIdentityResourceId>": {}
           }
         }
       ]
@@ -716,19 +556,19 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
       "value": "The cake is a lie."
     },
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "discoveryUrl": {
       "value": "http://example.com"
@@ -740,13 +580,13 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
       "value": "CanNotDelete"
     },
     "primaryUserAssignedIdentity": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
+      "value": "<primaryUserAssignedIdentity>"
     },
     "privateEndpoints": {
       "value": [
         {
           "service": "amlworkspace",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints"
+          "subnetResourceId": "<subnetResourceId>"
         }
       ]
     },
@@ -757,7 +597,7 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -768,7 +608,7 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
     },
     "userAssignedIdentities": {
       "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
+        "<managedIdentityResourceId>": {}
       }
     }
   }
@@ -777,3 +617,163 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
 
 </details>
 <p>
+
+<h3>Example 2: Encr</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-mlswenr'
+  params: {
+    // Required parameters
+    associatedApplicationInsightsResourceId: '<associatedApplicationInsightsResourceId>'
+    associatedKeyVaultResourceId: '<associatedKeyVaultResourceId>'
+    associatedStorageAccountResourceId: '<associatedStorageAccountResourceId>'
+    name: '<<namePrefix>>mlswenr001'
+    sku: 'Basic'
+    // Non-required parameters
+    cMKKeyName: '<cMKKeyName>'
+    cMKKeyVaultResourceId: '<cMKKeyVaultResourceId>'
+    cMKUserAssignedIdentityResourceId: '<cMKUserAssignedIdentityResourceId>'
+    primaryUserAssignedIdentity: '<primaryUserAssignedIdentity>'
+    privateEndpoints: [
+      {
+        service: 'amlworkspace'
+        subnetResourceId: '<subnetResourceId>'
+      }
+    ]
+    systemAssignedIdentity: false
+    userAssignedIdentities: {
+      '<managedIdentityResourceId>': {}
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "associatedApplicationInsightsResourceId": {
+      "value": "<associatedApplicationInsightsResourceId>"
+    },
+    "associatedKeyVaultResourceId": {
+      "value": "<associatedKeyVaultResourceId>"
+    },
+    "associatedStorageAccountResourceId": {
+      "value": "<associatedStorageAccountResourceId>"
+    },
+    "name": {
+      "value": "<<namePrefix>>mlswenr001"
+    },
+    "sku": {
+      "value": "Basic"
+    },
+    // Non-required parameters
+    "cMKKeyName": {
+      "value": "<cMKKeyName>"
+    },
+    "cMKKeyVaultResourceId": {
+      "value": "<cMKKeyVaultResourceId>"
+    },
+    "cMKUserAssignedIdentityResourceId": {
+      "value": "<cMKUserAssignedIdentityResourceId>"
+    },
+    "primaryUserAssignedIdentity": {
+      "value": "<primaryUserAssignedIdentity>"
+    },
+    "privateEndpoints": {
+      "value": [
+        {
+          "service": "amlworkspace",
+          "subnetResourceId": "<subnetResourceId>"
+        }
+      ]
+    },
+    "systemAssignedIdentity": {
+      "value": false
+    },
+    "userAssignedIdentities": {
+      "value": {
+        "<managedIdentityResourceId>": {}
+      }
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<h3>Example 3: Min</h3>
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep' = {
+  name: '${uniqueString(deployment().name)}-test-mlswmin'
+  params: {
+    // Required parameters
+    associatedApplicationInsightsResourceId: '<associatedApplicationInsightsResourceId>'
+    associatedKeyVaultResourceId: '<associatedKeyVaultResourceId>'
+    associatedStorageAccountResourceId: '<associatedStorageAccountResourceId>'
+    name: '<<namePrefix>>mlswmin001'
+    sku: 'Basic'
+    // Non-required parameters
+    systemAssignedIdentity: true
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON Parameter file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    // Required parameters
+    "associatedApplicationInsightsResourceId": {
+      "value": "<associatedApplicationInsightsResourceId>"
+    },
+    "associatedKeyVaultResourceId": {
+      "value": "<associatedKeyVaultResourceId>"
+    },
+    "associatedStorageAccountResourceId": {
+      "value": "<associatedStorageAccountResourceId>"
+    },
+    "name": {
+      "value": "<<namePrefix>>mlswmin001"
+    },
+    "sku": {
+      "value": "Basic"
+    },
+    // Non-required parameters
+    "systemAssignedIdentity": {
+      "value": true
+    }
+  }
+}
+```
+
+</details>
+<p>

From 55cc0211ea84fb401d5a3787dcd0fb21e2e85238 Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Sat, 3 Sep 2022 18:49:49 +0200
Subject: [PATCH 02/18] Update to latest

---
 .../workspaces/.test/default/dependencies.bicep        | 10 ++++++++++
 .../workspaces/.test/encr/dependencies.bicep           | 10 ++++++++++
 2 files changed, 20 insertions(+)

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep
index 5f93ed2a1a..dc570e01c2 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep
@@ -59,6 +59,16 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-
     location: location
 }
 
+resource keyVaultPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${keyVault.id}-${location}-${managedIdentity.id}-KeyVault-Reader-RoleAssignment')
+    scope: keyVault
+    properties: {
+        principalId: managedIdentity.properties.principalId
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21090545-7ca7-4776-b22c-e363652d74d2') // Key Vault Reader
+        principalType: 'ServicePrincipal'
+    }
+}
+
 resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
     name: applicationInsightsName
     location: location
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
index 748de721dc..b677a0bbdf 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
@@ -76,6 +76,16 @@ resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
     }
 }
 
