diff --git a/modules/Microsoft.Network/azureFirewalls/.test/hub/dependencies.bicep b/modules/Microsoft.Network/azureFirewalls/.test/hub/dependencies.bicep
index 3981ef362c..4fe1ddd8c5 100644
--- a/modules/Microsoft.Network/azureFirewalls/.test/hub/dependencies.bicep
+++ b/modules/Microsoft.Network/azureFirewalls/.test/hub/dependencies.bicep
@@ -1,10 +1,13 @@
 @description('Optional. The location to deploy to.')
 param location string = resourceGroup().location
 
+@description('Required. The name of the Virtual WAN to create.')
 param virtualWanName string
 
+@description('Required. The name of the Virtual Hub to create.')
 param virtualHubName string
 
+@description('Required. The name of the Firewall Policy to create.')
 param firewallPolicyName string
 
 resource virtualWan 'Microsoft.Network/virtualWans@2021-08-01' = {
@@ -39,5 +42,5 @@ resource policy 'Microsoft.Network/firewallPolicies@2021-08-01' = {
 @description('The resource ID of the created Virtual Hub.')
 output virtualHubResourceId string = virtualHub.id
 
-@description('The resource ID of the created Firewall Policie.')
+@description('The resource ID of the created Firewall Policy.')
 output firewallPolicyResourceId string = policy.id
diff --git a/modules/Microsoft.Network/azureFirewalls/deploy.bicep b/modules/Microsoft.Network/azureFirewalls/deploy.bicep
index 060f8b3acf..8c557667bb 100644
--- a/modules/Microsoft.Network/azureFirewalls/deploy.bicep
+++ b/modules/Microsoft.Network/azureFirewalls/deploy.bicep
@@ -243,9 +243,9 @@ resource azureFirewall 'Microsoft.Network/azureFirewalls@2021-08-01' = {
   tags: tags
   properties: azureSkuName == 'AZFW_VNet' ? {
     threatIntelMode: threatIntelMode
-    firewallPolicy: empty(firewallPolicyId) ? null : {
+    firewallPolicy: !empty(firewallPolicyId) ? {
       id: firewallPolicyId
-    }
+    } : null
     ipConfigurations: ipConfigurations
     sku: {
       name: azureSkuName
@@ -255,17 +255,17 @@ resource azureFirewall 'Microsoft.Network/azureFirewalls@2021-08-01' = {
     natRuleCollections: natRuleCollections
     networkRuleCollections: networkRuleCollections
   } : {
-    firewallPolicy: empty(firewallPolicyId) ? null : {
+    firewallPolicy: !empty(firewallPolicyId) ? {
       id: firewallPolicyId
-    }
+    } : null
     sku: {
       name: azureSkuName
       tier: azureSkuTier
     }
-    hubIPAddresses: empty(hubIPAddresses) ? null : hubIPAddresses
-    virtualHub: empty(virtualHubId) ? null : {
+    hubIPAddresses: !empty(hubIPAddresses) ? hubIPAddresses : null
+    virtualHub: !empty(virtualHubId) ? {
       id: virtualHubId
-    }
+    } : null
   }
   dependsOn: [
     publicIPAddress
@@ -307,10 +307,10 @@ module azureFirewall_roleAssignments '.bicep/nested_roleAssignments.bicep' = [fo
   }
 }]
 
-@description('The resource ID of the Azure firewall.')
+@description('The resource ID of the Azure Firewall.')
 output resourceId string = azureFirewall.id
 
-@description('The name of the Azure firewall.')
+@description('The name of the Azure Firewall.')
 output name string = azureFirewall.name
 
 @description('The resource group the Azure firewall was deployed into.')
@@ -319,7 +319,7 @@ output resourceGroupName string = resourceGroup().name
 @description('The private IP of the Azure firewall.')
 output privateIp string = contains(azureFirewall.properties, 'ipConfigurations') ? azureFirewall.properties.ipConfigurations[0].properties.privateIPAddress : ''
 
-@description('The public ipconfiguration object for the AzureFirewallSubnet.')
+@description('The public IP configuration object for the Azure Firewall Subnet.')
 output ipConfAzureFirewallSubnet object = contains(azureFirewall.properties, 'ipConfigurations') ? azureFirewall.properties.ipConfigurations[0] : {}
 
 @description('List of Application Rule Collections.')
diff --git a/modules/Microsoft.Network/azureFirewalls/readme.md b/modules/Microsoft.Network/azureFirewalls/readme.md
index d60a7126e0..7ee4314088 100644
--- a/modules/Microsoft.Network/azureFirewalls/readme.md
+++ b/modules/Microsoft.Network/azureFirewalls/readme.md
@@ -292,14 +292,14 @@ tags: {
 | Output Name | Type | Description |
 | :-- | :-- | :-- |
 | `applicationRuleCollections` | array | List of Application Rule Collections. |
-| `ipConfAzureFirewallSubnet` | object | The public ipconfiguration object for the AzureFirewallSubnet. |
+| `ipConfAzureFirewallSubnet` | object | The public IP configuration object for the Azure Firewall Subnet. |
 | `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the Azure firewall. |
+| `name` | string | The name of the Azure Firewall. |
 | `natRuleCollections` | array | Collection of NAT rule collections used by Azure Firewall. |
 | `networkRuleCollections` | array | List of Network Rule Collections. |
 | `privateIp` | string | The private IP of the Azure firewall. |
 | `resourceGroupName` | string | The resource group the Azure firewall was deployed into. |
-| `resourceId` | string | The resource ID of the Azure firewall. |
+| `resourceId` | string | The resource ID of the Azure Firewall. |
 
 ## Considerations