+resource keyVaultPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${keyVault.id}-${location}-${managedIdentity.id}-KeyVault-Reader-RoleAssignment')
+    scope: keyVault
+    properties: {
+        principalId: managedIdentity.properties.principalId
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21090545-7ca7-4776-b22c-e363652d74d2') // Key Vault Reader
+        principalType: 'ServicePrincipal'
+    }
+}
+
 resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
     name: applicationInsightsName
     location: location

From cc9d7b28fe399da7e285d1d74659eada4c98f6ea Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Sat, 3 Sep 2022 21:23:35 +0200
Subject: [PATCH 03/18] Tried different set of permissions

---
 .../.test/default/dependencies.bicep          | 12 +++++++-
 .../workspaces/.test/encr/dependencies.bicep  | 30 ++++++++++++-------
 2 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep
index dc570e01c2..8951f9eaa5 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep
@@ -59,12 +59,22 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-
     location: location
 }
 
+// resource keyVaultPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+//     name: guid('msi-${keyVault.id}-${location}-${managedIdentity.id}-KeyVault-Reader-RoleAssignment')
+//     scope: keyVault
+//     properties: {
+//         principalId: managedIdentity.properties.principalId
+//         roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21090545-7ca7-4776-b22c-e363652d74d2') // Key Vault Reader
+//         principalType: 'ServicePrincipal'
+//     }
+// }
+
 resource keyVaultPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
     name: guid('msi-${keyVault.id}-${location}-${managedIdentity.id}-KeyVault-Reader-RoleAssignment')
     scope: keyVault
     properties: {
         principalId: managedIdentity.properties.principalId
-        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21090545-7ca7-4776-b22c-e363652d74d2') // Key Vault Reader
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483') // Key Vault Administrator
         principalType: 'ServicePrincipal'
     }
 }
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
index b677a0bbdf..137203d353 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
@@ -66,22 +66,32 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-
     location: location
 }
 
-resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-    name: guid('msi-${keyVault::key.id}-${location}-${managedIdentity.id}-Key-Reader-RoleAssignment')
-    scope: keyVault::key
-    properties: {
-        principalId: managedIdentity.properties.principalId
-        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') // Key Vault Crypto User
-        principalType: 'ServicePrincipal'
-    }
-}
+// resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+//     name: guid('msi-${keyVault::key.id}-${location}-${managedIdentity.id}-Key-Reader-RoleAssignment')
+//     scope: keyVault::key
+//     properties: {
+//         principalId: managedIdentity.properties.principalId
+//         roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') // Key Vault Crypto User
+//         principalType: 'ServicePrincipal'
+//     }
+// }
+
+// resource keyVaultPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+//     name: guid('msi-${keyVault.id}-${location}-${managedIdentity.id}-KeyVault-Reader-RoleAssignment')
+//     scope: keyVault
+//     properties: {
+//         principalId: managedIdentity.properties.principalId
+//         roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21090545-7ca7-4776-b22c-e363652d74d2') // Key Vault Reader
+//         principalType: 'ServicePrincipal'
+//     }
+// }
 
 resource keyVaultPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
     name: guid('msi-${keyVault.id}-${location}-${managedIdentity.id}-KeyVault-Reader-RoleAssignment')
     scope: keyVault
     properties: {
         principalId: managedIdentity.properties.principalId
-        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21090545-7ca7-4776-b22c-e363652d74d2') // Key Vault Reader
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483') // Key Vault Administrator
         principalType: 'ServicePrincipal'
     }
 }

From 2aebd4f254c72ccb2322f6347fed94cd4274bdf7 Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Sat, 3 Sep 2022 22:20:18 +0200
Subject: [PATCH 04/18] Adjusted permissions

---
 .../.test/default/dependencies.bicep          | 23 +++++++------
 .../workspaces/.test/encr/dependencies.bicep  | 33 +++++++------------
 2 files changed, 22 insertions(+), 34 deletions(-)

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep
index 8951f9eaa5..5b6e958e82 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep
@@ -59,18 +59,17 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-
     location: location
 }
 
-// resource keyVaultPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-//     name: guid('msi-${keyVault.id}-${location}-${managedIdentity.id}-KeyVault-Reader-RoleAssignment')
-//     scope: keyVault
-//     properties: {
-//         principalId: managedIdentity.properties.principalId
-//         roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21090545-7ca7-4776-b22c-e363652d74d2') // Key Vault Reader
-//         principalType: 'ServicePrincipal'
-//     }
-// }
-
-resource keyVaultPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-    name: guid('msi-${keyVault.id}-${location}-${managedIdentity.id}-KeyVault-Reader-RoleAssignment')
+resource keyVaultServicePermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${keyVault.id}-${location}-${managedIdentity.id}-KeyVault-Contributor-RoleAssignment')
+    scope: keyVault
+    properties: {
+        principalId: managedIdentity.properties.principalId
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') // Contributor
+        principalType: 'ServicePrincipal'
+    }
+}
+resource keyVaultDataPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${keyVault.id}-${location}-${managedIdentity.id}-KeyVault-Data-Admin-RoleAssignment')
     scope: keyVault
     properties: {
         principalId: managedIdentity.properties.principalId
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
index 137203d353..2422deade4 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
@@ -66,28 +66,17 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-
     location: location
 }
 
-// resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-//     name: guid('msi-${keyVault::key.id}-${location}-${managedIdentity.id}-Key-Reader-RoleAssignment')
-//     scope: keyVault::key
-//     properties: {
-//         principalId: managedIdentity.properties.principalId
-//         roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') // Key Vault Crypto User
-//         principalType: 'ServicePrincipal'
-//     }
-// }
-
-// resource keyVaultPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-//     name: guid('msi-${keyVault.id}-${location}-${managedIdentity.id}-KeyVault-Reader-RoleAssignment')
-//     scope: keyVault
-//     properties: {
-//         principalId: managedIdentity.properties.principalId
-//         roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21090545-7ca7-4776-b22c-e363652d74d2') // Key Vault Reader
-//         principalType: 'ServicePrincipal'
-//     }
-// }
-
-resource keyVaultPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-    name: guid('msi-${keyVault.id}-${location}-${managedIdentity.id}-KeyVault-Reader-RoleAssignment')
+resource keyVaultServicePermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${keyVault.id}-${location}-${managedIdentity.id}-KeyVault-Contributor-RoleAssignment')
+    scope: keyVault
+    properties: {
+        principalId: managedIdentity.properties.principalId
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') // Contributor
+        principalType: 'ServicePrincipal'
+    }
+}
+resource keyVaultDataPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid('msi-${keyVault.id}-${location}-${managedIdentity.id}-KeyVault-Data-Admin-RoleAssignment')
     scope: keyVault
     properties: {
         principalId: managedIdentity.properties.principalId

From d2e21622ee8499c297eceec647bb64141733a620 Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Sun, 4 Sep 2022 11:43:26 +0200
Subject: [PATCH 05/18] Updated encr

---
 .../workspaces/.test/encr/dependencies.bicep                | 3 ++-
 .../workspaces/.test/encr/deploy.test.bicep                 | 6 +++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
index 2422deade4..90b894b910 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
@@ -45,7 +45,8 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
             name: 'standard'
         }
         tenantId: tenant().tenantId
-        enablePurgeProtection: null
+        enablePurgeProtection: true // Required by batch account
+        softDeleteRetentionInDays: 7
         enabledForTemplateDeployment: true
         enabledForDiskEncryption: true
         enabledForDeployment: true
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
index 136dbe7258..f86e222588 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
@@ -13,6 +13,9 @@ param location string = deployment().location
 @description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
 param serviceShort string = 'mlswenr'
 
+@description('Generated. Used as a basis for unique resource names.')
+param baseTime string = utcNow('u')
+
 // =========== //
 // Deployments //
 // =========== //
@@ -29,7 +32,8 @@ module resourceGroupResources 'dependencies.bicep' = {
   name: '${uniqueString(deployment().name, location)}-paramNested'
   params: {
     virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
-    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}'
+    // Adding base time to make the name unique as purge protection must be enabled (but may not be longer than 24 characters total)
+    keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}-${substring(uniqueString(baseTime), 0, 3)}'
     managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
     applicationInsightsName: 'dep-<<namePrefix>>-appI-${serviceShort}'
     storageAccountName: 'dep<<namePrefix>>st${serviceShort}'

From 0bce4f726f465bb99227a3c35cc036f976632b31 Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Thu, 8 Sep 2022 19:09:29 +0200
Subject: [PATCH 06/18] Updated folder default to common.

---
 .../workspaces/.test/{default => common}/dependencies.bicep     | 0
 .../workspaces/.test/{default => common}/deploy.test.bicep      | 0
 modules/Microsoft.MachineLearningServices/workspaces/readme.md  | 2 +-
 3 files changed, 1 insertion(+), 1 deletion(-)
 rename modules/Microsoft.MachineLearningServices/workspaces/.test/{default => common}/dependencies.bicep (100%)
 rename modules/Microsoft.MachineLearningServices/workspaces/.test/{default => common}/deploy.test.bicep (100%)

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/dependencies.bicep
similarity index 100%
rename from modules/Microsoft.MachineLearningServices/workspaces/.test/default/dependencies.bicep
rename to modules/Microsoft.MachineLearningServices/workspaces/.test/common/dependencies.bicep
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/default/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
similarity index 100%
rename from modules/Microsoft.MachineLearningServices/workspaces/.test/default/deploy.test.bicep
rename to modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/readme.md b/modules/Microsoft.MachineLearningServices/workspaces/readme.md
index 4aa042dbc2..618ebd6f57 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/readme.md
+++ b/modules/Microsoft.MachineLearningServices/workspaces/readme.md
@@ -415,7 +415,7 @@ The following module usage examples are retrieved from the content of the files
    >**Note**: The name of each example is based on the name of the file from which it is taken.
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Default</h3>
+<h3>Example 1: Common</h3>
 
 <details>
 

From 1601d32d65f788c04b5d01b78420ffd7a11f70ff Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Fri, 9 Sep 2022 12:51:07 +0200
Subject: [PATCH 07/18] Update to latest

---
 .../workspaces/.test/common/deploy.test.bicep                 | 4 ++--
 .../workspaces/.test/encr/deploy.test.bicep                   | 2 +-
 .../workspaces/.test/min/deploy.test.bicep                    | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
index 938ddf5bd5..7be63dcea2 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
@@ -10,8 +10,8 @@ param resourceGroupName string = 'ms.machinelearningservices.workspaces-${servic
 @description('Optional. The location to deploy resources to')
 param location string = deployment().location
 
-@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
-param serviceShort string = 'mlswdef'
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'mlswcom'
 
 // =========== //
 // Deployments //
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
index f86e222588..14f459575f 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
@@ -10,7 +10,7 @@ param resourceGroupName string = 'ms.machinelearningservices.workspaces-${servic
 @description('Optional. The location to deploy resources to')
 param location string = deployment().location
 
-@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
 param serviceShort string = 'mlswenr'
 
 @description('Generated. Used as a basis for unique resource names.')
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep
index 35474f3596..2de0938f7b 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep
@@ -10,7 +10,7 @@ param resourceGroupName string = 'ms.machinelearningservices.workspaces-${servic
 @description('Optional. The location to deploy resources to')
 param location string = deployment().location
 
-@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints')
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
 param serviceShort string = 'mlswmin'
 
 // =========== //

From b8319cebcc87db4844e0cffb4521d476300748ac Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Fri, 9 Sep 2022 13:04:06 +0200
Subject: [PATCH 08/18] Update to latest

---
 .../workspaces/.test/common/deploy.test.bicep               | 6 +++---
 .../workspaces/.test/encr/deploy.test.bicep                 | 6 +++---
 .../workspaces/.test/min/deploy.test.bicep                  | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
index 7be63dcea2..71f73265e7 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
@@ -3,14 +3,14 @@ targetScope = 'subscription'
 // ========== //
 // Parameters //
 // ========== //
-@description('Optional. The name of the resource group to deploy for a testing purposes')
+@description('Optional. The name of the resource group to deploy for a testing purposes.')
 @maxLength(90)
 param resourceGroupName string = 'ms.machinelearningservices.workspaces-${serviceShort}-rg'
 
-@description('Optional. The location to deploy resources to')
+@description('Optional. The location to deploy resources to.')
 param location string = deployment().location
 
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
 param serviceShort string = 'mlswcom'
 
 // =========== //
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
index 14f459575f..6cac57cee4 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
@@ -3,14 +3,14 @@ targetScope = 'subscription'
 // ========== //
 // Parameters //
 // ========== //
-@description('Optional. The name of the resource group to deploy for a testing purposes')
+@description('Optional. The name of the resource group to deploy for a testing purposes.')
 @maxLength(90)
 param resourceGroupName string = 'ms.machinelearningservices.workspaces-${serviceShort}-rg'
 
-@description('Optional. The location to deploy resources to')
+@description('Optional. The location to deploy resources to.')
 param location string = deployment().location
 
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
 param serviceShort string = 'mlswenr'
 
 @description('Generated. Used as a basis for unique resource names.')
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep
index 2de0938f7b..f3b371c58e 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep
@@ -3,14 +3,14 @@ targetScope = 'subscription'
 // ========== //
 // Parameters //
 // ========== //
-@description('Optional. The name of the resource group to deploy for a testing purposes')
+@description('Optional. The name of the resource group to deploy for a testing purposes.')
 @maxLength(90)
 param resourceGroupName string = 'ms.machinelearningservices.workspaces-${serviceShort}-rg'
 
-@description('Optional. The location to deploy resources to')
+@description('Optional. The location to deploy resources to.')
 param location string = deployment().location
 
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
 param serviceShort string = 'mlswmin'
 
 // =========== //

From 5cd503308611ea4cabd28191cb2700056915f766 Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Fri, 9 Sep 2022 13:53:10 +0200
Subject: [PATCH 09/18] Update to latest

---
 .../workspaces/.test/common/deploy.test.bicep |   1 +
 .../workspaces/.test/encr.parameters.json     |  54 -----
 .../workspaces/.test/encr/deploy.test.bicep   |   1 +
 .../workspaces/.test/parameters.json          | 115 -----------
 .../workspaces/readme.md                      | 193 +-----------------
 5 files changed, 5 insertions(+), 359 deletions(-)
 delete mode 100644 modules/Microsoft.MachineLearningServices/workspaces/.test/encr.parameters.json
 delete mode 100644 modules/Microsoft.MachineLearningServices/workspaces/.test/parameters.json

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
index 71f73265e7..91df7507a6 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
@@ -85,6 +85,7 @@ module testDeployment '../../deploy.bicep' = {
           vmSize: 'STANDARD_DS11_V2'
         }
         sku: 'Basic'
+        // Must be false if `primaryUserAssignedIdentity` is provided
         systemAssignedIdentity: false
         userAssignedIdentities: {
           '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr.parameters.json b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr.parameters.json
deleted file mode 100644
index 42ecb5e613..0000000000
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr.parameters.json
+++ /dev/null
@@ -1,54 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-mls-encr-001"
-        },
-        "sku": {
-            "value": "Basic"
-        },
-        "associatedStorageAccountResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "associatedKeyVaultResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-        },
-        "associatedApplicationInsightsResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001"
-        },
-        "cMKUserAssignedIdentityResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-        },
-        "cMKKeyName": {
-            "value": "keyEncryptionKey"
-        },
-        "cMKKeyVaultResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002"
-        },
-        "systemAssignedIdentity": {
-            "value": false // Must be false if `primaryUserAssignedIdentity` is provided
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "primaryUserAssignedIdentity": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "amlworkspace",
-                    "privateDnsZoneGroup": {
-                        "privateDNSResourceIds": [
-                            "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms"
-                        ]
-                    }
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
index 6cac57cee4..55d5a0b753 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
@@ -63,6 +63,7 @@ module testDeployment '../../deploy.bicep' = {
         subnetResourceId: resourceGroupResources.outputs.subnetResourceId
       }
     ]
+    // Must be false if `primaryUserAssignedIdentity` is provided
     systemAssignedIdentity: false
     userAssignedIdentities: {
       '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/parameters.json b/modules/Microsoft.MachineLearningServices/workspaces/.test/parameters.json
deleted file mode 100644
index ba9d9ed3b3..0000000000
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/parameters.json
+++ /dev/null
@@ -1,115 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-mls-x-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "sku": {
-            "value": "Basic"
-        },
-        "associatedStorageAccountResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "associatedKeyVaultResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-        },
-        "associatedApplicationInsightsResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001"
-        },
-        "systemAssignedIdentity": {
-            "value": false // Must be false if `primaryUserAssignedIdentity` is provided
-        },
-        "userAssignedIdentities": {
-            "value": {
-                "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-            }
-        },
-        "description": {
-            "value": "The cake is a lie."
-        },
-        "discoveryUrl": {
-            "value": "http://example.com"
-        },
-        "imageBuildCompute": {
-            "value": "testcompute"
-        },
-        "publicNetworkAccess": {
-            "value": "Enabled"
-        },
-        "primaryUserAssignedIdentity": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-        },
-        "computes": {
-            "value": [
-                {
-                    "name": "DefaultCPU",
-                    "location": "westeurope",
-                    "computeLocation": "westeurope",
-                    "sku": "Basic",
-                    "systemAssignedIdentity": false,
-                    "userAssignedIdentities": {
-                        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-                    },
-                    "description": "Default CPU Cluster",
-                    "disableLocalAuth": false,
-                    "computeType": "AmlCompute",
-                    "properties": {
-                        "enableNodePublicIp": true,
-                        "isolatedNetwork": false,
-                        "osType": "Linux",
-                        "remoteLoginPortPublicAccess": "Disabled",
-                        "scaleSettings": {
-                            "maxNodeCount": 3,
-                            "minNodeCount": 0,
-                            "nodeIdleTimeBeforeScaleDown": "PT5M"
-                        },
-                        "vmPriority": "Dedicated",
-                        "vmSize": "STANDARD_DS11_V2"
-                    }
-                }
-            ]
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        },
-        "privateEndpoints": {
-            "value": [
-                {
-                    "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "amlworkspace",
-                    "privateDnsZoneGroup": {
-                        "privateDNSResourceIds": [
-                            "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms"
-                        ]
-                    }
-                }
-            ]
-        }
-    }
-}
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/readme.md b/modules/Microsoft.MachineLearningServices/workspaces/readme.md
index a7fc0e0357..2da7135b79 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/readme.md
+++ b/modules/Microsoft.MachineLearningServices/workspaces/readme.md
@@ -424,190 +424,13 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-test-mlswdef'
+  name: '${uniqueString(deployment().name)}-test-mlswcom'
   params: {
     // Required parameters
-<<<<<<< HEAD
     associatedApplicationInsightsResourceId: '<associatedApplicationInsightsResourceId>'
     associatedKeyVaultResourceId: '<associatedKeyVaultResourceId>'
     associatedStorageAccountResourceId: '<associatedStorageAccountResourceId>'
-    name: '<<namePrefix>>mlswdef001'
-=======
-    associatedApplicationInsightsResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001'
-    associatedKeyVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001'
-    associatedStorageAccountResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    name: '<<namePrefix>>-az-mls-encr-001'
-    sku: 'Basic'
-    // Non-required parameters
-    cMKKeyName: 'keyEncryptionKey'
-    cMKKeyVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002'
-    cMKUserAssignedIdentityResourceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001'
-    primaryUserAssignedIdentity: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001'
-    privateEndpoints: [
-      {
-        privateDnsZoneGroup: {
-          privateDNSResourceIds: [
-            '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms'
-          ]
-        }
-        service: 'amlworkspace'
-        subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
-      }
-    ]
-    systemAssignedIdentity: false
-    userAssignedIdentities: {
-      '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001': {}
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "associatedApplicationInsightsResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001"
-    },
-    "associatedKeyVaultResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-    },
-    "associatedStorageAccountResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-    },
-    "name": {
-      "value": "<<namePrefix>>-az-mls-encr-001"
-    },
-    "sku": {
-      "value": "Basic"
-    },
-    // Non-required parameters
-    "cMKKeyName": {
-      "value": "keyEncryptionKey"
-    },
-    "cMKKeyVaultResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-nopr-002"
-    },
-    "cMKUserAssignedIdentityResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-    },
-    "primaryUserAssignedIdentity": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001"
-    },
-    "privateEndpoints": {
-      "value": [
-        {
-          "privateDnsZoneGroup": {
-            "privateDNSResourceIds": [
-              "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms"
-            ]
-          },
-          "service": "amlworkspace",
-          "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints"
-        }
-      ]
-    },
-    "systemAssignedIdentity": {
-      "value": false
-    },
-    "userAssignedIdentities": {
-      "value": {
-        "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<<namePrefix>>-az-msi-x-001": {}
-      }
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 2: Min</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-Workspaces'
-  params: {
-    // Required parameters
-    associatedApplicationInsightsResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001'
-    associatedKeyVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001'
-    associatedStorageAccountResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    name: '<<namePrefix>>-az-mls-min-001'
-    sku: 'Basic'
-    // Non-required parameters
-    systemAssignedIdentity: true
-  }
-}
-```
-
-</details>
-<p>
-
-<details>
-
-<summary>via JSON Parameter file</summary>
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-  "contentVersion": "1.0.0.0",
-  "parameters": {
-    // Required parameters
-    "associatedApplicationInsightsResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001"
-    },
-    "associatedKeyVaultResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001"
-    },
-    "associatedStorageAccountResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-    },
-    "name": {
-      "value": "<<namePrefix>>-az-mls-min-001"
-    },
-    "sku": {
-      "value": "Basic"
-    },
-    // Non-required parameters
-    "systemAssignedIdentity": {
-      "value": true
-    }
-  }
-}
-```
-
-</details>
-<p>
-
-<h3>Example 3: Parameters</h3>
-
-<details>
-
-<summary>via Bicep module</summary>
-
-```bicep
-module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-Workspaces'
-  params: {
-    // Required parameters
-    associatedApplicationInsightsResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<<namePrefix>>-az-appi-x-001'
-    associatedKeyVaultResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<<namePrefix>>-az-kv-x-001'
-    associatedStorageAccountResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    name: '<<namePrefix>>-az-mls-x-001'
->>>>>>> main
+    name: '<<namePrefix>>mlswcom001'
     sku: 'Basic'
     // Non-required parameters
     computes: [
@@ -650,11 +473,6 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
     primaryUserAssignedIdentity: '<primaryUserAssignedIdentity>'
     privateEndpoints: [
       {
-        privateDnsZoneGroup: {
-          privateDNSResourceIds: [
-            '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms'
-          ]
-        }
         service: 'amlworkspace'
         subnetResourceId: '<subnetResourceId>'
       }
@@ -699,7 +517,7 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
       "value": "<associatedStorageAccountResourceId>"
     },
     "name": {
-      "value": "<<namePrefix>>mlswdef001"
+      "value": "<<namePrefix>>mlswcom001"
     },
     "sku": {
       "value": "Basic"
@@ -768,11 +586,6 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
     "privateEndpoints": {
       "value": [
         {
-          "privateDnsZoneGroup": {
-            "privateDNSResourceIds": [
-              "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms"
-            ]
-          },
           "service": "amlworkspace",
           "subnetResourceId": "<subnetResourceId>"
         }

From d169c44b9fa81cce105f7474d768a3952720e12e Mon Sep 17 00:00:00 2001
From: Alexander Sehr <ASehr@hotmail.de>
Date: Mon, 19 Sep 2022 08:12:15 +0200
Subject: [PATCH 10/18] Update
 modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep

---
 .../workspaces/.test/common/deploy.test.bicep                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
index 91df7507a6..3cfb20e770 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
@@ -3,7 +3,7 @@ targetScope = 'subscription'
 // ========== //
 // Parameters //
 // ========== //
-@description('Optional. The name of the resource group to deploy for a testing purposes.')
+@description('Optional. The name of the resource group to deploy for testing purposes.')
 @maxLength(90)
 param resourceGroupName string = 'ms.machinelearningservices.workspaces-${serviceShort}-rg'
 

From 0d760bcd3aff2e173cb1906f4e2414eac631cc12 Mon Sep 17 00:00:00 2001
From: Alexander Sehr <ASehr@hotmail.de>
Date: Mon, 19 Sep 2022 08:12:26 +0200
Subject: [PATCH 11/18] Update
 modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep

---
 .../workspaces/.test/encr/deploy.test.bicep                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
index 55d5a0b753..363b10f9b7 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
@@ -3,7 +3,7 @@ targetScope = 'subscription'
 // ========== //
 // Parameters //
 // ========== //
-@description('Optional. The name of the resource group to deploy for a testing purposes.')
+@description('Optional. The name of the resource group to deploy for testing purposes.')
 @maxLength(90)
 param resourceGroupName string = 'ms.machinelearningservices.workspaces-${serviceShort}-rg'
 

From 4bdc7016933df7bc80dcf38ca12085026de86cc1 Mon Sep 17 00:00:00 2001
From: Alexander Sehr <ASehr@hotmail.de>
Date: Mon, 19 Sep 2022 08:12:46 +0200
Subject: [PATCH 12/18] Update
 modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep

---
 .../workspaces/.test/min/deploy.test.bicep                      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep
index f3b371c58e..760d3e930a 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/min/deploy.test.bicep
@@ -3,7 +3,7 @@ targetScope = 'subscription'
 // ========== //
 // Parameters //
 // ========== //
-@description('Optional. The name of the resource group to deploy for a testing purposes.')
+@description('Optional. The name of the resource group to deploy for testing purposes.')
 @maxLength(90)
 param resourceGroupName string = 'ms.machinelearningservices.workspaces-${serviceShort}-rg'
 

From 6f5f84fc430790ae9a769e180e6df5ef65f34c83 Mon Sep 17 00:00:00 2001
From: Alexander Sehr <ASehr@hotmail.de>
Date: Mon, 17 Oct 2022 11:06:31 +0200
Subject: [PATCH 13/18] Update
 modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep

Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com>
---
 .../workspaces/.test/common/deploy.test.bicep                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
index 3cfb20e770..a885183c13 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
@@ -31,7 +31,7 @@ module resourceGroupResources 'dependencies.bicep' = {
     virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
     managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
     keyVaultName: 'dep-<<namePrefix>>-kv-${serviceShort}'
-    applicationInsightsName: 'dep-<<namePrefix>>-appI-${serviceShort}'
+    applicationInsightsName: 'dep-<<namePrefix>>-appi-${serviceShort}'
     storageAccountName: 'dep<<namePrefix>>st${serviceShort}'
   }
 }

From 97c9cabea50d8fa9ab6a00051d84874f6c6e2971 Mon Sep 17 00:00:00 2001
From: Alexander Sehr <ASehr@hotmail.de>
Date: Mon, 17 Oct 2022 11:16:20 +0200
Subject: [PATCH 14/18] Update
 modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep

Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com>
---
 .../workspaces/.test/encr/deploy.test.bicep                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
index 363b10f9b7..b7335b3d11 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
@@ -11,7 +11,7 @@ param resourceGroupName string = 'ms.machinelearningservices.workspaces-${servic
 param location string = deployment().location
 
 @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'mlswenr'
+param serviceShort string = 'mlswencr'
 
 @description('Generated. Used as a basis for unique resource names.')
 param baseTime string = utcNow('u')

From a07d6585baa5a2f800b2d2cbda2131c8674fed1f Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Mon, 17 Oct 2022 11:23:56 +0200
Subject: [PATCH 15/18] Update to latest

---
 .../.test/common/dependencies.bicep           | 19 +++++++++++++++++++
 .../workspaces/.test/common/deploy.test.bicep |  5 +++++
 .../workspaces/.test/min/dependencies.bicep   |  3 ---
 .../workspaces/readme.md                      | 10 ++++++++++
 .../AzureApiCrawler/temp/azure-rest-api-specs |  1 +
 5 files changed, 35 insertions(+), 3 deletions(-)
 create mode 160000 utilities/tools/AzureApiCrawler/temp/azure-rest-api-specs

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/dependencies.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/dependencies.bicep
index 5b6e958e82..2829f2a4e5 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/dependencies.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/dependencies.bicep
@@ -94,6 +94,22 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
     kind: 'StorageV2'
 }
 
+resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
+    name: 'privatelink.api.azureml.ms'
+    location: 'global'
+
+    resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = {
+        name: '${virtualNetwork.name}-vnetlink'
+        location: 'global'
+        properties: {
+            virtualNetwork: {
+                id: virtualNetwork.id
+            }
+            registrationEnabled: false
+        }
+    }
+}
+
 @description('The resource ID of the created Virtual Network Subnet.')
 output subnetResourceId string = virtualNetwork.properties.subnets[0].id
 
@@ -111,3 +127,6 @@ output applicationInsightsResourceId string = applicationInsights.id
 
 @description('The resource ID of the created Storage Account.')
 output storageAccountResourceId string = storageAccount.id
+
+@description('The resource ID of the created Private DNS Zone.')
+output privateDNSZoneResourceId string = privateDNSZone.id
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
index 3cfb20e770..defc17ff6e 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
@@ -106,6 +106,11 @@ module testDeployment '../../deploy.bicep' = {
       {
         service: 'amlworkspace'
         subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+        privateDnsZoneGroup: {
+          privateDNSResourceIds: [
+            resourceGroupResources.outputs.privateDNSZoneResourceId
+          ]
+        }
       }
     ]
     publicNetworkAccess: 'Enabled'
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/min/dependencies.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/min/dependencies.bicep
index d172638c30..950a61c9f9 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/min/dependencies.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/min/dependencies.bicep
@@ -52,6 +52,3 @@ output storageAccountResourceId string = storageAccount.id
 
 @description('The resource ID of the created Key Vault.')
 output keyVaultResourceId string = keyVault.id
-
-@description('The URL of the created Key Vault.')
-output keyVaultUrl string = keyVault.properties.vaultUri
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/readme.md b/modules/Microsoft.MachineLearningServices/workspaces/readme.md
index 2da7135b79..c663e3dee5 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/readme.md
+++ b/modules/Microsoft.MachineLearningServices/workspaces/readme.md
@@ -473,6 +473,11 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
     primaryUserAssignedIdentity: '<primaryUserAssignedIdentity>'
     privateEndpoints: [
       {
+        privateDnsZoneGroup: {
+          privateDNSResourceIds: [
+            '<privateDNSZoneResourceId>'
+          ]
+        }
         service: 'amlworkspace'
         subnetResourceId: '<subnetResourceId>'
       }
@@ -586,6 +591,11 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
     "privateEndpoints": {
       "value": [
         {
+          "privateDnsZoneGroup": {
+            "privateDNSResourceIds": [
+              "<privateDNSZoneResourceId>"
+            ]
+          },
           "service": "amlworkspace",
           "subnetResourceId": "<subnetResourceId>"
         }
diff --git a/utilities/tools/AzureApiCrawler/temp/azure-rest-api-specs b/utilities/tools/AzureApiCrawler/temp/azure-rest-api-specs
new file mode 160000
index 0000000000..42b348107e
--- /dev/null
+++ b/utilities/tools/AzureApiCrawler/temp/azure-rest-api-specs
@@ -0,0 +1 @@
+Subproject commit 42b348107ef4a56801065d8d2b98dfb425044cf1

From cfc937c0facb2a9268872408f6e5ea291ba36da0 Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Mon, 17 Oct 2022 11:25:10 +0200
Subject: [PATCH 16/18] Update to latest

---
 .../Microsoft.MachineLearningServices/workspaces/readme.md  | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/readme.md b/modules/Microsoft.MachineLearningServices/workspaces/readme.md
index c663e3dee5..c1b65d80f4 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/readme.md
+++ b/modules/Microsoft.MachineLearningServices/workspaces/readme.md
@@ -637,13 +637,13 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
 
 ```bicep
 module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-test-mlswenr'
+  name: '${uniqueString(deployment().name)}-test-mlswencr'
   params: {
     // Required parameters
     associatedApplicationInsightsResourceId: '<associatedApplicationInsightsResourceId>'
     associatedKeyVaultResourceId: '<associatedKeyVaultResourceId>'
     associatedStorageAccountResourceId: '<associatedStorageAccountResourceId>'
-    name: '<<namePrefix>>mlswenr001'
+    name: '<<namePrefix>>mlswencr001'
     sku: 'Basic'
     // Non-required parameters
     cMKKeyName: '<cMKKeyName>'
@@ -687,7 +687,7 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
       "value": "<associatedStorageAccountResourceId>"
     },
     "name": {
-      "value": "<<namePrefix>>mlswenr001"
+      "value": "<<namePrefix>>mlswencr001"
     },
     "sku": {
       "value": "Basic"

From a6a75636ac4b2837b6c80194a346895bc5722da1 Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Mon, 17 Oct 2022 11:41:05 +0200
Subject: [PATCH 17/18] Addressed comments

---
 .../workspaces/.test/encr/dependencies.bicep  | 19 +++++++++++++++++++
 .../workspaces/.test/encr/deploy.test.bicep   |  5 +++++
 .../workspaces/readme.md                      | 10 ++++++++++
 3 files changed, 34 insertions(+)

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
index 90b894b910..92da46f72a 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/dependencies.bicep
@@ -102,6 +102,22 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
     kind: 'StorageV2'
 }
 
+resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
+    name: 'privatelink.api.azureml.ms'
+    location: 'global'
+
+    resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = {
+        name: '${virtualNetwork.name}-vnetlink'
+        location: 'global'
+        properties: {
+            virtualNetwork: {
+                id: virtualNetwork.id
+            }
+            registrationEnabled: false
+        }
+    }
+}
+
 @description('The resource ID of the created Virtual Network Subnet.')
 output subnetResourceId string = virtualNetwork.properties.subnets[0].id
 
@@ -119,3 +135,6 @@ output storageAccountResourceId string = storageAccount.id
 
 @description('The name of the Key Vault Encryption Key.')
 output keyVaultEncryptionKeyName string = keyVault::key.name
+
+@description('The resource ID of the created Private DNS Zone.')
+output privateDNSZoneResourceId string = privateDNSZone.id
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
index b7335b3d11..672f97ca0e 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/encr/deploy.test.bicep
@@ -61,6 +61,11 @@ module testDeployment '../../deploy.bicep' = {
       {
         service: 'amlworkspace'
         subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+        privateDnsZoneGroup: {
+          privateDNSResourceIds: [
+            resourceGroupResources.outputs.privateDNSZoneResourceId
+          ]
+        }
       }
     ]
     // Must be false if `primaryUserAssignedIdentity` is provided
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/readme.md b/modules/Microsoft.MachineLearningServices/workspaces/readme.md
index c1b65d80f4..e2e799771a 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/readme.md
+++ b/modules/Microsoft.MachineLearningServices/workspaces/readme.md
@@ -652,6 +652,11 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
     primaryUserAssignedIdentity: '<primaryUserAssignedIdentity>'
     privateEndpoints: [
       {
+        privateDnsZoneGroup: {
+          privateDNSResourceIds: [
+            '<privateDNSZoneResourceId>'
+          ]
+        }
         service: 'amlworkspace'
         subnetResourceId: '<subnetResourceId>'
       }
@@ -708,6 +713,11 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
     "privateEndpoints": {
       "value": [
         {
+          "privateDnsZoneGroup": {
+            "privateDNSResourceIds": [
+              "<privateDNSZoneResourceId>"
+            ]
+          },
           "service": "amlworkspace",
           "subnetResourceId": "<subnetResourceId>"
         }

From 87a64bbefe9c68d757bd8e390bd79151bb7aec1b Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Mon, 17 Oct 2022 11:43:30 +0200
Subject: [PATCH 18/18] Update to latest

---
 .../workspaces/.test/common/deploy.test.bicep                 | 1 -
 .../Microsoft.MachineLearningServices/workspaces/readme.md    | 4 ----
 2 files changed, 5 deletions(-)

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
index cc1f451429..017ebe233b 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep
@@ -113,7 +113,6 @@ module testDeployment '../../deploy.bicep' = {
         }
       }
     ]
-    publicNetworkAccess: 'Enabled'
     roleAssignments: [
       {
         principalIds: [
diff --git a/modules/Microsoft.MachineLearningServices/workspaces/readme.md b/modules/Microsoft.MachineLearningServices/workspaces/readme.md
index e2e799771a..fe6fee44ba 100644
--- a/modules/Microsoft.MachineLearningServices/workspaces/readme.md
+++ b/modules/Microsoft.MachineLearningServices/workspaces/readme.md
@@ -482,7 +482,6 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
         subnetResourceId: '<subnetResourceId>'
       }
     ]
-    publicNetworkAccess: 'Enabled'
     roleAssignments: [
       {
         principalIds: [
@@ -601,9 +600,6 @@ module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep'
         }
       ]
     },
-    "publicNetworkAccess": {
-      "value": "Enabled"
-    },
     "roleAssignments": {
       "value": [
         {